One of the most damaging type of cyber-crime attack that is becoming increasingly popular is the hacking of websites. A university colleague of mine recently had the unfortunate event of becoming a victim to a website hacker on their own personal WordPress site which was a breach of Information Security and caused a lot of fear for the rest of the Salford Business IT class recently as this had never been experienced by any of us directly before.
After seeing this website had been hacked, I immediately ran a quick Google search on the website and was a little surprised to see that the hacker had notified another website of this hack and a mirror image of the site was taken. It showed a live snapshot which can be seen in the video below. From this other site, I managed to locate other websites that had been hacked by the same hacker due to the same IP address which can be found on Zone-H.
After this hack, I immediately changed the passwords from the host cPanel and started browsing through all the files that had been left by the hackers including large PHP scripts which took a couple of hours.
I uninstalled the WordPress installation and performed a fresh installation which appeared to resolve the issue. However, as a precautionary measure I asked the hosting provider (InMotion Hosting) to perform a shell scan where 2nd line support performed a virus/malware scan which came out clear.
To make it 100% certain that there were still no hidden backdoors the hackers may have left behind, I requested for a cPanel reset (as there was no important data left on the host) to avoid any chances of security loopholes. After 2 hours I got confirmation that this had been completed and I immediately installed a fresh copy of WordPress (again!).
The first thing I did after this was look for strong and easy-to-use security plugins. I came across the WordPress BulletProof security plugin which had a high rating and a lot of good reviews.
After installing this, I saw many advanced features to improve a lot of areas I may have not considered and decided to tweet some of this on my Twitter @ImranahmedIT including the following post:
— Imran Ahmed (@imranahmedIT) February 28, 2015
To summarise, the steps I took when attempting to resolve the hacked website was as follows:
- Check search engines to try and identify where hackers have left notifications.
- Reset all passwords including cPanel, FTP passwords and email accounts associated with the host.
- Ask the hosting provider to scan whole cPanel for any viruses or malware.
- Install Security on your website such as Security Plugins which add layers of protections with little user involvement.
If you have a working backup of your website and email accounts (which you should!), contact your hosting provider and ask them to reset your cPanel and restore the backup to ensure there are no backdoors being left behind. This is because websites that have been hacked once are normally hacked again due to vulnerabilities not being detected and cleared.
Feel free to share and comment as all feedback and discussions are always welcome on my blogs! – ImranahmedIT