I think my
"WEBSITE WAS
HACKED!"
What Should I Do?
If you see one of these messages on your website saying the website was hacked, then chances are you have malware on your site!
Identifying an Infected Website
Identifying an infected website can sometimes be a little tricky, you may have received an email warning you that someone is attempting to login to your backend or you went to your website and it wasn't. A number of things could have gone wrong and being able to identify if your website has been hacked rather than needing updates can save you a lot of time and money!
Common Signs Your Website Was Hacked
- Unusual Website Errors
- Blacklist warnings by Google, Bing, Sucuri, McAfee
- Warnings from SEO and Security Plugins
- Website keeps redirecting to other sites
- Spam comments on posts
- New pages/posts you did not create
- Unsolicited Ads
- "This site may be hacked" warning from Google
Finding out what happened
Identifying what broke on your website is the first step, some common issues could be: white screen, 404 page displaying on the website, missing gallery sliders and lost changes to the website. There a more issues like these that are the result of negligence to your website.
Either it was incorrectly set up by your web host or you are failing to keep your website updated. These issues are more common on sites powered by content management systems, like wordpress, magento and shopify. Make sure your hosting covers updates and patches if you don't want to worry about this!
Identifying what went wrong or fixing the issue can be more difficult than anticipated, you may need to scan your website or hire a developer like Premium IT Solutions to assist you in recovering/protecting your website. We have experienced professionals ready to help!
Can't Identify the Problem?
Scan your Website
The best way to check if you have malicious content (malware) on your website, is to use a site scanner that you trust to scan your website for any vulnerabilities. As a google partner we use both paid resources and diagnostic tools to identify and patch these vulnerabilities with your website.
Google's Webmaster tools - this diagnostic tool is perfect to scan your website and check it's vulnerabilities. Copy and paste this url with your domain name into the search bar:
http://www.google.com/safebrowsing/diagnostic?site=your domain name
Using paid resources allow us to collect information on the malicious attack and prevent any further attacks originating from the malicious attempt's geographical location.
Preventing an Attack
It's a lot easier to prevent a malicous attack to your website, than it is to fix your website after it has been hacked. Keep your website protected with a Google Partner, Premium IT Solutions can do a full clean-up of your hacked website and provide preventative solutions to ensure your data and website remains protected!
Secure Account Details
A lot of the time a website is hacked, it's due to weak security credentials. That secure password you you though of might not be so secure after all, there programs people use to filter commonly used passwords. Being a website developer, we see malicious attempts all the time, and the most common attempt at logging into a website is using username: admin and password: password.
Making sure your account details are secure, is the first and most important step in creating a secure website. Getting rid of the default admin username and creating something that's a little more unique to yourself is one of the best decisions you can make. Having a username that people can't guess is now almost as important as a strong password for website security.
Create Regular Backups
Implementing precautions to prevent an attack, can also help you when you have been attacked. Most "add-on" plugins that provide security features allow you to scheduled backups on your website. Ensuring you always have a recent backup of your website can allow you to restore your website completely in the case of a malicious attack.
Password Protect Your Directories
If you're a web developer like us! You deal with web hosting and hacked websites can become daunting to anyone worried about having too many websites connected with one account. Password Protecting your folders in your website directory is one of the best preventative methods to keep your internal files secure. If there's a successful attempt at logging into your ftp account, the hacker will be restricted to the directory they were able to log into. This restricts the attacker to the sub directory they gained access to, preventing further damage to other parts of your website/hosted websites.
In case of an Attack
First thing to do if your website was hacked, is determine how bad it was, in the case of a serious malicious attack, Google recommends you take your site offline by pointing your DNS settings to a static offline ip address, restoring the site on development server before assessing the situation. This prevents visitors to your website contracting the malware from your website.
- Check your internal files
- Change your passwords
- Restore from a backup
Need help from an expert?
Contact Sucuri
Check your Internal Files
If you're familiar with your website environment, navigate to your root folder and locate the .htaccess file and/or any config files (i.e. WordPress - wpconfig.php) and inspect the source code for any unusual or suspicious looking code that has been added. Make sure to check the names of the files in your directory to ensure there are no additional folders/files that could contain malicious content. Looking at the timestamp on each file can help you determine if any files were modified.
Change your Passwords
It is recommended to update all passwords that are connected to any email account associated with the website. If your directories are password protected you may only need to update the directory that was infected. It is recommended you change all passwords on the infected server.
Restore From a Backup
if you were smart, you made regular backups of your website. This is the point in time you delete the content off your ftp server and restore from a backup. Make sure to update your passwords after you have restored your site.