Oh No, My Website has been hacked !!! Now what do I do ?

I’ve been hacked!  What do I do about it?  (Or what should I have done before it happened ?)

This was the very question we were asked recently after a national TV news station called a company to tell them their site was now selling cheap generic drugs instead of what it was designed to do.

There are some very simple steps to ease the pain, frustration and anger.

  1. Make backups or your website.  No I mean make your own backups !  Don’t rely on your internet provider, they work towards recovering from failed equipment not anything do with your content.  Also remember to keep the backups for longer than you might ever think you would need (I’ll get to that later)
  2. Check your site regularly.  Use a browser to look at your own content.
  3. Check your site on Google, Yahoo and Bing.
These steps may sound overly paranoid to sound and just overly obvious to others but here are the reasons for the steps and this post.
In late October, after a very embarrassing phone call the company now knew something was very wrong but was also very confused.  They themselves updated the web content on an almost daily basis and looked at the site even more often.  How could they have missed this?
This hack was different from the graffiti that is the most common.  This one only affected visitors that came from Google or Yahoo.  Direct visitors (type in URL directly) or bookmarked visitors saw what they were supposed to.  If you googled and followed the link you were now at a ‘Cheap Drugs’ website.  The side effect was also that google now listed cheap drugs under their name. Not good.
By now, steps 2 and 3 should now be obvious.  What some hackers want is your traffic and your good name with it in Google.  Since most companies eventually bookmark their own site, they can hide the fact that this is happening for a long time. At least long enough for search engines to index your ‘hacked content’.
Keeping many, many revisions of backups became painfully clear when it was discovered that the site had been hacked months ago but the ‘hack’ was dormant for at least a month.  When the first backups were restored, nothing changed!! Still hacked!!  (The hack was backed up too)
It eventually took several days of searching and restoring  parts of the site to remove it for good.
Most ISPs offer tools for customizing backups (database and files) for free.  Using these tools at regular intervals will make managing a website easier.