HACKED!

May 29, 2015

Screen Shot 2015-05-28 at 9.02.33 AM

I received a call early this morning from a client. “Our site is gone!” It is very easy to get excited about suddenly seeing the screen above instead of your normal beautiful site. Luckily it is not as bad as it seems at first glance. The first thing to do is get all your hosting information together. We will need to access your website through the hosting company or ftp. Although all you see is the black screen, the site is not gone, it is just hidden. I have mentioned in previous posts some of the different types of hacks that exist, this one is called a Defacement Hack. This type of hack changes the look of the site without doing major damage.

I have standard steps to take to find the problem and remove is as soon as possible.

  1. Log into the FTP and scan the files visually. There are often files with names that don’t look right.
  2. Look for any duplicate names with small differences. In the above instance there were two homepage files. One was the correct homepage and the other was the homepage displaying the image above. I removed the incorrect homepage. Voila! The homepage then displayed.
  3. DON”T STOP THERE
  4. Just because the site looks ok, doesn’t mean that everything is ok. I also check all the major files for code that does not belong.
  5. Next step CHANGE ALL PASSWORDS to your website, hosting account and any other account connected with your website.
  6. Make sure your website and plugins are all updated.
  7. Run an internal scan using Wordfence (if you don’t have it on your site, install it. It is a must)
  8. Run an external scan with Sucuri Scanner
  9. If everything comes out clean you should be all set, but I always recommend keeping a close eye on your site for the next few days to make sure it doesn’t happen again.
  10. If you have google webmaster tools you can also make sure that your site has not been blacklisted and request removal from the blacklist once the hacked files have been removed.
  11. Before walking away, run a backup!

It is also important to consider how the hack happened. It your site and plugins were all out of date that could be why or sometimes it happens through the server of your hosting company. Sometimes it is beneficial to let your hosting company know.

Posted in Security, Web Development