Has my website been hacked?

HackerFirst, before we do anything, let’s determine if your website has actually been hacked. There are commonly several possible signs that would indicate that your website has indeed been hacked:

  • Defaced homepage/site: Your homepage or website has been visually changed by non-authorized individuals. Many times accompanied with a message like “hacked by...”.
  • Message from hacker: Your administrators receive an email from the alleged hacker. The email includes sensitive information that otherwise would not have been known unless your website was compromised.
  • Cannot login to administrative areas: If you’re logging in with the correct login credentials and find yourself locked out - your login credentials were likely compromised.
  • Warnings: Receiving warnings from your local machine’s antivirus/browser of viruses or malwares from your website.
  • Search engine notification: you are notified by a search engine that your site may have been compromised - or your website’s search results show incorrect information, often advertising products that are not yours.

These are only a few common ways to tell if your website has been hacked. It is important to remember that there is no single definitive indicator or sign. At times it will be obvious, but this isn’t always the case. Just because you’re not experiencing any common symptoms does not confirm your website has not been hacked. It is always good practice to routinely have security audits to ensure your website is as secure as possible. If you suspect your website has been hacked and you cannot confirm it, please contact professionals for advice and/or a security audit.


How was I hacked?

So you suspect your website was hacked. But how? Finding out how you were hacked will help address security flaws you may have encountered. Some common ways you were hacked include:

  • Stolen login credentials: Your login credentials were somehow stolen. Many times by methods like social engineering, intercepting unencrypted emails, brute force cracking, etc. Always keep sensitive materials encrypted and use secure passwords.
  • Vulnerable script: Scripts on your website are sometimes vulnerable to attacks like code injections. Make sure scripts are always updated, like addons, modules, themes, etc. If your website has file upload functionality, a malicious file may also have been uploaded.
  • Virus & malware on local machine: A virus or malware on your local machine may have stolen login credentials or other sensitive material that may have compromised your website. Always make sure your computer is clean of viruses and malware.
  • Host/shared server hacked: Your host/provider was hacked, compromising your information. When you’re on a shared server - if the others on your server has been hacked, there is potential that you may also be a victim.


What do I do now?

So after assessing the situation, you’ve come to the conclusion that your website has been hacked. So what now?

  • Don’t keep it to yourself: Let people know you’ve been hacked, inform your host, webmaster (if you have one), and viewers/users.
  • Backup: Backup all your content, keep multiple copies just in case.

At this point we recommend you contact a professional/your webmaster or someone who is familiar with recovery procedures. It is never recommended for individuals to perform recovery tasks unless they know what they're doing. If you do not know what you’re doing - DO NOT attempt to perform the following:

  • Removal: Remove all of your current content. Delete everything from your root folder to ensure all malicious material has been removed - like backdoors.
  • Cron jobs: Delete all cron jobs (scheduled automatic system maintain and administrative tasks). Normally located in your web hosting control panel, like cPanel.
  • Databases: Check all databases to ensure they have not been compromised. If they have, make sure they are clean, or restore a clean backup before using again.
  • Reinstall: Upload a clean copy of your website. Either from a clean backup or a cleaned up copy of your current content.
  • Scripts: Update, reinstall, and reconfigure all scripts needed on your website. Make sure they’re connected to the proper databases. And remember to delete any installation files that were present when installing your scripts (they will commonly inform you after a successful install).

Again, full recovery procedures should be done by professionals.


Prevention

Chain linked fence

Remember, once your website has been hacked, it will remain a target for future attacks - regardless of security upgrades and preventative measures. Whether an attack is successful or not will heavily depend on preventative measures you take. Follow these simple recommendations for best preventative practices:

  • Regularly schedule preventative security audits. Although you may not have been a victim of an attack yet, having regular security audits will help prevent such attacks from successfully occurring.
  • Improve your password, never use passwords like: password, admin, pass, 1234, or anything out of the dictionary, etc. Use our password generator for suggestions on secure passwords.
  • Use unique username and passwords for different areas of your website. For example: use a different username and password for your database account than your cPanel account.
  • Keep scripts updated. Regularly check to make sure scripts are the latest versions. New versions of scripts often have upgraded security and security flaw fixes.
  • Password protect your admin folders. Keep unwanted visitors out of administrative areas.
  • Routinely backup all the content on your website. Keeping regular backups will ensure you always have the latest clean copy of your website.

Following these steps will give you a basic assessment and cleanup of a malicious attack on your website. But as always it is recommended to have professionals perform a full security audits when possible and necessary.

Back to Blog