interactivetools.com
Quickstart Guide...
How to Install
How to Upgrade
How to Move Servers
How to Private Label
Restore Hacked Sites
Admin Menu
General Settings
Private Labeling
User Accounts
Section Editor (List)
Add New Editor
Section Editor (Edit)
Field Editor
Text Field
Text Box
Wysiwyg
Date/Time
List
Checkbox
Upload
Separator
Regional Settings
Code Generator
Show Code
Viewers
Viewer Options
Displaying Uploads
Search Engines
Advanced Topics
In-Depth Getting Started Guide
Working With Generated Code Guide
Special Fieldnames
Changing and Removing File Extensions
Demo Mode

View Changelog »
Glossary
Need Help? Questions?
Post in forum »

How to Restore Hacked Sites

There are no known security vulnerabilities in our software, but website hacks are becoming more and more common so we've created this page to help you understand the issue, and to provide tips on restoring a hacked site.
*Note: For the purposes of this document we use the term "hacker" to refer to a malicious user who is intent on gaining illegal access to a computer system or network by bypassing or breaking the security system. The term can also be used in a positive context to refer to hobbyists or the programmer subculture that includes the pioneers of the internet. For more information see: http://en.wikipedia.org/wiki/Hacker_definition_controversy#Hacker_definition_controversy

How hackers get in

Almost all website hacks these days are automated - rather than sitting in front of a computer, hackers* use automatic scripts to scan thousands of websites an hour for known security vulnerabilities and weaknesses.

The top ways a hacker compromises a website are:

  1. Exploiting known vulnerabilities in older versions of popular web scripts such as: WordPress, Email Forms, Image Galleries, etc
    • Open-source and free scripts are very common and installed on millions of servers, making them an easy target for hackers.
    • These scripts usually have common urls and filenames (such as wp-login.php) that hackers can scan for.
    • Even if the script isn't used, or was installed by default by the host, it can still be vulnerable.
  2. Guessing easy passwords. Vulnerable passwords are usually short, simple, common, or dictionary words.
    • Automated scripts can test thousands of passwords a minute. (See Wikipedia: Brute-force Attack)
  3. Compromising another account on a shared-hosting server and using it to gain access other sites on the server, including yours.
    • This shouldn't be possible if your web host has applied all the latest security patches and updates.
    • If you are repeatedly hacked and you believe it's related to the host there's nothing you can do but switch hosts (or servers).

Once a hacker gains access to your site through one of the methods described above, they may then have all the same security rights as you do when you connect with FTP, or as PHP does (read/write files and the database, install programs, send emails, etc), and in some cases may be able to gain full control of the server with administrator rights.

What they do once they're in

Typically, once they have control of a website (and remember, most of this is done automatically) they will do the following:

  • Install additional programs and backdoors to make it easier to control your server.
  • Use your server to send bulk unsolicited email (spam).
  • Use your server to attack other servers and websites and gain control of them.
  • Redirect incoming links from Google and search engines to other websites.
  • Display spam links on your 404 "Not Found" pages.
  • Insert links or spam into your pages.
  • Use the hijacked website to attempt to gain further access to your network or your web host's network.
Hackers will want to use your server for as long as possible without being discovered, so often spam-links will go undetected for some time and will only appear on pages you are unlikely to see, such as "404 Not Found" pages or pages that aren't linked to from search engines.

How it can affect your site

Even if the changes are hard to detect or minimal, they can have a very negative effect on your traffic, website revenue, and reputation. Some examples include:
  • You can lose traffic (search engines and anti-virus programs may block your website).
  • You can get banned by Google if your site is hosting malware.
  • You can get banned by email gateways if your site is sending spam.
  • You can lose customers or reputation if website visitors see anti-virus warnings, viagra links, pornography, malware, etc.
  • Your search engine ranking can be reduced or you may be removed from search engines altogether.
  • Your site may go slower or have decreased performance if the server resources are being redirected for other purposes.
  • You may exceed site quotas for bandwidth and CPU time and/or get charged with overage fees.

Recovering/Restoring your website

Recovering from a hacking attack takes time and effort, use the following tips as a starting point:

  1. Scan your local computer
    • Install an anti-virus program if you don't have one. Try Microsoft Security Essentials for Windows and ClamXav for Macs.
    • Run a full anti-virus/malware scan. Sometimes exploits can be introduced from a compromised local PC.
  2. Backup the hacked site
    • Backup MySQL databases and any website files to your computer, labelling them as a hacked backup.
    • This will allow you to restore to the previous version if your cleaning or upgrade attempts fail.
  3. Contact your web host
    • Find out if other sites have been hacked (especially if you are using shared-hosting).
    • Ask if they have any backups of your database or website files.
    • Find out if they have any tips or services for restoring hacked sites.
  4. Restore from backup or clean infected files
    • If you have a clean backup of your files that has not been hacked, consider restoring to this backup.
    • Failing that, you will need to manually review and compare all files to find exploited or modified code.
    • One method to quickly replace program files is to upgrade or re-install web applications.
  5. Remove unneeded applications, files, or plugins
    • If you don't think you need an application or file, remove it.
    • Make sure your files were backed up in an earlier step so you can restore any file that has been accidentally or incorrectly removed.
  6. Upgrade all remaining applications, and plugins
    • Make a list of all the applications and plugins on your site and their current versions.
    • For each application or plugin, download the latest version and install it.
  7. Change all your passwords
    • Make a list of all your passwords.
    • Change all your passwords for FTP, Email, Plesk, MySQL, etc.
  8. Final Steps
    • Review the reference links at the bottom of the page.
    • Do some googling and online reading to find out more about best practices for restoring after a hack.
    • If you continue to have security problems consider hiring a security professional to assist you.

Reference

Search Engines Web Hosts Web Software
Copyright © 1999-2024 interactivetools.com, inc.