Hacking has been a major topic in the news lately with Sony falling victim to the hacking group called GOP Guardians of Peace and most recently the PlayStation network that was hacked by Lizard Squad. These hacking attacks were, however nothing in comparison to the 12 million potentially compromised Drupal websites that received very little news coverage, but what was more devastating economically and damaging than the Sony hack. The event was known as Drupalgeddon. I am not going to go into the details of this story because I would rather focus on why it is so important to keep your Drupal core and modules up to date, but for those who would like to get the whole story they can follow the link Millions of websites hit by Drupal hack attack.
When a website gets hacked, it is very difficult to find all the offending malicious code and remove it so when it comes to protecting your website from hacking prevention is better than the cure.
To protect your website from hacking the following should be done and must be Gods law if you want to keep your website secure.
1. Hosting Environment
Hosting, make sure your hosting company keeps their server software up to date, including their antivirus that they may be running on the server where your website is hosted. Make sure that your permissions in the root directory are set up correctly. You can follow the link to find out more about Securing file permissions and ownership. If you are hosting with a professional hosting company like Hetzner they will automatically backup your website on a daily basis, but you should still perform your own website backups on a monthly basis.
2. Keeping the Website Secure
Make sure that you have enabled available updates to notify you of any security updates on a daily basis and remember time is everything so respond to your update notifications immediately. Ensure that your Drupal Core is always up to date along with all the modules you have installed on your website. Find out more about running available updates on your website here.
3. Backup your website on a regular basis.
Backing up your website on a monthly basis using the Backup and Migrate module will make backing up your website easy and convenient. Backups are important should you run into trouble backups of your website will give you options.
My website has been hacked what now.
If you are hosting with a professional hosting company they will be able to scan and provide you with a list of the malicious code and exact location in the website file directory where the malicious code can be found. The first step would be to download the site and remove all the offending code files and then perform a scan with your up to date anti-virus. Then install Drupalgeddon module this is a powerful diagnostic tool helpful in determining where possible exploits maybe in your website. Make sure you change all access details database and FTP. This is not a guaranteed fix it has worked for me in the past bust also failed.
2.Audit and Clean or rebuild the website
Okay, so you tried the above and your website is still compromised, then you have two options use a backup, but if you have not been backing up your website on a monthly basis, then the only other options available to you is paying a cyber-security company to audit and clean the website or rebuild. Now you can understand why those website backups are so important they can save you a lot of money and headaches.
The key focus here is update backup update backup and you will always have peace of mind.
Copyright © 2017 - Developed by EdgeMultimedia