What is the first thing you do if your website was hacked?

Question

What would you do as first thing if your website was hacked? Taking the site from net? or rollback a backup? not realy or? Did you made any experiences in this way?

score 11 · Answer 1 · answered Jan 22 '10 at 18:35

11

The first thing I would do is to take it off the net at least till I understand what exactly is the damage. Assessing what has been compromised in a timely manner is most crucial.

answered Jan 22 '10 at 18:35

Sands

101

score 3 · Answer 2 · answered Jan 22 '10 at 18:34

3

Take the site offline.

This is crucial. If the intruder is still in your system and you start poking around, they might notice that you have detected their presence and try to cover their tracks (i.e. delete things).

answered Jan 22 '10 at 18:34

user26868

281

score 2 · Answer 3 · answered Jan 22 '10 at 19:30

2

Take it off-line and restore the entire machine, not just the web pages, from your backups. Then, before putting it back on-line, fix the hole they used to get in.

answered Jan 22 '10 at 19:30

John Gardeniers

27,844

score 1 · Answer 4 · answered Jan 22 '10 at 21:04

Hopefully your oganization has a written document that specifies the steps to be taken, who is involved, who is to be contacted. If not begin writing one up immediately. Have you reported it to police cyber-crimes unit, etc.? Don't wait until next time.

score 0 · Answer 5 · answered Jan 22 '10 at 18:34

0

Change your passwords, and then restore from a backup. Then check your logs, contact your host, etc.

answered Jan 22 '10 at 18:34

Sampson

530

score 0 · Answer 6 · answered Jan 22 '10 at 18:38

That depends on several factors. This includes things such as the sensitivity of your site's data and cost of losing or corrupting data hosted on your site.

I believe the first thing to do is to assess the level of threat in terms of the level of damage and cost to repair. The next thing to do is act accordingly.

score 0 · Answer 7 · answered Jan 22 '10 at 22:19

Understand that your web host understands how important your site is.
Wipe the OS and re-install from backups. Don't ask your host to have a "quick look" to see if they can clean it up (this will prolong the downtime.)
Learn from the experience (as it's almost guaranteed you do not have everything 100% backed up and a disaster recovery plan written)

cstamas · Answer 8 · 2010-02-02T08:08:49.010

-1

take it offline
make backup
check / analyze (when you have time)
restore the last known to be good backup

You can later analyze the compromised files.

edited Feb 02 '10 at 08:08

answered Jan 22 '10 at 21:14

cstamas

6,917

What is the first thing you do if your website was hacked?

8 Answers8