Steps to Take After a HackWritten by Scott Mitchell
Being hacked can be stressful. Recovering from a hack is only part of the solution, however. Getting your site back up and running is only the first step. You also want to ensure you are protected from future attempts. That is the second step and every bit as important as the recovery.
Below is several sets of steps to use when you are recovering from a hack. Use these regardless of the type of attack you experienced.
There may seem to be a lot of information here, but that is the point. We want to be sure to plug any holes the hacker was able to get in.
Be prepared to change all passwords associated with your account. These will include:
- cPanel Password
- all Email Passwords
- all FTP passwords
- Passwords for any other Content Management Systems (CMS) such as WordPress, Joomla, etc
Checking Your Local Machine:
- Update all anti virus programs you have on your local computer. I recommend more than one as they may have different checklists, so this gives you extra protection. After updating them, be sure to run a full scan of local machine. This may take some time, but do it anyway. If you do not have anti virus on your local machine, it is highly recommended that you install at least one anti virus program, keep it up to date, and scan your system regularly. Despite popular opinion, Macs and Linux machines are not immune, so be sure to do this with those machines as well.
- If you use a wireless router, ensure the connection is a secured one. If you are not sure how to secure your wireless router, check the documentation or do a search onlinefor your particular router model and how to secure it. Your router manufacturer's tech support may also be able to assist you should you need it.
- If you use any local web design/development software such as Dreamweaver, iWeb, Microsoft Expression Web, etc. make sure that software is up to date as well.
- Make sure that all Adobe products (Adobe Acrobat and Adobe Acrobat Reader, etc) are updated. These are widely popular and on the vast majority of machines. This makes any security holes very popular for exploitation by hackers.
- Check your internet browser version and update as needed. If you have more than one browser installed on your computer, check all browsers installed. Old software is more likely to be exploited as the security holes have been exposed for a longer period of time.
Checking your cPanel:
- Firstly, change your cPanel password.
- After that, log into the cPanel dashboard.
- Head over to the FTP Accounts section and ensure all FTP accounts are valid and in use. If not, delete them. When deleting, be sure to select the Delete Account Option and NOT Delete Account and Files to prevent accidental deletion of critical files.
- Change all FTP account passwords.
- Go to the Email accounts section and ensure that all accounts are valid and in use. Delete any unused or suspicious email accounts.This will delete any emails on these accounts from the server as well.
- Change all email account passwords.
- Next, go to the Email Forwarders section of the cPanel, ensuring any forwarders are valid. Delete any that should not be there.
- Go to the Cron Job section and ensure that any cron jobs listed are valid and the commands correct.
- Next, check the Simple DNS Zone editor in the cPanel. Be sure to check for any records (CNAMEs and A records) that should not be there. You may see MX records if you are using a third party email service. Ensure they are also correct, if present.
- Check the Redirects section of the cPanel. Look for any redirects that should not be there. If you see any unauthorised redirects, delete them. Also, check all existing redirects to make sure they are correct.
- If you use a Content Management System (CMS) such as WordPress, Drupal, Joomla, ecommerce programs, etc. be sure they are updated to the latest version.
- Change ALL administrative passwords for these programs.
- Do a search for all programs you use to see if there are any recommended security strategies. In Wordpress, for example, you will want to change your Security Keys and Salts. This invalidates any previous cookies and logs out all users from the dashboard if they were logged in.
- Do not connect to the internet on any network that is insecure. If you are online with an insecure network, do not login to your account at all.
- Last but certainly not least, regularly create and download backups of your account. This is extremely important for data recovery. Think of it as an insurance policy for your data.
Be sure to do all of the above steps and do not change any passwords until after the local machines have been cleared by anti-virus software.