The internet is not a safe place. We’re told to change our passwords frequently, to avoid certain websites and to be very careful when opening emails. If proper precautions are taken, browsing can be done safely and business can be transacted without any trouble. Just as we have to take precautions as users, those who own and operate websites must take precautions to avoid problems.
Polaris can help protect websites from hackers and those with malicious intent – but if your website has already been hacked, we can help restore it to its original state. The website of one of our clients was hacked. The client operated an e-commerce website, so minimizing the downtime was crucial. Each hour that the site was down, money was being lost. The security of the website was compromised via an exploit in the Wordpress content management system. Wordpress is a very common system, and as such, is a frequent target of such attacks. Security updates are frequently released to combat exploits, but they must be manually installed. The client’s version of Wordpress was out of date.
The security exploit allowed the hackers access to the filebase of the client’s website. They were able to upload new files and change existing files. New .htaccess files were uploaded to each directory of the website. .htaccess files can serve a number of functions, from password-protecting directories to initiating page redirects. In this case, the files were set to redirect traffic from the client’s website to an external website containing viruses and malware. In addition, the index pages of each directory were overwritten with malicious code. This presented a serious problem – the client’s website was built on a Joomla core with several wordpress sites installed in subdirectories. There were thousands of directories, each with bad files that needed to be deleted.
Polaris contacted the hosting company to let them know that there was an issue and to inquire about the possibilities of restoring a backup from the night before the hack. A backup restore was initiated and we monitored its progress over the next 12 hours. The hosting company had not properly explained the restoration process – The files that were present before the attack were restored to their previous state, but the additional malicious files were not removed – the website was still infected and unusable. We then began the process of manually removing the infected files – in total over 4000. The website was restored to working order within 72 hours of the initial problems.
After the restoration, Polaris made a series of suggestions to the client about how we could improve the security of the website, including updating their Wordpress sites to the latest security release. Prevention is always the primary goal, but sometimes you need a solution after the damage is already done – we can provide it.
