Help – my web service has been hacked! What do I do?

By on Nov 2, 2013 in Blog

So you’re going about your day as normal, and then you notice something awry. This can happen on your website, web service, or user accounts (including email, social media, and so on).

No matter what the case, here are some bad signs that your web service has been hacked:

  • You cannot access your website or user account.
  • Your website / webpages are defaced.
  • Your website redirects to another “unsavory” site, such as a porn or pharmaceuticals pusher.
  • Your contacts list notifies you that they have received strange messages from you.
  • Google or Bing notifies you that your site / user account / web service has been compromised.
  • Accounts, records, or other information is missing or corrupted.
  • Your website / web service “behaves strangely” (this is very difficult to describe until you actually encounter this behavior, then it is usually obvious).
  • You notice strange traffic on your network or user account (usually a big spike in traffic that cannot be explained).

There are a number of reasons that your web security could have been breached:

  • A weak password was compromised
  • Malware was used to capture login credentials
  • A security vulnerability was found in your computer systems
  • Another account / web service was compromised on a shared server / computer resource

Note: a data forensics expert can tell you with remarkable accuracy what was happened, how it happened, with a good chance of identifying the person (or location) causing the breach. This service can be a little out of reach for some people and companies however.

No matter what the case – there are some things you can do to minimize the damage, restore normal operation, and (ideally) close whatever vulnerability that caused the breach in the first place.

 

Step 1: Stay Calm

Security breaches happen to the best of us at times for any number of reasons. You could easily be the victim of bad luck or circumstance, or some other security flaw or weakness beyond your control.

The point is – there is no point getting flustered. A security breach is not the end of the world, you can recover, and that will happen faster if you keep your head straight.

 

Step 2: Get Your Website / Web Service Offline Immediately

Depending on the nature of the breach, and what systems are affected. You need to shut down your website or web service before the problem can spread, or otherwise cause more damage (especially to your business reputation).

This can be especially important because Google and Bing can mark your website as compromised, which makes it more difficult to get back to normal operation even if the threat has been removed. It can take days or weeks for search engines to mark your site as safe once they detect malware.

You will know when this happens because when you try to access the site, and you get warning message saying something like “Reported Attack Site!” or “randomsite.com contains malware”.

 

Step 3: Call for Support

This could mean your IT department or system administrator (sysadmin), the support team for your service provider, or a 3rd party professional to take care of the issue for you. You should always have the relevant phone numbers and contact information readily available for these situations.

Yes it is absolutely possible for you to fix the problem yourself (if you have the time and skills). Though most people will simply not have the experience to do this properly, and even fewer IT experts will have the IT security experience to fix what could (potentially) be a rather complicated mess.

Getting experienced people working on this problem will (generally) go faster and smoother than attempting to fix these issues yourself. If you are depending on service provider support, you may consider hiring an outside security expert to do damage control, and close any vulnerabilities exposed by this breach.

BUT – if calling for professional help is really not a feasible option for you, later we will be publishing a separate guide that outlines some steps you can take to cleanup your system so (hopefully) you can get your small business site running again. You can also try your luck scouring Google / Bing for guides on what to do, just try to be as specific as possible when you run your searches.

 

Step 4: Inform the Right People

Aside from contacting the people who can fix the issue – you may also need to inform your colleagues, customers, or other contacts to let them know what is happening.

People in general are more forgiving if they are informed about what is going on, rather than finding out the hard way that they cannot access your website or web service. Some industries are even legally obliged to contact people potentially affected by the security breach.

 

Step 5: Smarten Up About Information and Computer Security

Once a breach has occurred, it behooves you to find out how it happened – and then take steps to prevent security breaches from happening again. IT security is a complicated practice at the best of times, but the majority of security threats can typically be avoided through good security behavior and common sense.

There are many websites out there discussing good security practices, and we’ve also published articles about these topics numerous times. To paraphrase Francis Bacon – knowledge is the most powerful security tool you can possess.

Post a Reply