In principle, if you practice robust IT security, you should never find yourself in a situation where you have to ask what to do when your site is hacked. In the real world, however, there is never a 100% guarantee that you will be safe from hackers. That being so, it’s a good idea to have a plan of what to do when your site is hacked. Here is what you need to know.
What to do If Your Site Is Hacked
If your site is hacked there are seven steps you must take. These are as follows. Contact your hosting provider. Check any legal/regulatory implications. Stop external access to your site. Clean up any remaining malware. Put right the damage. Get your website removed from any blacklists. Run a security audit on your website.
Contact your hosting provider
There are two good reasons for contacting your hosting provider as soon as you become aware that your website has been hacked. The first is that you want to avoid having to deal with a suspended account on top of everything else. The second is that they may be able to help. It would be highly unlikely for them to offer to fix the situation for you (at least not for free), but they can be a very useful source of advice.
Not to put too fine a point on the matter, this may be your first (and hopefully last) experience of being hacked, but your host is probably quite used to dealing with companies like you asking them what to do when their site is hacked.
Check any legal/regulatory implications
If you collect any sort of sensitive data through your website then there is a very strong chance that there will be legal/regulatory implications you need to keep in mind at all times. For example, if you take card payments, then you will be under PCI/DSS. This means that you will be required to preserve evidence.
It would be unpleasantly ironic for you to be the victim of a hacking attack and the wind up finding yourself on the wrong side of the law while the hackers went free. To avoid this make sure you keep the law in mind at all times.
Stop external access to your site
If your account has been suspended, your host will already have done this, but you will still have access to your hosting console so you can deal with the attack. If it hasn’t, you generally just need to password-protect your main directory.
Clean up any remaining malware
You’ll need a website vulnerability scanner to clean up your website. If you’re running any other websites on the same server, it’s a good idea to scan them too. You’ll also need a robust anti-malware product to scan all computers and mobile devices in your organization, starting with the ones you use (most often) to connect to the back end of your website. A lot of hacking attacks work by compromising the devices used to access a website, especially administrator accounts so that the hacker gets valid login credentials which they can then use as they wish.
Put right the damage
If you have both a small site and an up-to-date backup, then you may be able just to wipe everything clean and start again. In most cases, however, someone is going to have to give the site a thorough manual clean. This means literally going through it page by page, double-checking that any malicious code has been removed before putting it back as it should be.
It is impossible to overstate the importance of doing this thoroughly because hackers almost always leave backdoors to make it easier for them to hack a website again (and again, and again). Depending on how you run your website, undertaking this job can require a lot of in-depth technical expertise and hence could justify the expense of a third-party vendor.
For clarity, putting the website back as it was (minus any malware and/or malicious code) means exactly what it said. Get it back to a known working condition first and then decide what changes you need/want to make to improve security (or for any other reason).
Get your website removed from any blacklists
You’ll usually need to contact your host, the search engines, and any relevant authorities such as the security companies to request a review of your site. The good news is that this is generally a fairly quick and painless process, you just need to remember to do it.
Run a security audit on your website
The fact that you were hacked means that there is at least one insecurity on your website. There may be more than one. There may also be issues with how you are running your website which increase your vulnerability, for example having excessive numbers of administrator accounts. Find them and deal with them.
Please click here now to have your website scanned, for free, by cWatch from Comodo.
