Recover a hacked website
It is vital to keep your website secure, perform regular backups & updates and protect it from hackers. When your website does get hacked, it can take a lot of time and effort to recover. Moreover, it can lead to image damage for your company or organisation.
If your website does get hacked: db8 helps organisations recover hacked websites. This involves following a certain recovery procedure, consisting of the following steps:
Secure the hacked website
- Download old backups of files and database from before the hack and backup the current (hacked) website.
- Secure the server log files for analysis.
Analysis of the hacked website
- Determine the date and time of the hack and analyse the server access log files to find out how the hack could have occurred.
- Analyse the hacked website to find out which Joomla version, extensions and server software were installed, whether any security issues were known and what files were modified.
Restore the hacked website
- Fix the security issue, update Joomla and all 3rd-party extensions and create a new backup of the clean website.
- Place the clean backup back on the server and delete all old files or place them in a subfolder with permissions 000.
- If no clean backup is present, rebuild the website with clean software.
- Register a new sitemap with Google and generate HTTP error codes for the URLs of previously hacked pages.
- Change all passwords on the server, such as the FTP password and database password.
Informing data subjects
- Inform the data controller as soon as possible. That is the party responsible for processing personal data. They should inform the Personal Data Authority within 72 hours.
- Inform the hosting party about the hack and its background, including when it took place, the security problem discovered and the actions taken to fix it. A good hosting provider will use this information to actively look for other customers who may also have been affected and take appropriate action. It is in your own interest that the (shared) server (and the shared IP address) is clean and not abused by, for example, spambots.
- It is a legal requirement to report data breaches of sensitive personal information to the Personal Data Authority. This must be done by the data controller (usually the website owner) within 72 hours of discovering the data breach.
- Inform data subjects. If leaked personal data had not been encrypted and the data breach could adversely affect users' private lives, they should be notified. However, it is always polite to inform them of the data breach, the possible consequences and what is being done to prevent it in the future.
- Inform software vendors. If an unknown security issue in a third-party extension has been exploited, it is wise to notify the developer of that software. In the event of a software update, you don't want to encounter the security problem again on your website.
Prevention is better than cure, of course, so make sure your website is secure by performing regular backups and updates. This way, you can prevent a hacked website and avoid potential image damage for your company or organisation.
No recent clean backup?
Hopefully you still have a clean backup from before the hack. Install that in an offsite location. For example, on a web environment on a local PC. You can also use that clean environment when comparing it to the hacked website. Has much changed since the backup? These changes can be manually restored to the clean website. In case of many changes, this can be done at database level using SQL queries.
If there is no clean backup, it is best to rebuild the website completely with clean software. The content (menu items, categories, articles, etc) of the hacked website can then later be transferred at database level.
db8 has extensive experience with this.
Want to know more?
Get in touch with us!