Skip to content

Your website has been hacked?

The steps to quickly recover your website and secure it.

Hacked website? What you need to know and all the important steps to follow

Are you browsing your site as usual, when you are suddenly invaded by a pop-up window that hijacks your screen and tells you that your site has been hacked? Are you panicking at the thought of losing your tool and all the fruit of your labor in one instant?

Do not panic, you are not the first site to experience this misadventure, on average, more than 30,000 new identifications of infected websites occur every day, 6,000 new known viruses every month! (according to Forbes)

All types of websites are concerned, the smallest as well as large commercial platforms. Don't worry, there are solutions. Let's see this...

Where to start?

‣ Act quickly without panicking
‣ Get help from technical experts
‣ Take your site offline

We support you

Contact us!

How to recognize the hacking of my website?

The piracy of a website is often obvious and quickly recognized.

Depending on the type of piracy, we'll distinguish:

  • Modified site content:A large banner clearly stresses piracy, an unexplained pop-up appears when browsing, or even links to unknown and inappropriate external sites, either prominently displayed or, on the contrary, very discreet, depending on the hacker's tactics.

  • Defacing & Degradation:Most often via this type of hacking, the home page of the website is completely modified by hijacking the site to degrade its image, convey a message of protest or a political act (Hacktivism).

  • Lente réactivité abnormal of the website

  • The server has been blacklisted in known blacklist databases

  • Complaints received from your host

  • Heavy traffic and unusual from your server or from unknown and/or foreign sources

  • Alerts from browsers that your site is dangerous or deceptive

If in doubt, do not hesitate to test your site to find out if it presents a risk via Google’s Safe Browsing tool. This will notify you if suspicious content is detected.

Why did I get hacked?

Behind a hack always lies a malicious reason or purpose.

Here are some hidden intentions behind a website hack:

Envoyer du spam

Pour diffuser de la publicité et capter du trafic vers un site frauduleux externe

Phishing ou hameçonnage: obtenir des informations personnelles ou bancaires

Pour distribuer des malwares (virus)

Dégrader l'image d'un site et le vandaliser

Des motivations politiques et sociales, faire passer un message ou des revendications

Parce que c'était trop facile.

  • send spam

  • To deliver advertising and capture traffic to an external fraudulent site

  • Phishing or phishing: obtaining personal or banking information

  • To distribute malware (viruses)

  • Damage the image of a site and vandalize it

  • Political and social motivations, conveying a message or demands

  • Because it was too easy.

The causes

An important step when your website is compromised is to define the security breach that allowed the hacker to break in and take possession of your website.

In most cases we find these sources of problems:

Easy-to-crack simple passwords, weak password storage

Lack of security in administrator access: bad password, backoffice access easy to find or indexed in search engines

Hacked mailbox with easy access to CMS

Hacking via social networks

Configuration or security error (Framework, accessible APIs, etc.)

Latest Missing System Security Updates (Latest Security Patches)

No UpToDate CMS + CMS security patches.

Programming error

Using insecure permissions

How to recover and clean my website after an attack?

The first important thing at this stage is to define the source and the hacker’s means of intrusion. You can analyze the logs (event logs) of the administration tool or the application servers, the log file of your host contains all connection attempts and modifications made to your site.

Then reinstall the server operating system.

Restore from a clean, pre-attack backup of your website that you know hasn’t been corrupted.

Change access passwords!

As well as access to other applications using the same password as the hacked access or that of your mailbox if this is the source identified like the flaw.

You will then be able to report to Google that your site is now secure and that the hack is cleaned up.

Recommendations to protect your website and avoid piracy in the future

After all this misadventure, the time and the efforts made to remedy this incident, it would be a shame to give the pirate a chance to start again!

List these few important recommendations to put in place to prevent this from happening again:

Fix and remove the flaw used by the hacker to intrude into your website

Change host if the web server has been hacked and no solution has been found for this flaw

Perform regular backups and offsite backups.

Apply software and system security updates and patches installed on your servers

Apply CMS security updates when available.

Regularly check the logs (log files) to detect suspicious connection tests

Block all unnecessary ports that are not used on the server

Establish a strong and secure password policy using a secure password generator and manager

Modify your accesses with more complex passwords, activating two-factor authentication where possible and

Avoid using the same password for multiple apps

Efficiency approved by our customers

  • Frédéric Arleri CEO of MeilleurUtilitaire

    "Availability, human connection, willingness to find a solution, follow-up"

Would you like to be accompanied to recover your infected website and clean it?

Stigmi contact

Let our expertise solve your security problems

Tell us about the challenge!

Our technologies

The best e-commerce open-source platforms

Ready to discuss?

Contact us!