Suffering from a deeply intrusive hack is no laughing matter, since the consequences can range in severity from complete destruction of all your data to theft of highly sensitive business or client information and proprietary files. Because of these potential consequences, it’s absolutely crucial that you act as fast as possible as soon as you notice that something suspicious is going on with your servers, website or your computers. Here are the crucial steps you need to take as soon as possible.
1. Make Sure You were Hacked.
If your website, servers or machine are doing things like showing unrecognized files and programs, redirecting your URLs to strange websites, or restricting your access to your own control systems, then you’ve probably got a certifiable intrusion on your hands.
However, if you’ve been recently modifying files, installing new programs or doing any sort of coding to the root files of your servers and site, and then notice that certain things don’t load properly or simply don’t work, go back and undo your most recent work to make sure it wasn’t an error of your own.
2. Check with Your Host.
Get on the phone with your web host’s technical support team immediately. Be sure to give detailed and accurate answers to any questions the hosting support staff have. Their expertise might give you all sorts of additional intel on the specific nature of the hack you’re going through, since they may have seen it before.
3. Back Up Everything.
Start doing everything possible to save as much of your valuable data as you can to a secure remote medium. The faster you start backing up, the less data loss you’ll likely suffer. The equation is that simple.
4. Seal off and Clean out the Intrusion.
Take your servers and site offline and change all of the passwords so that you can seal off all possible access that could let the intruders continue causing harm.
The second part consists of cleaning and reinstallation. Go through all of your server files and remove any unknown programs and exe files. Go through important website control documents, such as the .htaccess and .php files, and review them for changes to their internal code, making copies of anything you find for later review.
After you’ve done this, you can erase all of your old versions of any server software applications, third party apps (like Adobe or Flash) and your CMS website installation and its associated third party plugin apps (if you’re using any). Then, download the latest updated versions of them from their trusted original sources and install them anew. Then, re-upload all of your backed up server and website data.
For intrusions onto your actual machine, you’ll simply need to eliminate the root malicious files that are causing your hack symptoms and then run a thorough scan with anti-spyware, anti-malware and antivirus software (all three in sequence). Afterwards, re-upload backed up data as you would in a newly cleaned site server.
5. Forensic Recovery.
Finally, you should consider using a digital forensics service of some kind to minutely check all of your files for traces of the hack mechanism that caused your intrusion. Doing this will not only leave you much cleaner than doing your own malware cleaning would, it will also provide you with valuable insights on how you were hacked. This information is a powerful tool for future security strategy.
Additionally, you can use digital forensics services as a last resort option for the purposes of data recovery. As long as you’ve got access to the medium on which your erased data was stored, there is a decent chance that forensic analysis techniques can be used to save even seemingly vanished files and documents.
About the author: Stephan Jukic is a freelance writer who generally covers a variety of subjects relating to the latest changes in white hat SEO, mobile technology, marketing tech and digital security. When not busy writing or consulting on technology and digital security, he spends his days enjoying life’s adventures either in Canada or Mexico, where he spends part of the year. Connect with Stephan on LinkedIn.
