My website was hacked. What should I do?
Bad things happen to everyone. In most cases, success of saving operation depends on your immediate reaction. Ready Disaster Recovery Plan is like a lifeboat on your ship.
1. Contact your internal IT security team, system integrator or directly hosting provider as soon as possible and ask them to block access to your web store.
Breathe deeply. Now the attacker won’t remove evidence or steal any more information.
2. Back up the current site. Make copies of all the relevant logs: http access and errors logs.
3. Contact your Magento developers team in order to go through your code and determine the scope of the attack.
It’s vital to find answers to the following questions:
- Was the credit card information accessed?
- What information was stolen?
- How much time has elapsed since the compromise?
- Was the information encrypted?
4. Define type of the attack. It can be:
Site Defacing – accesses to the site and users’ accounts might be compromised while payments information is safe.
Botnetting – in this case, hackers are struggling to use your web site to send spam emails. Your data can be safe but your server would be very likely blacklisted by spam filters to prevent the email that you send to your customers from being delivered.
Server Attack – data is compromised, backdoors and malware are installed, and the site doesn’t work. Payment information can be safe only if it isn’t stored on the server.
Silent Card Capture – the most harmful attack, a hurricane of the eCommerce world. Hackers capture customers’ accounts and financial information via injected malware code that sends out credit card data. Such malware can run unnoticed for a long time.
CopyCat attack – CopyCat – hacking tool. The means of transmission used may include floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, site content. Copycats replicate your unique products and sell them or completely rip off your company’s brand.
5. Define all weak points that were attacked. It could be a complex attack on multiple vulnerabilities so check all possible combinations. Review server log files and file changes.
6. Clean up all unnecessary files, wipe and reinstall everything that can be wiped or reinstalled. Clean sources such as files from your own version control system, or the original distribution files from magento.com.
7. Install the latest Security Patches.
8. Reset all credentials, logins and passwords.
9. Inform your payment processor and customers if payment data was attacked. Let them check unauthorized transactions.
10. Fake copycat websites are masquerading to be legitimate online stores in order to collect customer’s bank account information. So if your web store content was copied, make a statement about this fraud through your social media or blog, email your customers. File a complaint against a site that has stolen your content(as per Digital Millennium Copyright Act (DMCA) using Google Webmaster Tools. Google will ban such fraud web store from its search engines.
Take all the necessary steps to protect Magento store from frauds, hackers and copycats to make sure this doesn’t happen again. Magento security is too expensive to ignore.