What Happens When Your Website Gets Hacked: How to Identify It and What to Do About It
Getting hacked happens to big sites and small alike. In this day and age it’s a matter of “when”, not “if”. That’s why it’s necessary to come up with a game plan ahead of time. If you’re a site owner, you must learn how to identify the signs of being hacked, what to do once it happens, and how to prevent it for the future.
What it looks like to get hacked
What are the different signs of being hacked? One is vandalism or missing files, although nowadays hackers rarely make it as obvious as all that. One of the primary goals for the hacker is to hide the intrusion so they can collect your data, install malware on your users’ computers, and even use your site as a jumping off point to attack others. The last thing they want to do is alert you to these activities.
There are three types of files that hackers aim to alter: .htaccess files, php files, and media files. Someone who gains unauthorized access can easily edit these files to include malware that can hurt your users.
Another sign is links on your site that have changed suddenly. They may direct users to to malicious websites which serve up viruses or advertisements. Hackers can be sneaky about hiding these links — for example, if you have a multilingual website, check your translation memory database for phrases that the hacker may have changed.
How to recover from a hacker
If you discover your site has been compromised, the most important first step you can take is to call in professionals who are experienced in site recovery. However, if you’re sufficiently tech savvy there are some steps you can take on your own.
The following assumes you have backups of all site files and databases. First, you’ll want to take your site offline to keep site visitors safe. Go all the way by removing all files from your site’s root directory. Stop all cron jobs as well since they may have been reprogrammed to create backdoors back into your site for the hacker. Same goes for your databases as they too could be hiding malicious code.
Next, change all of your passwords. This can include your web panel, FTP, SSH, database, personal computer, email account, and any other logins that you use. Where possible, change usernames as well to make it even harder for the hacker to regain access.
Now you’ll restore your site and databases from clean backups. Ensure that the backups you use do not contain files altered by the hacker. Hackers can plan a site takeover months in advance, so don’t be so sure if you don’t immediately see signs of intrusion.
Harden your site to prevent hacking
Once your site is back up and running, you can address security flaws.
Use passwords liberally throughout the administration sections of your site. For every login you have, use a different username and password combination. Make sure all passwords are strong and lengthy and consider installing a password manager.
Check if the scripts your site uses are up to date. If not, update them immediately, as there may be exploits within the file that have been fixed in the latest versions. You should do this on a regular basis to prevent incidents in the future.
Finally, make monthly or even weekly backups and save them for at least a year or two. If an intrusion does occur again, this will help you pinpoint when it happened and possibly how the intruder was able to do it.
Being hacked is no picnic. Prevention is hands-down the best way to deal with it. But that doesn’t mean you should let your guard down, so plan for the worst. When the preventions fail, you’ll be able to keep your cool and fix the problem with aplomb.