What would you do once your site is hacked?

[xpl0iter]

So if my site somehow gets hacked these will be the things I will try to do ASAP.

• Will try to figure out how the hack was made. Was it the theme, database, plugins, xss or bruteforce etc?
• If possible, will delete everything except the database and valid image files. (Its possible that the hacker could have installed a backdoor on any of your files for regaining access once you repair everything).
• Check if your site is blacklisted on any of those security websites. If yes, file a dispute against it.

So what would you do?

 

[Dividend]

Just upload your files again. The hosting company can wipe everything before you do a fresh upload. Even sites belonging to NASA and The White House have been hacked before. If it happens, take it as a compliment.

 

[xpl0iter]

Just upload your files again. The hosting company can wipe everything before you do a fresh upload. Even sites belonging to NASA and The White House have been hacked before. If it happens, take it as a compliment.

Hacks can happen in 2 ways imo.
1. Targeted - If your site is soo popular that someone want to do a show off or steam some important data!
2. Random - This happens mostly because of the carelessness of the admin. For example, outdated themes, [plugins, bad code, etc.

 

[Sam1]

Well I have had my site hacked twice. The second time was more recent- only a month ago and these are the steps I did.

1. I determined what the hack was and nailed it down to:

• A wordpress backend hack in which they:
• Changed the admin account details, password email etc.
• A template hack which said "Hacked by..... I'm such a retard"

2. So I went into Phpmyadmin. I updated the admin password, email account and other details.
3. I logged into the backend.
4. I deleted the template they'd modified (saving images first).
5. I re-uploaded the template and fixed the site.


At around step 2 I contacted my host to check for backups. By the time they'd managed to find the latest one, I'd solved the issue.

 

[Sylar]

I'd just contact my host(he's sort of a badass). He'd get his russian support people on it(yes, they're russian ), and then he'd send me a backup from a few hours before the hack; I'd inspect what got breached on my localhost, fix it, and everything would be hunky dory

 

[CHT]

If I got hacked, I'll probably find out what the problem is and fix it.

 

[xpl0iter]

If I got hacked, I'll probably find out what the problem is and fix it.

Of course everyone will be doing what you said. But what will be the actions you take, please be a little bit more specific on the things you would do!

 

[CHT]

Try to find the source port and implement security, and I meant by extra security. On top of that, assign a new account to be the root and get rid of the old account. The accounts I'm talking about are the server sided ones.

 

[YanOri]

I would be happy, literally.
It would be awesome if some random hacker is interested in my site. Doesn't that make me special?
Now, for the serious part.
I wouldn't actually know what to do atm, I've got very little knowledge about hacking / what are the possible measure one should keep in mind after getting hacked. With the little information that i have, I would probably change all the passwords, make it pretty complex, upload new files ( just in case the files were edited ) .
I don't know what i could do about the database, I might probably Google it and try to implement any of the measures explained.

 

[CHT]

I would be happy, literally.
It would be awesome if some random hacker is interested in my site. Doesn't that make me special?
Now, for the serious part.
I wouldn't actually know what to do atm, I've got very little knowledge about hacking / what are the possible measure one should keep in mind after getting hacked. With the little information that i have, I would probably change all the passwords, make it pretty complex, upload new files ( just in case the files were edited ) .
I don't know what i could do about the database, I might probably Google it and try to implement any of the measures explained.

If you are wanting to host a website, take some free or paid security lessons to protect your website. That's my advice to you now.

 

[YanOri]

If you are wanting to host a website, take some free or paid security lessons to protect your website. That's my advice to you now.

Thanks, i would consider this when my website is made public. As of this week, I'm busy again with college.

 

[CHT]

Thanks, i would consider this when my website is made public. As of this week, I'm busy again with college.

Same here on the college part.