Last Night A .zip Saved My Life
Your website has been hacked
Words no business owner nor web developer ever wants to hear.
There can be many reasons why it happened, many sources of the hack and many reasons behind it. More often than not this is done so a site can be abused for the purposes of sending out spam from a seemingly legitimate source or other such impersonal a reason. Sometimes it is to prove they can do so, or for reasons of political/business sabotage. The attack vector could be a brute-force password hack or it could be running a script which attempts to exploit a weakness in outdated software. Having both robust passwords and up-to-date software dramatically cuts the chances of such a hack taking place.
Long term impact of a hack?
Even once your site has been recovered there can be negative side effects which hang around in the longer term, especially if the hack was not discovered or fixed promptly. Your site being taken down and the domain abused can have long term effects on the Google search rankings as well as your reputation. In some cases your domain can even get blacklisted by web security software if the abuse was not discovered for a time and the re-purpose of your resources nasty. Speed of recognition of the issue and of beginning work on this is important, especially for saving your SEO ranking and ratings.
So what are we looking at, and for?
In order to recover a site a lot of work must take place and this starts with the developers gaining access to the backend and surveying the damage. Sometimes original files and data are still there, but have other insidious files buried deep within them or elsewhere in the files structure and sometimes data has been deleted or corrupted. Generally once somebody takes over your site they want to stay in control, to maximise whatever benefit they are getting from this, so getting access can often be the tough part. Username and Passwords may well have been changed, login pages broken and malicious code inserted into the site. In nasty cases there may be no option but to nuke the site – and yes, this term does mean what you think!
So we can recover from this?
Regardless of which scenario you are faced with, the bad or the ugly, a backup is vital. A recent backup. We cannot emphasise enough how valuable these are, especially if your content changes or is added to often. We recommend to manually take backups regularly and to have an automated backup procedure too. This helps us to analyse which files have been changed, what the reason for the attack was and gives us a version we can reload and revert to.
Armed with this and with some diligent work a disaster can be recovered from. It is stressful for all on the victims side – be they the business owner, the Web Developer who is working to outsmart and defeat the [insert expletive here] who hacked the site or customers who happen upon the site in its downtime, but any problems can be solved when armed with sufficient tools. Without this? Well, fortunately I’ve never had to heal with such a scenario, and hopefully I never do.
So please, ensure you have regular backups of your site(s), with copies stored in multiple locations. And hope that you never need to use any of them.
As our Director, Consultant and Lead Developer Ivan said when broached on the subject:
“The impossible we can do, miracles take longer.”
Article by Graham