Do you know what to do if your website is hacked? You may think that it’s never going to happen to you because you’ve done everything you can to make your website secure. If you have implemented robust security, then congratulations, you have done a lot to reduce your chances of having your website hacked. There are, however, never any guarantees, so it’s still wise to have a plan in place for if it is. Here is some guidance to help.
What to do if your website is hacked?
When thinking about what to do if your website is hacked, there are seven key points you need to address. These are as follows. Contain the damage. Report the issue to your host. Scan your site for malware. Scan your server, local computers, and mobile devices. Check your list of administrators. Back up and restore your website. Learn and prevent.
Contain the damage
There are two sides to this. First of all, you want to stop the hacker from doing any more damage to your website. Secondly, you need to do everything you possibly can to prevent your site infecting anyone else with malware. In principle, the best move is to take your site entirely offline. In practice, however, this is not often a realistic option because you’re probably going to want to use cloud-based tools in the clean-up operation. You can, however, block your site to all IP addresses except for ones that you specify.
Report the issue to your host
If your host did not report the issue to you, then you need to make them aware that you have identified an issue and are dealing with it. Your host may be able to help by providing information that can help you to work out what happened to your site. They may also be able to suggest vendors you could use if you need extra assistance or offer support themselves at an extra cost.
Scan your site for malware
Even if you’ve been using a reputable website vulnerability scanner, there’s always the possibility that malware can slip past it in the interval between a new threat being created and an anti-malware scanner being updated to deal with it. One of the advantages of using cloud-based website vulnerability scanners is that this delay is minimized, but it is still there.
This means that if your website is ever hacked, you should make it a top priority to scan it for malware (and any other vulnerabilities supported by your scanner) as there may have been an update released since your last scan.
If you haven’t been using a website vulnerability scanner then you could try using one of the free scanning services just to get your website up and running again. Make sure, however, that you use a reputable vendor. Then make it a priority to sign up for a premium service, again, check that you’re using a reputable vendor.
Scan your server, local computers, and mobile devices
If you’re running your own server, you need to check for malware on that. You definitely need to check for malware on your local computers and mobile devices. The attacker may have compromised one or more of them and used their access to steal the login details they needed to access your website.
Check your list of administrators
Go through your list of administrators carefully and make sure that you actively and definitely recognize all of them as legitimate users. If you don’t, then just delete them. You can always create new accounts if they turn out to be genuine users.
Once your scans have finished, have all the administrators change their passwords. If they’re not around to change their passwords, then downgrade their accounts until they are.
Back up and restore your website
Back up your website and its contents just to be on the safe side. Then decide if you are going to clean up your website by hand (or have someone do it for you) or if you are just going to start again from scratch.
As a rule of thumb, the more customization you have done on your website, the more sense it makes to grit your teeth and go through it manually looking for the malicious code the attackers will almost certainly have left behind. This code is often missed by anti-malware scanners because it is customized to your website, hence they have no reference point. If you do go down this route, remember to update all your software afterward.
Learn and prevent
Undertake a security audit on your site and commit to actioning the results.
Please click here now to have your website scanned, for free, by cWatch from Comodo.
Removal
Security stack layer 1
Malware Detect & Removal
Our malware detection scanning, preventive methods and removal enables you to take a proactive approach to protect the business and brand reputation from malware attacks and infections.
- Unsuspecting websites get infected with malicious code.
- Continuous website monitoring to detect any incidents.
- Identify and remediate the cause to hardening your websites.
Comodo cWatch Web can identify malware, provide the tools and methods to remove it, and help to prevent future malware attacks at the edge before it hits the network, included as a paid member.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
Response
Security stack layer 5
Cyber Security Operations Center
Our exclusive C.S.O.C. is staffed with certified security analysts to monitor, assess and defend websites, applications, databases, data centers, servers, networks, desktops and other endpoints.
- 24 / 7 / 365 security monitoring using state-of-the-art tech.
- Engage clients of complex threats to resolve the issue.
- Real-time web traffic monitoring and proactive incident fixes.
C.S.O.C. checks for threats, identifies and analysis then performs the necessary actions to resolve the issue while offloading costs of in-house experts by using stack layer 3 to handle the heavy lifting.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
Intelligence
Security stack layer 3
Security Information • Event Management
S.I.E.M. collects logs and events the network traffic and web assets, security devices, operating systems, applications, databases, and reviews the vulnerabilities using artificial intelligence to process.
- Reduces billions of events into prioritized threats real-time.
- Identifies changes in network behavior with activity baselines.
- Flows data searches in real-time streaming or historical mode.
S.I.E.M. senses and tracks significant threats to links to all online supporting data and context for easier investigation. While anomaly detection to identify changes associated with the network safety.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
Prevention
Security stack layer 4
Web Application Firewall
W.A.F. by Comodo eliminates application vulnerabilities to protect websites and web applications against advanced attacks including Denial-of-Service (DDoS), SQL Injection and Cross-Site Scripting.
- Destroys malicious requests and thwart hack attempts.
- Protection to account registration forms and login pages.
- Malicious bots and brute force attacks are block and patched.
Combined with malware scanning, vulnerability scanning and automatic virtual patching and hardening engines provides robust security is fully managed for Comodo cWatch Web customers.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
Performance
Security stack layer 2
Add a network of globally distributed servers designed to boost the speed for websites and web applications by transferring content to your user based on their proximity to the nearest CDN web server.
- Proven to increase search engine rankings and site scores.
- 29 worldwide CDN node locations to reach your users.
- Save your bandwidth by leveraging CDN browser caching.
CDN serves your users your website content with virtually unlimited capacity. Giving you the freedom to focus less on site maintenance, more on scaling the uptime of your traffic and target audience.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
Compliance
Security stack layer 6
Payment Card Industry • Data Security Standard
PCI • DSS ensures that your customers' cardholder info is kept secure from security breaches through a meticulous scan of your network and applications to identify and fix security vulnerabilities.
- Simple and automated way to stay compliant with PCI • DSS.
- Pass the requirements for the 12 points PCI • DSS standard.
- Schedule on-demand PCI scans to report quarterly results.
Establishes and implements a firewall, hardens your environment, disables unnecessary services & configures system parameters to prevent misuse, ensures system audit components are protected.
By clicking the button below, I agree to the Terms of Service and Privacy Policy. Already have an cWatch account? Sign in here
© 2024 Comodo Security Solutions, Inc