How to Determine If Your Site Has Been Hacked (And What to Do Next)

admin | April 12, 2012 | 0 Comments

Would you be able to tell if your website was hacked? According to IT security and control firm Sophos, one website is hacked every five seconds! Below we’ll take a look at some warning signs that your website has been hacked, and what to do if you do fall prey to a cyber attack.

Has Your Site Been Hacked?

Here are some of the most common warning signs that your website has fallen victim to hackers:

Diagnostic tests: The easiest way to find out if your website has been hacked is to run a diagnostic test. You can do this for free using Google’s safe browsing tool. Just type http://www.google.com/safebrowsing/diagnostic?site= into your web browser’s address bar and include your website URL after the equal sign (for example, if you want to check the site www.google.com, you would type in http://www.google.com/safebrowsing/diagnostic?site=www.google.com).

Changes to your website: Some hackers will change or delete parts of your website just because they can (plus it earns them cool points with their hacker buddies). It’s kind of like virtual graffiti. If you find changes to your site that you didn’t make (like unfamiliar content, rearranged layout, or missing sections), you may have been hacked.

Warning messages: If your website has been hacked to spread malware, this can trigger warning messages from search engines, web browsers, and anti-virus software when you try to access the site. If you receive any of these warnings, or hear about them from someone who visited your site, there’s a good chance you’ve been hacked.

Website redirects: If your website visitors are redirected to another site when they try to visit yours (and you didn’t set up the redirect yourself), then you’ve probably been hacked. If your traffic drops off drastically, check to see if your visitors are being redirected somewhere else.

Suspicious code/files: Strange code or files in your website’s source code (like ones named after prescription drugs or other “spammy” words) are also a good indicator that you’ve been hacked. If you don’t regularly scan your website’s source code for malicious files and code (either manually or using a software program), then you should probably start!

Pages added outside of your normal site layout: Sometimes hackers will add new pages to your website that you would never even find if you didn’t know where to look. But don’t worry, we’ve got you covered. Just set up some Google alerts for “site:site.com viagra.” Where it says “site.com” enter your actual URL, and set up multiple alerts with other spammy words in place of “viagra.” For example, if your URL is www.BestSite.com, you would set up alerts for “site:bestsite.com viagra,” “site:bestsite.com xanax,” and so on. This will let you know if any spam pages have been added your site.

Other indicators your site has been hacked can include:

Your website loads significantly slower than usual.
Your passwords to log into your site’s admin panel or FTP stop working.
Significant changes in traffic.
Influx of spam emails.

Next Steps…

If you have been hacked, don’t panic! Take a deep breath, calm down, and then do the following:

Contact your web host: In some cases, the attack may actually have been on your hosting provider, not on you personally. Some hackers target web hosts in order to infect or deface hundreds of sites at once. Contact your web host to find out if they’ve been hacked too. If they have, a good web host will work with you to restore your site.

Review your system logs: Take a look at your system logs to find out what happened and what information has been compromised. If you’re not sure what to look for, have a website security expert review your logs.

Restore your site: Many web hosts offer complimentary backup services, so check with your hosting provider to see if they can restore your site to a date before the attack occurred. If you back up your site yourself, then the job of restoring will fall on you. (If you haven’t been backing up your site regularly, check out 4 Easy Ways to Back Up Your Website.)

Repair known vulnerabilities & update security: It might sound obvious, but once you figure out how the hackers got in, you need to take steps to address your site’s weak spots and beef up your security. This includes changing all of your passwords, updating your programs (anti-virus software, WordPress, Joomla, etc.), and addressing any weak spots on your site.

Keep your computer software up to date: You should also update any programs on your computer as well, since some programs like Adobe Flash include vulnerabilities that can make it easier for hackers to access your computer (where they can find your passwords and other important data).

Contact appropriate legal entities: If the breach was serious, or if important information was compromised (like financial data), then you need to report the incident to the proper authorities.

Call your insurance company: Depending on what happened, some or all of your recovery expenses could be covered by your insurance. And if you don’t already have some form of cyber insurance, now might be a good time to get it!

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.

Category: Website Tips