One afternoon a few days ago a friend of mine went to their site and it was GONE. SIMPLE AS THAT…GONE!
So your website has have been hacked. What do YOU do? How do YOU get it back? Can YOU get it back?
There are several ways to find out if you have been hacked, but the obvious is when the hacker has simply changed the appearance of your website.
Most hackers often times will attempt to take cover so it isn’t obvious that a site has been hacked. They really don’t want you to know because they want to use your site as long as they can to do the dirty work they want to do. But some hackers “just like to distroy.” Website Vandalism inspired attacks are often done more for a shock factor and to grab people’s attention.
Here are the obvious signs that your website has been hacked.
- Your website is defaced.
- Your website redirects to an ‘unsavory’ site.
- Your web browser indicates that your site may be compromised.
- You notice strange traffic in your web logs.
- You go to your site and there are errors all over it.
- Warning boxes that pop up in your browser from Google Webmaster Tools.
- Your friends receive fake emails from your email account
- Your mouse moves between programs and makes correct selections
How does a hacker get in?
We all know that the more complicated your password is the better. But there are tons of ways a website can be hacked.
- If your password is easy for you to remember it will be easy for them to figure it out.Using malware on your local computer to capture your login credentials.
- Finding a security vulnerability in specific software that you use (especially outdated software).
- Hacking someone else’s site that resides on the same shared-server that you are using for your site.
Getting hacked because of someone else’s site on the same server is a good reason to avoid cheap hosting providers. How many times have I heard from clients “I can get my site hosted for $12.00 a month” or “I don’t need to pay all that extra money, because I don’t need my site backed up, etc…But in the long run if your not hosting with a good provider it could cost you a lot of money and aggravation down the road.
You have been hacked. Now what?
Getting your website hacked is a big deal and it can be fairly costly to have it restored if you don’t have a back up. If you do get hacked here are some things you should do:
1. First STAY CALM
2. Call in a support team (developers you know and trust) if you don’t know of anyone get a reference.
3. Pull together the information your support team will need if they did not build your website.
Your support team will need this information, and information you should always have, IT IS YOUR SITE SO TAKE THE TIME TO KEEP THIS INFORMATION IN A SAFE PLACE. AND MAKE SURE IT IS THE CORRECT INFORMATION.
- CMS Login
- Hosting Login:
- Your web logs
- FTP / sFTP access credentials
- Backups If you have them.
4. Scan your local computers for viruses and malware
What to expect from your developer.
- Changing your passwords for website logins, database, and FTP.
- Making a backup of the site and downloading it for inspection.
- Examining log files and other data to determine how and when the website was hacked.
- Examining the software extensions used on the site and ensuring they are up-to-date and do not have any known vulnerabilities.
- Reviewing any custom software code (if applicable) for any obvious security flaws.
- Cleaning the site and putting it back online.
- Beta testing on all browser to ensure everything is running right.
Some important questions to ask a hosting company.
- Do you offer support for scripts installed through the cPanel?
- How often is my site backed up?
- How many clients on each server?
- How do you handle site security?
- How to you handle downtime?
- Do you have a maintenance fee?
- Do I have to pay extra for upgrading plugins?
- Are you up to date with all the new technology for secure hosting?
- ALWAYS READ CONTRACTS – MAKE SURE YOU CAN GET OUT OF IT WITHOUT PENALTIES
Basically you need to trust the people you will host with, you paid a lot of money for your website and you want to keep it safe. Whoever designed and developed your website would be a good place to start. They know your site, they know you and will want to keep your website safe. It might cost a bit more, but more then likely they will give you a lot more for your money then another hosting company that
doesn’t know you, or your site.
Here are a few steps to help prevent another attack.
- Monitor your site regularly.
- Be proactive with your security.
- Perform required software updates for your operating system and web browser.
- Install a firewall on your computer.
- Purchase or download anti-virus software.
- Install anti-spyware/adware programs onto your system.
- Delete emails from unknown sources.