The sinking feeling that you get when you discover that your website has been hacked is not an experience you want to repeat once it has happened to you.
You may well find yourself searching for IT support Sydney, for example, to try and get the technical help you need to put things right and prevent the same scenario from being repeated. It is also a good idea to improve your awareness of what sort of signs to look for that tell you your website has been infected with malware.
Here are some pointers that are well worth knowing.
Google will tell you when you have been hacked
One of the most common warning signs that all is not well with your website is when your browser comes up with a warning.
For instance, Google Chrome will tell you that your website may have been hacked. This also means that your website will have been blacklisted by Google Safe Browsing.
Most of the popular browsers use this blacklist and you can’t mistake the warning as your screen turns a bright shade of red and warns that the site contains malware.
You will get a message through your search console
If you have linked your website to Google’s search console, which used to be known as webmaster tools, you will get a message together with a backup email to notify you that your site has been hacked.
The message should also provide details relating to the suspected URL and attack vectors.
It should also give you an overview of the actions to take in order to try and fix the problem yourself.
The complaints from customers start coming in
It is not always immediately obvious that your website has been hacked and if a hacker has used a sophisticated technique to maliciously extract credit card information stored on your site.
The hackers will sell this information and you will soon realize that your site has some security flaws that need fixing when you notice an increase in customers who are complaining that their card details have been used fraudulently.
Also Read: Effective Anti-malware Softwares
Outbound ports become blocked
You may discover that some hosting companies may take the step of limiting resources to your website rather than totally disabling it when you have been hacked.
A lot of these hosts have automated security protocols in place that automatically block connections to outbound ports such as 80, 443, and 465, for example, so that the malware infection can be contained and the prospect of generating spam is limited.
Once the malicious files have been successfully quarantined and your website is able to pass the automated virus scanner test your access to the ports will be reinstated.
It only takes a very small line of malicious code to cause a lot of security issues.
Unexpected error messages in your error logs
It is also prudent to analyze messages in your error logs about unapproved functions and other issues such as connection denied errors and undefined offsets.
Check to see if the file path or error seems unfamiliar. If this is the case, make sure you seek to verify the authenticity of the code. You might also want to run a malware scan to see what it returns.
Check for new admin users or FTP accounts you did not create
Another common hack is to create new admin and database users so that hackers can maintain regular access to your website.
These accounts created by hackers are consistently used as an efficient backdoor entry point to your website. Regularly check to see if any users have been created that you don’t recognize.
Ads and pop-ups start to appear when you load your website
Hackers use an attack known as cross-site scripting or XSS, and they earn money from each ad impressions, which is why they might target your website in this way.
Google has a safe browsing team that works on detecting so-called social engineering content and they will email you an alert when your site shows these signs that it has been compromised.
XSS or server-side code manipulation can also sometimes be used to redirect your website to hacked sites. These might be phishing pages, websites that have also been compromised or could even be competitor websites, which is not a situation you want to happen.
You notice an unnatural spike in website traffic
A popular tactic deployed by hackers is to use your website for so-called spamvertising. This will cause a spike in traffic and is designed to achieve a higher search engine ranking for the hacker’s website.
Spamvertising involves spam emails being sent from your server with links to pages created by the hacker.
Core system files have been modified
Another good check to perform is to see if core system files have recently been modified without your consent or knowledge.
It is plausible that the hacker may have modified files in order to run malicious code and create back-door access to your website.
If you notice files that have suspicious filenames or server-side scripts this is often a strong signal that your website has been hacked.
Check for signs that your .htaccess file has been hacked
The default consequence of a malicious redirect is that your .htaccess will have been hacked and injected with a redirection code.
How do you know this has happened?
Typical signs that your .htaccess file has been hacked include your site displaying a blank page that will not load, and your site gets redirected to a malicious website. You may also find that your site can’t be accessed by Google and your .htaccess file is regularly modified.
There are several actions you can take if you suspect that your website has been hacked. You should seek to run a comprehensive virus scan and consider putting your website into maintenance mode while you urgently identify the source and reason for the hack.
Also Read: Best Free Malware Removal Tools