My Site was Hacked, What Do I Do?

The security of your hosting space is a two-fold responsibility. Webhost, has a responsibility to ensure that all server-side software is up to date and has all necessary security patches applied. Technical support staff regularly watches for security bulletins regarding your server’s software. Kernels are kept up to date, non-standard ports are closed off in our aggressive firewall, and server software is kept at the latest stable, secure version.

The other half of the responsibility falls on you as a client. Webhost  does not monitor the content you put on your website, you are free to host a wide range of scripts from shopping carts to image galleries. Similar to our precautions server side, it is a good idea to ensure that the software or scripts you use are kept up to date within your user space. Developers of web-based scripts release new updates to their software periodically. These updates often contain feature upgrades, but more importantly contain security updates as well. By keeping your scripts up to date, you ensure that the latest security holes are patched and only the content you post is displayed on your website.

In addition to keeping your scripts up to date, you want to make sure you maintain secure passwords. A secure password consists of letters, lowercase and uppercase, and numbers composed in a random pattern. At the very least, you want to ensure your passwords do not occur in a dictionary. It is not uncommon for hackers to attempt what is called a “Dictionary Attack”. In such an attack, all of the words contained within a dictionary are guessed as a possible password. If your password occurs in the dictionary, such a brute-force guessing attack will suceed and allow unauthorized visitors access to privilleged information. Here are a few examples:

Bad Passwords:
password
sailboat
admin
yellow

Good Passwords:
hal2kejslIs9
122l0745Js
Plwn24sueh37

Your passwords should be 8-15 characters in length and, if you cannot remember it, should be written down in a location only you are aware of. Do not share passwords with untrusted individuals.

If you are hacked, the best course of action is to clear out all of the content within your user space and reupload your documents from trusted backups. This is the only true way to ensure you have cleared out all untrusted material. Once your account is compromised, it is possible that the attacker has installed a backdoor for future attempts. In such circumstances, even if you determine the original source of the intrusion, a hidden backdoor allows the hacker entry to your user space. In addition to reuploading your website’s content, you should install new, latest versions of all the software you use on your site to ensure there are no security exploits.

As the saying goes, an ounce of prevention is worth a pound of cure. Recovering from a hacking can be time consuming, not to mention detrimental to your site’s image. By following the preventative measures above, you can spare yourself the hassle of restoring your site and removing unwanted material.

If you have installed any scripts through Fantastico within your cPanel, you can have Fantastico automatically contact you when a new update is available for any of the scripts you have installed. Within the Fantastico area, click on Email Notifcations under the “Extras” section. When you receive an email notification from Fantastico, be sure to update your scripts appropriately. For further assistance, please see our video demo on activating Fantastico notifications: