Guess your website is hacked, what will you do? How are you going to take it forward and get back to the website? Well, don’t worry, you can still retrieve the website. There are thousands of websites that get hacked, and the owners get it back in their original form. So just follow these steps and see that next time when your website is hacked, you can get it back.
Apprise your Web Hosting company
The first person to know that your website is hacked is the hosting company of your site. So the sooner you let them know the better. In most cases, your web host will be able to fix this better than anybody. The web hosting will be having multiple customers parked on a particular server, so he will have to check if those customers are also not affected.
Just in case if your host is not able to help you out, try to find out somebody who is specialized in retrieving hacked website. It is always better to get trusted people to do the job because they know it right how to do it the way it is required.
Quarantine the website
The next most important step is to turn off your website and quarantine it offline till you are sure the problem is fixed. You may be worried that the content is not reaching your audience, but remember the content is any way serves no purpose since the website is hacked. Put the DNS entries to a static page on another page that uses 503 HTTP response code.
The best thing to do is to take your website offline, and if you are not sure how to do it, then let your third-party host do it. Review your administrator account, because most hackers create their own account. Deleted/change all the credentials related to your website.
Analyze the attack?
The severity of the hack can vary. Check out the information in the Message Center and Security Issues in the Search Console, because this information can assist you in figuring out the extent of the attack.
A hacker can attack your site in a number of ways:
Check out how bad the attack was, this can be done by looking at the information in the Massage Center in the search console. This will help you in finding out the extent of damage it has done to the website. The hacker has more than one way to attack your website.
- Infuse spammy content, thus reducing the quality of the content.
- Disperse malware
- For phishing purpose
Check messages in the Search Console you know the type of hacking. To know what type your site has been hit with, check the Webmaster tools.
Check for the File System
This is for more in-depth investigation, to find out the maximum damage the hacker could have done to your website. This includes modifying the website and other file systems. Creating back door for the hacker to come in anytime when you think everything is in order.
Check the files that have been created or modified, with the backup the website that you have secured earlier. Check on server error logs and other dubious activity, mark the login attempts and the failed attempts. Check your configuration and review all the files for redirects, and file permission, as well.
Identify the vulnerability
Now analyze your website for vulnerability, there may be more than one to be fixed. Fix all the errors. Keep searching for the odds, and ensure that the antivirus has scanned all the vulnerabilities, which could be
- Reused passwords
- Administrator's Virus-infected system
- Permissive coding practices
- Outdated software.
Maintain and clean your website
Keep your website clean and updated. Secure it with the best security software like cWatch and never miss to perform the maintenance.
Locate support sources to help you when dealing with the loss of confidential information. If you have been attacked by phishers, it is highly likely that confidential information has been taken. You may want to consider all business, legal or regulatory responsibilities you have with respect to your retained information and files before you start cleaning out the site.
You will need to remove the new URLs created by the hacker if any. However, be careful in your removal of pages. Do not remove any good pages that were simply damaged by the hacker. Only remove the ones you never want to appear in search results.
You could also look into expedited processing by Google’s Fetch as Google feature in Search Console to submit these pages to Google's index.
Clean your server
Be sure that the backup was created before the site was hacked and restore from the backup file. Install software upgrades including the operating system. Change all of the passwords one more time to all accounts related to the site.
Make two backups of your site now, even though it is still infected. One will serve as a “clone, which will help you in restoring content. The other backup will serve as a file system copy from your server. Clean the site’s content on the new backup file system, but make sure this is not on the server. Correct any vulnerability you find and eliminate any widgets, applications or plug-ins on the site and move onto the next step.
Be sure what you are doing is a clean installation and not just an upgrade, change those passwords if needed. Do not leave any files from a previous version. Transfer the good content from your backup back to the system.
Map your performance
Make sure you have taken proper steps and that hacker couldn't get away with all the personal information. Remove all unnecessary or unused applications or plug-in. Check if the content is restored safely. Ensure the root cause of the vulnerability is resolved. Make sure you do have a long-term maintenance plan and not paying attention will expose you to even more attacks in the future.
Your website must be back to normal and running, but get it reviewed by Google if everything is in order and it is not flagged. You must have completed all the step above to ensure the website is unplugged. When attacked for phishing, makes a review at google.com/safebrowsing/report_error/
Author Bio:- Ashraf is a Technical Blog Writer from Comodo. He writes about information security, focusing on web security, operating system security and endpoint protection systems.