What Happens After a Website is Hacked
It should come as a surprise to no-one that website hacking is on the rise. Every day brings news of data breaches, denial of service (DoS) attacks, and compromised financial information.
CNN Money recently highlighted some of the most high-profile hacks of 2017 with companies like Equifax, Uber, Yahoo, and even state voters’ records falling prey to hackers.
Here’s what might be going on once a site is hacked…
Hackers are relentless, and once they’ve gained entry or access to a website, they are likely using the site to either infect other people and providers, gaining access to confidential data, directing your visitors to malicious websites, or even performing a DoS (denial of service) attack on yours or other’s sites.
None of it is good. But step number one is identifying the hack.
It's important to remember that it's not the end of the world, and you are likely fortunate not to gain the attention of CNN Money, but there is work to be done.
Being upfront and communicative with everyone involved (including customers) is of paramount importance and should be your guiding principle as you work through this unfortunate event.
If you don’t know for sure that a hack has occurred, try and use a free tool like Google’s Transparency Report to enter your domain name and see if any warnings are provided. If you have access to malware or security software that detects viruses, also refer to it in helping to assess the situation.
Some of the responses you should take are somewhat invasive and time-consuming, so its best to make sure of a hack and not operate on assumption.
Once the hack is confirmed you should…
While panicking is not the best approach in any situation, it's essential that you also recognize that time is of the essence.
The longer a hack is prolonged, the more potential damage it could do. It's best to have a plan in place and act swiftly to execute that plan.
Here are the steps you should take when you know for sure that your website has been hacked (not necessarily in priority order).
Inform Your Host - whether you’re partnered with one of these web hosts or another, you should immediately reach out to their technical support for assistance and assessment. It's vitally important that they know your site has been hacked.
They should also be a resource and might be able to supply information on how the site was hacked. There could be other domains on their server placed at risk by the hack as well. Best to get them involved early.
Change all Passwords - make sure that you change passwords for internal users, admins, and any shared logins used by support. Admin passwords with your host provider should also be updated. Make sure you use strong passwords when making updates.
Consider Restoring the Site from a Backup - depending on the nature of your business or website, it might be possible just to restore the website from a backup, effectively rolling back the site to state/point in time before the hack. This can be a surprisingly simple and effective measure in stopping an attack.
Quarantine Your Site - again, depending on the nature of the website, it might be best to take it offline to limit the potential damage and reach of the hackers. While the hack may still be in effect, this might at least prevent them from further access or using your site to reach additional users or partner sites.
If Possible - Remove the Hack - if you’ve got a dedicated IT response team with the ability to remove the hack, or you have virus or malware software capable of isolating the attack it goes without saying that you should immediately do what you can to remove the hackers from your site with whatever means at your disposal.
Assess the Damage - the severity of the hack can vary greatly.
Determining what happened and where the damage occurred is also going to change depending on the extent of the hack.
Take an honest look at the damage.
Clean Your Site - scrub directories and keep the site down as long as necessary to secure both the website and any files
Clean Your Server & Databases - take similar scrubbing approaches to your servers and database (noting that your Host may need to assist you here).
Perform a Thorough Review - determining how your site was hacked should shed light on vulnerabilities in security and should also prompt a more extensive review of safety protocols to make sure there aren’t any additional opportunities waiting to be exploited by hackers.
Bring it Back Online (if necessary) - if you brought your site down to address the hacking, then its time to bring it back up and try to get back got some sense of normalcy.
Contact Impacted Parties - if additional domains are impacted, or data has been breached, its crucial that you are forthcoming and transparent about what transpired.
It's an opportunity to discuss the preventative measures you’ve taken and possibly help to repair any image issues that might arise. Make sure your brand is known for honesty and transparency.
Identify the Vulnerability - strong, demonstrable measures should be taken to plug any and all website vulnerabilities that this entire process has uncovered.
Take whatever steps necessary to ensure that hackers do not further exploit your website in the future. This is a learning/teachable moment.
Clean and Maintain the Site - constant monitoring and remediation steps will further strengthen the site’s security and provide immediate feedback on any/all website activity.
Keep software, plugins, and tools updated continuously with the latest versions. Remove unused or unwanted files, data, and code if necessary. If logs, dashboards, or internal controls were not sufficient, make sure they are bolstered to provide a clear view into any potential threats going forward.
Change Hosts - As we've discussed in our Wordpress statistics pages one of the most common reasons that websites get hacked is poor server side security. Discount hosting companies often don't do a great job protecting their database and once an attacker gets access to that your site WILL be compromised.
Think about it like this. A weak database of client information is essentially a honeypot for hackers. In our guide to cheap hosting we talk about this in great detail discussing the important questions you should ask any lower tier hosting company.
Check out this guide by Diggity Marketing to better understand some of the important questions to consider before opting into discount hosting.
The hack may have damaged your brand, business, or bottom line is some way. It is vitally important that, once all the necessary cleanup and mitigation steps have been completed, you return to business as usual. Try and restore a sense of normalcy - informed normalcy.
Getting hacked is not the end of the world, and you are, after all, in some pretty good company.