|All webmasters went through this at some point in their experience with managing a website. It's not the end of the world, but it can get quite frustrating to fix. New-Age hackers know how to infect your site without leaving obvious traces like blank pages, replacing your content with something random, etc. Below are a few guidelines on how to quickly and efficiently take care of the issue.|
AFTER YOUR SITE HAS BEEN HACKED
- Carefully check your files - The ones which are most tempting for hackers are media files, .htaccess files and .php files (mainly the ones loaded into index.php). It is ideal for your website to be as clean as possible (avoid forgotten files in site's directory or data bases which were used for testing, but were never deleted), in order for the process to go smoother.
- While you're at it, also check the server logs for any information on when and how your site was trespassed. You can spot not only the scripts he uses to abuse your website, but also by backtracking (check calls from the hacker's IP) you can find out how he got access to your server
- Search for new files - check if there are any newer php files in your root folder and subfolders. Compare it to the last time you had done an update or extension installation. Most time you will spot the offending files right away. Don't forget to search in your media folders too! Some hackers save the files in the least expected places
- Check for base64_decode calls and gzip calls - One of the most common methods today for hackers to fool around with your data is to insert hidden links towards untrusted, Warez type websites or even add their own code to some files. They use base64 encoding to encrypt the text, generally at the end of .php files. Search for base64_decode function calls (there are a few genuine that joomla uses mostly to encode return urls after login) and you will be able to get a clear view on all of the affected files. Now comes the meticulous part...
- Compare code to an uninfected version of the source code - For this, it is essential to have a recent back-up copy. Some webmasters did not write the code themselves, so checking for inconsistencies can be difficult. In the official Joomla! Extension Directory, there is a Site Security category which is packed with extensions that do all the checking for you. It is actually recommended to have such a solution installed even if the admin is a code guru.
- Perform clean-up - The standard, within the J! community at least, is to download all the corrupted files through a FTP client, delete the harmful code and possibly rewrite or improve the clean code, then re-upload the clean files back. This step is considered complete only after you do another full site scan, to be extra sure you haven't missed anything.
AFTER YOU HAVE RESTORED YOUR SITE
- Check your website's file permissions - Ideally the permissions need to be set to 0644, but if you are overprotective and wish to do everything in your power to not get hacked again, you can crank them up to 0444. Also, after performing the final scan to make sure the infection is gone, be sure to change all of your passwords - Joomla!, FTP client, admin accounts, hosting CP and so on.
- Run regular back-up sessions - This is the golden rule for every website, regardless the type, size or number of visitors. Some hosting providers offer back-up solutions included in the monthly plan, however a stand-alone solution is always welcome.
- Keep everything updated - From the Joomla! version to the extensions installed and templates, your site needs to be up-to-date at all times. You literally cannot afford to be vulnerable anymore.
- Consider a dedicated server - When you are sharing a server with 100 other administrators, it's very likely for the infection to spread around their websites too and viceversa. A dedicated server means more expenses, agreed, however you also get the feeling of extra-security if you don't have any "neighbours". Some hosting providers offer excellent monitoring solutions (checking server uptime, detecting vulnerabilities in advance, inside-out SFTP scanning, etc.) that are quite affordable and reliable.