What to do if Your Site Was Hacked

You detect an abnormal activity on your server, a modification of your files, a slowdown system , ads that appear on your site alone, and after verification, you are sure, your site is hacked. Here are some rules that must be applied quickly to recover your site, reduce the loss of data and the risk of seeing your site hacked another time.

My site has been hacked, what can I do?

The first rule: be fast!

An attack is often only a matter of seconds, or even minutes. The goal of the hacker is to achieve his goals as quickly as possible.

Put your site offline

Consider bringing your site offline immediately so that hackers do not use it too much and your visitors are also infected. The best thing is therefore to put it in maintenance mode and work on your restoration quietly later.

Change all your passwords

Treat your passwords like your toothbrush. Don’t let anybody else use it, and get a new one every six months. (Clifford Stoll)

To prevent your site from being used by these malicious hackers, you must change all your password. Change the password of your FTP access to a stronger password. Change the password for each of your CMS administrator accounts as well. Also consider changing the password of the dashboard of your server (provided by your web host when you bought your hosting) and your database.

Delete any file on your FTP server

In order to eradicate all corrupt and foreign files, it is recommended to delete all files from its website (via FTP) and then reinstall a clean copy of your site.

Update your CMS and plugins

The hacker has already managed to hack your site once, it will still succeed if you don’t make important changes. You need to analyze the log file of your host to understand where the fault is to clog it. You also need to update your CMS and its plugins. A site that is up to date has a lesser risk of piracy hacking.

How do you reduce the risk of seeing your site hacked?

Stay up to date with the latest updates

If you have an app installed for your site, use the latest versions. This includes applications from third parties and CMS (Content Management System) such as Joomla or WordPress. This include information they provide in terms of security.

Check your site for common vulnerabilities

Avoid having directories with open permissions. Also check XSS (cross-site scripting), Upload, RFI, and SQL injection vulnerabilities.

Keep an eye on your log files

The log is the logbook of a server. It lists all queries delivered by the server to clients. You may be surprised by what you will find there.

Use secure protocols

SSH and SFTP should be used for data transfer, rather than plain text protocols like Telnet or FTP. SSH and SFTP use encryption and are much safer.

Spread the love

Harti HK

Harti, jocular and mean at the same time... I use the internet a lot and technology freaks me. Everyday I try to learn new things as regards technology and things that are related to it. I don't talk much, maybe this is not true anyway. I wanted to create a platform where I can discuss what I have learned over the years with people, and that's how techsfreak.com came about. My posts are from personal experience, with thorough research. "Internet is the real world." #Go to 'Hire Me' page if you want me to do something for you. #Use the icons at the top/down to follow the blog on social networks to get first-hand updates.

Leave a Reply