How to Clean Hacked Website – ESDS VTMScan

Before we begin to understand how to clean websites that have been hacked. Let’s first know the possible reasons why websites get attacked. Following are the reasons highlighted by Google in one of their reports:

Compromised credentials: The two ways by which attackers figure out user id’s and passwords of an account is either by using a password guessing technique or by trying combinations and variations of passwords. Compromised credentials can cause harm to user accounts, to prevent this it is wise to set a strong password. Another way is to apply a two-step verification for secured authentication.

Website security not updated:

Many times applications and softwares are not up-to-the-mark when it comes to the updates. Such applications miss on a huge part of security and end up being in serious issues. Hosting providers and website owners should make sure the software version, plugins, CMS, are automatically updated. If that isn’t possible, make sure you set up a routine for manual checking of updates.

Insecure plugins:

In order to make sure that a websites plugins are patched well, ensure that you get all the plugins removed that no longer make sense and are no longer being maintained by the creators. Also it is a good practice to remove all the files related to the plugins when you get rid of the plugin entirely, rather than just disabling it.

Security policy holes:

According to a Google report website admins should not neglect security policies. Users shouldn’t be allowed to set passwords that are weak in strength. Also, users shouldn’t be given free admin access, also if secured HTTP is not enabled your website can get attacked. If you want to protect your site, there has to be a high level of security enforced on it.

Data leaks:

To protect data from getting leaked a method called ‘dorking’ can be used. This method hunts for the data that has been compromised, it is done by utilizing a search engine for better efficiency. Dorking is commonly used when data is not uploaded properly and can be leaked.

What to do if your website is hacked?

Before you really with the website cleanup process, make sure you identify if the website is really hacked and if it’s not just some technical problem. If you are sure that the site has been hacked, here’s what you can do to fix:

Take a backup:

You might have your site working well and you might also think there’s no need of taking backups at all. But it is adviced that you website should be backed up, below are the reason why:

1. A backup always helps you analyze what went wrong.
2. There are some providers that tend to erase website data and remove the site completely once it is hacked.

3. Having a backup is always a great when you need to go back to some restore point. A system restore point also protects sites if it is on some verge of crashing.
4. Also an additional backup is never a bad idea!

Getting all passwords changed, deleting unused users if any and verification of user roles:

It should be mandatory to change all passwords. And if in case there are any users present on the system that are no longer in any use you should delete them. Also check that users have the appropriate roles and permissions.

Removing malware alert from Google:

One should apply for a security review if the website was blacklisted by Google in order to remove the Google malware alert.

Scan your domain for Infections:

Once everything is cleaned your website should run another round of scan that may be a quick scan. An automated malware scanner should also be utilized such as Malware to scan your website. The last round of manual analysis should to be done to confirm that the site is now clean and out of potential issues.

Always use the Secure Hypertext Transfer Protocol (HTTPS):

I am sure almost all the tech-savvy customer always keep an eye on the green https on the browser bar. The web pages should be secured by the https protocol whenever any sensitive data is been provided to a web site. SSL certificate is cost-efficient, it also acts as an extra layer of security for customers. Hence enabling safe user access and your site more trust worthy.

Leave a Reply

Follow by Email