A security breach of your blog is no small thing; if
you’ve been running your blog for a long time and
it’s loaded with content, videos and other informa-
tion while also being part of your overall online
business presence, a hack attack can be downright
catastrophic.
you’ve been running your blog for a long time and
it’s loaded with content, videos and other informa-
tion while also being part of your overall online
business presence, a hack attack can be downright
catastrophic.
Thus, given the potential damage that having your crucial blog pages get hacked wide open can bring, you need to know how to take action as quickly as possible after the fact and save both your data and forensic information about the hack itself while minimizing the downtime your blog suffers before it’s back up and running robustly again
Let’s go over the five crucial steps you should take right after you realize that you’ve been breached.
1. Check With Your Hosting Provider
This is the most basic step you should take after discovering that your site is either not working or is acting very strangely.
For one thing, you may not even be the victim of an actual hack; sometimes accidents do happen and either something your hosting provider did wrong (ie: a server crash) or something you did wrong (ie: outdated software or badly written code) could be the cause of your problem. This applies especially in situations where a page simply doesn’t load or shows an error message.
Thus, take a deep breath, calm down and contact your hosting provider to see if they can inform you of any mistakes on their part or at least help you go through your own work with your server data to see if you may have done something wrong with your site. Also, if you’ve recently been editing code, go through your latest changes line by line and remove them to see if something there is the cause of odd blog behavior.
Finally, even if you’re sure you’ve been hacked, you should talk to your webhost so that they can explain what they know about the hack to you, or tell you if your blog is alone or one amongst many others that have been attacked.
2. Start Making a Record of Everything
As soon as you start to notice the effects of what you suspect to be a breach, start recording everything that happens after that. Record the names of any suspicious exe files, all odd blog behavior, any lines of strange code you found and pretty much everything you see and do that has to do with your blogs problem.
By doing this, you’ll be creating a chain of digital forensic evidence that will not only help you keep track of how you’re resolving the hack, but will also let you learn from your progress for when it comes to dealing with future incidents.
3. Make Copies of All Suspect Data
In conjunction with making a record of everything you do and see, also make copies of all suspect files, code and EXEs that you encounter. Even though you’re in the process of eliminating them as part of your cleaning efforts, you should first copy each piece of data as part of your attempt to record and understand the hack you’ve suffered. You might even want to go as far as creating a forensic mirror copy of your entire hard drive if you think that the source of your hack was your own computer.
Again, these files represent evidence that will give you a chance to use digital forensics and figure out what had happened to you so that you can better understand it and root out its source.
Save all copies of corrupted files on a remote storage unit such as a flash drive or an external hard drive.
4. Close Down all Server Access Accounts and Change Every Password
This means that, if you’ve given access to your blog’s servers to anyone else via FTP, you should shut down all of these accounts right away and change their passwords just to be sure about security. Additionally, change all of your other server passwords such as those for MySQL accounts, CMS dashboards and even your blog’s hosting control panel password.
This may seem a bit extreme but until you know how someone breached your blog, it’s better to eliminate all possible sources for the hack systematically.
5. Backup All Your Data and Reinstall
We’re sort of covering two steps here, but they go in tandem with each other: First, start backing up all of your blog data from your servers and MySQL databases as fast as you can. The quicker you do this the less likely you are to suffer even worse losses. You should have already been practicing a general policy of regular blog backups anyhow, but, well, some people just don’t. Thus, now that you’ve finally been hacked, get busy with this.
It doesn’t matter if you’re also backing up infected files or malicious code; you can clean both out later in a localhost environment; for now the key is to do a full backup.
Once you’ve backed up your data, erase everything from your active server and reinstall fresh software for all of your blogs components. These will include your CMS software if you’re using a CMS (such as WordPress), your addons, plugins and your third party site addons such as Adobe, Flash or any other blog extras.
Afterwards, make sure that all your passwords have been changed, your site secured with any needed patches and start adding your backed up content back in piece by piece.
No comments:
Post a Comment