Blog

What to do if your website is hacked

As more and more business is conducted on the internet, the importance of your company’s website has risen. At the same time, there has been an increase in hacking attempts aimed at gaining unauthorised control of company websites. This makes it essential that firms take every step possible to secure their sites and the information contained there.

If your website does get hacked, there are a number of actions you can take to recover control of the site and limit damage. Listed below is a series of steps you can take to deal with a hacked website.  

Notify your host

If your website is hacked it is important to immediately let your hosting service know what has happened. They can take the necessary steps on their end to prevent any further dissemination of whatever message the hackers have placed on your site (if any) and to regain control of the site.

Restrict website access

In addition to any obvious damage done to your website display, hackers may have sabotaged or otherwise damaged various settings associated with the functioning of your website. Before attempting to restore your site you should first lock down access to it. This will prevent your customers and other site visitors from viewing any messages placed on the site by the attackers, or encountering any malicious changes they may have made to the site. One risk of not quickly locking down your site, is that if the attackers have added malware to it, your site may be flagged by major search engines such as Google as infected. This can further complicate the process of restoring your website to its prior state.

Change passwords

Once you have restricted access to your website, it is imperative to change the passwords associated with administering the site. Once this is done and the attackers are locked out from any further access to your site, you can take the steps necessary to assess any damage and restore the site to operation.

When changing passwords, make sure to do so for all passwords associated with your server, including:

  • Email passwords
  • User passwords
  • Server control panel
  • Hosting account center
  • SSH passwords
  • FTP passwords
  • Database usernames and passwords
  • HTTP authentication passwords
  • Website software login passwords

This list isn’t exhaustive so check for any other accounts used to communicate with or gain access to your website to ensure that the hackers will not be able to easily repeat the process in the future. Whilst this process may be time-consuming, it is a vital part of the hack recovery process.

Evaluate and communicate

In addition to any obvious damage done to your website display, hackers may have sabotaged or otherwise damaged various settings associated with the functioning of your website. Once you have locked down access to your site and changed passwords, you should evaluate all associated functionality and make any changes necessary to return it to proper functioning. You should also communicate details of the hack to your employees and customers as appropriate to help minimise disruption to your business.  As you assess the damage, be sure to record the details of your investigation; a hacked website is a crime scene, any evidence you find that leads to the perpetrators of the attack should be communicated to the relevant authorities.

Perform Diagnostics

As you evaluate any damage to your site you should also take steps to determine the vulnerability which allowed the attackers to gain access to your site. This is a critical part of the recovery effort because it allows you to make changes to both the technical setup and the security policy of your site. This can be a complex, painstaking process which may best be outsourced to a firm with the relevant expertise. Still, there are steps you can take to help any such effort.

These include:

  • Check for malicious code
  • Penetration testing
  • Perform a careful analysis of the site’s log files which will help determine what actions were taken by whom and when they were taken
  • Search for viruses and malware
  • Check hacked files against backups that are known to be clean
  • Look for files on the server that are unknown or mismatched
  • Determine what doesn’t work on your site and why

Conclusion

With security breaches and website hijackings happening on a regular basis currently, it makes good sense to pay serious attention to keeping your website secure. If, in spite of the security precautions you have taken, your website is hacked, you should have a plan in place in advance that allows you to react as efficiently as possible in such an event. This entails notifying your website hosting service, locking down the site until it is repaired, changing passwords, and investigating the source of the intrusion. If all these steps are taken, you should be able to resume normal website operations as quickly as possible, whilst at the same time reducing the chances of any further intrusions using the same methods.