Being hacked is the worst! Getting it resolved is expensive! What should you do?
I hear it all the time. A website gets hacked and the client is up in arms. It feels like a violation. Why me? How do I fix it? How do I prevent it from happening again?
Let's start with the first question, "Why me?"
There are generally speaking, one of two reasons you've been hacked:
- Malicious Mischief - This is the classic case of some kid in a basement defacing websites for fun and fame. Sometimes your website gets wiped out completely and replaced with something juvenile. Other times certain elements of your site like pictures or text have been replaced with something juvenile.
- Profit - This is the case where somebody is trying to make a profit off of your site. Usually your site will have mystery links added to it, generally to a 3rd party site in an attempt to drive more traffic. Other times your site will redirect to a 3rd party site, or some of your content will have been changed.
Whether the motive was malicious mischief or profit, it is important to note that it was not personal. In fact, it was decidedly impersonal. These hacks are usually carried out en-masse at the push of a button. They have never heard of you, your business or your site. Your site was simply on a list of vulnerable sites. The hacker bought a tool and it came with a long list of target sites. With the click of a button all of those sites are hit, hacked and altered. So don't take it personally. Nobody is out to get you specifically.
The next question is "How Do I Fix It?"
Your best bet is to roll back to a backup of your site that wasn't hacked. This relatively easy solution effectively erases the objectionable material from your website. But sometimes this solution is not possible. Perhaps you haven't been saving backups. Perhaps your host doesn't have a backup that is pre-hack. What now?
At this point, if you don't have a backup pre-hack, you need to get the pros involved. Your website, assuming you have a content management system like WordPress or Joomla! or Drupal, consists of literally thousands of files. The hack could be a file added to your site, it could be an alteration of one of your files and it could even be in your database. There is no way that you can fix it manually. Your site is simply too big and too complicated to be fixed by hand.
What you need is a security scanner and somebody with the technical expertise to use it. Scanners can find hacker's files, but they cannot be trusted to clean your site. You will need somebody to look at each suspicious file and either repair the file or delete it. This should not be done by somebody without experience because a mistake here and your site can be lost forever. So engage a professional!
There are security services out there that in my mind are kind of expensive. They will fix your site and charge you a maintenance fee. They generally charge upwards of $100 per month for a one year minimum. That adds up quickly. If you contact your hosting company they will immediately refer you to one of these companies and get their kickback. A host with lousy security can actually make more profit by benefiting from these kickbacks. It is an ethical issue which I find distasteful.
Then there are local developers, like GYST Media that will charge you a one-time fee to fix it. These local developers will generally charge about $600 to get you up and running. They will restore your site, find the hacked files and button up your site to prevent future incursions. It is a fairly straightforward transaction and is what I recommend.
Lastly, "How Do I Prevent This From Happening Again?"
There are a number of things which you can do to harden your website. Any good developer can do these for you. Basically, here's what you want to do:
- Change all of your passwords (CMS, Database, FTP, SSH)
- Run a virus scanner on all computers that have admin access to the site
- Update the CMS to the latest version
- Update the add-ons to the latest version
- Check for known vulnerabilities for all of your add-ons
- Keep backups!
Ultimately, however, we all need to come to grips: all systems have vulnerabilities. Getting hacked is a real possibility, even if you follow the best practices listed above. You need to be sure that you have a recovery plan in place and a good developer on hand.