Website Compromised? Here Are Some Steps You Must Follow.

Arpan SinhaCyber Security

website

PrintLast year, hackers hacked and put down crores of websites in India were hacked. Furthermore, Lakhs of websites are blacklisted by search engines every week. Thousands of them get permanently banned. You must have received the warning – “This site may harm your computer.” This is what happens when a website gets blacklisted, and this affects the number of visits to the site. Thus, you must take the following steps in the event of a breach.

Verify the Compromise

Obvious, it may seem but just visiting a site can’t always tell you whether it is breached or not, and moreover, if you feel it’s infected, do not look for malware as it may expose your PC.

If you feel that someone breached your website, either use Google Search Console or use a website malware scanner which uses FTP to access files on the site, so that the source code can also be scanned. Also, ask for help from your hosting provider to verify the compromise.

Put Down the Site and Change Passwords

After you verify that the site is infected, take it down as soon as possible. This will reduce more harm to it. Doing this will also reduce the risk of putting out sensitive information about the users of the site. Also, assume that someone has all your passwords and make sure to change all of them frequently.

Assess and Decide a Fix

These are a few options which you can choose to do:

  • Hosting providers generally do the scan and remove malware for a trivial charge. Ask them for help.
  • There are various malware removal tools available online which can be bought and used for this purpose. The manufacturers of these tools also provide experts who can guide you.
  • If you have a backup of your site available, restore it. This is the best and cheapest way to recover your site.
  • Lastly, you can attempt to remove them yourself. There are plenty of videos online which will guide you through the process
Scan Your PC

After you’ve successfully restored your website, you’ll have to permanently remove all the potential sources of infections. The first thing you should do in this respect is to scan and remove anything left on your PC. Use a good antivirus to do this, and to prevent any malware from entering your PC, follow our previous posts.

Upgrade Website Software

Another potential source can be a not-updated software. Vulnerable software is at more risk of being compromised than updated software. If you’re using a CMS, then they constantly provide patches for updates; never skip one. The operating system at the server end must also be updated regularly.

Change Passwords and Encryption Keys

Once you’re confident that the site is secure again, change all the passwords and keys. Weak passwords are a treat for hackers, so set up a stronger and more unique password. Encryption keys can give away all the communications between the site and clients. Thus, change them too.

Get Your Site Delisted

If the site is still on blacklist, request for a review. After the search engine reviews it, it’ll remove the warnings that appear before the site opens. This generally happens within 24 hours. To request a review with Google, click here and for Bing, click here.

Prevent This From Happening Again

Preventing such activities in future is the most difficult part, but practising some steps regularly will prevent this.

  • Scan regularly for vulnerabilities
  • Update software as soon as it is ready to update
  • Subscribe to the WAF (Web Application Firewall) service
  • Change passwords regularly
  • Back up the site regularly