Step 1 – Identify the Attack
The first step you should take is to identify the type of attack that has been executed on your site. There are many ways to do this.
One of the easiest ways is to scan your site with an online tool, which can inform you of any malicious content on your page, such as blacklists, malware, spam, and viruses, among other common hacks. To do this:
- Visit the IsWebsiteHacked site
- Input your websites URL and click Check You Site
- Review the list of checks against common attacks to see whether you have passed or failed
- Note any extra data that is available
As this scanner only checks for common problems it is always best to conduct other checks manually if you pass but still feel as though your site has been hacked. This is a remote website scanner so any attacks that are server-side, such as backdoors and phishing, will not show up in this check. To further identify the attack and the extent of the damage, you can check diagnostic pages, recently modified files, and core file integrity.
By checking diagnostic pages, such as your Google Transparency Report (this includes site safety details, such as whether your site contains malicious redirects and spam, and testing details, which is when the latest Google scan detected malware), you can discover if your site is being blacklisted by web authorities. To check your transparency report:
- Visit the Transparency Report site
- Input your URL and click Search
- Read the data provided
To check recently modified files from the Linux command line:
$ find /etc -type f -printf '%TY-%Tm-%Td %TT %p\n' | sort -r . $ find /etc -printf '%TY-%Tm-%Td %TT %p\n' | sort -r .
Any unfamiliar modifications in the last 7-20 days may be suspicious.
Checking core file integrity is important as most core files should never be modified in the sites lifetime. To do this, you can type the ‘diff’ command into your terminal, or you can manually check via SFTP.
Step 2 – Cleaning Your Hacked Website
The easiest and fastest way to answer this question ‘my website hacked what to do ?’ is to contact us. After that sit back and relax whilst we fix your hacked website. WordPress website hacked? Joomla website hacked? Drupal Website hacked? Or something completely different? It does not matter to us! We can handle them all within an 1 hour. Plus we then add your website to our ‘secure your website’ protection service that stops your website being hacked again. We are so confident in this, we back it up by our guarantee that if, in the unlikely event, your site is hacked again when behind our protection we will immediately clean it of all malware for free. You can contact us here.
However, if you do wish to DIY it, you can follow these steps:
- Back up your website – This is essential! Especially as this might be your teams first attempt at fixing a hacked website – which means a good chance of breaking your website. Backup all the files of your website and do a full database backup. Store these files on a different server than your current website.
- Check your files – Get access to all the files on your server by logging in through SFTP or SSH. Work through each file looking for the malicious code left there by the hacker. The best way to find modified files is to compare them to your latest clean backup of your website. We find the average hacked site has about 50 to a 100 files adjusted by the hacker. Some of these are new files uploaded by the hacker, some are were they have adjusted your existing files.
- Remove the affected files – For each hacked file found remove the malware. Be careful with the existing files on your website that the hacker has updated, ensure you don’t break those files else you could stop your website from working. If you have a fresh backup from before your website was hacked then replace the infected files with fresh copies. Remember some parts of your site you can fully replace with a fresh installation.
- Replace what you can – If you are using a CMS or Forum (Joomla, WordPress, SMF, osCommerce, etc) replace any directories that are standard and contain no custom modifications. For WordPress you can download the latest official release from here. Very often your WordPress plugins will be heavily affected with malware, viruses and backdoors. We are experts at extracting and removing these issues from these plugins but as this is most probably your first time in doing this we recommend you delete and re-install all of your plugins.
- Upgrade to the latest version – If you are using a CMS or Forum (Joomla, WordPress, SMF, osCommerce, etc), update it to the latest version as soon as possible. Also ensure you upgrade all themes and plugins.
- Google Blacklist Removal – In case your site has been blacklisted by Google for being hacked, it will have a warning like ‘this site may harm your computer’, ‘this site may be hacked’ in Google Search results. Login to Google at: https://www.google.com/webmasters/tools/ (create an account if needed). Add your site to the Google web master tool and follow their instructions for them to recheck your website to see if they can remove it from their blacklist.
Step 3 – Securing Your Site Against Future Attacks
- First, update your hosting servers OS and websites software to the latest versions. Hackers often find entry-points into systems through vulnerabilities within old or out of date software. For example the major packages used to make websites such as WordPress, Joomla, Magento, Drupal, Opencart, etc are continually releasing emergency security upgrades. If you have not updated your CMS in that last month then it is very likely your site has major vulnerabilities.
- Reset all passwords for the access points of your site, including user accounts, admin accounts, SSH, your database, etc.
- Reduce the number of admin accounts on your system. Only those who really need admin access should have it.
- Make sure your server has regular offsite back-ups being made. So many website owners have backups made and stored on the same server as their website, not realising that that means the hackers will likely infect their backups too.
- Draft an incident response plan. Should the worst ever happen, a strong plan of action for your website users and IT team to follow will help you effectively respond to a breach.
- Educate your staff. Hackers only need to bypass a single person’s security measures to bring down a whole company. With so much personal data on the web, lawbreakers can easily build a profile of a person and target them — for instance with an email containing malicious code. Inform staff about your security policies and best practice. They should be using two-step authentication for their accounts, and creating non-guessable passwords — a different one for each online account they have.
- Given the ever-evolving nature of hacks, it also pays to stay informed. Keep up to date with the latest security news, and advice on how to protect a website from hackers, by following us on Twitter and Facebook.
- Do some research into the different tools you can use to protect a website from hackers. Our own —website firewall called SharkGate™ is proven, and perfectly designed for small to medium sized businesses. You can learn why many people believe we’re the best in the business by reading our five-star customer reviews. We also offer special pricing for companies that host websites, such as digital marketing agencies. For web design companies we can offer special packages to keep all the sites on each of their servers safe.
We Can Help Save Your Business
SITE FIXED IN LESS THAN 1 HOUR
WordPress website defaced ? If we don’t fix a defaced website in less than 1 hour then we do it for FREE!. Luckily for us we are very good at fixing sites fast!