What happened was the unexpected. Your website was hacked. How is it you are doing? Where do you go? Make no worries. Not all is lost and you will come back. Hundreds of sites face the same dilemma each day and many will return to their original glory. All you need to do is follow the steps below and in the end everything will be alright.
The first step of course is informing the person in charge. As soon as you find out that your page has been hacked, inform the individual or company that is hosting your site. In most cases, your web host would know much better than you will, how to fix the problem. Also, the hosting company is likely to have multiple customers on the same server, so your host will want to check out the sites of their other customers to make sure they too have not been hacked.
Additionally, do some of your own research, and look for reputable online resources or helpful forums or online communities that can help. Finally, seek the assistance of security experts where necessary in this specific step. Ask around to see who people use businesses in your industry. Look for referrals, or someone already established with a reputation. If you are not happy with your original host's answer, then seek to find one that specializes in site recovery. It's always best to look for help from those who trust in the field. If you want the job done correctly, find the people who know exactly what they do.
The next step would be to switch your site off. Take it offline, and quarantine it before you solve the problem. While yes, your site won't be able to serve content to your users, bear in mind that since the site has been hacked the content is probably worthless anyway. Point the DNS entries from your website to a static page on another server that uses a 503 HTTP responsive code.
Taking your site offline is always the best way to complete the administrative tasks first and without interference. In addition , people trying to access your site won't face malicious code or spam files. That also keeps those users from getting any viruses. When you don't know how to take your platform offline, let your host from a third party do that. Let your host that you'll need to turn your site to check purposes before you take your site offline.
Be warned that in reality a few different approaches are not as effective as they may seem. It won't be enough to secure your users if your site returns to a 4xx or 5xx HTTP status code only. Instead, a 503 status is a useful indication that your site is temporarily down, but the answer will certainly be from outside of your own server / domain, which has been compromised.
You will also take a detailed look at your site's user accounts. Most hackers create a fake account, and if this is the case, take note of these account names, delete them, but be sure to keep them on hand for any investigation that is required.
Last but not least, it can't be said enough to change all your site and account passwords, including database access logins, server control, FTP content management accounts and logins. Be sure the new passwords are not just minor changes to ensure the hacker won't come back and try again and eventually succeed.
You will also need to verify your site's ownership in the search console for use. "But this is my homepage. How do I need ownership checks? "It's quite possible that the hacker in the search console verified ownership and messed with settings you've already made on your site. Only then can you assess the extent of the assault by testing ownership and seeing what harm has been done.
Only open a browser to check, and navigate to Google Webmaster.
Click the "Search Screen" button and sign in. Click the "Add site" button and enter the URL of your site. There are many verification methods available, but the suggested method tab on the verification page indicates what method Google thinks is best for you. If you have selected a method that requires access to your site, bring the site back online. Click the "verify" button, and if it's good you'll get a message saying you 're the owner verified. You can then offline take your website back to other jobs.
The next step is to verify that you own your search console. Click on the "Search Console" logo to navigate to the main Search Console tab. Find your account and click "Manage domain." Click on "Add or delete users" and search the list of identified users and owners. Register the email address and delete it if you see one you don't remember. Investigate any changes that may have been made under the settings icon in the search console. Any changes that are unusual make sure you both take note of them and remove them.
The severity of the hack can vary. Check the information in the Search Console's Message Center and Security Problems, as this information will help you find out the severity of the attack. There are a variety of ways a hacker can target your site:
Dispensing of "spammy" content to the the consistency and validity of the search results;
Spread malware
Hack for Phishing purposes
The manner in which you handle every type of hack may differ. Check messages in the Search Console to see what type of your site was hit with. You may have got phishing, spam or malware messages from Google. In the Webmaster resources you can also see headings about what sort about hack you've faced under "Security Issues."
Then it's time for a closer investigation. The hacker could have done a number of things to your site, including modifying existing pages, creating new "spam" pages, writing functions to display spam on clean pages, or leaving "backdoors" to allow that hacker to re-enter your site at a later date.
First, you can evaluate the files that were generated or changed by comparing them to a good backup that you have on your site. Also, check any unusual behavior on your connection, server and error logs. Keep an eye out for failed login attempts, unknown user accounts development, history of the commands, etc. However, you might not find anything here if the hacker has already altered the records and logs for its own purpose. Even search for redirects on your configuration files. Check even for permissions on directories and files that are too lenient.
You might have more than one and some could be easier to fix than others. Even if you find one, don't presume that you're done. Keep searching as there are many chances, depending on the hacker's complexity.
Antivirus scanners can not find vulnerabilities by themselves. Ideally you'll also need a vulnerability scanner. There could be some possible vulnerabilities:
Weak passwords, or reused ones
Virus-infected computer administrator
Allowing coding practices
New Applications
Just like anything else, you need to keep your site up and running, and the best way to do that is to clean up and keep your site up. However, a number of steps need to be taken before this can happen:
Locate sources of support to help you deal with loss of sensitive information. If you've been targeted by phishers, sensitive information is extremely likely to be taken away. Before you start cleaning up the site, you may want to recognize any company, legal or regulatory obligations that you have in relation to your retained information and data.
You will need to delete, if any, the hacker's created new URLs. Be cautious though in deleting pages. Do not delete any good pages which the hacker just hurt. Delete just the ones you never want to turn up in search results.
In Search Console, you might also look at expedited processing through Google's Fetch as a Google app to add these pages to Google's index.
You can start by restoring your backup file, but be sure to build the backup before the site was hacked. Install any available software upgrades or updates, including operating-system software. Check at your server software at the moment to see what could be removed if needed. Adjust all the passwords of all site specific accounts once more.
No one is perfect and without a backup, you are highly possible. That's OK; hope still exists. Now make two backups of your account, even if it is still infected. Another will act as your website's "copy edition" or disk image which will help you restore content. The other backup will act as a mirror of your server filesystem. Then clean the content of the site on the new file backup system but make sure this is not on the server. Correct any flaw you can once again find in passwords. Eliminate any widgets, plug-ins or applications that the site is no longer using, and proceed to the next step.
Make sure that what you are doing is a clean install and not just an update. You don't want any files from a previous version left there. Move the good content back to the system from your backup, and automatically change those passwords if necessary.
Still it is not done reach us to Fix Your Hacked Website