Help, my website has been hacked! Eight Precautions You Should Take Right Now.

Laptop in chains

Laptop in chainsLate last year, something happened to me that every website owner dreads …

When I called up my website, www.rebeccamatter.com, a dark, foreboding page appeared informing me that my site had been hacked.

I then went to my recipe site, www.whattocookwhen.com, and was greeted by the same awful message.

I felt ill. It was like being punched right in the gut.

After my initial horror subsided, I realized I couldn’t remember the last time I had backed up my websites, and started cursing myself for not being more careful.

Especially my recipe site that I have been working on for almost two years now …

I thought of all the hours I’d spent.

Was all my hard work flushed down the cyberspace toilet at the whim of some faceless, heartless computer geek with too much time on his hands?

I contacted my hosting provider, the programmers of the WordPress themes I use, and AWAI’s very own webmaster and told them what had happened.

Then I sat back and waited for what felt like an eternity.

About an hour later, I got a message from our webmaster to check my sites.

I held my breath, typed in the first URL, and hit enter.

A wave of relief washed over me as my WhatToCookWhen.com header greeted me.

Fortunately for me, the hacker had simply uploaded their “you’ve been hacked” file to my site’s database and made it the start-up page for my site.

Once this file was removed, my site data was intact. I got VERY lucky.

You see, some hackers’ intentions are much more devious. They change the site content or add additional pages to your site. Their goal is to do what’s known as “phishing” – tricking users into providing them with their personal and credit card information.

Others add code to your homepage with the hopes of infecting everyone who visits your site with a virus.

Besides being frustrating and time-consuming to fix, having your site hacked can also be very costly.

If your site generates income through ads, affiliate links, and/or product sales like my recipe site, you could lose a substantial chunk of revenue.

And if potential customers receive a “Warning – this site may not be safe to visit” message from Google, they will likely avoid your site in the future.

Plus, on top of everything else, your hacked site could potentially affect your search engine rankings.

To minimize the damage a hacker can inflict on you, here are eight things you can do before your website is hacked:

  1. Back up your site often – This is key. While it’s easy to do, it’s something that’s just as easy to put off or forget about altogether. But do it consistently and often and you can save yourself a world of hurt later on. If you use web-building software such as Dreamweaver, Microsoft Expression Web 2, or XSitePro2, you already have a full working copy of your site on your local hard drive. It’s also recommended that you also back up that copy. Although XSitePro2 does a good job reminding you to back up your site, most web-building software doesn’t prompt you to back up your files. So create a schedule for making sure you regularly back up your website files on a disk or external drive.

    If you never seem to get around to it or are always forgetting, you might want to invest in a program like GoodSync, which will automatically back up and synchronize selected files on your hard drive. You can try it out for 30 days and if you like it, buy it for only $29.95.

    If you use WordPress as your site platform, because you add all your web pages directly to your site online, you don’t have an exact version on your hard drive. But WordPress has a backup feature built into it (plus, you can set it up to back up automatically). You can read about it here.

    Some web host providers also offer a backup option in their control panel (CPanel), but they are not automated. Another alternative is to invest in a software program like Site Vault. It allows you to automatically schedule site backup at a frequency of your choosing. They offer a free evaluation period with several pricing options depending on the number of sites you need to back up. (To back up one site costs $19; 5 websites costs $39; 15 websites costs $59).

    If you do nothing else today, implement a plan to make sure your website files (not to mention your other important files) are backed up on a regular basis. It’s that important!

  2. Change your password regularly – Have you been using the same password for months, even years? It’s important you change your password every couple of months or so. Plus, make sure the passwords you use are “hard to crack.” Don’t use dictionary words, family names, or easily guessable words. Always use a combination of letters and numbers, and for maximum protection, and if allowed, also use symbols in your password.
  3. Monitor your site often – The sooner you know you’ve been hacked, the faster you can react to it. So make sure you check your website on a regular basis. I use my two sites as my default website in the two browsers I use most often.

    If you prefer to pay someone to do it, the website SiteUptime will monitor your site for free every 30 minutes and send you an email alert if your site becomes unavailable (they also have pay plans that offer more comprehensive monitoring).

  4. Keep your software up to date – If you use WordPress, you’ve probably been greeted by a message that says, “WordPress ‘Version Number’ is available. Please update now.” These updates often include security fixes, so it’s important you update to the latest version as soon as possible.
  5. Be cautious of third-party scripts – Before installing a widget, visitor counter, or an ad network, make sure the creator/provider is reputable. For example, do they have a website with contact information? Are they popular with other webmasters? Are there any comments about their service from satisfied users? Taking the time to make sure no one else has had any issues with them is worth it.
  6. Keep your local hard drive free from viruses and Trojan horses – Make sure you have a good firewall program and an up-to-date anti-virus program. Symantec and McAfee are two of the more popular providers of firewall/anti-virus programs on the market today.
  7. Be careful when using public Wi-Fi – If you use public Wi-Fi, always verify that you are indeed connecting to the right network. Some hackers set up their own wireless network in hope you’ll mistakenly connect to them – which can give them access to all your passwords and personal information on your computer. Plus, it’s a good rule of thumb to be very careful of what information you share when connected to public networks.
  8. Be careful of what information you store on your computer – If you have a file called “My website passwords” that contains your login information to your site, you’re making it a little too easy for potential hackers. Name the file something a little less obvious.

What to do if you think you’ve been hacked …

First, verify that your site has indeed been hacked. Unlike my situation, sometimes it’s not very obvious. A hacker may choose to add code to your site that performs a malicious activity and your site may appear more or less normal.

Two indications that your site may have been hacked are if your site experiences a heavy dip in visitors and a sudden drop in the number of pages of your website that are indexed by the search engines.

Google offers a couple of tools you can use to help determine if your site has indeed been hacked. Assuming you’ve registered your site with Google Webmaster Tools (if you haven’t, you should ASAP), click on your site, then click on “Diagnostics” then “Malware” and Google will advise you on whether they’ve detected any malware on your site.

Google also has a tool that will show you if it has found any suspicious code on your site.

And finally, pay attention to your site logs. Look for unusual activity such as strange sites or unlikely keywords referring people to your site. This might indicate that your site has been infected.

Once you determine you have indeed been hacked, here are some steps you should take immediately (some are optional, dependant upon the severity of the attack):

  • Check and see if the hacker has changed your password – If they changed your password, use the conventional methods to try to change it back. If they haven’t changed your password, you might want to consider changing it now.
  • Take your site down immediately – If possible, take your site down as soon as you can. This will prevent someone landing on your site from being infected by any malware the hackers may have embedded into your site.
  • Contact web host provider and let them know you are having a problem – The hacker may have targeted just your site or some or all of the sites your web provider hosts. Let them know you are having a problem. They may already be aware of it and already have an action plan in place.
  • Alert your affiliates – Tell your affiliates that your site has been hacked so they can stop sending traffic to your site temporarily. Your reputation will take a hit if you don’t, especially if visitors to your site get a message that your site has been infected by malware.
  • Stop all advertising – If you do online advertising to draw people to your site, such as PPC ads, Facebook ads, Yahoo Search Marketing, stop them immediately. You’ll be wasting your money, plus the less people you have visiting your site, obviously the better.
  • Assess the damage – For your own peace of mind, you should try to determine the hacker’s motives. Was he just hacking your site for kicks … was he looking for sensitive information … or was he trying to use your site to infect your visitors with malware? What files are corrupted or missing? Determine what files you need to re-upload to your site to get your site up and running again.
  • Put a recovery plan into action – If you have a complete and recent backup, to be on the safe side, you may want to delete all your online files and restore your site from your backup. (Remember to scan you backup files to ensure they are also not infected.)

    Also, make sure you change your hosting and FTP passwords.

    If using a program like WordPress, the best plan of attack is to download the latest version from their site and do a fresh install (after removing all the files the hacker may have damaged). Then use your latest backup to upload your data files to your site.

  • Create a Google Alert about your site – Set up a Google alert using your site name and URL. This way, you can monitor and respond to comments about your site’s situation.
  • Alert the authorities – Depending upon the size of your site, the damage done, and the time and effort required to repair it, you might want to report the incident to the authorities. Here are the links to report a cyber crime if you live in the United States or Canada.

What’s the big lesson from all of this?

For me, it’s something we all know we should be doing, but all too often let slide:
Make sure you have a recent backup of your website.

Because website hacking is not likely to go away any time soon. According to the Google Online Security Blog, the number of malware sites in 2009 hit 300,000 – double the number in 2008!

So make sure you are doing as much as you can to ensure you don’t become some anonymous hacker’s next victim. And if you don’t have one, put a solid website backup plan into place and stick with it!

Rebecca Matter

Rebecca Matter

President of American Writers and Artists, Inc and founder of Wealthy Web Writer, Rebecca has over 20 years of direct marketing and publishing experience.

2 Comments

  • Hey, Rebecca, great tips, especially the first one. You can never back up too early or too often!

    Since so many of us are building our sites on a WordPress platform, it’s important to back up your WordPress database just as regularly as you back up your files!

    I had an incident recently with my site that proved to be an infection on my hosting company’s server. (Needless to say, they’re not my host any longer.) If anyone’s interested in some tips about handling a WordPress infection, I wrote about it at http://futureexpats.com/hackers-and-viruses-and-infections-oh-my.

  • I have a simpler solution, though your points are entirely valid.

    My web hosting company backs up EVERY website they host EVERY HOUR, also daily, and weekly. And NOBODY can access those backups to destroy them.

    You might ask why that’s important.

    I have a client who had a falling out with his “marketing guy”. He also hit the client’s bank accounts for $20,000 on his way out. When I learned of the problem, I told him to change all the passwords on his websites that were hosted by a company in California (he’s in Colorado). He did. We thought he was safe.

    Unfortunately…

    Apparently the marketing guy gave the hosting company some song and dance, and they gave him the new passwords.

    He the used that to dismantal and remove EVERY file of every website.

    Worse, he got into the backups and removed them as well.

    All the company had was backup tapes, and the PHP code was such a snarled mess it’d take a PHP genius to try to untangle it.

    I pay $15 per month per site to my ISP to get all that backup and protection.

    There are “cheaper” hosting services out there, but I prefer peace of mind from a company I know I can trust to do things right.

    Clarke

    P.S.: I avoid content-management systems and WYSIWYG HTML editors (Joomla, WordPress, anything by Microsoft, Dream Weaver, etc.)

    Why?

    They don’t follow good programming standards and practices. They create bloated code. Pages take much longer to load (I’ve seen Joomla home pages that took 10-15 MINUTES to load on a 56-K dial-up connection.

    Not everybody has high-speed Internet. If your page doesn’t load in under 20 seconds at 56K, you better have a good reason or you’ll lose visitors.

    Example of a fast site I built recently: http://www.LocustPark.com (apartment-complex site). Slowest page takes 23 seconds at 56K. Click on photos for full-size image. On high speed, pages appear almost instantaneously (1.5 seconds or less at 1.5 Mb/s DSL speed.

    CE

Leave a Comment

Scroll to Top