How to deal with a hacked Drupal website?
Dealing with a hacked website could be hard work and you should be ready to make certain important decisions. Stay calm and follow the instructions provided below:
Make a copy of the website: The copy of the website could be an operating system level snapshot of the server/servers involved or a copy of the database and files. It is always a good idea to copy these to a non-modifiable platform like a DVD. This copy will come in handy to study the attack pattern and take precautions.
Inform people involved: Depending on what your site is, there will be a lot of people who needs to be informed that the site has been compromised i.e. the personal details, credit card details, passwords etc that have been stolen. They need to be made aware of the matter and adequate measures should be taken to prevent further damage. All people involved in the decision-making process regarding the website have to be duly notified and appropriate decisions need to be taken. In addition, one or more law enforcing bodies should be informed about the matter. The local law enforcement will be helpful in guiding you through the required procedure.
Taking the site offline: You should decide on whether to take the site down or not. There are several factors that need to be considered while taking the decision, such as:
- Does the website actively distribute malware?
- Does the website send spam?
- Does the website act as a pivot point for more attacks?
- Are the hackers still using the site?
- Won’t the hackers be alarmed if the website is taken down?
The decision should be made after considering the damage that could be caused in future to your brand and reputation via hack attacks and phishing.
Investigation: Investigating the attack is important. Investigating attacks needs comprehensive technical knowledge and expertise. Hence, it is advisable to hand over the case to the experts in the field.
Decide on what to do with your website: This is a really difficult decision. Based on what you have found, you should decide whether you want to repair the site, rebuild, or perhaps discard the site. If the damage is too extensive, repairing the site might not be feasible.
Also report details of the attack to [email protected]. It might not help you in repairing the website, but it will help to study the hack attack and adopt measures to prevent it in future.