How to Clean a Hacked Website
Whenever an ecommerce website is hacked, one of the primary concerns is customer credit card data. If you process payments within your online store, you may have to respond to a possible data breach, including implications regarding Payment Card Industry (PCI) compliance.
If you suspect credit card data is being stolen, you can contact your bank to inquire about virtual credit cards. These can be used to test purchases on your site before cleaning the hack. Stolen credit cards are often used within 12 hours, so this exercise may indicate if further investigation is required. This is not a 100% reliable method, but it is one step you can take on your own before seeking help from a PCI Forensic Investigator (PFI).
In order to maintain PCI compliance in the event of a data breach, you must follow the requirements, specifically PCI DSS Requirement 12.10: Implement an incident response plan. Part of this requirement involves preserving evidence.
Please note that this is not legal advice.
Immediately back up your hacked site including:
- Server log files
- Your site file system
- Your site database
- Custom files and configurations
If you process payments off-site via a secure payment gateway, API, or payment form (hosted by an external payment processor), then your customer data is secure against credit card stealer malware within your installation.
Originally published at sucuri.net on January 2, 2018.