This is the second installment in our Hacking and Malware series. Last time, we talked about why hackers hack. Today, we are talking about ways to identify if your site was hacked, and what to do if it was. Our next article will go over ways you can protect your site from being hacked in the first place.
How to Tell if Your Site Was Hacked
1. Your Site Looks Different
This is the most obvious way to determine if your site has been hacked. The entire site could be different (or gone), there are different images (probably inappropriate) or random ch@ract3rs, or your site redirects to a totally different site entirely. Since your customers visit your site more than you do, they may be the one to report it to you.
2. Your Browser Alerts You to the Hack
If your site is blacklisted, visitors to your site will see a screen similar to these listed below, alerting them to the potential dangers of visiting your site. Sites can be blacklisted because there is malware present, or because it is a potential phishing scheme. If your hosting provider receives reports from either visitors or their own automated reports that your site has been hacked, they will typically take your site down immediately.
3. Unusual Activity
Large boosts of traffic for no reason, increased amounts of spam,and increases in visitors from other parts of the world are all red flags that your site has been hacked. You can access this site information by visiting your Google Analytics page.
4. Check Google’s Safebrowsing Website
Visit http://www.google.com/safebrowsing/diagnostic?site=your domain name. If your website has been hacked, it should show a warning here.
Your Site WAS Hacked! Now What?
1. DON’T PANIC!
Yes, this will be a lot of work. Yes, your site will have downtime. And yes, you could lose money. But also, YES, you will get through this.
2. Change Your Password Immediately (Tips for a strong password)
Take time to document the following: What are you seeing that makes you think you’ve been hacked? What time did you notice? Have you done anything recently to your site (installed an update, changed a theme, etc). Write down any other information you may think is important. Whether you decide to take this on yourself or hire someone to help you, this information will be very useful.
4. Check with your Hosting Provider
If you’re using shared hosting, it’s possible that the hack affected more than just your site. You’ll want to report the issue to them so they can take the necessary steps. They can also confirm whether it is an actual hack or perhaps a disruption in service or some other problem.
5. Decide Whether to Call for Help or Go It Alone
This is the point at which you need to decide if you want to deal with this on your own, or call in the professionals. The team at Blindspot can help you get through this with minimal downtime and maximum efficiency.
However, this is something that you can get through on your own, if you have some time and patience.
Read on for your next steps:
6. Check if Your Website is Blacklisted
As mentioned earlier, go to http://www.google.com/safebrowsing/diagnostic?site=your domain name If your website is on this list, go to the Google Search Console to find out why your site was blacklisted.
7. Damage Control
You’ll need to remove the malware from your site. Your hosting company should have tools for removing the content put there by the hacker. If they don’t offer this, consider a free tool to scan your website for security vulnerabilities.
8. Restore from Backup
This is why it is very important to have frequent, reliable backups of your site. If you have a good backup to restore from, things aren’t nearly as bleak.
9. Check Your Users
Remove any users that aren’t from your organization. Reset all passwords for all users.
10. Check Your Site
If your site is in good working condition, then you can go on to submit for a malware review.
11. Submit to Google for a Malware Review
Follow the steps here to submit your site for removal from blacklisting. It can take up to a few days for Google to review your site.
12. Removing Site IP from Spam Lists
Depending on what kind of malware infected your site, your site could have been used for large spam campaigns (for instance, the DDoS campaigns we talked about in the first article). This will land you on several spam lists. There are several services you can use to look through these lists, one of which is MX Toolbox. Each list will have a different set of instructions to follow to remove your site.
After all that work, your site should be fully restored and off of all the lists you don’t want to be on. If that sounds like too much work or is over your head, remember: Blindspot is here to help!
Stay tuned for our next article about what you can do to avoid all of this hassle in the first place!