Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

The Battle With Hacked Content Continues

DZone's Guide to

The Battle With Hacked Content Continues

Out of the websites that are hacked, Wordpress sites consist of 74% of those affected. Here's how to see if your Wordpress site has been affected.

· Security Zone
Free Resource

Discover how to protect your applications from known and unknown vulnerabilities.

When it comes to hacking, we usually think of breaking in to security systems and deviant acts related to stealing, deceit and con men. There are cases where the internet itself is problem, but it can also be a place for us to find a solution. Google does indeed (almost) have the answer to everything if you look hard enough, including how to deal with and identifying a hacking incident.

Based on the Q3 Hacked website report by Sucuri it showed that WordPress gets about 74% hacked sites for Quarter 3 (Q3), although it decreases in Q3 we can see that it is still many in numbers.  The worst case scenario of hacking can lead to business data theft which also leads to loss of money. For this post we are going to feature a WordPress site which has been detected through the search console as a hacked site.

Image title

Hacked Content Detected

Last January 10, 2017, we discovered a message from Netizensreviews.com search console.  It’s particularly annoying if a site becomes a hacking victim, especially if we can see some malicious content injected in their page. Just take a look at below on the full message from the console. As a safety measure, Google keeps site owners up-to-date, so it is essential that you must connect your website with the search console as well.

Image title

If your site has been hacked, you can receive a manual action (either site-wide or partial matches) where you will be informed if the site may not perform well in Google results since it violates the search engine’s webmaster guidelines. You truly have to make sure that you are frequently checking your search console messages.

Image title

Once you perform a Google manual search, you will see this below. What’re the chances of your site getting some visitor lovin’ if it’s labeled with “This site maybe hacked”?

Image title

How to Fix

Here’s what we did to recover the hacked site:

1. Check Security Issues for the Details of the Hack

In this site we haven’t seen any detected security issues, but we are advised to see resources for hacked sites and cross-site malware warning.

2. Find Out Why Your Website Has Been Hacked

We have checked the whole site and found out the following details about why the site was hacked:

  • Outdated Plug-inslast update was on October 2014 and that’s why they have an easy access to the back door.

As reported, we have read that there are 3 plug-ins which is the main reason for hacking: RevSlider, GravityForms, and TimThumb.

According to sucupress, based on their clients’ statistics these are the following reason why a website was hacked:

  • You don’t know what happened

  • Your plug-in or theme is vulnerable to pirates

  • There is a WordPress vulnerability due to its core flaws

  • Host Provider Problems

  • Have Old installation files

  • Chmod fault or bad file permission

  • Password theft

  • Due to other reasons e.g. no anti-virus, responded to phishing mail, or have outdated servers or FTPs.

3. Be Sure to Check the Entire Site

There might be other compromised pages or files which truly need to be checked. Sometimes these are hidden and might be placed in HTML, JavaScript or other files.  You can do a site check using Sucuri like so:

Image title

You can also use sites to find hidden links which suggest doing a Google search. i.e: “home loan” site:netizensreviews.com”

4. Remove All Malicious Content

In our case we have restored it using our older back up files. As Google suggested you can also contact your hosting provider for assistance.

5. Secure Your Website From Future Hacks or Attacks

Now that you know the real reason why the site was hacked, it’s time to make those pages or material immune to future attacks. In our case we have make sure that the plug-ins are updated, including changing the password. Additionally, Google also suggests that you ask the help of your hosting provider.

6. Recheck Website

After securing the site, it’s now time to make sure that no more malicious files have been injected. Recheck the site by doing a Google search or using sucuri.  After scanning, make sure no malware, website blacklisting, injected spam, or defacements are detected.

Image title

You can also do a simple Google search by typing “site: [website URL]”. It’s considered clean if you can’t find any labels on it.

Image title

Check using Safe Browsing Site Status. We can see that the site is no longer infected or dangerous. No more malicious files have been detected.

Image title

Before filing up a reconsideration request make sure that you have answered Hacked sites Trouble Shooter.

Image title

7. Submit a Reconsideration Request

After making sure that the site is now clean, submit the URL for a reconsideration request.

Image title

After clicking the request a review button a text box will open which requests you to write the process on how you went about with your site clean-up.

Image title

And fill it like:

Hi,

For netizens reviews, we have addressed it using restoring our older backed-up files and updating the plug-ins and password. We also make sure that the site is clean by using search operator, fetch as Google and even checked it using a third party tool. I am hoping that I can see a response from you soon.

Thanks.

8. Check Updates for Request

 If they have determined that your site is free from hacking, they will notify you that your reconsideration request was approved. In our case, we received it after two days.

Image title

Conclusion

Hacking is almost considered a “talent” for our generation. It seems like the general stereotype that those involved in comprehensive computer work are hackers is slowly becoming true. With their own twists, recent films like Nerve, Eagle Eye and Blackhat even tolerate the act of hacking.

With just a few detailed steps though, your website can bounce back from a hack like it never happened. Remember, prevention is better than cure. Keep your sites well-maintained and protected – leave no room for hackers to wiggle through.

Find out how Waratek’s award-winning virtualization platform can improve your web application security, development and operations without false positives, code changes or slowing your application.

Topics:
data breach ,security ,wordpress ,web dev

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}