How to Fix A Hacked Website?
May 14, 2020
Is your business Web site enabling hackers to distribute malware and orchestrate data breaches/ cyber-attacks? Data suggests that every day on an average 30,000 websites are found to be distributing malware. The majority of these websites are hacked by exploiting unprotected vulnerabilities and then used to distribute malware.
For any business owner, it is important to have a managed, intelligent, and comprehensive web application security solution in place to prevent becoming part of the malware distribution chain. However, it is equally important to know what step to take if your website is hacked. This article will give you an in-depth understanding of the same.
Signs that Your Website is Hacked
- Homepage/ content is modified or vandalized
- Web traffic is redirected to a sketchy pharmaceutical/ banned/ illegal/ adult website.
- You are locked out of your website/ your login credentials do not work/ your account does not exist.
- The site is displaying ads for counterfeit/ illegal products. This could be further infecting your site user’s computers.
- A sudden drop in speed and performance for no apparent reason may be caused by a hack.
- Google, Norton or any other Web site reputation engines have flagged or blacklisted your web site
- Google Analytics is showing you ranking for random/ unrelated keywords.
Is Your Website Hacked? Here Are the Steps to Fix and Secure It
1. Identifying the Attack and Determining Causes
1.1. A Thorough Website Security Check
Conduct a thorough website security check using an intelligent, remote scanning tool like Indusface Web Scanner to unearth warning messages, malicious payload, malware location (if any), blacklist warnings, and other security issues in your website. Scanning must include all databases, third-party components, website files and folders, software, plugins, legacy parts, server configurations, access control, CMS, etc. If the scanning tool doesn’t find any malware, conduct manual reviews of Scripts, iFrame, and links for suspicious activity. Also, check for cross-site contamination, if your website is hosted along with multiple others on the same server.
1.2. Check for recent modifications to files
Examine your files, including core files, to unearth recent modifications (7-30 days) that are suspicious or unfamiliar.
1.3. Assess Security Status using diagnostic tools
If your website has been quarantined/ flagged/ blacklisted by Google, other web browsers or web application security authorities, you must use their diagnostic tools (Google Console, Bing Webmaster Tools, etc.) to understand why and assess your security status.
Note: If you are an e-commerce website, you need to follow the requirements of PCI-DSS Requirement 12.10 and accordingly, implement your incidence plan.
2. Cleaning the Hacked Website
Having obtained insights on where malware is located on your hacked website, you need to clean up, remove malware, and restore normal operation.
A word of caution: Cleaning a hacked website involves some complicated and technical steps. If you are unsure, it is best to enlist professional help to get your website cleaned and fixed after a hacking incident.
2.1. Stop malicious process
If there are malicious processes that are still running, the clean-up will be wasted and the malware will wreak havoc on your website once again.
2.2. Remove hacked website files
Using the insights from step 1, you can replace modified and suspicious files, malicious payload, etc. with new ones or ones that are backed (if not infected by the hacking incident). You also manually go through all files on your website and remove any that you did not put there or if it looks suspicious. Exercise extreme caution in conducting manual cleaning as it can further erode the health of your website.
2.3. Clean and restore hacked databases using insights from step 1
2.4. Remove hidden backdoors
Hackers always ensure that they have a way to get back into your website and will create several backdoors. Further, they use encode to ensure that these backdoors are not detected. It is critical that you close all backdoors to prevent reinfection of your website.
2.5. Secure user accounts
If there are suspicious or unfamiliar user accounts, remove them.
2.6. Remove malware warning
Request a review from your hosting company/ Google/ web security authority that blocked/ flagged your website. This is to ensure that your security issues have been fixed.
3. Securing the Website from Hackers
Fixing a hacked website does not stop with cleaning it and restoring files/ databases from backup; the most crucial third step is to ensure that your website is not hacked in the future.
3.1. Update and Reset configuration settings and permissions
- Update all software, CMS, themes, plugins, etc. to ensure that no critical security patches are missed
- Ensure that there is only one admin account. Additionally, assign least privileges to other user roles
- Change all passwords to access points.
- Reinstall all plugins and extensions so that they do not have any residual malware.
- Remove deactivated plugins from your server.
3.2. Create a robust backup strategy and set backups
Good backup strategy = Good security posture. Creating regular and secure backups is critical for quick and secure recovery from a hacking incident.
3.3. Scan all systems for malware
Any residual malware in your computers/ systems can easily re-infect your website. So, comprehensively scan your computers for malware.
3.4. Strengthen your Web Application Security measures
If you do not already have a comprehensive, managed security solution like AppTrana, make sure you onboard one to fortify web application security. The solution must include
- an intelligent, automated scanner for regular and on-demand scanning.
- a comprehensive, customizable, and intuitive Web Application Firewall that shields your website from malicious actors.
- the expertise of certified security professionals.
Conclusion
Having your Web site flagged as “malicious” by reputation engines like Google can cause serious damage to your business. The process of recovering from being hacked is effort-intensive and costly. You need to be proactive about web application security regardless of the size and nature of your business to avoid the negative impact of getting hacked. Hackers find vulnerabilities in websites and exploit them. That’s why one must adopt a proactive approach to continuously assess the risk and mitigate them in a timely manner.
