There's a solution to this problem. You don't need to panic.
Hacked Website: 5 Important Steps to Save
You're busy browsing a webpage in your site when suddenly a pop-up hi-jacks your entire screen and tells you your computer is now infected with a malware. Try as you might, you are unable to close the page. Cold sweat runs down your neck as it dawns on you that you might have been hacked.
Do you know how to solve this? How do you start?
How to Verify if You're Hacked?
A hacked website is pretty obvious through visual checking. The hacker might have placed a big banner on your site saying "Hacked by _____." Or the website redirects to some "inappropriate for office" websites.
Here are the other visual signs that you're hacked:
- The hacker has vandalized your website.
- There are weird website traffic from another country in your web logs.
- The website is redirecting you to inappropriate websites or sketchy pharmaceutical sites.
- Google shows alerts you that your site is compromised.
- Firefox and Google notifies you that your website is hacked.
Website Hacking Isn't A Mystery
Hacking doesn't happen using some sort of magic. It's done with malicious intent and purpose.
Here are the four other ways hackers use to gain control on your website:
- Weak passwords
- Phishing and malware insertion on your computer.
- Outdated software that is a possible, vulnerable area of your website.
- Another hacked website with the same shared-server you use. Note: It's better to avoid cheap hosting providers as you'll get what you've paid for.
If You're Hacked, Follow these 5 Steps:
Here are some clear and organised ways that you and your support staf can do in this case:
2. Ask some Help from your Technical Support Team
It's good to have technical experts in your staff or a support team to call. A technical expert (ex. programmer) on website configuration is ideal on helping you fix your website. The hosting company can also help you out since they deal with same issues with other customers. They can definitely provide great assistance. They can also do the cleaning job for you if they have backup logs for your files.
3. Give the information they need
Prepare the all of the information they'll need. Your staff will need access to the ff:
- CMS Login: your content management system with administrative / super admin rights
- Your web logs: both the access logs and error logs. Be sure that your hosting company provides the web logs. Most web hosts do, but a few hosting companies do not turn those on by default or may not provide access to them.
- Hosting Login: your hosting control panel to access your database and web logs
- FTP / sFTP access credentials: this should include the hostname, username, and password
- Backups: Any backups you may have
You must keep all of these information in a safe place where you can immediately access when you need it the most.
4. Take your website offline
When you're assessing and fixing your website, it's better to shut it down for the mean time. You'll be able to shut it off using your hosting control panel. You may also setup a password on the main directory to block visitors from using your website.
5. Run your Antivirus on your computers and gadgets
To make sure that nothing can grab your important data again, you need to run your trusty antivirus. Just make sure your antivirus is updated to use it on its full potential.
On the Last Note
A compromised website is really shocking because of its bad effects on your business and your customers. So relax because a lot of technical experts are trained to help and fix that for you. Also, investing on up-to-date website security software can help you tremendously.