How do you know if you’ve been hacked?
There are many ways you may find out that your website has been hacked. The most obvious is when the hacker has simply defaced your website. You wake up one morning, open your browser and low and behold, your website is no longer there. It has been replaced by a new page and has a big sign saying “Hacked by ______ (fill in the blank).” Or even worse, you get redirected to, hmmm, let’s call it an “unsavory” website. Well, in those cases it is obvious that you’ve been hacked.
However, hackers oftentimes will attempt to cover their tracks so that it isn’t obvious that a site has been hacked. They’d really prefer that you didn’t know about it, because they want to use your site as long as they can to do their dirty work.
Here are some big signs that your website has been hacked:
- Your website is defaced.
- Your website redirects to an ‘unsavory’ site such as a porn site or pharmaceuticals site.
- Google or Bing notifies you that your site has been compromised.
- Your Firefox or Chrome web browser indicates that your site may be compromised.
- You notice strange traffic in your web logs such as unexplained big spikes in traffic, especially from other countries.
How does it happen?
In a survey last year by StopBadWare and Commtouch, 63% of website owners indicated that they did not know how they were hacked. If your website has been hacked, it is critical to understand how it happened in order to prevent another hack by the same hacker.There are many, many ways a website can be hacked. Here are some common ways hackers can take control of your website:- Guessing your password.
- Using malware on your local computer to capture your login credentials.
- Finding a security vulnerability in specific software that you happen to be using (especially outdated software).
- Hacking someone else’s site that resides on the same shared-server that you are using for your site.
Note: getting hacked because of someone else's site on the same server is a good reason to avoid cheap hosting providers. They don’t always have the best security practices and you often have “bad neighbors” on the same server.
It's not uncommon for sites - even large ones with lots of protection - to get hacked. Security is a major problem these days. And if your site gets hacked, it can get damaged in a number of ways. You could lose all your data, or lose its ranking due to malicious activity. So while you can take periodic backups, you cannot prevent someone from hackinginto your site. The best and most practical thing to do in such an event is to recover your site as fast as possible so that the effect of the attack is neutralized/minimized.
So, you have been hacked? Now what?
Here are some tips shared by Google for getting your website back on track after it has been hacked.
1. Stay calm
First of all, stay calm. You can recover.
2. Call in your support team
If you don’t have the right technical expertise on staff, your best option will be to call in a support team. Ideally, this will be someone with both strong technical expertise as well as someone who is familiar with your site and its configuration. This can include your web developer and/or your hosting provider.
Web designers without a programming and technical background may have a harder time assessing the issue and fixing it. Experienced web developers (e.g. programmers) should have the necessary skills to assess and fix the problem.
Many hosting providers will not do the actual work of cleaning your website. But they can provide invaluable assistance or may have other customers that are experiencing the same issue.
3. Pull together the information your support team will need
You will need to get your information together for your team. Your developer / team will need access to:
- CMS Login: your content management system with administrative / super admin rights
- Hosting Login: your hosting control panel to access your database and web logs
- Your web logs: both the access logs and error logs. Be sure that your hosting company provides the web logs. Most web hosts do, but a few hosting companies do not turn those on by default or may not provide access to them.
- FTP / sFTP access credentials: this should include the hostname, username, and password
- Backups: Any backups you may have
You should consider keeping this information together in a safe location that you can access quickly in case the need should ever arise.
4. Take your website offline
You should temporarily shut the site down while it is being assessed and fixed. Your hosting control panel may have the ability to temporarily turn off your site. Or you may need to password protect the main directory where your website resides to block visitors from accessing your site while the team works on fixing it.
5. Scan your local computers for viruses and malware
You will want to scan your local computer(s) with your anti-virus software to make sure they aren’t infected with malware, spyware, Trojans, etc. Be sure your anti-virus software is up-to-date before using it to scan your computer.
Some Important Additional Steps
6: Clean up malicious scripts
Hackers can target your site for any number of motives. From taking down your website and deleting its content to simply adding backlinks discreetly, there's a lot that can be done. If you notice suspicious content appearing on your website, delete those unnecessary pages immediately. However, don't just stop there.
Hackers will often insert malicious scripts into your HTML and PHP files. These could automatically be creating rogue backlinks or even new pages. Make sure you check your website's source code and see for any malicious PHP or JavaScript code that could be creating such content.
7:Maintain your CMS
Websites often get hacked due to vulnerabilities in a CMS that get patched with updates. If you're running an older version, your site is more susceptible to attack. Make sure you keep your CMS updated, and use a strong password for login. If possible, enable two-step verification to secure the login process.
8:WWW vs .non WWW
www and non-www URLs are not the same. http://www.example.com is not the same as http://example.com - the former refers to a sub-domain 'www', whereas the latter is the root of your site. When checking for malicious content, verify the non-www version of your site as hackers often try to hide content in folders that may be overlooked by the webmaste
9: Useful tips:
Avoid using FTP when transferring files to your servers. FTP does not encrypt any traffic, including passwords. Instead, use SFTP, which will encrypt everything, including your password, as a protection against eavesdroppers examining network traffic.
Check the permissions on sensitive files like .htaccess. Your hosting provider may be able to assist you if you need help. The .htaccess file can be used to improve and protect your site, but it can also be used for malicious hacks if they are able to gain access to it.
Be vigilant and look for new and unfamiliar users in your administrative panel and any other place where there may be users that can modify your site.
Avoid using FTP when transferring files to your servers. FTP does not encrypt any traffic, including passwords. Instead, use SFTP, which will encrypt everything, including your password, as a protection against eavesdroppers examining network traffic.
Check the permissions on sensitive files like .htaccess. Your hosting provider may be able to assist you if you need help. The .htaccess file can be used to improve and protect your site, but it can also be used for malicious hacks if they are able to gain access to it.
Be vigilant and look for new and unfamiliar users in your administrative panel and any other place where there may be users that can modify your site.
Got any questions? Feel free to leave a new thread in our discussion forum.
you can read the post from google or mail me :Azeemaftab0@gmail.com for help in this regard.
you can read the post from google or mail me :Azeemaftab0@gmail.com for help in this regard.