The array of easily available Hacking Tools out there now is astounding, combined with self-propagating malware, people often come to me when their website got hacked and they don’t know what to do, or even where to start.
Acunetix has come out with a very useful post with a checklist of actions to take and items to prepare to help you triage and react in the event of a compromise on one of your servers or websites.
When addressing such an event, it can be helpful to have a short checklist of tasks to perform in your recovery process. Doing the right things in the right order will be key to maximise your chances of successful and complete recovery, as well as mitigation of future events.
– Preparation tasks – These make NO CHANGES to your website or any related or underlying components at all.
– Action tasks – Things you need to do, with the obvious initial focus being blocking further access to any malicious actors.
Website Got Hacked Checklist
The list looks like this to deal with when your website got hacked:
- PREPARE: Reaction plan
- PREPARE: Battle sheet
- ACTION: Take your system offline
- PREPARE: Clone your system to a testbed or staging server
- PREPARE: Scan your website for vulnerabilities; identify/confirm intrusion point
- ACTION: Fix the vulnerability
- ACTION: Bring the fixed version of the site back online with a clean OS/Web Server
- PREPARE: Monitor your new and improved website
- PREPARE: Make a Reaction Plan for FUTURE events.
The guide has a combination of basic forensics, proactive prevention moving forwards and general good sense when dealing with a compromise in terms of best practice.
Read the full post with details here: