If you believe your website hosted with us has been hacked, please contact us via trouble ticket or phone ASAP so we can look into options for repair and restoration of your website. We shall do a full evaluation to determine the type of hack, the extent of the damage to your website / databases, how they got into your site, and solutions we can offer.
Due to the continued increase in PCI compliance requirements and continued efforts to constantly improve security, it is virtually impossible for a hacker to use “brute force” to figure out your website hosting account logins, assuming you are using a secure password (see tips below for best practices). This old method is where a hacker used to use a script or program to try various login combinations continually until they got into your website. Most hosting servers these days are setup with security protocols which will automatically block a hacker after more than 5-10 failed login attempts.
As such hackers are getting smarter these days by using one of two main methods to hack into your website:
a. Try to find some exploit in your website or server software.
b. Or through various means, get you to download “Malware” to your computer, which can easily record when you login to your email, website, hosting control panel, banking websites and more.
If you discover that your website was hacked and hosting support confirms that they did use proper FTP / control panel logins, then that means one or more computers which you had those logins stored was compromised at some point recently. Here is some suggested steps we give our clients in such an event to help correct this issue, and educate them on this type of hack.
SUGGESTED CLIENT ACTIONS:
The following are suggested actions to be taken to correct this issue within your computer / network:
1. Computers:
a. Locate all computers you have access to that may have a copy of your logins to the hosting account in question. These logins may be stored in a text file / document, in an email, or in your FTP program.
b. Ensure your computer has both of the following software on it:
– antivirus software: Our suggested free software for anti-virus is Microsoft Security Essentials which you can get below:
http://windows.microsoft.com/en-us/windows/security-essentials-download
– malware software: Our suggested free software for Malware scans is Malware Bytes which you can get below:
http://www.malwarebytes.org/products/malwarebytes_free/
Using just one “all-in-one” security software usually is not enough to cover everything, so its best practice to use one for each category above from different manufacturers.
*NOTE: If your computer already has antivirus software and malware software on it you can try to use those, but we highly recommend the above combination as it has been the most effective for us so far in detecting the more recent types of malware hacks on a person’s computer.
*NOTE 2: If your computer already has antivirus and malware software on it and you do wish to try the software above, consider either disabling those software (i.e. typically icons in lower right of your computer task bar which you can right click to DISABLE or OPEN and then disable), or completely uninstalling it and use the above instead. Please consult with your computer network company rep for better guidance on this.
c. Ensure that your antivirus and malware software is updated to latest version. This can typically be done by opening the software, and locating the UPDATE option. If you are installing software like this for the first time, it will prompt you to download the latest updates, and give you the option of allowing it to auto download updates moving forward. Ensure that these options ARE selected to keep your computer more secure, as new viruses and malware come out daily.
d. Ensure that your antivirus and malware software is setup to
A) run at least once per day, usually when you are not using it and ensure your computer is turned on.
B) set to automatically scan “LIVE”, i.e. so every time you access a website or email, it will scan it in the background.
Please ensure that you do FULL scans (not partial or “quick” ones) on all drives of your computer that you have access to, with at LEAST two different software packages that are up to date. Go into each program and check the menu options for UPDATE and ensure to UPDATE each before running full scan.
e. Do a full scan of your entire computer and all accessible drives. Please ensure that you do a FULL scans using first your antivirus software, then your malware software. Do NOT use the QUICK SCAN method, as that doesn’t check everything as thoroughly. “Quick Scan” should only be used if you have recently done a FULL scan and believe there may be an infection on your computer.
f. WINDOWS UPDATE / MAC UPDATE: Ensure that your computer is up to date with the latest updates from Microsoft Windows or APPLE / MAC. If you are unsure how to do this, try the following steps:
– determine if you have a Windows or MAC computer.
– Go to google.com and type in the version you have like this “windows 7 update instructions”.
– Be sure to click on a link that says “update” and not “upgrade” to avoid confusion. Then just follow the instructions.
An example is below for Windows 7 users:
http://windows.microsoft.com/en-ca/windows7/products/features/windows-update
2. PASSWORD CHANGES:
The next step is to ensure that all of your corresponding passwords have been changed up for a minimum of:
a. Suggest changing up the password of any email accounts which you have that may have contained copies of these logins in question.
b. Suggest changing up the password for accessing your computer(s) that may have contained these logins in question.
3. Network:
Any home or office network which has at least one computer on it that may have contained this information:
a. Ensure that your network is SECURE and not an open network. Easiest way to tell if your network is unsecure is to have someone with a smart phone or tablet that is NOT already setup to access it, try to search for WiFi network and try to connect. If it does not prompt them for password / key, then your network is unsecure and needs to be secured immediately. Please check with the manufacturer of your router to get instructions on how to set this up.
b. If already secured, consider changing up your network password to something new, and ensure it is a password / key that is secure. Please see FAQs below for tips.
4. If you are using Windows, ensure that Windows Firewall or other Firewall software is installed. This will not stop all malware infections, but it will help combat many already known ones.
5. Ensure that the following software is updated to latest version:
a. flash player: Ensure this is updated on all of your computer browsers individually, and all of your smart phone / tablet devices.
http://get.adobe.com/flashplayer/
b. JAVA: Ensure this is updated on all of your computers:
http://www.java.com/en/download/index.jsp
This should update your computer, as well as your browsers. If you receive a prompt to update your browser plugin as well, please ensure to do so.
* IMPORTANT: The above two items are two of the largest reasons why people get malware on their computers / devices that is not caught by your security programs. There are extensive articles online regarding the following topics which we invite you to research on google.com:
– “java exploits”
– “flash exploits”
Here is a link to one such article describing over 1 billion computers found to be at risk in September 2012:
http://www.theverge.com/2012/9/26/3410730/mac-pc-java-exploit
Once these actions have been completed, please get back to us and we will send you a copy of your new password(s) via fax or phone for security.
FREQUENTLY ASKED QUESTIONS:
The following are some frequently asked questions.
Does this mean that the computer network company / store that I bought my computer from, did not set it up correctly?
Your computer being compromised doesn’t necessarily mean that the last person who worked on it, or whom you bought it from, or your network technician did a bad job. New viruses and malware come out daily and sometimes it can be weeks before a fix or ability for your software to detect it, even becomes available. As long as there is antivirus software on your computer MINIMUM, and its setup to auto update and always be on, then that is the best that can be done. If you find that your computer has been compromised too many times, then in addition with reviewing your habits to try to change them to be more secure (i.e. more secure passwords), you may wish to try some different antivirus and malware software.
What are the recommendations for doing scans on my computer(s)?
Since not all security software has the same scans / data to check against (i.e. one software may miss an item, while a second may find it), we highly recommend you do a FULL scan with up to date software for:
a. Anti-virus check:
This checks for viruses on your computer / network. Some suggestions include:
http://www.norton.com
http://www.mcafee.com
http://windows.microsoft.com/en-US/windows/security-essentials-download
*please note: Most computer hacks that do keystroke logging are not commonly found with anti-virus software, and categorized as malware.
b. Malware check:
This checks for malware / ad-ware on your computer / network. Some suggestions include:
http://www.malwarebytes.org/
http://www.lavasoft.com/products/ad_aware_free.php (two in one AV and MALWARE / ADWARE check)
What format should I use for more secure passwords?
When changing up your password for your computer, email accounts, network, and hosting accounts, you should always follow these rules:
1. Always use minimum of 8 characters, combination of letters, numbers and consider using characters like @#!% or any other punctuation.
2. With letters alternate between upper and lower case.
3. NEVER use words found in the dictionary.
4. NEVER use your banking security PIN number.
5. A solid secure password should be one that is initially difficult for you to remember.
What if my security software scans did not find anything?
This does happen occasionally and can be attributed to few different things:
1. You did not do a FULL scan with at least two different security software (one for AV and one for MALWARE) with the latest updated software:
Ensure that you fully update to the latest version of the various security software you are using and rerun a FULL scan.
2. Your computer may have already found the offending virus / malware and cleaned it previously:
Keep in mind that even if your computer / website was hacked today, many hackers get ahold of passwords from your computer and may not try to use them for months. It has been found that most professional hackers will do a website hack in stages:
a. Get the initial logins and / or determine an exploit on the website automatically and store this information into a database to review at a later time.
b. Come back at a later date and attempt to access the website and do a test upload of usually 1-2 “test” files. These files typically are not harmful and are just done as a test by hackers to see if they can get into your site, without triggering any malware / anti-virus software scans the server may have in place.
c. Come back at a later date, on average 2-4 weeks, to see if the logins still work and if the files are still present. If so then the mass changes / uploads happen all usually within 24 hour period.
3. There may not be a patch / fix for the malware / virus in question yet:
Statistically it takes an average of one month for anti-virus / malware software to have a solution for finding / cleaning a virus / malware and usually no less than 100,000+ computers / websites are affected before a fix is discovered and available as part of a software update to your computer for your next scan. Also keep in mind that if one security software company comes out with a fix, that does not mean that:
a. The fix will cover all variants of the malware / virus: Its been well documented that the nastiest of malware / virus authors will already be releasing patches / updates to their own script sometimes even prior to security software companies releasing their own updated against what is now an older version of the offending script.
