What to do if I have been hacked? It’s a question nobody really wants to have to ask. Sadly, it’s a question everybody needs to be able to answer. Here is some help.
What to do if I have been hacked?
When thinking about the question “What to do if I have been hacked?”, there are seven key areas you need to address. These are as follows. Stop the rot. Check your legal/regulatory obligations. Scan your website for malware. Back up your site and content. Decide whether to clean your site or to reinstall it. Check your administrator logins. Learn and prevent.
Stop the rot
In the old days, the standard advice was to take your site completely offline. These days, you’ll often need, or want, to use cloud-based tools to fix your site, so instead, block general access to it. This not only prevents the hackers from causing any more damage but will prevent you from accidentally causing any damage to anyone else. Contact your host to let them know you have spotted the problem and are dealing with it.
Check your legal/regulatory obligations
These will depend on several factors, not least your jurisdiction (and the jurisdiction of your customers) and your niche. You do, however, need to be aware of what is required of you by law/compliance programs so that you avoid the frustration (and expense) of finding yourself getting on the wrong side of either (or, worse still, both), possibly while the real perpetrators go free.
Scan your website for malware
Given that you know there is a problem, you could just use one of the free malware-scanning services for an ad hoc scan. Just make sure you use a reputable option.
Alternatively, you can sign up for a website vulnerability scanning service, which will scan your website constantly, thus helping to prevent future hacking attacks. Different services will have different options (at different price points) but any decent service will have an anti-malware scanner and a web applications firewall. Again, make sure that you choose a service from a reputable provider.
Back up your site and content
Hopefully, you have already backed up your site, and hopefully, you have already backed up all your content. As the old saying goes, however, hope is not a strategy. It’s therefore advisable to back up your site, as it currently stands, just to be on the safe side. At the very least, back up any custom content as you cannot simply download this again if it gets lost. You would have to recreate it from scratch and this can be expensive.
Decide whether to clean your site or to reinstall it
This is now a major decision point. If you have everything backed up then it isn’t an irrevocable decision, but it is generally a fairly important one. Your site should now be free of any standard malware. There is, however, a very strong chance that the hackers only used the standard malware to open up your site so that they could go on to fill it with their own malicious code.
You, therefore, have two options. Option one is to go through your site one page at a time and clean it up manually. Option two is to pull the plug and reinstall your site all over again. The advantage of cleaning up your existing site is that it allows you to keep your customizations. The disadvantage is that it takes time, effort, and skill to clean up a site thoroughly without breaking legitimate applications.
Ultimately, therefore, your decision is likely to hinge on how much customization you have done to your website and how much this means to you. The more customizations you have and the more they mean to you, the more you should probably lean towards gritting your teeth and cleaning up your site and vice versa.
Check your administrator logins
Go through your list of administrators and make sure that you can positively identify every user on that list. If you can’t then delete first and ask questions later. Then have all the administrators change their passwords. If an administrator isn’t around, downgrade their access until you can have them change their password.
With this done, you can move to have your site checked by the relevant internet authorities, while you move on to the last stage of your incident-remediation process.
Learn and prevent
Even if you’re confident you’ve identified the source of the problem, don’t stop there. Do a thorough security review of your site and everything connected to it (servers, local computers, and mobile devices) and commit to acting on the results.
Please click here now to have your website scanned, for free, by cWatch from Comodo.
Removal
Security stack layer 1
Malware Detect & Removal
Our malware detection scanning, preventive methods and removal enables you to take a proactive approach to protect the business and brand reputation from malware attacks and infections.
- Unsuspecting websites get infected with malicious code.
- Continuous website monitoring to detect any incidents.
- Identify and remediate the cause to hardening your websites.
Comodo cWatch Web can identify malware, provide the tools and methods to remove it, and help to prevent future malware attacks at the edge before it hits the network, included as a paid member.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
Response
Security stack layer 5
Cyber Security Operations Center
Our exclusive C.S.O.C. is staffed with certified security analysts to monitor, assess and defend websites, applications, databases, data centers, servers, networks, desktops and other endpoints.
- 24 / 7 / 365 security monitoring using state-of-the-art tech.
- Engage clients of complex threats to resolve the issue.
- Real-time web traffic monitoring and proactive incident fixes.
C.S.O.C. checks for threats, identifies and analysis then performs the necessary actions to resolve the issue while offloading costs of in-house experts by using stack layer 3 to handle the heavy lifting.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
Intelligence
Security stack layer 3
Security Information • Event Management
S.I.E.M. collects logs and events the network traffic and web assets, security devices, operating systems, applications, databases, and reviews the vulnerabilities using artificial intelligence to process.
- Reduces billions of events into prioritized threats real-time.
- Identifies changes in network behavior with activity baselines.
- Flows data searches in real-time streaming or historical mode.
S.I.E.M. senses and tracks significant threats to links to all online supporting data and context for easier investigation. While anomaly detection to identify changes associated with the network safety.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
Prevention
Security stack layer 4
Web Application Firewall
W.A.F. by Comodo eliminates application vulnerabilities to protect websites and web applications against advanced attacks including Denial-of-Service (DDoS), SQL Injection and Cross-Site Scripting.
- Destroys malicious requests and thwart hack attempts.
- Protection to account registration forms and login pages.
- Malicious bots and brute force attacks are block and patched.
Combined with malware scanning, vulnerability scanning and automatic virtual patching and hardening engines provides robust security is fully managed for Comodo cWatch Web customers.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
Performance
Security stack layer 2
Add a network of globally distributed servers designed to boost the speed for websites and web applications by transferring content to your user based on their proximity to the nearest CDN web server.
- Proven to increase search engine rankings and site scores.
- 29 worldwide CDN node locations to reach your users.
- Save your bandwidth by leveraging CDN browser caching.
CDN serves your users your website content with virtually unlimited capacity. Giving you the freedom to focus less on site maintenance, more on scaling the uptime of your traffic and target audience.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
Compliance
Security stack layer 6
Payment Card Industry • Data Security Standard
PCI • DSS ensures that your customers' cardholder info is kept secure from security breaches through a meticulous scan of your network and applications to identify and fix security vulnerabilities.
- Simple and automated way to stay compliant with PCI • DSS.
- Pass the requirements for the 12 points PCI • DSS standard.
- Schedule on-demand PCI scans to report quarterly results.
Establishes and implements a firewall, hardens your environment, disables unnecessary services & configures system parameters to prevent misuse, ensures system audit components are protected.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
© 2024 Comodo Security Solutions, Inc