The compromise of a website can cause serious damage to your business. Hopefully, you will have noticed the compromise within a short period of time of the attack being triggered, as this will minimise the damage done, and reduce the time taken to get back to business as usual.
Remember that if client data has been compromised you should refer to the guide produced by the Data Commissioner for Data Breach Handling
Signs that your website has been compromised
- search engines are advising you that your site has been hacked when you search for your domain name;
- Your web browser says its not safe or has found spyware or malware within the code;
- Your site has been defaced with unwanted content or advertising;
- AntiVirus or Anti-Spyware software indicates a threat when you visit your site.
- You find unexpected files have appeared on the FTP server in your hosting directory.
The items above are not an exhaustive list. We have come across issues where the attack is only triggered when search engine programs come to index the site, the site looks completely normal to visitors,but the search engine results contain unwanted text or adverts for other sites/products.
If you suspect that confidential data has been disclosed, you must inform the data owner that their data may have been disclosed.
Step 1 - Change passwords
Change the passwords on the administrator, ftp and cpanel accounts.
Step 2 Check your PC for viruses.
Step 3 Inform your hosting provider
Tell the hosting provider that the site has been hacked, ask them to take it offline and return a 503 error (they should be able to do this by simply changing the permissions on the top level folder(directory). It is possible that the hosting provider has been compromised, which has caused issues on your site; telling them may assist them to determine the scope of the issue.
Step 4 - Determine the scope of the reputational damage
Check whether your site has been blacklisted on www.blacklistalert.org
If it has been blacklisted, it's probable that your website has been compromised for some time, and that your search engine ranking has been affected.
Step 5 - Get a Professional in disinfect your site
We will disinfect your site for a fixed fee. If the site is re-infected within 30 days, we will repeat the disinfection at no additional cost. The Only way to recover a breached site is to rebuild it from the original sources, so reinstall your CMS/ECommerce from the official CMS site, get the plugins from the developers site, get the theme/template from your website/template designer, and images from a backup (you need to check that the images directory in your backup has not been infected with a trojan program), you then need a database backup and make sure that is not infected or you will be reinfected again.
Step 6 - Implement risk mitigation measures to reduce the possibility of infection in the future.
We can if you so wish we can transfer your site onto our hosting platform, and implement some additional security measures. It reduces significantly reduces your possibiity of being hacked, but there's no guarantees.
Implement a website firewall, or a proxy which filters traffic before it gets to your website.