Website Security, Part 3 – Fixing A Hack
Print Article
Website Security, Part 3 – Fixing A Hack
So it’s official – despite following the steps in Part One, and after determining the problem by following the steps in Part Two, you’ve finally come to terms with the fact that your site has been hacked. The only thing cheering you up at this point is the knowledge that you did all you could, but somehow, something bad got through. The question is, now what?
The first thing you’ll want to do is contact your hosting company’s technical support crew. They should have the knowledge to help walk you through what you need to do; however, it’s also a good idea to know for yourself the steps you need to take.
Root It Out
Scan your local computer using up-to-date virus and trojan scanners. You can use some full featured free ones such as MalwareBytes Anti-Malware, Spybot Search & Destroy, HijackThis (use with caution, as this one changes your computer’s registry) or Avast!
Take It Offline
Make sure your site isn’t out there still being crawled by Google’s spiders or infecting visitors – list it as a 503 status code using .htaccess, as shown in this article. This will prevent your site from getting de-indexed by Google, in case it’s been hacked by a spammer. You can work with Google afterward to fix the damage, but it’s considered a best practice to take it down before it gets removed.
Change Your Passwords
Self-explanatory, but this is a vital step towards re-establishing your website’s security and protecting it against the next hack attempt. Change every password associated with your site, including for cPanel, your email, and FTP.
Block Hacker’s IP and Assess The Damage
Next, you’ll definitely want to track down the hacker’s IP address. This might not be easy, and again, you’ll likely have to enlist the help of your hosting company. If you’re feeling adventurous, you can scan the “raw access log” in cPanel and look for any script or IP address that looks like it might have modified your site’s files. Basically you’re looking for anything that seems out of place.
Next, you need to block any suspicious IP addresses by using the .htaccess tricks we mentioned here. You can also use a firewall to prevent the hacker from getting into your site again. However, if you’re on shared web hosting, you won’t have access to a firewall, so contact your web hosting company and ask that they block the IP address. If you are on a VPS hosting plan or a dedicated server, your host may include an Iptable-based firewall. If they don’t, ask if they’ll install one.
Get Rid Of The Code
Now comes the part where you get your hands dirty. That’s right – you have to get in there and remove the bad code. You’ll need to check the source code of your site as it is on your server. Your hosting company might be able to help out with running a command line script to remove a specified bit of code or with installing backup files, but generally finding and eliminating bad code is the user’s responsibility.
That said, there are a few ways to get in there and get that code out. For example, you can use cPanel’s File Manager Code Editor feature to locate and expunge it, or you can FTP your original, infection-free files back onto the server (assuming you have backups). If you don’t have backup files, check with your hosting company; some hosts back up your site files on a regular basis, and if you catch the hack in time, the host might have clean backups they can install. If you have SSH access, you can also locate all instances of the bad code, once you’ve identified it, by using the following command-line script.
For a more in-depth look at what kind of code might be residing on your server and how to identify it, check StopBadware.org’s site.
Lock It Down (For Real This Time)
Once all that malicious code is taken out and you’ve made sure all traces of it are gone from your machine AND your server, the next step is to get serious about protecting your site. Update everything – your OS, your browser, your antivirus program, your CMS, and every other program you can think of. In fact, you might just want to follow the steps listed in Part One of this series.
If De-Listed, Take It Up With Google
Unfortunately, even if you acted as quickly as possible once you learned that your site was hacked, it may take a while to regain the position you used to enjoy in the SERPs. Once back you’ve removed all the malicious code, login to Webmaster Tools and request a review from Google to make sure your site is clean.
Report It
The federal government operates an Internet Crime Complaint Center, where you can report the incident right on the site. If enough people start reporting the same types of incident, that type of attack might slow down or cease altogether. If no one says anything, then they’ll likely continue unabated.
Do you have any secret tips that helped get your website back online after a hack?
Related posts: