Has it ever happened to you that you try to access your account, but you get the message that the password you entered is incorrect?? It just hits you like a bolt out of the blue when you realize that your website has been hacked! The trauma of dealing with the repercussions of a hacked account can be immense. You don’t know who got hold of your personal information, what is he going to do with that information, or whether all your friends’ systems are going to be flooded with embarrassing spam or pop-ups. To make matters worse, you will be perceived as the initiator of that spam because it’s all coming from your own website or id.
Similar situation happens when you suddenly realize that someone hacked your own website or blog. What will you do to resolve the situation? Well, in such a situation, you first need to collect yourself, and take some quick measures to prevent things getting out of hand. This guide will tell you how to recover your hacked website!
Find Out Exactly What Happened to Your Website
If you are aware of hacking concepts and common threats your website can be vulnerable to, you will be better equipped to handle this situation. Find out every nook and corner through which your website could’ve been hacked – for instance admin panel, ftp, or web pages that reveal error information – which hackers can misuse. Once you get to know where was the loophole that triggered the hacking attack, you should immediately contact your website hosting service provider.
Contact Your Technical Support Or Web Hosting Provider
Contact tech support and explain your issue in detail – from the time the website went down and nature of the problem. If the support team doesn’t find anything wrong in your website, or you’re not satisfied with their solution – it’s time to take the matter in your own hands.
Contact Global Support Like Facebook, Tech Forums
Try to find out as much information as you can from online tech forums where people in similar situations have shared their experiences and probable solutions for many such problems are discussed openly. Social networking sites such as Facebook and LinkedIn run various groups managed by IT professionals who can help you if you post your queries and explain the issues you’re facing. Another solution is that you can take the help of Google webmaster to detect and clean your website from malware and recover your hacked website.
Carefully scan your database to note if a new user has been recently registered with admin privileges to your website. For hackers, it’s not a big deal to gain access and create an admin user account. Various automation tools are available which the hackers use to get admin access of a website. If you find such a user in your database list, delete or block the user right away so that in future he/she can’t get access to your website with admin privileges.
Take Your Website Offline
Take your website offline as soon as you realize it’s hacked. The key reason for this is that if any new/existing users visit your website, their systems, too, will become vulnerable to attacks. Since they trust your website they will open it, only to find out later that it’s filled with spam and junk. This can be detrimental to your website since a user who was once infected by your site will never visit the same again. Moreover, there’s no harm in taking the website offline since your Google rankings will not be affected in this genuine case of cyber attack.
Prevention of Future Attacks on Your Website
- Avoid common Usernames such as Admin or Administrator. Disable the Admin or Administrator user option and create some other user. Manually assign permissions to that user.
- Keep a backup of your website data and try to create a cluster so if one website is down, second website still available for users.
- Regularly perform Vulnerability Scanning on your website. There are plenty of amazing tools available such as Accunetix ,Nikto which are dedicated for web application vulnerability scanning.
- Regularly monitor the user comments because most of the time malicious users post some scripts that might be harmful for your website and which can lead to common attacks called cross site scripting.
- Regularly check your input fields.
- Delete the post installation pages, error pages and installation folder that can reveal the configuration details of your web server on Google.
- Must create robots.txt file which gives instructions to all search engine pages as to which folder to access or index.
- If you’re using WordPress then you must use their security plugging option.
- You must use secure FTP access and SSH for modifying content of website because these protocols can protect your data from unauthorized access.
- Be up to date with latest threats. Use Google Alerts that give you latest update information about website attacks and vulnerabilities. Google Alerts are email updates of the latest relevant Google results (web, news, etc.) based on your queries.
Keeping all these points in mind, you can ensure complete integrity of your website only if you have good understanding of IT security and hacking. Certified Ethical Hacking certification is the latest security certification that builds your expertise in this domain and lets you keep your information assets safe and sound. Koenig Solutions, a leading IT offshore training provider offers this CEH v8 training at its centers in New Delhi, Dehradun, Shimla, Goa and Dubai. With highly capable pool of trainers, Koenig comes forth as a one stop shop for all your IT training needs. Koenig Solutions is starting the open batches for CEH version 8 from 20th May, 2013.
Author Bio: This blog has been written by Mr. V.P. Prabhakaran. He is a Senior Corporate Trainer at Koenig Solutions expert in providing training on IT Security and Firewall since 2010. He is a certified CEH, OPSA, OPST, CEI, SECURITY+ and ECSA. His rich experience and dexterity in ethical hacking and IT Security domain confer him with immense credibility in handling enterprise security issues. Prabhakaran has provided training to both on-site and off-site clients. He is also credited to have conducted several corporate trainings around the globe.