You detect an abnormal activity on your server, a modification of your files, a slowdown system , ads that appear on your site alone, and after verification, you are sure, your site is hacked. Here are some rules that must be applied quickly to recover your site, reduce the loss of data and the risk of seeing your site hacked another time.
My site has been hacked, what can I do?
The first rule: be fast!
An attack is often only a matter of seconds, or even minutes. The goal of the hacker is to achieve his goals as quickly as possible.
Put your site offline
Consider bringing your site offline immediately so that hackers do not use it too much and your visitors are also infected. The best thing is therefore to put it in maintenance mode and work on your restoration quietly later.
Change all your passwords
Treat your passwords like your toothbrush. Don’t let anybody else use it, and get a new one every six months. (Clifford Stoll)
To prevent your site from being used by these malicious hackers, you must change all your password. Change the password of your FTP access to a stronger password. Change the password for each of your CMS administrator accounts as well. Also consider changing the password of the dashboard of your server (provided by your web host when you bought your hosting) and your database.
Delete any file on your FTP server
In order to eradicate all corrupt and foreign files, it is recommended to delete all files from its website (via FTP) and then reinstall a clean copy of your site.
Update your CMS and plugins
The hacker has already managed to hack your site once, it will still succeed if you don’t make important changes. You need to analyze the log file of your host to understand where the fault is to clog it. You also need to update your CMS and its plugins. A site that is up to date has a lesser risk of piracy hacking.
How do you reduce the risk of seeing your site hacked?
Stay up to date with the latest updates
If you have an app installed for your site, use the latest versions. This includes applications from third parties and CMS (Content Management System) such as Joomla or WordPress. This include information they provide in terms of security.
Check your site for common vulnerabilities
Avoid having directories with open permissions. Also check XSS (cross-site scripting), Upload, RFI, and SQL injection vulnerabilities.
Keep an eye on your log files
The log is the logbook of a server. It lists all queries delivered by the server to clients. You may be surprised by what you will find there.
Use secure protocols
SSH and SFTP should be used for data transfer, rather than plain text protocols like Telnet or FTP. SSH and SFTP use encryption and are much safer.