Is your Website Hacked?

Unhack your Website

BountySite provides you with information you need to fix your infected website, on your own

Your mistake

You are here because of your own mistake of not subscribing to BountySite services earlier.
Now you have to work harder to handle this situation. All the hard work and money spent in building your website and SEO has finally landed you here. 

Had you subscribed for BountySite earlier:-
- You could have detected site malicious change on the same day, without going to blacklisting phase
- A single click would have got your site back to pristine version, in a matter of minutes.
- Post restore, you could have fixed the vulnerability, by upgrading applications and removing outdated applications.
- Reset user passwords and validate existing users and registrations. Cronjob  checks.

You are all set!

But, what if I make this even better for you?

- BountySite releases targeted security patches for detected vulnerabilities on your site, using our internal application enumeration engine. 
- With security patches, your site does not even get infected. 

This day would not have come. 

Regretting? Yes, you should regret that you did not subscribe for BountySite, earlier.

If you are running own php application, then the following method will not help. We provide Application Security service for this. 

You still got to regret, as a simple restore would have fixed your site. Proactively, application security scanning would have fixed the application weakness, securing your site before hand.

This one is on you

Signup on BountySite

All website related services start with backup on BountySite. Sign up for a free account and subscribe to any backup plan. If your website is smaller than 1GB, avail Free Plan under Free Trials section.

Configure Backup

Backup your website code. BountySite supports FTPS/SFTP/FTP mode of file transfer. Validate your configuration.

Configure Database Backup

BountySite supports 3 modes of database backup depending on your hosting environment. You can validate your configuration before submitting.

Run Backup

After configuring backup, it is time to run backup. Backup job can take time depending on your subscription storage plan and hosting server location.

enumeration

BountySite internally enumerates website files for commonly used open source applications. So, if you are running wordpress, joomla, drupal like softwares, we have got your back. We also constantly add open source applications to our database. So, no worries either way.


We tag each website text file as known/unknown/suspicious/malicious.
Known files are those which are actual stock file, that is the file matches the file from original source code.
Unknown files are those which did not match any source, by BountySite.
Suspicious files are files that have been detected by BountySite, but could be a false detection, and is internally marked for further inspection.
Malicious files are confirmed malwares as detected by BountySite.

Application Enumeration

Backup job completion

Upon completion of backup job, you will get a notification with file summary. Download code and web backup on your desktop and extract files.

Malware

You will also get a summary of all detected malwares by BountySite, post backup job. You can directly go to File Types(Sidebar > Manage backups > File Types) page and view malicious filetype to get list of malwares

Investigate

Take a look at known/suspicious/malicious files and replace them with stock(original source) files. Relace every single file.

Further

File List only shows text files. For malwares in images, refer Malware page (Sidebar > Log > Malware). Replace with images from your desktop.

Database Check

Check database posts in database backup sql file and look for suspicious javascript code or any redirect. You can directly edit sql file and remove code.

Restore

Upload your modified files to your website directly(using FTPS/SFTP). Restore database from your local copy to your hosting server using whatever means offered by your hosting provider.

Update

Update all applications and plugins/extensions. Remove unwanted/outdated plugins. Keep only those plugins that you really really need. 

Backup

Run backup now and check if you have missed something. Some files in FileType may still show as unknown. If you are sure you replaced with stock files, then you are good.

backdoor

Fixing website is only the first step. You also need to ensure that the site stays secure post cleaning. The following are some steps:-

- Check if user registration is enabled with default role as administrator. Disable user registration if not needed.
- Verify all current users and check permissions/role
- Check for cron entries not set by you
- Schedule backup and save your current website snapshot in BountySite. Run backup everyday and keep track of changes. 
- Stop using FTP for uploading files. Enforce FTPS, while uploading files. If you are using SFTP(SSH), then snooping case is ruled out.
- Check with Hosting provider if they have Cross Site Contamination protection. That is "Would a neighbour site infection spread to your website?" 

Check for backdoors

Repeated Hacks?

If the above does not help you fix your website or your website still keeps getting hacked, don't worry. We will fix it for you. Just Report the revision in File Browser page. 

RCA

BountySite will investigate and provide with Root Cause Analysis report for every reported case

0day

BountySite will investigate  0day vulnerabilities for you.

Upstream

We will provide with adequate information to application developers, 

Patch

We will provide you with a security patch, wherever applicable, to ensure that the site does not get infected again.

About

BountySite is a Website Threat Hunting Platform for proactively securing websites without impacting hosting server resources.

Company

Contact us

About

M : sales (at} bountysite {dot} com

We use cookies to identify which pages are being visited. This helps us analyse data about web page traffic and improve our website. Read our cookie policy.