How To Recover When Your Website Got Hacked


The array of easily available Hacking Tools out there now is astounding, combined with self-propagating malware, people often come to me when their website got hacked and they don’t know what to do, or even where to start.

How To Recover When Your Website Got Hacked

Acunetix has come out with a very useful post with a checklist of actions to take and items to prepare to help you triage and react in the event of a compromise on one of your servers or websites.

When addressing such an event, it can be helpful to have a short checklist of tasks to perform in your recovery process. Doing the right things in the right order will be key to maximise your chances of successful and complete recovery, as well as mitigation of future events.

Preparation tasks – These make NO CHANGES to your website or any related or underlying components at all.
Action tasks – Things you need to do, with the obvious initial focus being blocking further access to any malicious actors.

Website Got Hacked Checklist

The list looks like this to deal with when your website got hacked:

  • PREPARE: Reaction plan
  • PREPARE: Battle sheet
  • ACTION: Take your system offline
  • PREPARE: Clone your system to a testbed or staging server
  • PREPARE: Scan your website for vulnerabilities; identify/confirm intrusion point
  • ACTION: Fix the vulnerability
  • ACTION: Bring the fixed version of the site back online with a clean OS/Web Server
  • PREPARE: Monitor your new and improved website
  • PREPARE: Make a Reaction Plan for FUTURE events.

The guide has a combination of basic forensics, proactive prevention moving forwards and general good sense when dealing with a compromise in terms of best practice.

Read the full post with details here:

How to Recover from a Hacked Website Event

Posted in: Countermeasures


Latest Posts:


dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).
WiFi-Dumper - Dump WiFi Profiles and Cleartext Passwords WiFi-Dumper – Dump WiFi Profiles and Cleartext Passwords
WiFi-Dumper is an open-source Python-based tool to dump WiFi profiles and cleartext passwords of the connected access points on a Windows machine.
truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.


Comments are closed.