What Should You Do If Your Website Gets Hacked?

hi james
there is not much you can do to catch the hacker.

the most important thing is to protect your site better

first, update it
no metter what script you using update the script to the latest version.

second, i whould recommend talking to a web security advisor, they know how to do it well, i did it whenn my site were hacked too

if u want me to give you their contact pm me

tahnks
and good luck

shlomi k.

Ummm... do the police really not care???

(Translation: I want someone's head).

It's not that they don't care, it's that there's nothing they can do about it. It's like calling an ambulance for a robbery. If you have the resources you can hire someone to track them down and sue them, but that's about it.

The only way to get critical information about your server's security, as well as access/FTP/SSH logs, is to contact your web host.

There are also some exploits which are not a problem with server nor script security, but rather are caused by a person's PC running a trojan. Hundreds of seemingly unrelated sites on a single server can end up exploited this way. But the only way to nail it down is to go over the access logs with a fine-toothed comb, and then figure out what all those sites have in common. This is information and detective work simply not available to you as a site owner ... you have to get it from your host.

The only way that reporting it to local authorities really makes any difference is if the site was hacked by someone in the same state as you (if you live in the U.S.). If it was done by someone in another state or another country, that makes it a federal issue, and let's be honest, an individual's website is not going to get any attention by the feds. They have to prioritize things, and a standard inter-state or international exploit is pretty low on the totem pole.

There are exceptions to this of course...

• If you are a student and the site was cracked by a fellow student;
• If the site was cracked by someone using an academic IP (any grade level);
• If the site was cracked by a co-worker or employer, or was cracked by someone using an employer's or ex-employer's computer system;
• If the site was cracked by a government IP;
• If user data was exposed, including names, addresses, or financial information.

Not an all-inclusive list, but you can see the kinds of things I'm talking about. Those all need to be followed-up on by local authorities, so a police report is essential. Be sure to get all the information available from your web host re. access logs, IPs, files accessed and modified, etc.

But if it's the run-of-the-mill XSS or injection attack, overseas script kiddie getting cheap thrills wrecking peoples' sites, there's no point to filing police reports or anything. See if you can find the point of entry on your own within the first 12-18 hours. (Why so soon? -- because hosts with overloaded servers rotate their logs every 24 hours or less) If you can't find it, ask your host for help. Once you've nailed down the point of entry, close the hole and clean up the site.

Hope this helps!

Bailey

Yup immidietly contact your hosting company and explained to them what happened... I'm not a pro but I think they might be able to trace the I.P..

It really sucks but there is so little you can do once you get hacked. That's one of the reason I run my entire business like if there was an imaginary thief, hacker, what ever you want to call it sitting right next to me. It's scary though but it keeps me safe and I sleep great at night knowing everything is secure!

Here are some helpful tips:

-Change all your "important" password as often as possible. (Once a month if your like me).

-Never!, Never! Use the same password more then once!

-Backup all your files weekly (or even daily if you can) to an external hard drive or to a computer which has NO connection to the internet.

-Run double background checks on ANY freelancer or anyone that has once logged into your hosting company account.

-Always make sure there are NO funny backround programs working when you type any passwords to any account. (There are some programs on the internet that actually run on the background of your computer and read everything you type on your keyboard and registers any passwords you type and instantly sends it to the user which the program is registered too).


Yup definitly be on guard on the internet it's full of scamers and thieves ready to steal from you with the most sophisticated equipment!


Regards,

-Alex Kaplo

Hey there,

This is how you do it.. Insists for all the info before you transact with the vendor, freelancer or whatever. One excellent way to double the if the person is legit and not lying is by running a background check. Ask the seller for the following:

- Seller's full legal name
- Seller's primary address
- Seller's telephone number and cell phone number
- Seller's company name
- Seller's business license number
- Seller's bank name and telephone number
- A scan of fax copy of seller's identification card or driver's license
- References from company's seller has worked with before, preferably in your country

Mention to the seller that you will be running a background check on him and that you'll absolutely need all this information, (this alone would scare any real scammers!). You can use Intellius.com services to run background check on them.

You can also open an account with ReadNotify.com. It costs only $3.99 per month and $29.99 per year. ReadNotify.com services will give you the ability to see the actual origin of emails you send and receive from the seller. So if the seller claims he lives in the United States or in the UK to look more legitimate when he is in a country known for fraud like Romania or Indonesia. ReadNotify will tell you exactly where the seller is located, so if he is lying you'll immediately know. Here's an example if you send an email to email@whatever.com, with ReadNotify you would use this email, email@whatever.readnotify.com, by adding .readnotify at the end of your email address and at the exact moment the seller or freelancer open's the email you will be able to see their location in the world. By the way it is impossible for seller to see the .readnotify at the end of your email address, because it is invisible so don't worry about that.

And finally you can also run a Whois.netcheck on the seller's website. You'll be able to check if the seller's name and address match the internet registrar's record of the owner. It's as simple as typing the website into the search bar.

Hope this helps you! Take Care


Regards

-Alex Kaplo

I do two things: 1) As stated above, I rotate passwords at uneven intervals not exceeding 30 days. 2) I make backups of my sites when I build them. If I see a problem with my statistics (I check them every day) then I simply restore the site from the backup.

TomG.

Hey everybody. A number of quick observations here. There actually is quite a bit you can do about a hacker. I created a Word document that explicitly discusses how to determine who the hacker is, how they gained access to your site, and what they did internally. It also gives very explicit instructions step by step, regarding the technical stuff you need to do in order to prevent repeat attacks. If you'd like a copy, pm me and I'll send you a copy.

Also, a primary way for a hacker to access your site is via your web form - that form you have somewhere on your site, which is soliciting names, emails, address info, etc. for the user to enter. What they're doing is entering SQL script into those form fields, and then submitting the form. The way to combat this is to limit the length of those form fields, such as the length of the name field is < 25, for example. The SQL hacker scripts are actually quite lengthy, and won't function with this length limitation.

Two things, a hacker doesn't always leave behind blatant warning pages and flags and disable your access. At least weekly, I go into my site, and check all of the file dates in the root directory. If I have any recent, unexplainable new file dates, I will open up the html code for each of those files (almost always html and php files) and check the lines of code at the very bottom - that's where these SQL injection hacks place script code in your webpage without your knowledge.

The last time I had somebody hack into my website, my analytics systems, and server logs had enough information about him that I knew his name, age, address. Unfortunately, it was on the other side of the world in a region where I didn't have any friends or acquaintances.

Come to think of it, would anybody be interested in paying me a small fee to come in and perform a security analysis of their website for them? I was thinking in the order of $50 for a complete check. Any takers? PM me.

Hope this helps.

Talltom