If you are experiencing a website hacked issue, then the most essential thing is that you remain calm and systematically take the suitable measures. The following content presents steps that will help you to fix your hacked website.
Recover your website
- Before you begin to recover your website, you must eliminate the possibility that your computer was the origin of the attack. For this reason, you will first have to check your local computer for viruses and/or infections with malware.
- Ensure that the hacker can no longer access your webspace, database or website. Change the SFTP, SSH and database passwords. For website users, reset the passwords for all users. The hacker could have created new users, hence you will have to prudently check the user account administration for your website and remove any suspicious users. Also, remember that you will have to change the password in the database if you are not able to log in to the admin area of your website as your account could have been deactivated by the hacker.
Severity of the hack
- To understand the extent of the attack, check out the information in the Message Center and Security Issues in the Search Console. A hacker can attack your site in a number of ways. To get an idea of what type your site has been hit with, check messages in the Search Console. You may have received messages from Google on spam, phishing or malware. You will also be able to see headings of what type of hack you have experienced under “Security Issues” in the Webmaster tools.
Restoring your backup and checking for malware
- Here, you will have to replace all the infected files with files from an uninfected backup.
File system damage assessment
- At this point, a detailed investigation becomes a necessity. The hacker could have attacked your site by creating new “spammy” pages, modifying existing pages, leaving “backdoors” to allow that hacker to re-enter your site at a later date, or writing functions to display spam on clean pages.
- You will first have to determine the files that have been modified or created by comparing them to a good backup you have of your site. Additionally, check your server, access and error logs for any suspicious activity. Watch out for creation of unknown user accounts, failed login attempts, command history, etc. Ensure to review for too lenient folder and file permissions.
Clean your server
- You can begin by restoring your backup file, however, ensure that the backup was created before the site was hacked. Install any software updates or upgrades available, including software for the operating system. Take an in-depth look at the software you currently have on your server, and study what could be eliminated if needed. For one more time, change all the passwords of accounts related to the site.
- Make two backups of your site now, despite the fact that it is still infected. One backup will serve as a “clone version” or disk image of your site, which will enable restoring content. The other will serve as a file system copy from your server. This should be followed by cleaning the site's content on the new backup file system, but ensure this is not on the server. Correct any vulnerability you detect in passwords once more. Transfer the good content from your backup back to the system, and, of course, change those passwords if necessary.
These are a few steps that will help you to fix a hacked website. Website security must be available to all those individuals managing their own websites. A big difference on hacking prevention can be achieved through proper website security education and willingness to invest on software such as Comodo's cWatch, which is a Managed Security Service for websites and applications that incorporate a Web Application Firewall (WAF) provisioned over a Secure Content Delivery Network (CDN). Given below are the benefits offered by cWatch:
- This improves traffic on your website and blocks hackers from using software vulnerabilities.
24/7 Cyber Security Operation
- Certified experts using enhanced technology to help you resolve security incidents in a rapid manner.
Managed Web Application Firewall
- Works on all web servers, acting like a customer inspection point to identify and filter out content like embedded malicious website code.
Real Content Delivery Network
- Provides web content at a faster rate by caching at a global data center in order to meet traffic spikes, shorten distances, and provide website security.
Instant Malware Removal
- Permits you to know the exact malware that keeps attacking your website.
SIEM Threat Detection
- Certified experts using advanced technology to help you resolve security incidents faster.
Website Hack Repair
- With the help of website malware removal, website hack repair provides an in depth report on areas you need to deal with.
Daily Malware and Vulnerability Scan
- Assurance that a daily report will be sent to monitor website safety.
- This allows your website to perform faster than before.
- Tracks legit website users to be protected from disturbed by annoying delayed pages or CAPTCHA.
Full Blacklist Removal
- When the website scanning is done, all the blacklists will be removed to your website.