“Help! My website has been hacked, what now?”

Are you reading this article while your website is hacked? What a downer. That's no laughing matter. However, you shouldn't just sit and cry about it. Take control again. We'll tell you what to do next after a hack.

Website hacked? We'll restore* your website with SiteSweep

With SiteSweep, we restore your hacked website. Malicious code is removed so you can be online quickly and safely again. *For now, only Combell customers can use SiteSweep.

More en more websites get hacked

Experts worldwide agree: in the coming years, we will face even more cyber attacks. Various organizations, regardless of their size, are experiencing their websites being hacked. Unfortunately, the trend seems unstoppable.

Digitaletoekomst.be, the information and inspiration hub for Flemish businesses (coordinated by VLAIO, the Agency for Innovation & Entrepreneurship on behalf of the Flemish government), hopes that sole proprietors and SMEs will improve their security against hacking. Their security advice will help you get started.

Is your website actually hacked?

It could unfortunately be the case that your business is the next victim. Being hacked is no longer a distant concern. Before you go into full panic mode, you need to make sure whether your website or online shop has actually been hacked.

It's possible that you're just facing IT issues, and there's no criminal activity involved.

An unknown piece of JavaScript could indicate hacking.
An unknown piece of JavaScript could indicate hacking.

This may indicate hacking:

For servers:

You discover suspicious cron jobs (automated tasks that were not set up by you).
You suddenly find yourself on blacklists for spam (certain malware uses your server to send spam emails).
Extra activity in the server logs.
Increased server load (cryptomining).
Applications going offline.
...

For websites:

Your browser notifies you that your website has been hacked (because it has detected dangerous or malicious code). Screen for this notification.
Your hosting provider informs you that your website has been hacked (because dangerous code has been detected).
In the Google search results for your website, you see the following message: "This site may have been hacked or contain dangerous code."
You notice that your website is unavailable, loads very slowly, or crashes regularly.
You can no longer log in to your Content Management System (CMS) or the management tool for your website (hackers may have changed the passwords).
You see a significant decrease in your website's traffic (certain malware redirects visitors to other websites).
You discover unknown user accounts in your CMS.
You notice that unknown plugins or scripts have been installed.
You see pop-ups that have nothing to do with your website.
...

"Website hacked, now what?"

If after checking it turns out that your website has been hacked, you need to quickly go through several steps. You need to try to limit the damage and regain control of your applications.

Don't panic

Easier said than done. We completely understand that. However, it is extremely important to remain calm and do the right thing. After all, the damage has already been done. There's nothing you can do to change that. Make the best of what you have. That way, you can try to minimize the consequences of the hacking as much as possible.

Tip

Want to be able to sleep soundly at all times? If you're a larger company, work with your hosting partner to develop a Business Continuity plan. That way, you always have a crisis plan on hand. If things need to move faster, you can still launch a Disaster Recovery plan.

Combell ensures that you are not working on outdated versions of your CMS. (photo)
Combell ensures that you are not working on outdated versions of your CMS. (photo)

Inform your hosting provider

If you host your website or server yourself, you'll need to take action on your own or consult a security expert. However, if you have a hosting provider, your first task is to inform them. This is especially true if you have managed hosting and your provider hasn't already notified you.

Collaborating with a professional hosting provider is crucial for protecting your websites.

Hosting providers have experience with these kinds of scenarios and can offer assistance or advise you on the best course of action. Once you're back on track, you can discuss additional layers of protection for your site or shop. Collaborating with a professional hosting provider is essential for protecting your websites.

As an example, every Combell customer using our shared hosting receives the standard protection of our robust Combell Shield. This digital shield combines various defense systems, frustrating hackers to no end! They don't stand a chance against us.

Also read

How choosing the right hosting company has a significant impact on your cybersecurity.

Decide whether to take your server/website offline or not

A common advice you often come across is to make the server 'unavailable' by unplugging the network cable or power cable.

But is that a good idea? By simply taking the server offline or shutting it down, you may indeed destroy a lot of evidence and/or valuable information about how the hacker gained access.

So when do you choose which method? When you are fairly certain that it involves script kiddies, you can indeed isolate and restore the server immediately. If you choose to do so, you should follow some basic rules first:

  1. You have detected the hack within 24 hours.
  2. You want to be operational again quickly (recovery is more important than forensics).
  3. Your server is not a virtual machine or a container that can take a snapshot of the server's memory.
  4. You do not intend to prosecute the hacker.
  5. You believe that the hacker still has certain software running on your server.

If it is a targeted attack, in technical terms an Advanced Persistent Threat (APT), it is better to try to collect as much information as possible through digital forensics or track down the hacker before taking the server offline or shutting it down.

Of course, you must ensure that the damage cannot increase and that the hacker cannot collect more data or information. Contact Combell to determine if taking your server offline is a good plan. Every case is different.

To prevent a hacked website? Never use insecure passwords.
To prevent a hacked website? Never use insecure passwords.

Change all passwords on all devices

Replace all passwords – and we mean truly ALL passwords 😉 – that were used on the server. This includes passwords for email, control panels, CMS systems... Do this on all devices that had access to the hacked website or server.

For those desiring strong passwords, utilize upper and lower case letters, incorporate special characters, and opt for longer passwords...

Also, check other websites and servers

If there is a possibility that the hacker who compromised the website or server also had access to other websites or servers, thoroughly inspect them. Pay extra attention to servers containing any important or sensitive data.

Make a backup

Create a complete backup of your hacked website or server. This is NOT the backup you will later use to restore everything, as the malware is also present in this backup.

This backup is primarily intended to preserve as much evidence as possible about the hack and what the hacker has done.

Having a backup on hand is, of course, essential to continue working. We'll get back to this in a moment!

Communicate with your customers

When your site is hacked, direct communication with customers and stakeholders is crucial. This open communication ensures that customers continue to trust you. They will notice your engagement and dedication in the way you resolve the issues.

This clear communication enables customers to take action themselves (such as changing weak passwords) and contributes to the recovery of your reputation and customer loyalty. Especially if you also communicate about how you have managed to improve security.

Find out how the hacker gained access

Once all of this is done, you can begin your post-mortem investigation. The goal is to determine what went wrong, how the hacker managed to get in, and what damage they were able to cause.

Involve your hosting provider in this process. Here at Combell, we have real experts who bear a strong resemblance to Sherlock Holmes. 🧐

Arming yourself against future attacks

All the actions listed above are what you need to do when you've been hacked. But wouldn't it be better to prevent those problems? To not give those scoundrels of hackers a chance?

You can take various measures to protect your website or online store, along with all associated data. Talk about valuable information!

Maintenance and updates

Regular updates of all systems are a crucial security mechanism. When Content Management Systems (CMSes) like WordPress or Drupal don't receive updates, they become highly vulnerable to zero-day attacks.

Zero-day attacks are attacks in which a hacker immediately exploits a software vulnerability, even before an update can be applied to fix that problem.

Do you have a WordPress website? The chances are high, as WordPress is a super user-friendly CMS. But - let's be honest - it requires a lot of updates.

For instance, your website's theme and various WordPress plugins. If you neglect this maintenance, your website becomes an easy target for hackers. This is a consequence of outdated software.

Did you know that so-called 'Cross-site Scripting' is the most common vulnerability in WordPress plugins? Hackers cleverly exploit this by sending malicious software (such as a virus or hidden file) to the user's browser via a script.

Managed WordPress: everything to make your Life easier

If you don't have the time to perform all those updates or if you're not familiar with them, consider opting for Managed WordPress at Combell. With this service, we check your site daily to see if updates are available for its components.

If updates are available, we first test them out, and if they are compatible with your website, we apply the updates immediately. You won't notice anything, and neither will your visitors!

Your WordPress website up-to-date thanks to Managed WordPress from Combell
Your WordPress website up-to-date thanks to Managed WordPress from Combell

Those updates are crucial for the security of your website. Hackers eagerly exploit vulnerabilities and weaknesses discovered in outdated themes and plugins.

But regular updates are also essential for your website's speed, especially concerning PHP, the foundational language on which WordPress is based.

Proactively backup your data

If your website gets hacked, your backups are your safety net. Consider them a preventive measure against potential hacks or other cyberattacks. Making a backup in advance or ensuring an automatic backup system means you can recover more quickly.

Without backups, you risk losing data (such as files) or even rendering your systems completely unusable after a hack. That's pretty dire. Recovery time will be significantly longer, not to mention the extent of the damage.

Knowing you have reliable backups provides peace of mind. "Things can go wrong, but not everything is lost." That feeling is invaluable. Anyone aiming for professional business practices can't go without backups. That's why, here at Combell, we offer backups on shared hosting that go back up to fourteen days.

Tip

For those seeking the highest level of backup, we recommend cloud backup. Consider it the ultimate insurance for your business. Our experts can provide you with all the details you need.