SherWeb

Hacking happens. It’s almost flattering to be hacked because it means you’re doing something right. Unfortunately, it’s also a headache that can cause a lot of stress for the Webmaster, and all those involved in the management and maintenance of the site. So, to help you avoid the stress and anger of getting hacked, we’re doing a two part series about how to become a Hackbuster.

Today, in part one, we’re going to talk about what a hack is, why you might get hacked, and what to do once you’re sure you’ve been hacked.

What is a Hack?

A hack usually consists of a site being infected with “badware”, specifically malware. Badware/malware are contaminated URL requests from the hacker that can leak in from the backend of your site and slip into your PHP files. Most hacks include random coding that gets inserted into the headers and footers of a page or many pages on your site. The first sign that your site has been hacked is a virus warning from Google on your homepage. The warning states, “the site can’t be trusted due to duplicate content or malware”. If you or your visitors start reporting any suspicious warning like this, right away go to the site and address it immediately – you’ve probably been hacked.

Why You Might Get Hacked

Sites get hacked for traffic and information. That’s basically it. As a site grows in popularity and the traffic increases greatly, it will become more valuable, and a target to help hackers pursue their goals of monetary gain or a collective interruption of another site. Most hackers will insert a code into your PHP files, which will redirect traffic to another source, such as their own site (monetary) or a larger site. If the hacker’s goal is to interrupt a larger site, what they usually do is hack numerous little sites, pull them together into one big hack army force and attack a larger site.

I’ve been hacked!

Alright, you’re popular. your site has become more valuable…and it’s been hacked. First step is to calm down, because thankfully a hack can be fixed. It’s not permanent. After you’ve calmed down, it’s time to find and assess the problem. Here are three recommended steps:

Step 1: Contact your web hosting/exchange hosting provider ASAP. Most hosting providers will be able to manage the confusing technical problems for you. This is especially important if you are using a shared hosting package.

Step 2: Take your site offline temporarily. A hack is like the flu for computers – it spreads easily and is extremely harmful. Plus, the last thing you want to do is give any of your visitors a virus.

If you can’t take your site offline Google suggests you create a 503 return status code. This will help prevent the site from being crawled, meaning; the hack won’t be able to spread because it will not be touched.

Another option is to use the URL removal tool in your Webmaster Tools, to remove any hack from pages or URLS that might have been added to the search results. This will remove the visibility of any infected pages from all visitors.

Step 3: Assess the damage and record the results. Try to think what exactly the hack was after (information or traffic?). Knowing this will make it easier to narrow down where the hack may have entered.

Once you’ve come to some sort of a conclusion, look through your server for any files that may look like they’ve been modified or recently uploaded.

Next, check your server logs. Look for any wary activity, failed login attempts, unknown user accounts, and command history…any crack you may think the hack could have slipped in from.

Assessing the damage will help you figure out the scoop of the problem. If you’re using a shared hosting package it might very well be another one of your sites on the server that have been infected, and this is how one of your other sites became sick.

Now that you know what a hack is, what to look for if you’ve been hacked, and the first steps in identifying the problem, stay tuned for Hackbusting Part Deux, where we’ll talk about how to track and ensure your site is feeling better.