Case Studies: Fixing Hacked Sites

In hopes to provide help to other webmasters who have been victims of hacking, Google shares two different stories of websites that had been hacked and then cleaned up by their owners, one of a restaurant website with multiple hack-injected scripts and another of a professional website with lots of hard to find hacked pages.

Cleaning up a hacked website is usually an involved task that often requires hiring a professional. Google advises to void the hassle by following a few simple steps to minimize chances of being hacked:

  • Avoid using FTP when transferring files to your servers. FTP does not encrypt any traffic, including passwords. Instead, use SFTP, which will encrypt everything, including your password, as a protection against eavesdroppers examining network traffic.
  • Check the permissions on sensitive files like .htaccess. Your hosting provider may be able to assist you if you need help. The .htaccess file can be used to improve and protect your site, but it can also be used for malicious hacks if they are able to gain access to it.
  • Be vigilant and look for new and unfamiliar users in your administrative panel and any other place where there may be users that can modify your site.

Check It Out: 25 Worst Passwords of 2014 (Not Still Using 123456, Are You?)

SplashData has announced its annual list of the 25 most common passwords found on the Internet which makes them the worst passwords that will expose anybody to being hacked or even identity theft.

“Passwords based on simple patterns on your keyboard remain popular despite how weak they are. Any password using numbers alone should be avoided, especially sequences. As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords, and they are still not secure.” ~ Morgan Slain, CEO of SplashData

Read the full article for more details and tips on keeping your data secure with good passwords.

New first stop for hacked site recovery

Google just introduced the new Help for hacked sites informational series. It’s a dozen articles and over an hour of videos dedicated to helping webmasters in the unfortunate event that their site is compromised.

The series give practical advise on how to build a support team, quaranteen the hacked web site, touch base with Google Web master Tools, asses the damage, identify the vulnerability, clean the site, and request the review from Google.