Latest information technology news of Nepal.
A new website gets hacked every five seconds. By the time you finish this article, over 100 websites will be attacked.
Normally the compromise has occurred due to outdated software or inserted malicious code, rather than from the web hosting company. You should be prepared and well-researched when it comes to hackers and how they enter your site. Here’s a quick guide to finding out if you’ve been hacked, what to do next, and how to prevent a future disaster.
Has My Website Been Hacked?
Easy ways to tell if your site’s been hacked is if your front page looks different, you can’t get into the administrative side, Google greets your site with a warning, or the page won’t load. Other symptoms of being hacked include anti-virus software informing you of a problem, multiple failed log-in attempts, or receiving an e-mail asking if you requested a password change.
What To Do After I’ve Been Hacked?
Ask for Help. Time to reach out to the Internet for answers. Twitter is a wonderful community filled with friendly programmers ready to help you out. Briefly explain your problem and you might be lucky enough to find someone who went through the same thing you’re going through. You can also do a quick Google search of your hacking problem. There could be a forum discussion happening somewhere describing a similar situation.
Find Out Exactly What Happened. How did the hackers get in? Have any of your clients accounts been tinkered with? Was it a cPanel hack, FTP password entrance, remote file inclusion, or a code injection? Was this a giant hacking job that affected numerous sites, or were you the individual target? Multiple questions arise as you assess the damage and see if any data has been stolen. While checking to see what’s missing, also look for anything that’s been added, like strange uploaded files. The more you know, the more the support team and the Internet can help you.
Take the Site Offline. People don’t want to come to a site that’s under construction or giving them scary alert messages from their anti-virus software. Take the site down and make sure you have fixed everything before people return. If customers come back to your site and it’s still glitchy, they are less willing to trust your site going forward. Create a landing page informing clients that you are currently fixing the problem. To prevent Google’s robots from crawling your site and lowering your search ranking, return a 503 status code showing your site is down for maintenance.
How To Prevent a Future Hacking.
Backup All Your Data and Files. Saving and backing up your information should be done as often as your schedule allows. This is of the utmost importance as you may be able to restore your latest backup if your site goes down. If your site has regularly visited forums, backing up your data should be done almost daily, so that even the latest posts won’t vanish in the event of a hack.
Change Your Password. Do this for every single account you have. This includes cPanel, FTP, WordPress, Google, and everything else you use in accordance with your website operation. Make sure neither account has the same password. Your new password must be very hard to guess. If you can memorize the password, it’s probably not secure or unique enough. Fill your passwords up with non-alphanumeric characters where possible. Delete your old email accounts once you are sure you don’t need it anymore.
Don’t use Generic Usernames. A hacker’s job will be much easier if your log-in username is something like “admin”, “adminstrator”, or “site owner”. Try to make your username as unique as your password.
Protect the Comment Section. Comment sections are a great relationship between owner and consumer, but it’s also an easy place for hackers to invade. Validate the form input before any comment is accepted to strip out most HTML tags. WordPress has a keyword filter that you can tinker with to prevent any malicious code.
Keep All Programs Updated. Make sure you have the most updated programs on both your hosting account and your desktop computer. Update WordPress and Joomla to it’s most recent version. Flash can also cause problems on your desktop if it’s not the lastest update. These programs are used by millions, so it’s no wonder many hackers work day and night trying to hack it.
Don’t Place Unused Files into Your Site’s Web Root. Remove these files and directories from the public_html folder as soon as you are finished with them. This forgotten content can be used by hackers to infiltrate your website. Be sure to never leave those files and directories with write and execute permissions (777 permissions) in your web root. This is dangerous because hackers can exploit these insecure scripts to run their files from your host account.
Keep Up to Date with the Security and Bug Fix Releases. Always keep an eye out for the latest fixes and releases for all the scripts you are actively using. You must regularly monitor the web sites of the developers whose scripts you are running. Don’t hesitate to install these quickly as sometimes hackers will try to exploit recently outdated scripts with confirmed security flaws.