Help! I Think My Site Has Been Hacked!
A common mantra in information security is that everything can be hacked. The only thing that can really be done is mitigation and reducing the likelihood that vital data is exposed. While this is not the most optimistic way to look at things, it is the most realistic. It seems like almost every major retailer in the United States has had issues with a vulnerability being exploited at some point and that doesn’t bode well for websites with smaller budgets.
How do you know if your site has been compromised?
Depending on the nature of the hack and what your site was created with, it can be difficult to tell if your site has indeed been breached. Unfortunately, you aren’t likely to see the kind of hacks you see on TV and in the movies. Your whole homepage isn’t going to end up replaced with an animated laughing skull usually. Those types of hacks do happen, but are usually a more personal attack that is much less common. Most of the time, exploits of your website are the result of automated scripts that are looking for websites with specific vulnerabilities. The bot usually has no idea what the specific content or use of your website is and is only looking for access to the server. This makes determining if you should be concerned a bit difficult to know sometimes.
One of the first places to start checking if you think your site has been compromised, is making sure that your website software is up-to-date. It doesn’t matter if it is Drupal or WordPress, proprietary or open-source, or some other framework; software missing security updates is almost a guaranteed way to be hacked in a short amount of time. If you know you are a little behind on security updates, then the correct assumption is that your site has already been breached. Not a comforting thought, but as I said before we have to be real about this.
There are other things to look out for to get an idea of whether or not your site has been hacked. Look for unfamiliar users in the site with administrative permissions or roles. If you have access to the code, you can look for files* that don’t belong or have some obvious naming, 51safisfaf97asf.php type of thing. You will also want to take note of any pages on your site that link off to other pages they aren’t supposed to or if navigation on your site doesn’t seem to work at all any longer. These are just a few things to look for that may seem obvious, but when it comes to self-diagnosing your website, sometimes, that is all you can do.
*Disclaimer: If you aren’t familiar with the code of your site, don’t go poking around in there! You can take down a site easier than you’d think.*
Web Professionals to the rescue!
Once you think you may have been hacked, or you are really sure that you have been hacked and are slightly freaking out, you should seek the help of an expert. Cleaning up after a website breach can be a bit of a delicate thing and requires some very in-depth knowledge of the inner workings of the website. It may seem a bit on the nose for someone at a web agency like ours to recommend you get help from a professional, but it really is the best way to ensure your site will have the best chance it can at recovery.
In a perfect world, you will have backups of the site somewhere that are easy to grab to aid in the recovery. (You do have regular backups of your website right?) If you do, then recovering from the hack should be a whole lot simpler. Unfortunately, we don’t live in a perfect world and many websites don’t have backups. These situations make it tough even for professionals to be of much help because there isn’t anything to reference from before the site was compromised.
Prevention is the answer.
As I had stated previously, everything can be hacked. You can reduce the likelihood of a breach though and that is your best course of action. I have mentioned a few things in this article for how you can reduce your risk, but I’ll reiterate them here.
Make sure your software is up-to-date. Unless you are using a website builder tool completely managed by your host, you probably have some sort of software to keep updated. Servers, frameworks, libraries, and other supporting software all need to be kept up or they will become easy entry points for would-be hackers. This one seems obvious to some, but this is easily one of the most direct ways to reduce the chances that your site will be hacked.
Have an SSL installed on your website. This is another obvious one, but some still write it off as unnecessary. We have reached the point on the internet now where all data that changes hands should be encrypted in some way. SSL provides peace of mind to your users and can help prevent a breach of your website. Just having this on your website doesn’t directly prevent hackers, but what it does do is help prevent man-in-the-middle attacks on your users. If someone logs into your site without an SSL, there is a greater chance of their credentials getting swiped in transit. This means that every user in your system, including you, could become a means for a hacker to gain access.
Use well-established and currently maintained libraries and plugins where possible. This one is a bit more in the developer realm again, but should be in here regardless. There are countless things that can be plugged into your site to add all sorts of features and widgets. With so many available it is going to be the case that a few of them are not actively maintained. This means that security issues that come up aren’t going to be addressed and that means you could have security holes that you don’t know about. Just because something is actively maintained doesn’t guarantee that it will be completely secure, but it does help.
Every so often, it is a good idea to review where your website stands on security. Your digital presence is often as important as any brick and mortar equivalent. You would make sure that your storefront is secure, so why not your website. Also, please make sure you are keeping backups of your website; you’ll thank me later.