What To Do If Your Website Or Blog Has Been Hacked

hackedthumb   What To Do If Your Website Or Blog Has Been HackedEveryone wants to think that they won’t be hacked. Usually, they’re wrong. You don’t need to tempt fate by insulting Anonymous or documenting a particularly lulz-worthy obsession. Some hackers try to crack into websites at random as a badge of honor or to advertise their skills, so every site is at risk.

Small sites are particularly vulnerable. Joe Q. Blogger isn’t a security expert and, yes, may neglect to upgrade WordPress every now and then. So what happens if you blog does end up hacked?

Take A Breath

If you’re reading this, there is a chance that you just found out your site has been cracked like an egg. Take a deep breath. You can often recover from the damage that’s been done and it’s entirely possible that the problem exists not with you, but with your web host.

Check With Your Web Host

webhostcontact   What To Do If Your Website Or Blog Has Been Hacked

Hackers don’t need to go after your specific site to deface it and, if they don’t hold a grudge against your site specifically, they often don’t. Instead they go after web hosts, looking for weak spots that allow them to deface hundreds or thousands of sites at a time.

I’ve personally experienced this. Someone hacked the web host of an old blog and caused every site on that specific server to re-direct to a “You’ve been hacked!” page complete with an instant messenger contact, presumably so the hacker could try and scrape money from alarmed site owners looking to reverse the damage.

Email or call your web host and see if they’ve come under attack. If so, there’s not much you can do besides wait. It’s rare for a broad attack against a host to wipe out data permanently, so your site should be back to normal shortly.

Survey The Damage

damagedcomputer   What To Do If Your Website Or Blog Has Been Hacked

If your site has been specifically targeted, the damage is likely to be more severe. There’s still a good chance that the hacker will have only changed a few files in order to re-direct to a “You’ve been hacked” page, but loss of data is not unheard of.

Look at your file structure and see if anything is missing. Also open up configuration files for your blog and/or website and scan them for changes to their code. This is where a local backup becomes handy. You can use the local copies for comparison with the ones on your web host, which makes spotting changes to the code infinitely easier.

You may at this point wish to back up your site’s current state (make sure you don’t overwrite your existing backup!) This will give you time to look over the files later while minimizing downtime for your site.

Restore Your Website

If the problem is not your web host, restoring your site is up to you.

With a blog there’s an excellent chance that the attack only reached as far as your configuration files. This means that once you are able to restore those files your blog should work the same as before without any loss of content.

A website could be a different matter, depending on how you’ve structured it. Restoring your website may be as simple as drag-and-dropping files from your backup to your web host’s server using an FTP client. It depends on how you’ve built the site – and since you built it, you probably know better than me.

If your database information has been compromised you will need to restore that, as well. Once again, a backup is invaluable and will turn a potentially crushing blow into a small setback.

Without any backups, your options are limited. Try Google Cache if you’re desperate. Any content that has been up for a week or more should be available, but you will still need to restore the rest of your site from scratch. Once again, blogs are easier. A re-install of WordPress can be accomplished in just a few minutes.

Update Your Security

wordpressupdate   What To Do If Your Website Or Blog Has Been Hacked

Once you’ve restored your website it’s important to make sure that it is secure. It’s possible that the hack exposed your passwords or introduced hidden code that can be used later as a backdoor. To ensure security, follow these steps.

  • Look through your site’s files to find any new code that has been introduced. If you don’t have time for that and have a local backup, use the local backup to overwrite the files on your web host.
  • Change all passwords. This includes the account you have with your webhost, CPanel (or any other back-end) and any databases on your web host. If the password you used for your site was the same as the password used by other accounts (such as your email), change them as well.
  • Run a malware scan on your PC and make sure a firewall is active. It’s unlikely, but possible, that the hack was made possible by a trojan on your local machine.
  • Update the software used by your site to the latest version. This will ensure that known exploits are patched.
  • If you’re feeling paranoid, try an intrusion detection system such as Tripwire or Snort. This is getting a bit far up the skill ladder, however, so implementing this probably is not worthwhile unless your site is popular.

Conclusion

As is often the case with computers, preparation goes a long way. If you have no backups of your database or critical files, a serious hack is going to leave you scrambling through cached webpages to find lost content. It’s a time consuming and unpleasant experience that will cause casual bloggers to give up and quit.

Backing up doesn’t take much time. We have several articles about it on MakeUseOf including a guide to automatically backing up WordPress and a guide to backing up large SQL database files.

Have you ever had your site hacked into?  What precautions had you taken to get your site back up and running as quickly as possible? Let us know in the comments below.

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

10 Comments -

0 votes

erol

My friend´s facebook account has been hacked; he has no acess to it, the hackers changed his email details as well. he wrote to the FB but there is no response how can he regain access to his FB account or delete it at once without FB help. It is easy FB to verify and correct this situation but they do not help.

0 votes

Matt Smith

I am sorry to say I can’t provide you with much help. Facebook accounts can only be recovered using Facebook’s approved measures – namely by contacting them. Hopefully they’ll get back to you soon!

0 votes

Aswani

This is very useful information. Luckily, I haven’t faced any hacking attempt on my blog. And also, I have heard that google blogger is more secure than wordpress when it comes to security. Thanks for these useful tips..!

0 votes

Ira

I would suggest that you sign up for an account with theshosting.com. They provide free malware removal services on anybody hosted on there servers. My site was hacked at blue host and they were able to transfer it from blue host and also remove the malware injection for free!

They were even able to tell me exactly where the hack originated from as well. They said it came from an outdated timthumb.php file which they were able to update for me.

They also did a scan of my account and told me all the security vulnerabilities of my account.

I honestly suggest switching over to them if your website is hacked. They can transfer and remove the hack from your site. Best of all they do this for free.

0 votes

Oren

Good article about a real problem, you can also use Kyplex services, in addition to vulnerability assessment and daily antivirus we have a unique snapshot service using built in file versioning mechanism and interactive diff, you can actually see what was really changed in your database and apply to your database only required changes.

0 votes

Beauty

I have two sites. I have had incidents in which a couple of individuals have hacked into my computer just to alter my site and to just keep track of my site statistics and stuff. How do I protect myself from such occurrences? I am desperate. Thank you in advance. I just want to “lock” up my site from things like that.

Sincerely,
Beauty

0 votes

ila

my blog (blogspot) and my gmail is hacked..how should i do?

0 votes

Martha lee

What if anything can be done if a former friend sets up a website for you then when the friendship ends locks you out and puts sex adds all over it. Other than outing them risking further attacks what can be done ?

0 votes

Terry

What to do after the clean up?

One of my sites was hacked recently. Malicious code and files were discovered during the clean up. I then started looking for some method of protection against this type of intrusion, but could find nothing suitable. So, I decided to write my own script. I’ve developed the script substantially since the hack and I’m now willing to share it in the hope that it will help protect other sites.

The script will detect any file change on a web site and will email the results on discovery. It can be used to monitor 1 or many sites, all remotely. Full details are on my site: simplesiteaudit.terryheffernan.net

0 votes

Terry

Also, if you are a wordpress user, I can highly recommend Wordfence plugin. Search for it in plugins