{"id":10221,"date":"2018-07-26T09:42:20","date_gmt":"2018-07-26T09:42:20","guid":{"rendered":"http:\/\/www.esds.co.in\/blog\/?p=10221"},"modified":"2020-01-07T09:48:54","modified_gmt":"2020-01-07T09:48:54","slug":"how-to-clean-hacked-website-esds-vtmscan","status":"publish","type":"post","link":"https:\/\/www.esds.co.in\/blog\/how-to-clean-hacked-website-esds-vtmscan\/","title":{"rendered":"How to Clean Hacked Website &#8211; ESDS VTMScan"},"content":{"rendered":"\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"536\" src=\"https:\/\/www.esds.co.in\/blog\/wp-content\/uploads\/2019\/05\/MTv-Blog-Hacked-Website-Banner-1024x536.jpg\" alt=\"\" class=\"wp-image-10325\" srcset=\"https:\/\/www.esds.co.in\/blog\/wp-content\/uploads\/2019\/05\/MTv-Blog-Hacked-Website-Banner-1024x536.jpg 1024w, https:\/\/www.esds.co.in\/blog\/wp-content\/uploads\/2019\/05\/MTv-Blog-Hacked-Website-Banner-150x79.jpg 150w, https:\/\/www.esds.co.in\/blog\/wp-content\/uploads\/2019\/05\/MTv-Blog-Hacked-Website-Banner-300x157.jpg 300w, https:\/\/www.esds.co.in\/blog\/wp-content\/uploads\/2019\/05\/MTv-Blog-Hacked-Website-Banner-660x345.jpg 660w, https:\/\/www.esds.co.in\/blog\/wp-content\/uploads\/2019\/05\/MTv-Blog-Hacked-Website-Banner.jpg 1200w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n\n<p style=\"text-align: justify;\">Before we begin to understand how to clean websites that have been&nbsp;<strong>hacked<\/strong>. Let\u2019s first know the possible reasons why websites get attacked. Following are the reasons highlighted by Google in one of their reports:<\/p><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_76 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.esds.co.in\/blog\/how-to-clean-hacked-website-esds-vtmscan\/#Website_security_not_updated\" >Website security&nbsp;not updated:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.esds.co.in\/blog\/how-to-clean-hacked-website-esds-vtmscan\/#Insecure_plugins\" >Insecure plugins:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.esds.co.in\/blog\/how-to-clean-hacked-website-esds-vtmscan\/#Security_policy_holes\" >Security policy holes:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.esds.co.in\/blog\/how-to-clean-hacked-website-esds-vtmscan\/#Data_leaks\" >Data leaks:<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.esds.co.in\/blog\/how-to-clean-hacked-website-esds-vtmscan\/#What_to_do_if_your_website_is_hacked\" >What to do if your website is hacked?<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.esds.co.in\/blog\/how-to-clean-hacked-website-esds-vtmscan\/#Take_a_backup\" >Take a backup:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.esds.co.in\/blog\/how-to-clean-hacked-website-esds-vtmscan\/#Getting_all_passwords_changed_deleting_unused_users_if_any_and_verification_of_user_roles\" >Getting all passwords changed, deleting unused users if any and verification of user roles:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.esds.co.in\/blog\/how-to-clean-hacked-website-esds-vtmscan\/#Removing_malware_alert_from_Google\" >Removing malware alert from Google:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.esds.co.in\/blog\/how-to-clean-hacked-website-esds-vtmscan\/#Scan_your_domain_for_Infections\" >Scan your domain for Infections:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.esds.co.in\/blog\/how-to-clean-hacked-website-esds-vtmscan\/#Always_use_the_Secure_Hypertext_Transfer_Protocol_HTTPS\" >Always use the Secure Hypertext Transfer Protocol (HTTPS):<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n\n<p style=\"text-align: justify;\">Compromised credentials: The two ways by which attackers figure out user id\u2019s and passwords of an account is either by using a password guessing technique or by trying combinations and variations of passwords. Compromised credentials can cause harm to user accounts, to prevent this it is wise to set a strong password. Another way is to apply a two-step verification for secured authentication.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Website_security_not_updated\"><\/span><strong>Website security<\/strong>&nbsp;not updated:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p style=\"text-align: justify;\"> Many times applications and softwares are not up-to-the-mark when it comes to the updates. Such applications miss on a huge part of security and end up being in serious issues. Hosting providers and website owners should make sure the software version, plugins, CMS, are automatically updated. If that isn\u2019t possible, make sure you set up a routine for manual checking of updates.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Insecure_plugins\"><\/span>Insecure plugins:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p style=\"text-align: justify;\">In order to make sure that a websites plugins are patched well, ensure that you get all the plugins removed that no longer make sense and are no longer being maintained by the creators. Also it is a good practice to remove all the files related to the plugins when you get rid of the plugin entirely, rather than just disabling it.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Security_policy_holes\"><\/span>Security policy holes:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p style=\"text-align: justify;\">According to a Google report website admins should not neglect security policies. Users shouldn\u2019t be allowed to set passwords that are weak in strength. Also, users shouldn\u2019t be given free admin access, also if secured HTTP is not enabled your website can get attacked. If you want to protect your site, there has to be a&nbsp;<a href=\"https:\/\/esds.co.in\/security\/vtmscan\"><strong>high level of security<\/strong><\/a>&nbsp;enforced on it.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Data_leaks\"><\/span>Data leaks:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p style=\"text-align: justify;\">To protect data from getting leaked a method called \u2018dorking\u2019 can be used. This method hunts for the data that has been compromised, it is done by utilizing a search engine for better efficiency. Dorking is commonly used when data is not uploaded properly and can be leaked.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_to_do_if_your_website_is_hacked\"><\/span>What to do if your website is hacked?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p style=\"text-align: justify;\">Before you really with the website cleanup process, make sure you identify if the website is really hacked and if it\u2019s not just some technical problem. If you are sure that the site has been hacked, here\u2019s what you can do to fix:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Take_a_backup\"><\/span>Take a backup:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p style=\"text-align: justify;\">You might have your site working well and you might also think there\u2019s no need of taking backups at all. But it is adviced that you website should be backed up, below are the reason why:<\/p>\n\n\n\n<p style=\"text-align: justify;\">1. A backup always helps you analyze what went wrong.<br>2. There are some providers that tend to erase website data and remove the site completely once it is hacked.<\/p>\n\n\n\n<p style=\"text-align: justify;\">3. Having a backup is always a great when you need to go back to some restore point. A system restore point also protects sites if it is on some verge of crashing.<br>4. Also an additional backup is never a bad idea!<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Getting_all_passwords_changed_deleting_unused_users_if_any_and_verification_of_user_roles\"><\/span>Getting all passwords changed, deleting unused users if any and verification of user roles:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p style=\"text-align: justify;\">It should be mandatory to change all passwords. And if in case there are any users present on the system that are no longer in any use you should delete them. Also check that users have the appropriate roles and permissions.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Removing_malware_alert_from_Google\"><\/span>Removing malware alert from Google:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p style=\"text-align: justify;\">One should apply for a security review if the website was blacklisted by Google in order to&nbsp;<strong>remove<\/strong>&nbsp;the Google malware alert.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Scan_your_domain_for_Infections\"><\/span>Scan your domain for Infections:<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p style=\"text-align: justify;\">Once everything is cleaned your website should run another round of scan that may be a quick scan. An automated malware scanner should also be utilized such as Malware to scan your website. The last round of manual analysis should to be done to confirm that the site is now clean and out of potential issues.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Always_use_the_Secure_Hypertext_Transfer_Protocol_HTTPS\"><\/span>Always use the Secure Hypertext Transfer Protocol (HTTPS):<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p style=\"text-align: justify;\">I am sure almost all the tech-savvy customer always keep an eye on the green https on the browser bar. The web pages should be secured by the https protocol whenever any sensitive data is been provided to a web site. SSL certificate is cost-efficient, it also acts as an&nbsp;<strong>extra layer of security for customers<\/strong>. Hence enabling safe user access and your site more trust worthy.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Before we begin to understand how to clean websites that have been&nbsp;hacked. Let\u2019s first know the possible reasons why websites get attacked. Following are the reasons highlighted by Google in one of their reports: Compromised credentials: The two ways by which attackers figure out user id\u2019s and passwords of an account is either by using&#8230; <\/p>\n<div class=\"clear\"><\/div>\n<p><a href=\"https:\/\/www.esds.co.in\/blog\/how-to-clean-hacked-website-esds-vtmscan\/\" class=\"gdlr-button small excerpt-read-more\">Read More<\/a><\/p>\n","protected":false},"author":81,"featured_media":10326,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1271],"tags":[1957,1978,1972,1914,1915,1943,1910,1994,1935,1982,1983,1912,1913,1964,1195],"class_list":["post-10221","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-2","tag-content-change-monitoring-scan","tag-content-management-system-scan","tag-database-malware","tag-esds-vtmscan","tag-esds-vtmscan-detection-technique","tag-esds-vtmscan-vulnerability-scanner","tag-features-of-esds-vtmscan","tag-google-hacking-database","tag-malware-blacklist","tag-malware-in-source-code","tag-malware-in-your-files","tag-malware-scan","tag-malware-scanner","tag-vulnerability-scan","tag-website-security"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/posts\/10221","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/users\/81"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/comments?post=10221"}],"version-history":[{"count":3,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/posts\/10221\/revisions"}],"predecessor-version":[{"id":11141,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/posts\/10221\/revisions\/11141"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/media\/10326"}],"wp:attachment":[{"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/media?parent=10221"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/categories?post=10221"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/tags?post=10221"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}