Is my website hacked? …and cleaning strategy!
Next one online tool is amazing for checking for viruses – https://www.virustotal.com
And one more tool, that sometimes is helpful – https://scanner.pcrisk.com/
Do you know others? Do you know some, which is better? Please contact me and share!
Website cleaning strategy, simple short version
Sharing my thoughts, ideas and workflow for website cleaning. It might take some time, attention to details and a bit of knowledge. Also there are a lot of geeks, who can help and therefore these steps are as approximate as possible and intention here is to show direction, rather than fixed and strict checklist to follow. Bare in mind, that order for these steps is not how you see them – in the best scenario you should feel them and play and combine them to achieve the goal – clean and working website.
Change your password for FTP and control panel access. This is usually the first and quite important step.
Answer yourself a question – why do you think, that website has been hacked. Sometimes hackers destroy files, sometimes they inject bad code, sometimes they might gain access to your DNS and screw that part.
Often restoring from the backup – both files and database is the easiest and quickest solution. Then only thing to bare in mind – make sure, that version from the backup does not contain hacked version or injected trojan backdoor code. Often it helps to restore from the backup and then fine-clean website.
If possible – create backup version of your website before starting cleaning process. You can screw your website more. Extra backup never hurts.
If available at your hosting provider – use antivirus and malicious code scanner. To be honest, I have not seen them being super efficient, but in some cases – they still do help. Some, like Imunify – can even help you clean/delete bad files. That saves a lot of time.
If you are using WordPress – and if it is working and accessible – Wordfence plugin is a big and good friend, especially when it comes to finding modified or “extra” files, which usually are amazing trojans, backdoors, uploaders and file modification tools. We use Wordfence a lot and in most cases free version is good enough. Big thanks to developers.
If you are using WordPress and it has been corrupted or inaccessible – quite often it helps to simply upload and rewrite latest WordPress source files. Very often hackers modify or damange core WordPress files. Also – sometimes your WordPress might stop working because of failed updates (and not because it was hacked). I use this “fix” quite often. Make sure you have made backup of your website (even if it is not working) before you start. Yes – files and database.
While not being a suggestion for cleaning – I feel like mentioning it. Do not host a lot of websites under single account. I know, very often it is much cheaper, but security wise – it is a bad idea. Usually files and other resources are shared for a single user (I mean FTP, linux user) – so several addon or parked domains will have access to each other files and if one of them gets hacked – technically (with a high probability) – other sites can be easily hacked.
These are very brief steps and explanation, but I hope it will take you in the right direction. Always happy to help!