Part 2: Hacked websites - precautions to minimise risks

Written on 17 December, 2012 by Verity Meagher
Categories Web HostingTags hackedonline businesssecurity

Having your website hacked is a terrible thing, with many website owners clueless to why it happens. Implementing proactive measures to prevent or at least mitigate your website from being hacked will help to relieve some of the stress. Firstly you need to have the attitude of it’s not a matter of ‘if I get hacked’, but rather ‘when I get hacked’. With that in mind you are prepared for the worst. If you are prepared for the worst and remain vigilant then you are much better prepared for that happening.

There are a range of precautionary steps that can be taken, depending on the type, size and use of your website.  Here we will look at the top 3 prevention methods that can be applied across all types of websites.

1.  Scan local machine for malware

A majority of customers that have been victim to a hack have had no security products installed on their machines and those that do more often than not forget to update their software.  It is important to make an informed purchase by discussing your specific needs with various vendors. Ensure that it’s set to automatically scan your machine each day. Ensure that at least each week it connects to the vendor’s site and updates itself with new libraries of virus and malware definitions.

2. Rotate all passwords

All passwords including FTP, database and of course site admin passwords should be updated on a regular basis.  We recommend monthly if you access your website regularly.

You should also have a reasonable password policy in place that includes passwords must not be re-used, do not use the same password for everything, make sure passwords are a minimum of 8 characters and is a combination of uppercase, lowercase, numbers and symbols.

3. Backup your files

It is important that you don’t just rely and assume your hosting provider will have a backup of your website that they can immediately recover for you, especially at no charge. Generally speaking hosting providers do backup data, but they do this in the case of a disaster they are able to get all customers back online. The backup sizes dealt with are in the many many Terrabytes and for them to delve into those archives, find files for an individual user, quite often from a specified date, takes time and requires qualified systems administrators to do the work, often requiring them to stop doing other tasks to complete the recovery request. This is why most hosts charge you to recover data.  So we strongly recommend that you backup.  A simple task that will save you a lot of headaches later.

Overall, it’s important to conduct a risk assessment of what steps can be undertaken to reduce the risks and to to help minimise as much damage as possible.  The above three steps are not the only steps that should be undertaken, rather they should be the three that need to be undertaken along with other methods.  For the full risk assessment list and in-depth look at each of the precautionary methods, download the full e-book on “Help my website has been hacked! Prevention methods”.

Netregistry has a technical team equipped with the knowledge and expertise to help limit the damage caused by these types of attacks, with a number of procedures and protocols in place to ensure a smooth recovery. If you have a website hosted with Netregistry and think your website has been hacked please contact us on 1300 638 734.