Things to Do If Your Site Has Been Hacked

Step 1: Scan the local server for Malware:

This is an obvious avoidance but generally overlooked by most people. The majority of customers we talk to that have been victim into a hack, previously have had no safety products installed on their machines and those that do more often than not, are installed from the box, barely configured, forgotten about and rarely updated.

If you do not have a good virus/malware merchandise installed on your desktop computer. Make an informed order by discussing your specific requirements with various vendors. Ensure that at least each week it links into the vendor’s site and updates with new libraries of virus and malware definitions.

If you wish to get bonus points, then install software that lets you monitor your network traffic and where you see strange outgoing requests, investigate. Your device should never be calling the external world with no either expressly carrying an action or putting something up such as a regular download of new virus definitions.

Step 2: Rotate FTP passwords:

File Transfer Protocol (FTP) provides full access to your files onto the server. Like most of the passwords, you shouldn’t place these and forget about them clean hacked Joomla website. They should be updated regularly. We recommend monthly if you access your FTP regularly but if you access it frequently it should be okay. If you’ve never changed passwords we suggest that you update it now! It’s also advisable to have a fair password policy.

This involves:

  • • DO NOT use the same passwords for all
  • • DO NOT use dictionary words or people names
  • • DO NOT re-use the same passwords. Once used and rolled, discard!
  • • DO use a random password generator
  • • DO use minimum of 8 characters
  • • DO use a mix of uppercase, lowercase, numbers and symbols.

Step 3: Rotate database passwords:

Your database is the thing that allows your website to access your database. It is not quite as crucial as rolling the admin password for your application or FTP details, but it is still an important part of a well-managed password policy. We advocate bi-monthly Password changes on this, however, you may want to appear less or more depending on specific conditions.

The most likely situation if database access is compromised, is that a bad man could create a new admin user for your site, delete your database completely, or modify content that is stored and served in the database. If you do change this password by means of a management interface like the Webgyan Console or call Tool you need to remember that your site has to have the new password configured into it. Generally, you will have an interface for it, or some programs ask that you edit a text-based configuration file on the server. It seems complex, but as soon as you know your way around, it’s a 5-minute task.

Step 4: Remove access details:

If you’d like your car to the mechanic and left the spare keys in order that they can work on it, then you would not leave them the keys once you pick this up. Why would you leave full access to your site once work or changes are completed?

You should hand accessibility details out strictly on a required use basis. When you’ve given domain console access, go through Step 5.

Some of you don’t outsource your development work and have dedicated IT staff. Any time a team member with a particular level of accessibility leaves, you should reset those details instantly. Remember, you are doing this not because they may intentionally do something nasty, in fact, that’s generally unlikely, but as a precaution, if at any point, in the long run, their pc was exploited or compromised.

We backup data to ensure in the event of a catastrophe we are able to acquire all clients back online.

Measure 5: Rotate’TheConsole’ (or cPanel) passwords:

This is a very simple step. Just follow the directions to reset your control panel passwords. Use the exact common sense as explained in Step 2 to put in a more difficult password.

Step 6: Subscribe to external observation:

This is similar to an insurance policy. Firms like Secure do a variety of really neat items for you. They will scan your site daily, and instantly alert you if you’ve been endangered. They offer services at which they’ll clean your site in case you really do get Compromised and you need immediate help. If you’re using WordPress, they will do preventative tracking for you, therefore you are alerted to updates in the application, plug-ins, themes and so on.

Step 7: Backup of web files:

There is a belief that your hosting provider will have backups ready and waiting for one to get and can immediately recover all your lost data, with no charge. Generally hosting providers don’t do copies for the reason you believe. We backup data so that in the case of a disaster we can get all customers back online. The copy sizes we deal with are in the many many Terra bytes.

It’s a simple job, that will save you from a lot of headaches later. There are even applications available that can backup. Backing up does not need to happen every day, but with a busy website, weekly copies ought to be part of your plan. For websites that are static and changes very infrequently, monthly backups are more appropriate. Regardless of what program you opt to follow along with if bad things happen, you may have a copy of your website and you can readily re-publish quickly, without the hassle and at no charge. If you have never backed up, take action today, then return!

Step 8:Backup of Document:

This is just an extension of Step 7. If you’ve got a website that signs up new customers, such as an e-commerce website which requires shoppers to register before buy; you most likely market to them, run a loyalty program or possess some kind of reward strategy. What would happen if all that info was deleted? In case you’ve got a busy site, you might decide weekly is too infrequent and decide to archive a copy of your database every day.

Again there are many tools available that can do this for you automatically, especially if you’re using quite a common database technology such as MySQL. Obtaining your hosting provider to trawl through archives and perform a recovery for you will leave you off the air for numerous hours at a best-case scenario.

Step 9:Review software for stains:

You need to pro-actively keep your site up to date as best as is possible. This one would appear self-explanatory but it’s probably the most frequent way for a website to receive exploited and is largely ignored. It’s safe to say that most men and women have a tendency to neglect to upgrade their website, together with the customary process of having your website built by a developer, which they then pertain to you personally which would be the final time that the site is updated. Ever.

We frequently see CMS or even e-Commerce websites that have not been upgraded for 3years, and frequently 5 years ago So, by the time a piece of applications is 3 years old, it’s generally ancient. If it’s then compromised, fixing it gets 10x more complex since there isn’t a straight-forward update route from the version you’re on, to the most recent. It is, therefore, not just a simple patch install instead attempting to re-engineer the whole thing, while your Website

Is offline, and you are losing money. This becomes an extremely bad thing.

Step 10:Review installed Add-ons:

An extension of Measure 10. Again a very common scenario we see is a website owner or manager believes they do everything right by upgrading the core site program. However, they forget all about the add-on modules that have been installed.

Measure 11:Review any installed templates or topics:

Same as Measure 11. Again quite frequently overlooked and another common means to exploit your website.

Measure 12:Restart website admin passwords:

It is always important to modify the admin password for your site regularly. Some hackers will make themselves a brand new admin account and then use it to do harm to your website. Check regularly for any accounts which you haven’t created, particularly those that have admin privileges.

A common method for hackers getting access to the admin section on your site is to write a program that attempts to log in using a list of commonly used admin passwords. You may see where this is about.

Let’s say your admin site is at the speech, In your raw server logs, even if you see large numbers of visitors to that page, especially from only IP addresses, then it’s safe to suppose that folks have or are attempting to do bad things.

The process used in Step 13

Will assist here. As can putting your admin part of the website, if possible, to a directory which is not known as admin’. These little things can be very helpful.

Step 14:Review all file permissions:

Unix file permissions confuse even very technical people, so we won’t attempt to explain them in the context of this guide. If you’re interested then the reference supplied will provide you with a basic primer. In a nutshell, file permissions dictate who are permitted to do what with individual files. The’what’ component is defined as having the ability to read the contents of a file, to write to the contents of a file, or to execute a file – computer lingo for creating the file do something.

Very often if you are working to build an application it is much easier to relax file permissions, rather than fix your code. Yes, that makes it a lot easier to get the code to run, it also opens up large security holes. In case you have files and directories which are set to’777′, which will be read by anybody, write by anyone and implemented by anybody.

This is mostly an extremely bad thing. Your folders and files should have file permissions set up that are just enough for the website to perform what it needs. If they transcend those permissions, depending on the application, you or your programmer should consider carefully limiting them.


If you got this far, well done! I hope this post has helped you. If it has or you feel there was information that could be added, we are always happy to take feedback.

Being hacked may be an intimidating and overwhelming experience, and of course, sometimes damaging to your company if your site is down for lengthy periods of time.