Recruitment Directory's Blog - Australia's #1 Recruitment Technology Blog!

Back to Menu

Search Blog   RSS Feed

My job site has been hacked. What do I do? Author: Thomas Shaw Date: 10:16pm Sunday 05 July 2009    Email Article    SMS Article    Print Article

• Turn your site off, or take your site off-line.
• If you can't take it off-line, return a 503 status code to prevent it from being crawled by search engines
  
• In the Google Webmaster Tools, use the URL removal tool to remove any hacked pages or URLs from search results that may have been added. This will prevent the hacked pages from being served to users

• Do you have a damage control plan? Immediately put this into action and contact the relevant authorities.
• It's a good idea to figure out exactly what the hacker was after. Were they looking for sensitive information? Did they want to gain control of your site for other purposes?
• Try and gather as much information as you can. See if the host can give you a log showing all the FTP connections that were made to your account. You can use those to see if it was even an FTP connection that was used to make the change and possibly get an IP address
• Look for any modified or uploaded files on your web server
• Check your server logs for any suspicious activity, such as failed login attempts, command history (especially as root), unknown user accounts, etc
• Determine the scope of the problem. Do you have other sites that may be affected?
• If you're using a prepackaged software scripts like Wordpress, Drupal, or anything else that you didn't code there may be vulnerabilities in upload code that allows for this sort of modification. If your job site is custom built, double check any places where you allow users to upload resumes/files or modify existing files

• The absolute best thing to do here is a complete reinstall. It's the only way to be completely sure you've removed everything the hacker may have done
• After a fresh re-installation, use the latest backup you have to restore your site. Don't forget to make sure the backup is clean and free of hacked content too
• Patch any software packages to the latest version. This includes things such as weblog platforms, content management systems, or any other type of third-party software installed
• Check your Server Directory Listings
• Change ALL your passwords

• Get your system back online.
• Actively monitoring your sites for blacklists, malware, defacements, etc. We are currently trying out an online tool called Sucuri
  
• Has the news spread to your clients, media, etc? Prepare a short statement saying you are aware of the issue and currently working to resolve the problem. It is important to be honest and upfront as hackers will post their accomplishments on the web.
• Do you need to disclose that you have been hacked or information has been stolen? You will need to contact all users that have information on your database. The Office of the Privacy Commissioner released a Guide to handling personal information security breaches
• If you're a Google Webmaster Tools user, sign in to your account. If your site was flagged as having malware, request a review to determine whether your site is clean. If you used the URL removal tool on URLs which you do want in the index, request that Webmaster Tools re-include your content by revoking the removal
• Keep an eye on things, as the hacker may try to return

Back to Menu

Search Blog   RSS Feed

Random Blog Articles