“I think my website has been hacked! What do I do?”
First off, don’t panic. We’ve got you covered. Secondly, based on the fact that you’re reading this right now means that this is probably the first time you’ve been hacked. In which case, welcome to cyberspace! We’re glad to have you. If not, then you really should take this fact to heart: If you have a website, someone is trying–or will try to hack it.
One of the biggest mistakes that a company can make is to underestimate the value of their data on the blackmarket. Hackers want your data and they want it bad. Customer credit card numbers, phone numbers, email addresses, etc, these are just some of the things they would love to get their hands on. That’s why it is of the utmost importance to secure your site or at least know what to do when a breach happens. Because a successful cyber attack like this, if left unchecked, will ruin your site’s credibility and greatly impact your bottomline.
Also, contrary to what movies would have you believe, only a small number of hackers actually target specific websites. Most of them simply choose random sites, usually the most vulnerable, and exploit its weaknesses. Which means, you can significantly lessen the chances of being a target by tightening your site’s security and conducting security health checks. Something that we at Hashtag Interactive do for all the websites we build for our clients.
“I failed to conduct a security health check. How do I know if my site has already been compromised?”
Well, you need to look for signs of whether or not your security has been compromised. Here are some of the tell tale signs you should watch out for to know if your website is being hacked:
- Your site has been defaced
- Your website is being redirected to a different address
- Unexplained traffic to your web logs, especially, big spikes in web traffic from other countries
- Something seems off/different/weird, maybe some pages are not loading properly, etc
- Google or Bing, or your web browser sends you a notification that your site is compromised
- You can’t access your site (This could signal that you are under a distributed denial-of-service [DDos] attack. In which case, you should contact us at Hashtag Interactive, directly.)
- There are missing or additional unidentified programs in the system
- There has been an unauthorized entry to your backend
Whatever it is that causes you to suspect that your website is being hacked, our advice is that you should act on it. Keep in mind that a cyber attack is always going to be a race against time. Never wait it out and give the hacker time to do more damage.
“Okay, I’m pretty sure someone is hacking my website. What now?”
Breathe. You need to calm down, rationality and focus are critical in order to effectively respond to the attack.
Temporarily shut your site down. The key here is to make sure that no one else can access your site in order to prevent further damage while your security is down, and more importantly, to prevent getting flagged by Google as a site that contains malware. One way you can do this is by using a maintenance mode script. This code checks visitor IP addresses and matches them against two you have specified. Allowing access only to matching IP addresses.
If someone else is hosting your website inform them immediately of the situation.
Call for a technical support team. This is important, especially if you do not have the expertise to effectively handle the situation. An experienced web developer or programmer should be able to help you assess and fix the damage caused by the hack.
Scan your local computers for viruses and malware. Make sure that all your computers are scanned for viruses and malware in order to assess where the breach could possibly be.
Initiate a clean slate protocol. Change ALL your passwords and website logins. This is going to be a lot of work, but definitely worth it. You really don’t want to be going through this again the next day, because the hacker simply used an old login and password then waltzed right back in. Update everything.
Remember, preventing an attack is always going to be your top priority. Invest in making your website as secure as possible and keep updating and upgrading your security software. Lastly, try having Hashtag Interactive create your website. Not only will you get a fun and sexy new site, our resident programmer can even perform a security health check or an emergency hosting service for you.