What happens when your site is hacked ?

I can give you the first hand experience because I have just suffered the trauma, desperation, and labor arising out the hacking of my flagship website Anjoria.com. Someone claiming to be a Pakistani had hacked my site on the night of 19th May 2011. Only a few minutes I had checked into the site and everything was okay. Then I went into researching my competitor’s site. What I learned has nothing to do with this article. So that will be discussed someday later.

I was shocked to see my site hacked. Anjoria.com with all its sub domains were hacked. At the time I was able to use the FTP and my Admin pages, so it appeared that it had got nothing to do with me but with the service provider. I always use the latest version of WordPress. Then I visited some of my other sites and found them to be okay.

Next step was to inform the service provider. Pronto came the reply that we are looking into the matter, followed by later that your issue has been raised with the admin. And then my site was suspended !

I know very well these types of incidents are common with the web and there is no use accusing your service provider. As they are then more worried than you. You have to face only your problem whereas they have to look after a lot of sites and servers. They have to then clean their infected servers and restore from backup.

I was lucky that they had the backup only a week ago. Mine was one month back ! What a shame ! You should backup your site as often as possible and in Anjoria.com case it should be done at least every week. And the mean time all the articles and images should be preserved, just in case!

Some times a mirror place helps. I found that I have not yet cancelled my domain hosting with the previous provider and there was a “typo” domain already in place. Typo domains are those domains you get registered to help your visitors. Some times they type ajoria/anjoriya/ajoriya etc and in those situations you should have options available to redirect them to your original site, Anjoria.com in this case. So I activated ajoria.com and my site was visible to the world within 24 hours. It takes time to propagate your name servers worldwide.

In the meantime I started looking for the backup files. At that time I was unaware of the backup at my service provider. I started searching for the pages at google which catches your site every time its robot visits you, if your site is indexed. Fortunately, I had a back up of 19th April and I had to look only the recent pages. I opened the cached pages on google and then copied each article. By the time I was about to complete this search the news came that my service provider has the back up of 13th May. I was then relaxed as only a few pages have to be restored.

Anyway, the lesson I learned can be summarize as follows :

Always keep regular backups.
Always use the latest version of WordPress or any other CMS you are using.
Always update the theme files and plugins.
Deactivate and delete the theme files and plugins you are not using.
Keep your desktop always virus-free. Use any respected anti virus program, but use them and keep them updated !
When despite all these, your site is hacked, don’t panic.
Start accumulating the lost material after your latest backup. Keep them ready and use when the site is restored.

These are the lessons everyone with a blog or website should remember.