How To Recover When Your Website Got Hacked


The array of easily available Hacking Tools out there now is astounding, combined with self-propagating malware, people often come to me when their website got hacked and they don’t know what to do, or even where to start.

How To Recover When Your Website Got Hacked

Acunetix has come out with a very useful post with a checklist of actions to take and items to prepare to help you triage and react in the event of a compromise on one of your servers or websites.

When addressing such an event, it can be helpful to have a short checklist of tasks to perform in your recovery process. Doing the right things in the right order will be key to maximise your chances of successful and complete recovery, as well as mitigation of future events.

Preparation tasks – These make NO CHANGES to your website or any related or underlying components at all.
Action tasks – Things you need to do, with the obvious initial focus being blocking further access to any malicious actors.

Website Got Hacked Checklist

The list looks like this to deal with when your website got hacked:

  • PREPARE: Reaction plan
  • PREPARE: Battle sheet
  • ACTION: Take your system offline
  • PREPARE: Clone your system to a testbed or staging server
  • PREPARE: Scan your website for vulnerabilities; identify/confirm intrusion point
  • ACTION: Fix the vulnerability
  • ACTION: Bring the fixed version of the site back online with a clean OS/Web Server
  • PREPARE: Monitor your new and improved website
  • PREPARE: Make a Reaction Plan for FUTURE events.

The guide has a combination of basic forensics, proactive prevention moving forwards and general good sense when dealing with a compromise in terms of best practice.

Read the full post with details here:

How to Recover from a Hacked Website Event

Posted in: Countermeasures


Latest Posts:


GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.
HELK - Open Source Threat Hunting Platform HELK – Open Source Threat Hunting Platform
The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing etc
trape - OSINT Analysis Tool For People Tracking Trape – OSINT Analysis Tool For People Tracking
Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time.
Fuzzilli - JavaScript Engine Fuzzing Library Fuzzilli – JavaScript Engine Fuzzing Library
Fuzzilii is a JavaScript engine fuzzing library, it's a coverage-guided fuzzer for dynamic language interpreters based on a custom intermediate language.
OWASP APICheck - HTTP API DevSecOps Toolset OWASP APICheck – HTTP API DevSecOps Toolset
APICheck is an HTTP API DevSecOps toolset, it integrates existing tools, creates execution chains easily and is designed for integration with 3rd parties.


Comments are closed.