A new website is hacked every five seconds. By the time you’ve read this article, over 100 websites will be attacked.
Commonly compromises are due to outdated software or inserted malicious code via software forms, rather than server side. You should be prepared and well-informed when it comes to hackers and how they may enter your website. Here are some tips on finding out if you’ve been hacked and how to prevent disasters from happening.
Has My Website Been Hacked?
Easy ways to tell if your site has been hacked is if your web pages look different, you can’t get into the administrative side, Google greets your site with a warning (see above), or the page won’t load. Other symptoms of being hacked include anti-virus software informing you of a problem, multiple failed log-in attempts, or receiving an e-mail asking if you requested a password change.
So you think you’re hacked, what now?
Ask for Help. Time to reach out to the Internet for answers. Twitter is a wonderful community filled with friendly programmers ready to help you out. Briefly, explain your problem and you might be lucky enough to find someone who went through the same thing you’re going through. You can also do a quick Google search of your hacking problem. There could be forums discussing a similar situation.
Find Out Exactly What Happened. How did the hackers get in? Was it a Cpanel password compromise, FTP password entrance, remote file inclusion, or a code injection? Was this a giant hacking job that affected numerous sites, or were you the only target? Multiple questions will arise as you assess the damage and see if any data has been stolen or corrupted. While checking to see what’s missing, also look for anything that’s been added, like strange uploaded files (sometimes new files have the correct date stamp and will show up at the top of directory lists, but that is not always the case as date stamps can be altered). The more you know, the more your support team and/or the Internet can help you.
Take the Site Offline. People don’t want to come to a site that’s giving them scary alert messages from their anti-virus software or Google. Take the site down and make sure you have fixed everything before people return. If customers come back to your site and it’s still glitchy, they are less willing to trust your site and regaining their trust may be impossible. Create a landing page informing clients that you are currently fixing the problem. To prevent Google’s robots from crawling your site and lowering your search ranking, return a 503 status code (Service Unavailable) showing your site is down for maintenance.
Best Measures To Prevent a Future Hacking.
Regularly Backup All Your Data and Files. Saving and backing up your information should be done as often as your schedule allows. This is of the utmost importance as you may be able to restore your latest backup if your site goes down. If your site has regularly visited forums, backing up your data should be done almost daily, (keeping at least 3 date-stamped backups) so that even the latest posts won’t vanish in the event of a hack. There are a number of free and paid backup services and plugins that will do this automatically for you – these days, there is no excuse for not backing up.
Change Your Passwords. Do this for every single account associated with your website. This includes cPanel, FTP, WordPress (or other CMS), Google, and everything else you use in your website operation. Make sure no 2 accounts have the same password. Your new password should be very hard to guess. If you can memorize the password, it’s probably not secure or unique enough. Use a password manager if you just can’t seem to manage your passwords. Fill your passwords up with non-alphanumeric characters where possible. Delete any old email accounts once you are sure you don’t need it anymore.
Don’t use Generic Usernames. A hacker’s job will be much easier if your log-in username is something like “admin”, “adminstrator”, or “site owner”. Try to make your username unique to you.
If you have a Blog, Protect the Comment Section. Comment sections are a great tool to engage your visitors, but it also provides an easy entry place for hackers. Validate the form input before any comment is accepted to strip out most HTML tags. Many software systems allow disallowing html or any code in your comments. WordPress has a keyword filter that you can tinker with to prevent any malicious code.
(OK, this is HUGE) Keep All Programs Updated. Make sure you have the most updated programs on your hosting account. Update WordPress, Drupalm Joomla or other CMS to it’s most recent version. Flash can also cause problems on your desktop if it’s not the latest update. These CMS systems and programs are used by millions, so hackers work day and night trying to hack them.
Don’t Keep Unused Files into Your Site’s Web Root. Remove these files and directories from the public_html folder as soon as you are finished with them. This unused content can be used by hackers to gain access your website. Be sure to never leave those files and directories with write and execute permissions (777 permissions) in your web root. This is dangerous because hackers can exploit these insecure scripts to run their files from your host account. There are many FTP tutorials to train you how to find and remove and edit permissions of unused files.
Keep Up to Date with the Security and Bug Fix Releases. Always keep an eye out for the latest fixes and releases for all the scripts you are actively using. You must regularly monitor the websites of the developers whose scripts you are running. Don’t hesitate to install these quickly as sometimes hackers will try to exploit recently outdated scripts with confirmed security flaws. With notifications turned on, WordPress and Drupal will send you notices of updated plugins and themes from their repository.
How Can Hosting Vermont Help?
If you are using WordPress for your Content Management System (CMS) we offer managed WordPress services.
Managed WordPress services come with a long list of management services that will keep your website secure.
We feel that it’s better to be proactive and prepared than reactive.
If you are already our customer and you are using WordPress CMS, you should consider our managed services for WordPress.
As always, if you have any questions or need help, please call us.