Ohh, Man! They Hacked My Website!

My website has been hacked! Well it happens... The hackers (or crackers) are the mortal enemies of the webmasters. No matter how hard the webmaster try to protect their website and put multiple layers of securities, there's always something new or hole that hackers find to intrude. And there are lots of hackers out there, they have different styles too.

Now, I just don't understand why the hackers think they can make a big impact to the world if they upload something like "Blah-Blah Hacker was here!" What do hackers gain when they commit cybercrime?

Well, some people do their job to earn a living in fair game, some don't. Some people are just happy to destroy other's work out of envy. And for those who got hacked, you are not alone. In fact, it's becoming a common problem. If you're lost and don't know what to do here are some tips you might want to do:

Take your website off-line- is your first step. You don't want to play chess with your hacker. This is just temporary until your site is ready for public again.

Regain access to your website

• Figure out if you still have an access to your CPanel or FTP. You might need help from your webhost provider if you lost your access.
  
• Change your password immediately
• Change Admin email on your account.
• Change your credit card information in file.
  

Assess how big is the damage and poor thing, start working- this part is scary especially if you spend a lot of time to build your website, let's all hope that you all got minimum damage. Some hackers are just uploading files to tell you their presence, some doesn't have a heart.

• Determine what kind of attack was done? Hosting? Domain? Are the scripts infected?
  Hosting- there's a possibility that your files was backup up and your data will be restored easily.
  Domain-your attacker might have taken your domain name and gain access to and there's a possibility that you'll loose your domain name forever.
  Script infection- basic type of this attack are password theft, SQL injection, URL injection
  

• Determine what's the damage.
• If you still have an access to your FTP, browse the suspicious files on each directory and delete them.
• Update and apply any patches, upgrades, or updates that the 3rd party vendor or web developer of your scripts may have available.
• Check your scripts for any Header Injection attacks, Sql Injection attacks, Cross-Site Scripting attacks, etc.
  
  

Protect Your Website

• Once you've got your website back, learn from it. Make a regular backup of your data.
• Add security
• Fix any loose file permissions (this may be the most common exploit vulnerability)
• Delete all non-system Ftp Accounts that were created, or at the very least, change the passwords to the FTP Accounts.

Here are some resources you might want to look at:

• http://combustionwebhosting.com/products/secureplans/
• http://security-report.computer-concierge.com
• http://www.sans.org/top20/
• http://www.securenetsol.com/

Now, I'm signing off for now. I got job to do.