It can happen at any time with very little warning. People often find out it’s happened to them in a number of ways. An angry client may call asking why their computer is telling them your website may be harmful to their computer. A co-worker may send a short email. Or, you may happen to be on your website yourself when you see the awful notice that everyone else who visits your site will see as well, that you’ve been compromised. If you have or ever do find yourself in this situation, you shouldn’t be surprised. In fact, hackers will attack many thousands of websites on a daily basis. In most cases, your site will not look any different, but hackers may be using a broad spectrum of ways to compromise your data and that of your clients.
If you’ve read our blog article entitled, “An Overview of Hacked Websites”, you would have learned the risks and means of having your website hacked. You may also have learned some valuable information on how to prevent an attack from occurring. However, what if your website has been hacked? What are the steps you can take to correct the situation with as little harm and headache is possible? In this article, we will cover the steps to help fix your hacked website.
Google’s Advice for Fixing Your Hacked Website
In the event that you have been hacked, it is important to understand the situation as best as possible. The first step is to watch the video posted by Google that explains the basics including how and why websites are hacked. The video will also briefly explain the process of recovery and removal of any warnings to visitors by Google, and the options available to you. These options include to do it yourself or hire a professional. Following the video, Google gives a list of steps that show more in depth what must be done to restore your compromised website.
The Initial Step
The first step is to contact the host of your website. By letting them know as soon as possible, they can verify that no other sites they host have been hit, and also can help recover your site in some cases. Even if they are unable to help recover it, they may be able to help steer you in the right direction as to whether or not a professional is needed. Building a support team is important, and your hoster will be the first outside member you should include.
Like when a person has a bad virus, a quarantine is often set up to prevent the hackers from causing further harm. The same is true for your site. It is important to prevent your server from allowing pages to be viewed by users. In other words, simply shut it down. This may not be as harmful to some companies as others who operate solely from their website, but in either case it is crititcal to close the site so things cannot get worse.
From here, its important that you contact Google Webmasters to verify that you are the site owner and also to make sure the hacker has not already verified themselves and changed any settings with your analytics. Finally, Google Webmasters is also able to help determine the nature of the attack and give clues as to how you can resolve it.
This next step can be a bit more difficult for the novice and will most likely be the place that most small businesses will most likely need professional assistance. The basic idea is that the owner should examine all site files and settings and verify which have been affected. From there, the goal is to determine the hacker’s main intent for the breach. You will be searching for any included code, page modifications, and other similar details.
Once the examination is complete and you’ve listed everything that is abnormal, you will need to determine the vulnerability that allowed the site to be hacked in the first place. It is important to examine the entire site even if a vulnerability is caused. It could be in fact that you have more than one vulnerability that requires attention. This may include a virus on the main computer of the administrator, weak passwords, software that is out of date, and other such weak points.
Hacked Website Cleanup
When all of these steps are completed and you have all the background information required it is time to clean your site and maintain its security for the future. The goal is to remove anything that is bad and replace it with good. Any vulnerabilities should be fully addressed and a plan should be created and implemented to help prevent any future attacks from occurring.
The final step which will return your site to a fully functioning and warning free site is to request an official review by Google. Review the steps you’ve taken and make sure that nothing was missed. Submit a review request an Google will examine your site and will either give you an approval, removing any warnings to visitors, or require you to re-review your steps and see what may have slipped by. Being hacked is not a fun process. There are ways to help prevent it, but no site is immune.
Wondering how you are doing? Use our complimentary Digital Marketing Scorecard to gain valuable insight on how your website rank compares to others. We are also glad to answer any questions you may have and provide Cohlaborative digital marketing solutions to meet your company’s needs.