Dealing with a hack attack

How will you know you’ve been hacked?

  • Website shows a blank page
  • Website shows a banner (usually poorly designed) saying that Vlad the Impaler was here and what a clever boy he is
  • Your browser gives you warning messages
  • Your site redirects to another site
  • Your website loads significantly slower than usual
  • Your passwords to log into your site’s admin panel or FTP stop working
  • Significant changes in traffic
  • Influx of spam emails

What to do

  • Contact your web host: In some cases, the attack may actually have been on your hosting provider, not on you personally. Some hackers target web hosts in order to infect or deface hundreds of sites at once. Contact your web host to find out if they’ve been hacked too. If they have, a good web host will work with you to restore your site.
  • Review your system logs: Take a look at your system logs to find out what happened and what information has been compromised. If you’re not sure what to look for, have a website security expert review your logs.
  • Restore your site: Many web hosts offer complimentary backup services, so check with your hosting provider to see if they can restore your site to a date before the attack occurred. If you back up your site yourself, then the job of restoring will fall on you. (If you haven’t been backing up your site regularly, check out 4 Easy Ways to Back Up Your Website.)
  • Repair known vulnerabilities & update security: It might sound obvious, but once you figure out how the hackers got in, you need to take steps to address your site’s weak spots and beef up your security. This includes changing all of your passwords, updating your programs (anti-virus software, WordPress, Joomla, etc.), and addressing any weak spots on your site.
  • Keep your computer software up to date: You should also update any programs on your computer as well, since some programs like Adobe Flash include vulnerabilities that can make it easier for hackers to access your computer (where they can find your passwords and other important data).
  • Contact appropriate legal entities: If the breach was serious, or if important information was compromised (like financial data), then you need to report the incident to the proper authorities.
  • Call your insurance company: Depending on what happened, some or all of your recovery expenses could be covered by your insurance. And if you don’t already have some form of cyber insurance, now might be a good time to get it!

Basic good practice

Ensure that your web hosting company is reputable
Basically you get what you pay for. If the web hosting is very cheap then make sure that you look into their security practices. See if you can get recommendations. Look at online reviews and be discriminating about the reviews you look at. I always think it is better to use UK based hosts. If your post is abroad it will be very difficult to get hold of them if you need to. Also, any downtime they have will probably be during you all working day rather than at night as is the case with UK-based hosts. Try to ensure that the host has a good reputation with hosting the type of site you have. Make sure that they have a good and easy to use control panel.

Lots of these things are maybe beyond you to handle so make sure that your web designer or developer handles them for you. Ask questions about what hosts they use and how they go about choosing them. Be careful about web designers using self hosted solutions. They can be very cost-effective for the web designer, and sometimes the customer, but you have to be sure that the designer is monitoring the sites 24/ 7.

Do not use public Wi-Fi
Public Wi-Fi is insecure. Anyone can be listening and it is easy for them to pick up on sensitive transactions you may be making. It’s not so bad if you are just doing idle browsing but anything involving banks or monetary transactions is a bad idea.

Ensure that your software is kept updated
most websites these days are dynamic rather than static. By this I mean that they all doing things via scripts or small applications. This involves messages going backwards and forwards between the computer and the server. Hackers learn how these scripts work and if there is a way to break in they will find it. So developers constantly work to plug these insecurities. Therefore scripts and applications need regular updating as these updates come out.

Anybody with a website should not find themselves in the position of having been given a freshly designed website and then abandoned. Websites need looking after for security reasons as well as search engine reasons. If you have a content managed site that is built using WordPress, Drupal or Joomla, all these are open source, then regular updates are available to use. You need to have an arrangement with your designer that insures that these updates are regularly done.

It goes without saying that any security software you use should be regularly updated. Mac users should not be complacent these days. There is a very good scanning application for Macs that is called BitDefender. This is free to download and very effective.

Latest Chrome, Firefox, Internet Explorer, Safari versions
Don’t just ignore that update request from your browser, do it right away. Some of those updates are security ones. In fact, keep up to date as to which is most
secure and just use that.

Use Facebook and email securely with the right URL
Go log in to Facebook. Go on, do it. Now, does the URL say “https://” or “httpss://”? If it is the former then you are not in a secure session. Go in to your settings and
make sure it always uses httpss:// and whenever you log into any website make sure you type the “s” if you are logging in.

Do not use the same password for everything or make your passwords too simple
I know you’ve got lots of passwords but get over it. Don’t use simple passwords and don’t use the same password for everything. I know it’s hard to remember them so use an application on your computer that will remember them for you and will encrypt them and make safe. What ever works for you.

If your password is less than ten characters long, a mixture of upper and lower case letters, numbers and symbols then it is not strong enough.

It must never be a name, birthday or information about someone or something around you. An example of a strong password is something like “ca#T_on+M

Complex usernames
I bet 95% of you have your email address or name as your username? Bad idea. You should make your usernames as complex as your passwords.

Many WordPress blogs are set up with the default username of “admin” so hackers are already 50% of the way there. Change your usernames to something
complex and unrelated.

Do not click on attachments in e-mails unless you are sure they are legitimate
The people that send these dangerous e-mails are very clever at trying to fool you that the e-mail is coming from someone you know. If you are not expecting something then contact that person and check to see if they have really sent you something. One of my pet hates is being sent an e-mail where you are encouraged to forward it on to several other people. I don’t care how good the cause, please don’t send these e-mails to anybody. They may hold all sorts of viruses and apart from that they are annoying!

Backup your website regularly
if you can’t do the backup ensure that your designer does or set up an arrangement with your host so that they do it. Then if you do have problems you can always restore the site.

Don’t Panic

  • All is solvable
  • Shut the stable door
  • Follow good practice thereafter