Help my website has been hacked! (Prevention methods)

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn13

Each day hundreds of websites on the Internet are hacked and the owners of the websites are clueless as to why it happens. Hacked websites is a terrible thing that causes a lot of stress and inconvenience.

It’s not just about repairing the damaged files and hoping this experience doesn’t happen again. This is not enough. There are also other steps that can be taken and in this article, we look at how you can take proactive measures and prevent your website from being hacked.

So if we make the assumption that the probability of your site being hacked is high. Let’s do a risk assessment of what steps can be undertaken to reduce that risk, minimising as much damage as possible.

– Local machine scan for malware:
If you don’t have a decent virus/malware product installed on your desktop. Make an informed purchase by discussing your specific needs with various vendors. Ensure that it’s set to automatically scan your machine each day. Ensure that at least each week it connects to the vendor’s site and updates itself with new libraries of virus and malware definitions.

– Rotate FTP passwords:
File Transfer Protocol (FTP) provides full access to your files on the server. Like all passwords, you should not set these and forget about them. They should be updated regularly. We recommend monthly if you access your FTP regularly but if you access it less frequently it should be okay. If you’ve never changed passwords, we suggest that you update it now!

– Rotate Database passwords:
Your database password, is what allows your website to access your database. It’s not as critical as rolling the admin password for your application or FTP details, but it’s still an important part of a well-managed password policy. We recommend bi-monthly password changes on this, though you may want to look more or less depending on specific circumstances.

– Remove access details from developers after job completion:
Why would you leave full access to your site once work or changes are completed? You should hand access details out strictly on a required use basis.

– Rotate console passwords:
This is a very easy step. Simply reset your control panel password.

– Backup of web files and databases:
Backing up doesn’t have to happen every day, but with a busy site, weekly backups should be part of your strategy.
For websites that are static and changes very rarely, monthly backups are more appropriate. No matter what schedule you decide to follow, if bad things happen, you will at least have a copy of your site and you can easily re-publish quickly, without the hassle and at no charge.

– Review core site scripts for available patches and updates.

– Review any installed add-on modules for available patches.

– Review any installed templates or themes for available patches.

– Review site logs, scan for high traffic volumes from single IP.
Lets say your admin site is at the address, http://www.test.com/ admin. In your raw server logs, if you see large numbers of visitors to that page, especially from single IP addresses, then it is safe to assume that people have or are trying to do bad things.

– Review all file permissions on the server:
Unix file permissions confuse even very technical people, so we won’t try and explain them in the context of this guide.

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn13

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Leave a Reply