Dealing With Hackers

28th February 2011

The worst imaginable start to a Monday morning. You get into work, turn on your PC, go to your organisation’s website and find that some nerd has hacked into it and used it to serve malware. You’ve been blacklisted and anyone accessing your site is getting a big red screen telling them all about it.

So what do you do?

First, find out where your site has been flagged. Commonly it’ll be Google, who provide a free diagnostic tool – http://www.google.com/safebrowsing/diagnostic?site=http://YOURDOMAIN

The most common causes are malicious scripts, .htaccess redirects and hidden iframes. If your site was reported by Google, you can use Webmaster Tools for further reports on what your site contains.

Resolving the problem can be as simple as locating and deleting the offending code, but in some cases it will be well disguised or within database entries. If you can’t find all instances you may want to consider restoring a previous backup. If you’re not taking regular backups of your site files and database, you should be.

Once you’re sure your site is free of malware you can then request a review via Webmaster Tools.

Prevention

1. Make sure any software you’re using (e.g. a CMS) is up to date with the latest security fixes

2. Remove any scripts you’re no longer using

3. Never use the default password

4. Lock down the file permissions on your server as much as you possibly can. If you have to change them to install a script, make sure they go back afterwards

5. If your hosting provider allows it, lock down your FTP access. It may be annoying having to unlock it on occassion, but no where near as frustrating as finding someone’s hacked in

6. If you’re using a CMS, see if there are any add ons or plugins available to help improve security

7. Only install scripts from trusted developers

Jo was completely fantastic! I’d been struggling to make a WordPress blog deisgn work and was completely stumped. I made an enquiry to Jo about some help, and she replied within 24 hours. It was easy to agree on a price for the things that needed to be done, and she had fixed everything within 48 hours of the original enquiry. I had thought my problem was too small for someone to help with it, but I was pleasantly surprised that Jo was happy to sort out the small issues with my site for an extremely reasonable fee. Throughout the process, Jo was efficient, effective and stayed in regular communication. She answered all of my questions, even the really idiotic ones, and nothing was too much trouble. The entire experience was great and I would recommend her in a heartbeat to anyone who needs help with a website project – big or small. She is, in short, superb at what she does.

Imogen Goold