By Larisa Patel on Monday, 28 July 2014
Category: Cloud Hosting

Site Sanitization: Cleaning up a Hacked Website

We pride ourselves on having an extremely secure platform, but even the most secure hosting providers see hacked websites on a daily basis. Almost always, the goal of the hacker is to steal content, send spam, spread malware or conduct some type of phishing scam. Many times we’ll see a site administrator clean a site only for it to be hacked again a few days later, and then they come to us wanting to know why. We find that some additional steps that can secure a site and fend off attacks are often neglected. This blog explains why sites are hacked, steps for cleaning up a hacked site, and preventative measures that can be taken to secure the site moving forward.

Why sites get hacked

Vulnerable Extensions

There are several reasons a site can be hacked, but the culprit we identify most often is an outdated extension. Updating extensions is critical because hackers can easily identify vulnerabilities in older versions, which are like a wide open back door to the site. If you’re using a Joomla site, it’s best practice to visit the Vulnerable Extensions List frequently. If you see an extension you’re using on this list, download and install the patches immediately. If no patches exist, disable the extension and find something to replace it.

Outdated Applications

Another reason we see sites hacked is because the site itself is an older version of the application, like Joomla 1.5 for example, which is no longer supported with security patches. We provide a managed hosting platform, which means we’ll update versions for you when a new STS (short term support) version becomes available. When a new LTS (long term support) version becomes available, it’s up to site administrators to upgrade on their own. It’s definitely best practice to stay current with the most recent version of your application.

Compromised Passwords

We also see compromised administrator passwords. Hackers have the ability to run a few scripts to determine if you’re using a simple password like a name or birth date or if you’re using something generic like “admin” or “admin123”. You wouldn’t believe how many times we see people actually use the word “password” for their password. You also have to be careful about who you share the password with.

Compromised Computers

Even though we cannot scan your personal machine, we do encounter users whose computers has been infected with a virus, spyware, or malware. Attackers who use these surveillance or malicious softwares are looking for personal information that can be exploited and they’ve been known to steal passwords and sell them to other groups who want to attack your site. Be sure to check your your machine weekly with a reliable scanner. I recommend using Microsoft Security Essentials, a free program for Windows versions Vista, 7, 8 and 8.1. Linux and Mac users are not immune to attacks, and I recommend speaking with someone about how you can best secure your machine.

Cleaning up a hacked site

There are a number of steps that need to be taken to clean up a hacked website. If you’re unfamiliar with the items on this list, you can contact your web hosting provider for more assistance. 

Avoiding a hacked site in the future

The suggestions we have for avoiding a hacked site in the future should be performed on a regular basis.

CloudAccess.net Sanitization Services

If all of this is a little intimidating, don’t panic. We offer a site sanitization service for any site hosted with CloudAccess.net. Our team of programmers and system administrators will clean an application and remove the hacked files and scripts for you. We’ll update the site and make it as secure as possible by taking preventative measures. Learn more about our Site Sanitization services.

I hope this blog has armed you with some useful information. Thank you for choosing CloudAccess.net!

Leave Comments