Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / New
Stats: 3,036,722 members, 7,447,771 topics. Date: Friday, 02 June 2023 at 03:12 AM

An Interesting Story Of a Lady, A Hacked Website, And How I Fixed The Hack - Webmasters - Nairaland

Nairaland Forum / Science/Technology / Webmasters / An Interesting Story Of a Lady, A Hacked Website, And How I Fixed The Hack (333 Views)

Need To Unhack A Hacked Email Account / How Do I Recover A Hacked Facebook User Account / Firefox Will Soon Warn You If You Are Visiting A Previously Hacked Website (2) (3) (4)

(1) (Reply)

An Interesting Story Of a Lady, A Hacked Website, And How I Fixed The Hack by Dmayor7(m): 6:22pm On Jul 07, 2020
Website hacking is real and costs a lot of time and money to fix, depending on what's affected. I just cleaned up a hacked website the other day. I started since morning and finished in the evening.

Time-consuming and also tiring. I was just lucky it's minimal, some hacks will take days to clean up. It happens that the site was injected with a "malicious redirect code". When you visit the website, it redirects to another site done by the hacker, and the sites are always different each time you reload the site.

Please, before I move on, I want you to know that I am no Security Expert, but knows quite enough to detect when something isn't going right and then fix it.

So, what is a "Malicious Redirect"?

According to WordFence; A malicious redirect is a code inserted into a website with the intent of redirecting the site visitor to another website. Malicious redirects are typically inserted into a website by attackers with the intent of generating advertising impressions. However, some malicious redirections can have more damaging effects. A malicious redirect can exploit vulnerabilities in a site visitor’s computer through web-based scripts to install malware on unprotected machines. As such, it is critical to remove malicious redirects from your site.

So, as you can see, this malicious code can be damaging to your reputation and branding. When my friend called me and told me her site is experiencing such, her voice was tired, she does not know what the problem is, and people have been calling her saying they can't browse her website.

Then I geared up and logged into the site.

The first thing that greeted me was a whole lot of outdated plugins and themes. I started by updating all of them. After I finished, I went to the homepage to see if it still redirects. It didn't redirect so I thought it's over, but no, I am really in for a long tiring day.

DEADLY MISTAKE NUMBER 1: Always update your website software, themes, plugins, everything. Let it be up to date at all times.

I called her on the phone and told her the site is fixed that she can crosscheck. Only for her to call me back a few moments later, "Darlington, it's still redirecting o"

ME: But how can that be? Alright, clear your browser cache and cookies, then try it again.
HER: I just did it, but it's still the same thing.

That was when I realized that this is going to be a tough one. So, I headed on to Sucuri and scanned the website. Lo and behold! JavaScript malicious code was in it.

I must say this, one thing I love about Sucuri site check is the fact that it even showed me the exact code and where it was. In my case, it appears to be in the header of all the pages on the site.

I went to the Theme Editor and selected the "header.php", searched for that particular code and removed it. I was so happy and feeling like a demi-god but little did I know that it's not yet Uhuru.

I saved my changes and did another scan using Sucuri. Still, it shows me the malicious codes are still there.

Alright, time to kill this rat from another angle. I installed WordFence plugin and ran a malware scan on the site. After the scan, it shows me full detail of all the folders and directories that were infected by this same code.

More than 92 different files inside different folders! I told you, am in for a long day. That is it.

I have to remove the malicious code from all those files, manually. I braced myself up for the task and kept on it, opening files, removing malware, saving changes, then doing it over and over and over again. It wasn't easy, but this is the penalty for not taking your website security seriously.

DEADLY MISTAKE NUMBER 2: Always integrate a security plugin on your WordPress website. WordFence has been saving lives since the 19 zero zeros.

You may think, well at least I now know what to delete and where to go and delete it, but it comes with its problems too.

The problem came toward evening time when I am about to finish. I mistakenly deleted a core WordPress folder and boom! The site stops working.
I then downloaded a fresh WordPress file and tried to recreate what I have deleted. I just cannot. It seems to me I missed one or two other files. I do not know, but I just cannot.

Then fear crept into my heart. So, this is how I just deleted off my client website? She will not be happy, and it will warrant building a new website from the ground up. But is there any backup? Okay, let me check.

I checked and behold there is a backup. Oh! God of mercy!

DEADLY MISTAKE NUMBER 3: Always backup your website, and always check to see if there is a backup before attempting to do changes to your website files.

Okay, It then strikes me like a bolt from the blues. What if I just rolled back the website to the backed-up version?

I did it, and do you even know what happened? Can you guess? The website became reborn! No malicious codes, no whatsoever. The site became born anew!

I wanted to flog myself in the buttock for not thinking of this in the first place. After spending all these long tiring hours, I just fixed the issue with a simple reinstalling of the backed-up version.

Well, this is the life we live in this web designing game. Ask, my web developer friends can relate to this. To debug is not a child play, and most times, the solution can just be an easy little fix.

So, my brothers and sisters, this is the story of my life and how I fixed a website injected with a malicious redirect code.

Preventive Actions to Protect your website:
Now, let us get down to preventive actions you need to take to avoid experiencing this tiring and messy situation that I happened to find myself in.

smiley Keep software up to date:
Whether WordPress or any other, try and keep things updated. It may seem obvious, but ensuring you keep all software up to date is vital in keeping your site secure. It applies to both the server operating system and any software you may be running on your website. Always, check for updates and upgrade to latest versions.

smiley Ensure the use of strong passwords:
Almost everyone knows they should use complex passwords, but in reality, do they? Hell no! I heard Mark Zukerberg used 1234 as his Facebook login password and was compromised. Have you heard of Brute Force Attack? Listen, it is crucial to use strong passwords for your web server and website admin area, and equally important to insist on good password practices for your website users to protect the security of their accounts. I recommend you use "LastPass" to generate and manage strong passwords.

smiley Make use of HTTPS or SSL:
It stands for Secured Hypertext Transfer Protocol, and it guarantees that users are talking to the server they expect and that nobody else can intercept or change the content they see in transit. It is not even expensive, "Let's Encrypt" is here to make your life easier.

smiley Install a website security tool:
See, your website resides in a world full of hackers, who are all the time on the prowl, looking for who to take advantage. A website without any security measures could be more prone to attacks. The first thing you should do when you set up a WordPress website is installing a security plugin right away. I recommend my darling WordFence and Sucuri. Any of them will never fail you.

smiley Backup Frequently:
Should I still emphasise on this? Please, fixing a hacked website is hard and could take a long time! A backup copy of your site would enable you to restore it to normalcy. You can then take time to fix the hack and seal off any website vulnerabilities that allowed the hacker to get an express ticket to your website.

smiley Implement 2 Factor Authentication:
When you install WordFence, there is an option there to help you enable this on your website. A 2-factor authentication helps to add another layer of security to your login. Once you try to log in, it will send you a code to either your email or phone number and require you to input the number code before you can log in. It is necessary to implement.

Of course, there are many ways to kill a rat, as my people will say. If we start discussing ways to prevent a hack and protect your website, the cow will come home.

Other methods include but not limited to;

smiley Disallow Plugin Installations
smiley Auto Logout Inactive Users
smiley Limit Login Attempts
smiley Restrict File Uploads
smiley Change The "wp-admin" to something else

Now, let me ask you. Are you using WordPress on your website? Is your admin username still "admin"?

You know it is hard to change your username once you have created your admin account, but I have something for you. An easy bonus tip you can implement right away and change your username.

Follow me step by step...

smiley Login to your WordPress dashboard.
smiley Click on "Users" then click on "Add New".
smiley Put in a correct and good username.
smiley Make sure you use LastPass to generate a strong password.
smiley On the "Role", select "Administrator"
smiley Then click on "Add New User" at the bottom.

Have you done this? Now, follow me, we are almost done.

smiley Logout from your website.
smiley Log in using the new user you just created.
smiley Click on "Users".
smiley Now, select the old "admin" user.

Have you selected it?

smiley Now, hover your mouse on it, you will be able to see "Delete" click it to delete the user.

A page will come up asking you whether you want to transfer all posts by the old "admin" to yourself right now. Select yes and click on "Confirm Deletion"

That's it, we are done. You have just changed your admin username to a brand new hard to guess username instead of the easy to guess "admin".

Thank you for reading this post to the end. I know it's long but if I could make it shorter, I would have done so.

I know you must have experienced website hack at some point in your internet journey. Tell us your story in the comment section and how you were able to fix it.


Re: An Interesting Story Of a Lady, A Hacked Website, And How I Fixed The Hack by hannahwealth(f): 2:22pm On Jul 09, 2020
Re: An Interesting Story Of a Lady, A Hacked Website, And How I Fixed The Hack by Dmayor7(m): 9:36pm On Jul 13, 2020


(1) (Reply)

Help A Brother / I Need IP For My Paypal Account If You Have Holla At Me / How To Use Google My Business To Optimize Your Listing For Local SEO In 2020

(Go Up)

Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health
religion celebs tv-movies music-radio literature webmasters programming techmarket

Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10)

Nairaland - Copyright © 2005 - 2023 Oluwaseun Osewa. All rights reserved. See How To Advertise. 79
Disclaimer: Every Nairaland member is solely responsible for anything that he/she posts or uploads on Nairaland.