What to do if I have been hacked? It’s a question nobody really wants to have to ask. Sadly, it’s a question everybody needs to be able to answer. Here is some help.
What to do if I have been hacked?
When thinking about the question “What to do if I have been hacked?”, there are seven key areas you need to address. These are as follows. Stop the rot. Check your legal/regulatory obligations. Scan your website for malware. Back up your site and content. Decide whether to clean your site or to reinstall it. Check your administrator logins. Learn and prevent.
Stop the rot
In the old days, the standard advice was to take your site completely offline. These days, you’ll often need, or want, to use cloud-based tools to fix your site, so instead, block general access to it. This not only prevents the hackers from causing any more damage but will prevent you from accidentally causing any damage to anyone else. Contact your host to let them know you have spotted the problem and are dealing with it.
Check your legal/regulatory obligations
These will depend on several factors, not least your jurisdiction (and the jurisdiction of your customers) and your niche. You do, however, need to be aware of what is required of you by law/compliance programs so that you avoid the frustration (and expense) of finding yourself getting on the wrong side of either (or, worse still, both), possibly while the real perpetrators go free.
Scan your website for malware
Given that you know there is a problem, you could just use one of the free malware-scanning services for an ad hoc scan. Just make sure you use a reputable option.
Alternatively, you can sign up for a website vulnerability scanning service, which will scan your website constantly, thus helping to prevent future hacking attacks. Different services will have different options (at different price points) but any decent service will have an anti-malware scanner and a web applications firewall. Again, make sure that you choose a service from a reputable provider.
Back up your site and content
Hopefully, you have already backed up your site, and hopefully, you have already backed up all your content. As the old saying goes, however, hope is not a strategy. It’s therefore advisable to back up your site, as it currently stands, just to be on the safe side. At the very least, back up any custom content as you cannot simply download this again if it gets lost. You would have to recreate it from scratch and this can be expensive.
Decide whether to clean your site or to reinstall it
This is now a major decision point. If you have everything backed up then it isn’t an irrevocable decision, but it is generally a fairly important one. Your site should now be free of any standard malware. There is, however, a very strong chance that the hackers only used the standard malware to open up your site so that they could go on to fill it with their own malicious code.
You, therefore, have two options. Option one is to go through your site one page at a time and clean it up manually. Option two is to pull the plug and reinstall your site all over again. The advantage of cleaning up your existing site is that it allows you to keep your customizations. The disadvantage is that it takes time, effort, and skill to clean up a site thoroughly without breaking legitimate applications.
Ultimately, therefore, your decision is likely to hinge on how much customization you have done to your website and how much this means to you. The more customizations you have and the more they mean to you, the more you should probably lean towards gritting your teeth and cleaning up your site and vice versa.
Check your administrator logins
Go through your list of administrators and make sure that you can positively identify every user on that list. If you can’t then delete first and ask questions later. Then have all the administrators change their passwords. If an administrator isn’t around, downgrade their access until you can have them change their password.
With this done, you can move to have your site checked by the relevant internet authorities, while you move on to the last stage of your incident-remediation process.
Learn and prevent
Even if you’re confident you’ve identified the source of the problem, don’t stop there. Do a thorough security review of your site and everything connected to it (servers, local computers, and mobile devices) and commit to acting on the results.
Please click here now to have your website scanned, for free, by cWatch from Comodo.
© 2024 Comodo Security Solutions, Inc