What to do when your website gets hacked?
Your website is your online business, one of the first interactions your customers
will get from you, your virtual brand awareness
and for a lot of people their bread and butter.
Much like a owning a house, investing in a security is a great thing!
You want to be able to have fences that bounce of intruders in cyberspace.
After spending years in the IT Security sector we could see
clear patterns on how the majority of websites
got hacked and customer records got leaked in to the
public, sometimes destroying businesses for ever.
Much like what happen in the Panama papers where a
legal firm that has been operating for over 30 years
was put out of business due to a customer data leakage.
A lot of people see a financial motive of getting there hands
on customer records, whenever it is to personally feed their ego,
sell the data to email spammers, business/market
competitors, governments or other third parties.
Selling compromised data has been as business
since the early days of the internet.
The “lazy” malicious third parties will
pick the low hanging fruit, so basically when a new vulnerability is released
that gives them access to a certain software
vendors product, they will scan the entire internet which in these times
of high speed internet can be done in less then an hour.
Source: https://github.com/robertdavidgraham/masscan
So the problem is that someone will use some software to create a
website(like WordPress, Joomla, Drupal).
Ideally we would like a world where every software
updates in real-time after the update from the software
vendor is released.
Since the world does not look like this, but what we
can do is build a product that indexes all the latest vulnerabilities
in real time and informs the users running the affected software of
the threat and that is what and why we created Firo Solutions.
You can see us like an antivirus for your website
So how do we make a consumer product for this?
Investigate
The sad part is that even if you are able
to find the ip address of the malicious third party
the majority of digital intrusions remains unsolved.
An internet service provider will in most of the cases
not spend more then an hour on investigating the abuse complaint
the victim sends.
If you are using a web host we would recommend that you open a ticket
and have the hosting provider investigate it more
on the web-server side in the log files.
Checking all your available logs that you have such as seeing
which users logged in at what time is also a great
way to obtain an understanding on when it might have happen.
If you are running WordPress then all files in the
WordPress folder ending in with .log will help you.
The most important thing is that you locate the problem and solve it.
In 80% of all hacked WordPress, Joomla
and Drupal sites it is due to a plugin/module being
out of date and being bad.
So check all your plugins for updates and apply does.
How to file an abuse complaint
After you have located the ip address
of the malicious third party it is time to
file an abuse complaint so we want to lookup
the internet service provider and owner of the
ip address.
This is done with a so called WHOIS request.
So let’s use a whois website such as:
https://who.is/
https://www.whois.com/whois
We want to find the abuse email in the record
so scroll down to you see an email such
as abuse@.
Then simply explain the situation.
If you are worried about security
vulnerabilities affecting your website or online system we
provide an always online service starting at 5 euro per site a month.
Which is the most price effective security you can get for your site!
Check it out now at:
https://watchers.firosolutions.com
We also have several online tools such as:
https://vulns.firosolutions.com which is a graphical site for searching
and viewing security vulnerabilities with a lot of Easter eggs.
https://rust.firosolutions.com is our version scanner for the programming language Rust.
And many more!