Every day, thousands of sites are being hacked by cybercriminals in-order to gain access to crucial information.
These hacks are often attempted by injecting harmful code into the website using loopholes, which are basically vulnerabilities found within the site code.
In this article, we are not only going to discuss basic steps or measures that can be taken when you find out your site is been hacked, but also guide you on how to check if your site is already compromised.
How do I know my site is hacked?
Most people are unaware of their site being already compromised. The most common signs of your website being compromised are:
- You visit your website and your site has just vanished and replaced by another page or it seems to redirect to another phishing/pharmaceutical site url.
- Very often when a site is compromised you should see a warning as seen from the images below when you visit the site from any of your common browsers like Google Chrome, Mozilla Firefox etc. We suggest you contact support immediately when this happens so that we can take appropriate measures to identify the harmful code and do our best to remove them.
- You see unusual traffic to your website. To track this sudden bandwidth usage, cPanel provides Awstats option and can be accessed from an individual cPanel account. Visit [How do I check Website Traffic Statistics using cPanel for better understanding.
- If these statistics are confusing and difficult for you to take on board, you can run a scan for your website. There are numerous tools out online to check your website security. The most trusted ones are listed below:
- Sucuri's online malware scanner provided here : [https://sitecheck.sucuri.net/results/] scans your site for free to check if it contains any malicious code.
- Google's safe browsing tool here: [https://transparencyreport.google.com/safe-browsing] is also another way to identify whether your site has been compromised and reports if found.
- Now, that none of the above have reported your website as infected - we recommend our customers to have ImunifyAV (free) or Imunify360 (licensed) installed on their cloud/dedicated server space. Find out how you can run a malware scan using Imunify here: [How do I fix malware issues found by ImunifyAV?]. Our shared hosting environment is secure and already protected using Imunify360. Read more about this at [How we keep your sites secure with Imunify360]
My site's hacked, what can I do?
You are now sure that your site's been infected the following steps are very important:
- Put your site into maintenance mode to avoid further exploitation and visitors being compromised.
- Contact support immediately.
- Reset all control panel passwords, this means cPanel/WHM login password, your website administrator panel password, email address passwords etc.
- Install antivirus/antimalware software on your PC or local machine and make sure your workstation is clean and secure.
How did my site get hacked?
The most common reasons for this to occur are:
- Compromised Passwords - It's very important to have strong passwords set for any portal/interface that requires you to log in. As much as it's important to have strong passwords, it is also crucial to have them saved somewhere safe.
- Missing security updates - Having your website on older versions of the CMS leaves vulnerabilities that enable a hacker to compromise the entire site. Hence, it's key to have your website applications up-to-date with their latest security patches.
- Vulnerable Themes and Plugins - Most CMS themes and plugins provide enhanced functionality and ease of management. However, outdated and unpatched themes/plugins are always targeted by hackers. So, please make sure you patch your themes and plugins to new updates that are made available, and remove any that are no longer supported by their developers.
- Sensitive Information Leak - This occurs when error handling gives away site configuration information. Also, it can happen when an archive file like (.zip, .tar.gz, .sql etc.) for the site/database is publicly available. Hence, we advise our customers to be careful when they create a backup of their website files.
Can my site get hacked again?
Yes, it is possible, therefore, it is super important to identify the vulnerability and fix it. This can be ensured by scanning for viruses on your local workstation, avoiding usage of weak or reused passwords and uninstalling out-of-date software. Above all, once you've restored your site with a clean backup, you need to maintain your website to remain clean as much as possible.
Need further assistance?
If you require further assistance please contact the ProStack team and we can help get this resolved for you! [Get in touch today!]