“My Website Is Hacked, What Do I Do?”
There are a few steps you can take to fully recover from your website being hacked. However, there are also several different reasons why your website being hacked could become a long-term issue:
- Identity Theft– If the hacker has found a way to reach the sensitive data in the site, this could compromise client relationships as well as become liability to your brand.
- Downtime– Depending on the type of attack, the damage could be just a login and password hack, damage to site structure, or even hardware impairment as a result of an aggressive hacker. This could lead to significant downtime for your site.
- Recovery Time– The recovery time is unique to the hack as well. If most of your data is stored on a backup server that takes backups regularly, then data integrity may not be lost. If this is not the case there could be double the recovery time, a redesign of your site structure, and recovery of data lost could entail an exorbitant amount of time and money.
Here are three simple yet effective ways to take control of your site and your data:
- Make sure that you can log in and change your password.
This may seem rather straightforward, but it may be harder than you think. If a hacker has malicious intent to compromise your data, it may be too late to assume that you can still log in with your old credentials. There are several places where you could still recover loss if you do find that logging in is not an option. Depending on your hosting type, you could save a lot of time and stress over your data being compromised if you know the structure of your hosting services. If you are using a traditional website structure, you will attempt to restore your FTP servers as well as all of your databases and apps. This may seem tedious, but considering that you can have permissions on all of your databases as well as apps this may not be too bad. If you have a Plesk or a cPanel, your data may have more security precautions in place just as hardware ARP tables and firewall and port forwarding that may now have been an option in your own setup. Investing in a hosting company that will 1. Take your site offline, 2. Protect as well as store backups securely and effectively, and 3. Enable hardware security precautions, is the first step you can easily take toward protecting yourself and your site from hackers.
- Take your site offline.
This may be one of the hardest decisions, but it may be the most effective way of preventing the hacker from accessing any more of your data.
- Restore from a backup.
Restoring from a backup may be the only option you may have left if your hacker has taken an aggressive approach to compromising your site. Restoring from a backup is easy, and is oftentimes the cheaper yet effective ways that using a hosting company is at your advantage. Restoring from a backup is not only safe, but is also very convenient if you chose to take backups more frequently and widely. Taking full backups may be time consuming, but worth it if you have lost control over your site because of hackers.
Tools you can use against Hackers and attacks:
- http://www.google.com/safebrowsing/diagnostic?site=your domain name
Simply typing this into your browser will show you if there is a problem before you invest time and money diagnosing the issues with your site. This URL will warn you if your website has been compromised. This is a free tool that Google enables so that you can better track your site as well as monitor if your domain name has been copied and redistributed across the web. - Source Code Scanner-Wordfence
Wordfence is just one of many types of source code scanners on the market used to compare and contrast changes in your source code that may or may not have been hacked. - Traffic-DoS Attacks
This point goes hand in hand with knowing your site and making sure that any changes will not compromise the integrity of your site structure and balance. If you receive a high amount of traffic on your site then that may be a sign that you may, for example, be dealing with a common DoS attack. Knowing when your site spikes as well as knowing when there is an unusual pattern in traffic is a good starting point for protecting your site.
Overall, there are steps that you can take in order to prevent your data from being hacked as well as recovering from an attack the best way possible. There are a few questions that you should be asking yourself regularly as a webmaster if you are considering owning a site:
- How do you as a site master use the tools that are available to protect your site?
- Do you take regular full backups?
- Do you understand the trends in site attacks to be able to recover effectively?
- Am I protecting my customers’ sensitive data the best way that I can, at all costs?
- Do I check frequently for traffic flow to and from my site in order to monitor future attacks?
- Do I update my passwords every 3-6 months minimum?
- Do I trust my hosting company to have my best interests at heart?
Knowing the answers to these questions may not be as apparent as knowing how to avoid them. Being proactive is the best way to plan, prevent and recover against a web attack.