With the broader accessibility of the web today, more people are able to author their own websites and pour their efforts into maintaining their web presence. Unfortunately, it is the popularity of ubiquitous publishing platforms that make them an easy target for malware injection and other malicious site-takeovers.
If your site becomes compromised, remember to follow guidelines in order calmly and thoroughly access the problem. By arming yourself with proper guidance, you’ll have a better outcome, whether you create your own list based on pieces of collective knowledge, or need to blindly follow someone else’s list verbatim.
Regardless of your Content Management System, hosting provider, or other circumstances, you can systematically approach the problem of repairing your site. Remember, if you’re not prepared to properly perform a fix yourself, being aware of precautions can help you to avoid panicking and making matters worse. Better yet, anticipating the information you’ll want to collect will help get your site up and running faster.
What to do After a Malware Intrusion
Regardless of whether you plan to take matters into your own hands or pass them off to someone else, remember to remain calm.
Depending on your hosting arrangement or how you access your site, your next options will vary. If someone else manages your website, be sure to alert them of the problem. This may be someone you work closely with either personally or as part of your organization, a third party partner or agency, or a web hosting company.
Ideally, you’ll want to take your website offline. Having customers or other visitors encounter untrusted content on your website can be more damaging to your reputation and sales than some down time. More importantly, taking your site offline prevents someone who has control over your site from controlling it while it is offline, and temporarily stops damage from worsening. Some malware infections come in phases, first taking advantage of a vulnerability and opening the hole wider, allowing for additional control. Later, after control has been established and your site has reported back to the attacker that it’s available for further manipulation, additional damage is dealt.
Therefore, the moment you notice your site may be compromised, inform the person responsible for maintaining the site, or if you are that person yourself, begin analyzing the situation.
The key point to remember is that you cannot trust your site once it has been compromised. It will need to be wiped and a clean instance setup from scratch to ensure no tampering has occurred.
Accordingly, you’ll want to have existing backups of your site database and files. Ideally, you already take backups and have them stored off-site and are not left scrambling. When re-installing your site, you’ll need a trusted copy that is known to be good.
Part of identifying the last known good copy involves knowing the timing of when your site became compromised. This is also vital in order to mitigate any future risks that the same attack vector will be used to once again take over your site.
When setting out to analyze your site, ideally you can do this while your site is taken offline. Reviewing server logs if you have access to them, you’ll be able to hopefully find the time and cause of your site issue. Sometimes outdated CMS systems like WordPress or Joomla are the cause, while other times it can be third-party plugins that are outdated or not reviewed for quality.
If you notice unusual files on your website, you’ll want to search your logs for attempts to access them, particularly POST
requests.
As a webmaster or business owner, you’ll need to be aware that your site is likely to be flagged by Google in search results as being hacked or containing malware. Once you have repaired your site, you’ll need to request that your site be reevaluated for that notice to be removed.
Rebuilding site content and settings from backups that are old, partial, or missing can be demoralizing. Should you find yourself taking preventative steps rather than reactively responding to a site issue, be sure to keep your software updated, use trusted plugins that have been properly vetted, and to schedule regular, frequent backups. Lastly, remember to actually test restoring from your backups so you both know that they actually work and to help familiarize yourself with the process when the time comes that you need to recover from an incident. Best of luck!