BountySite provides you with information you need to fix your infected website, on your own
You are here because of your own mistake of not subscribing to BountySite services earlier.
Now you have to work harder to handle this situation. All the hard work and money spent in building your website and SEO has finally landed you here.
Had you subscribed for BountySite earlier:-
- You could have detected site malicious change on the same day, without going to blacklisting phase
- A single click would have got your site back to pristine version, in a matter of minutes.
- Post restore, you could have fixed the vulnerability, by upgrading applications and removing outdated applications.
- Reset user passwords and validate existing users and registrations. Cronjob checks.
You are all set!
But, what if I make this even better for you?
- BountySite releases targeted security patches for detected vulnerabilities on your site, using our internal application enumeration engine.
- With security patches, your site does not even get infected.
This day would not have come.
Regretting? Yes, you should regret that you did not subscribe for BountySite, earlier.
If you are running own php application, then the following method will not help. We provide Application Security service for this.
You still got to regret, as a simple restore would have fixed your site. Proactively, application security scanning would have fixed the application weakness, securing your site before hand.
This one is on you
All website related services start with backup on BountySite. Sign up for a free account and subscribe to any backup plan. If your website is smaller than 1GB, avail Free Plan under Free Trials section.
Backup your website code. BountySite supports FTPS/SFTP/FTP mode of file transfer. Validate your configuration.
BountySite supports 3 modes of database backup depending on your hosting environment. You can validate your configuration before submitting.
After configuring backup, it is time to run backup. Backup job can take time depending on your subscription storage plan and hosting server location.
BountySite internally enumerates website files for commonly used open source applications. So, if you are running wordpress, joomla, drupal like softwares, we have got your back. We also constantly add open source applications to our database. So, no worries either way.
We tag each website text file as known/unknown/suspicious/malicious.
Known files are those which are actual stock file, that is the file matches the file from original source code.
Unknown files are those which did not match any source, by BountySite.
Suspicious files are files that have been detected by BountySite, but could be a false detection, and is internally marked for further inspection.
Malicious files are confirmed malwares as detected by BountySite.
Upon completion of backup job, you will get a notification with file summary. Download code and web backup on your desktop and extract files.
You will also get a summary of all detected malwares by BountySite, post backup job. You can directly go to File Types(Sidebar > Manage backups > File Types) page and view malicious filetype to get list of malwares
Take a look at known/suspicious/malicious files and replace them with stock(original source) files. Relace every single file.
File List only shows text files. For malwares in images, refer Malware page (Sidebar > Log > Malware). Replace with images from your desktop.
Upload your modified files to your website directly(using FTPS/SFTP). Restore database from your local copy to your hosting server using whatever means offered by your hosting provider.
Update all applications and plugins/extensions. Remove unwanted/outdated plugins. Keep only those plugins that you really really need.
Run backup now and check if you have missed something. Some files in FileType may still show as unknown. If you are sure you replaced with stock files, then you are good.
Fixing website is only the first step. You also need to ensure that the site stays secure post cleaning. The following are some steps:-
- Check if user registration is enabled with default role as administrator. Disable user registration if not needed.
- Verify all current users and check permissions/role
- Check for cron entries not set by you
- Schedule backup and save your current website snapshot in BountySite. Run backup everyday and keep track of changes.
- Stop using FTP for uploading files. Enforce FTPS, while uploading files. If you are using SFTP(SSH), then snooping case is ruled out.
- Check with Hosting provider if they have Cross Site Contamination protection. That is "Would a neighbour site infection spread to your website?"
Check for backdoors
If the above does not help you fix your website or your website still keeps getting hacked, don't worry. We will fix it for you. Just Report the revision in File Browser page.
BountySite will investigate and provide with Root Cause Analysis report for every reported case
BountySite will investigate 0day vulnerabilities for you.
We will provide with adequate information to application developers,
We will provide you with a security patch, wherever applicable, to ensure that the site does not get infected again.