What Happens When Your Website Is Hacked?


But how the heck do you know whether you have been hacked? Well, there are quite a few ways to determine that your site has been hacked. One of the most common signs that victims are confronted with entail the site being completely defaced by the hacker. It could be as dreadful as that! It can also be replaced by a new page accompanied by a tell-tale notice proclaiming “Hacked by ………………(fill in the blank”. Worse still, you could be redirected to a porn site.



Nevertheless, here are some hallmark signs that tells you that your site has been hacked:

  • Your website is defaced or mutilated
  • Google or Bing alerts you that your website has been compromised
  • Your website redirects to a disagreeable site
  • Your web browser hints that your site may have been compromised
  • You get outlandish traffic in your web log like mysterious spikes


How Does This Happen?

For some, it practically happens out of the blues. According to a survey conducted by ‘StopBadWare’ and ‘Commtouch’, 62% of site owners admitted that they were totally in the dark as to how they were hacked. But this will not do because it is essential to know how it happened, so that you could thwart another hack by the same hacker.

However, there are quite a number of ways by which a website can be hacked, while those listed below are mostly used by hackers to take control of your website and do the harm:

  • By using malware on your local computer to get your login credentials
  • By fancying your password
  • By locating security vulnerability in particular software (mostly outdated) you tend to use
  • By hacking another site that resides on the same ‘shared-server’ you are using for your website

{For this reason one should avoid cheap hosting providers since they seldom follow tight security practices and as a result you get ‘bad bedfellows’ on the same server}



Now that You are Hacked, What Would You Do?

Since you have already been hit below the belt, you and/or your support team need to take the following steps for clean up and restoration.

Relax and take a deep breath because no amount of agitation will help recovery which can only be achieved by competent persons (Support Team) in a systematic way.

Get in touch with your Support Team, especially one having the right technical expertise, as also being familiar with your site and its configuration. This may include your web developer and your hosting provider.  

However, make sure that the web developer has the necessary programming and technical background as well as the experience to assess and fix the problem.

As for the hosting providers, they may not be able to do the actual clean up job, but can be of invaluable help since they are more likely to have encountered clients having similar issues and so know the way out.


Provide the Relevant Information for the Support Team

Unless you provide all the necessary information for your support team it would be difficult for the team to render assistance. For instance, it will need access to your:

  • Hosting Login: Hosting control panel to access your database and web logs
  • Web logs that include both access logs and error logs. However, here you may encounter a problem since some hosting chaps do not turn these on by default when you may have to ask for these.
  • CMS Login: Content Management System with administrative/ super admin rights
  • FTP / sFTP access credentials comprising username, hostname, password
  • Backups whatever you have


Shut down The Site for a While

You surely need to shut the site down temporarily while it is getting assessed and fixed. Your hosting control panel probably has the ability to do so. Alternatively, you will need to password protect the main directory (where your site resides) to block visitors from trying to access the site while the support team is working on it.


Scan your Computer for Viruses and Malware

You also need to scan your local computer with the help of anti-virus software in order to ensure that it is not infected with malware, spyware, Trojans or other sundry virus/ viruses.



How the Cleaning will be actually done

Adequately armed with all the necessary information, your Support Team members would do its job in the following fashion

  • Create a back up of the site and download it for inspection
  • Change the passwords for website logins, database, ftp, etc
  • Scrutinize log files/data to determine how/when the site was hacked
  • Check the software extensions used on the site while ensuring these are updated and do not feature known vulnerabilities
  • Review custom software code, if any for likely security flaws
  • Clean the website and put it back online



Thank heavens that your website has now been cleaned, albeit a bit amateurishly. However, if you are keen on getting professional help, you may have to depend on an organization such as Crescentek, a leader in matters relating to Websites, their production, design and maintenance. So, whenever you feel that your site has been hacked, feel free to contact us for specialized service at affordable cost.