While recovering from a hack you will have to deal with restoring your site to a good working state and also take steps to help prevent a repeated attack on your website. Thousands of websites are compromised on a daily basis by hackers. All of these website hacked instances are generally hidden from the users, but visitors visiting the page are at a risk. For instance, the hackers could have infected their website with some malicious script which can consecutively record keystrokes on visitor's computers, stealing sensitive credentials for financial transactions and online banking.
The following is a series of steps you can follow to fix a website hacked issue:
- Inform Your Host
The very first step is to inform the individual or company hosting your site as soon as you discover that your page has been hacked. Mostly, your web host will know how to fix the problem, and the hosting company could probably have multiple customers on the same server, hence your host will want to check out their other customer’s sites to ensure that they too were not hacked.
Take your website offline and quarantine it until the problem is resolved. This will help you to complete administrative tasks first and without any interference. You should also remember that people trying to access your site will not be confronted with spam files or malicious code. Actually, even those users are prevented from receiving any viruses. If you are not sure of how to take your site offline, allow your third-party host to do it. Ensure that you inform your host that you will need to toggle your site for testing purposes before taking your site offline.
In this step, you will have to verify ownership of your site in the use search console.
The severity of the hack can differ and you should check the information given in the Message Center and Security Issues available in the Search Console, since this information can help you understand the severity of the attack. Website hacking can happen in a number of ways:
- Distribute malware
- Hack for phishing purposes
- Disburse "spammy" content to reduce the quality and relevance of search results
This step involves a more detailed investigation. Start by determining the files that have been developed or modified by comparing them to a good backup you have of your website. Next, check your access, server and error logs for any doubtful activity. Look out for the creation of unknown user accounts, command history, failed login attempts, etc. You may not find anything here if the hacker has already modified the logs and records for their own personal reason. Check your configuration files for redirects. Always make sure to review for too lenient file and folder permissions.
You may possess more than one, and some may be easier to fix than others. If you find one, do not think you are done and continue to search as there could be multiple, depending on the cleverness of the hacker. You will need a vulnerability scanner to look out for a few possible vulnerabilities like the ones mentioned below:
- Reused or weak passwords
- Permissive coding practices
- Out-of-date software
- Virus-infected administrator’s computer
Begin by restoring your backup file, but make sure that the backup was developed before the site was hacked. Install any software updates or upgrades available, including software for the operating system. Study what can be eliminated from the software you currently have on your server. Change all of the passwords to all accounts related to the site.
Do You Have a Plan to Keep Your Site Safe?
The above-mentioned steps will you to fix your hacked website, but it is now time for you to think about a permanent solution that will always safeguard your site, protect it from hackers, execute regular scanning and provide several other efficient website security benefits. You can fight website hacking by going in for cWatch, developed by Comodo.
cWatch is a Managed Security Service for websites and applications available with a Web Application Firewall (WAF) and a Secure Content Delivery Network (CDN). It enables fighting DDOS attacks by DDOS mitigation, a feature that blocks DDOS attacks. cWatch is a completely managed solution offered by a 24/7 staffed Cyber Security Operation Center (CSOC) of certified security analysts and is powered by a Security Information and Event Management (SIEM) center that is capable of leveraging data from more than 85 million endpoints to identify and mitigate threats before they occur. Its other features include Security Monitoring, Web Application Firewall, PCI Scanning, and Malware Removal.
The following benefits are offered by cWatch:
- Malware and Threat Detection
- 24/7 human monitoring
- Early threat detection
- Real-time alert
- Log management and compliance reporting
- Stop malware attacks and prevent hacks
- Zero-day attacks protection
- OWASP top 10 protection
- DDoS attack prevention
- Malware removal
- Virtual patching
- Blacklist removal
- Live remediation and event management
- Higher search rankings
- Optimized configurations
- Automated upgrades to best
- Faster websites and applications