Thanks to my guest writer Kyle Olson for this post. Kyle’s bio is below.
Security breaches on your website hosting servers and any other server based online assets are no laughing matter. Suffering one of these breaches can mean anything from the theft of data for fraud related purposes to the total destructive erasure of all your information just for the fun of it (Hackers aren’t exactly known for always being motivated by money)
Whatever the case may be, you as the hard working owner of a site you spent months or years building, can enjoy the fun position of watching everything you built come crashing into zero in less time than it takes you to have lunch. This is not something you want, and especially since it can be avoided through some fairly straightforward security procedures that would have saved you nicely.
Anyhow, what’s done is done, you’ve been hacked, and the only thing left to do is save what you can. Let’s cover how you can do that with 5 essential and effective steps.
1. Don’t Panic, Be Methodical
This is the first and most basic thing you need to do; calm down and proceed methodically. Yes, a hack is a severe thing that needs to be dealt with quickly, but running around like a headless chicken won’t solve anything. If you calmly assess the situation, go through the possibilities and the steps we’re about to cover, you’ll have a much better chance of successfully countering any damaging effects than if you work randomly or just freeze up, waiting for the situation to improve on its own.
2. Check in With Your Hosting Provider
Contact your Hosting provider as soon as you’ve noticed that your site is down, redirecting to suspicious third party sites, or showing unmistakable signs of serious malfunction. Do the same if you can’t access key parts of your back end admin such as servers, cpanel or CMS login. For one thing, your hosting provider has the tools and expertise to help you with resolving your hack or saving your data, and secondly, they can help you uncover vital information about the hack, such as how many people it’s affecting and how it might have occurred.
3. Make a Record of Everything and Save All Suspicious data
As soon as you start to notice something wrong with your servers or site, also start noting things down. Make a record of everything you saw, experienced and the times at which you saw it. Additionally, save copies of any malicious or suspicious code, files and processes. Even if you need to destroy them as part of your damage control, first save all such data on a remote medium such as USB. This saving also includes (when possible) making a mirror copy ISO of your entire drive or server.
Just as if you’re dealing with a police crime scene, creating a record of events and a chain of evidence will help you more clearly understand and possibly resolve your hack source.
4. Shut Your Site and FTP off then Start Backing Up Your Data
Back up everything in your servers and all associated files to a remote storage medium. Don’t worry if some of it is still contaminated with malicious code –you can later scan and clean it of everything abnormal—for now the key thing is to save as much of your site data as quickly as possible.
Before you start your backup process up, disconnect your site from all remote access. This may mean taking it offline and cutting off access to all FTP accounts. You can also later change all of your server/site access passwords in these FTP profiles and elsewhere.
5. Download Everything Again
Once you’ve performed a thorough backup of all your data, cut your site off from outside access, changed all your access passwords and stopped as much malicious activity as possible, you can now download fresh programs for any third party applications that were supporting your site on the server. These may include LAMP software (Linux, Apache, MySQL, PHP), plugins like Java, Flash and Adobe or a CMS bundle like WordPress.
Having downloaded the newest, cleanest copies of all these applications to your newly secured server, you can start re installing all your salvageable backed up data from the site before it was hacked.
When all else fails, you can always contact a company that will perform digital forensics tests to determine the cause of the incident.
About the author: Kyle Olson has written for the tech industry for over 10 years and has operated his own small business in the industry. When he’s not writing poignant articles, you can find him covering civil engineers in Boston or working on his forthcoming novel.