What Do I Do if I Have Been Hacked?
If you are reading this, then there is a good bet you have already said this to yourself or you have said this in the past. There are numerous hackers out there that enjoy hacking various different kinds of web sites. Here are some things that you can do if you have been hacked and you know your way around a CPanel, ftp server & your hosting account.
How do I know if I’ve been hacked?
Its usually pretty obvious. Your site will cease to function as it did, you may see some really strange code popping up in your browser that you did not see before, sometimes a hacker will put a redirect on your site showing their link & who hacked you, or you will notice that your virus warnings are going off on your PC (if you use windows). There are different ways that hackers work to hack a web site. In most cases they gain access somehow to your site either via the shared ftp server that your host is using for your domain account.
So I’ve been hacked, how do I fix it?
The best way to fix a hacked site if you run a script like vBulletin, Joomla, OSCommerce, XenForo etc is to upgrade to the latest version of the software. If you have already upgraded recently then just upload all of the files again and completely overwrite your old files. Most hackers gain access via your shared FTP & download your files, change them and then upload them back to your site again. So this method will fix most hacked sites.
What if this does not fix my hacked site? Now what?
If this does not fix your hacked site then your hack is probably much worse or the hacker has planted a virus in your site. in the case of a virus sometimes there is not a lot you can do especially if the virus is within the database itself. The best way to attempt to pinpoint the infected files is to download your files, scan them with your virus scanner and upload them again if they are clean. If you find that a file has the virus, replace it with a clean file and upload it in place of the old file. Delete the old file that was infected from your server via FTP. This might also be a good time to tell your host that you have been hacked. if the virus cannot be fixed or quarantined then your host may have to reset your hosting account. Keep this as the last resort because you will lose important data from your database if the infection is in your database. Always make copies of your database & files any way before having the host reset your account.
Someone who works on my site, hacked my site crippling it, what do I do?
If they are a coder/designer that is working on your site, fire them immediately. Of course that is the obvious thing to say. Depending upon your site set up, it maybe impossible to find where the person hacked the site so it can be fixed. So in this case you may need to hire a professional and keep your fingers crossed that the professional can fix it. It may not be something that can be fixed. Here are some steps that you can take to secure your site after someone who has worked on your site is now hacking or has hacked your site:
- Immediately backup your entire site files & databases.
- Change all your admin passwords to your site anywhere that you have an admin login. Make sure that all the admin passwords are unique and hard to figure out. There is a really good password site that can help you create good passwords here: Random Password Generator if that site is down or does not work just Google “password generator”.
- Change your CPanel password. Your host can help you with this if its not an option in your CPanel. If you have Plesk, you should be able to change your password in it as well. Ask your host if you are unsure.
- Change all your FTP passwords immediately.
- Change your database usernames/passwords if the person who worked on your site was inside your databases. Be sure that you also change these fields in any config file for the script you are running on your site so that you do not have database errors.
- If you gave access to this person in your hosting account, then you may also need to change your hosting passwords as well.
- If you have password protected directories and this person has access to those passwords & usernames you will need to change those as well.
- If the hacker had an account of their own on your site, inside your hosting area or within your CPanel, delete it immediately.
How do I keep from getting hacked by someone who worked on my site or that I know?
Depending upon what software you are running on your site, there are steps you can take to keep hackers out as much as possible. These steps would be…
- Password protect important directories such as the admin directory, mod directory and includes directory. This does not always work on all scripts, so its best if you look on your scripts home page for information on securing your site.
- Have ONE admin…YOU! its always best NOT to have a ton of administrators on your site. Its a definite security risk if that person leaves the site, get pissed off or whatever happens. If you absolutely have to have other admins then make sure that you TRUST them. Always be careful when hiring on other admins as they can easily cripple your site. Remember people are not always 100% honest with you when they are talking with you online. Some do lie to get what they want.
- Just because they tell you they are a coder or designer and have a web page does not mean they are great at it or that they are even professional and know what they are doing. There are quite a few 12 year olds out there making/taking money from people for a website. So ALWAYS check out anyone who you plan on allowing to work on your web site, forum, blog, CMS etc. And always go with your gut feeling. If your gut tells you they might rip you off do not send them any money or give them login access to your site. Check references, check their portfolios, ask questions when communicating with them, see what their answers are. If the designer/coder is really cheap its a good bet that they are either a rip off, 12 years old, or they do not know what they are doing. You get what you pay for.
- Do not give out your passwords to anyone. If you are hiring someone to work on your site make them a temporary account with limited access just to the areas they are working on so they can complete the work, once they are done, delete that account immediately.
- Once a designer/developer is finished working on your site change your FTP passwords & any admin or other passwords including password protected directories that you shared with them, even if they are reputable. This is for YOUR protection AND theirs!
- Limit your ftp accounts to only allow a connection via the IP addresses you specify. You will need the IP address of your designer initially. This will allow you to be able to check the server logs to see who logged into your site via FTP, when they logged in and how long they were logged in. Your host can help you set this up. Once the designer/developer is done, disallow access to their IP address until you need them to work on your site again.
How do I keep from getting hacked by an outsider?
There are some steps you can take in improving your chances against hackers. Here are some of them.
- Password protect important directories (admin panel, mod panel, includes etc). Depending upon the script you are using you should be able to find directions on how to do this.
- Always delete the install file or the install directory of any script when it tells you to in your browser.
- Always uninstall any modifications as well as delete the files associated with the modification you uninstalled on your site.
- Set up your FTP accounts to be monitored by IP addresses if its possible in your hosting account. Ask your host for more info.
- Don’t give out your passwords, logins & account info to just anyone. make sure that you trust them first before giving them any access to your site.
- If you can afford it get a dedicated server, VPS or a server set up that is not a shared server account. Most hack attempts occur on shared servers.
- Set up an un-deletable admin account or a second admin account just in case one gets hacked or deleted.
- Change the permissions of your php files to 644. I’ve found in the past that with some php software & with java script there are problems with this. So if you change your file permissions to 644 and you experience problems with drop down menus or other site functions change it back to 755. This will work depending upon the software you are running on your site.
- Change your admin logins frequently. Always make sure that your password is not an obvious one and contains letters & numbers as well as different cases.
- Change your FTP logins/passwords frequently. Make sure your passwords are good passwords and not obvious ones.
Always, always, always back up your site files & databases. This will save you tons of headaches if you do get hacked.