Select Website 

Recruitment Directory's Blog - Australia's #1 Recruitment Technology Blog!

Back to Menu Back to Menu

My job site has been hacked. What do I do?

Posted By: Thomas Shaw, 10:16pm Sunday 05 July 2009    Print Article

If you think your website is safe, think again. Over the weekend 6 job sites were hacked and defaced. One of the first things that comes to my mind when I see that horrible “You’ve been hacked” message is… I wonder what information has been stolen? passwords, contact details, resumes, credit card/banking details, etc.

NOTE: The job sites affected have NO connection to Recruitment Directory. This blog post is intended as general advice.

First thing, is to not take it personally. Contact your hosting provider & webmaster, if you have one. Often times they can handle most of the technical heavy lifting for you. Lots of webmasters use shared hosting, which can make it difficult to do some of the things listed below.


Getting your site off-line
  • Turn your site off, or take your site off-line.
  • If you can't take it off-line, return a 503 status code to prevent it from being crawled by search engines
  • In the Google Webmaster Tools, use the URL removal tool to remove any hacked pages or URLs from search results that may have been added. This will prevent the hacked pages from being served to users

Damage Assessment
  • Do you have a damage control plan? Immediately put this into action and contact the relevant authorities.
  • It's a good idea to figure out exactly what the hacker was after. Were they looking for sensitive information? Did they want to gain control of your site for other purposes?
  • Try and gather as much information as you can. See if the host can give you a log showing all the FTP connections that were made to your account. You can use those to see if it was even an FTP connection that was used to make the change and possibly get an IP address
  • Look for any modified or uploaded files on your web server
  • Check your server logs for any suspicious activity, such as failed login attempts, command history (especially as root), unknown user accounts, etc
  • Determine the scope of the problem. Do you have other sites that may be affected?
  • If you're using a prepackaged software scripts like Wordpress, Drupal, or anything else that you didn't code there may be vulnerabilities in upload code that allows for this sort of modification. If your job site is custom built, double check any places where you allow users to upload resumes/files or modify existing files

Recovery
  • The absolute best thing to do here is a complete reinstall. It's the only way to be completely sure you've removed everything the hacker may have done
  • After a fresh re-installation, use the latest backup you have to restore your site. Don't forget to make sure the backup is clean and free of hacked content too
  • Patch any software packages to the latest version. This includes things such as weblog platforms, content management systems, or any other type of third-party software installed
  • Check your Server Directory Listings
  • Change ALL your passwords

Restoring your online presence
  • Get your system back online.
  • Actively monitoring your sites for blacklists, malware, defacements, etc. We are currently trying out an online tool called Sucuri
  • Has the news spread to your clients, media, etc? Prepare a short statement saying you are aware of the issue and currently working to resolve the problem. It is important to be honest and upfront as hackers will post their accomplishments on the web.
  • Do you need to disclose that you have been hacked or information has been stolen? You will need to contact all users that have information on your database. The Office of the Privacy Commissioner released a Guide to handling personal information security breaches
  • If you're a Google Webmaster Tools user, sign in to your account. If your site was flagged as having malware, request a review to determine whether your site is clean. If you used the URL removal tool on URLs which you do want in the index, request that Webmaster Tools re-include your content by revoking the removal
  • Keep an eye on things, as the hacker may try to return



Article URL: http://www.recruitmentdirectory.com.au/Blog/my-job-site-has-been-hacked-what-do-i-do-a220.html

Article Tags: security job board malicious code insecure hacking personal information defacement privacy.gov.au information security security breaches recruitment website wordpress drupal google webmaster tools damage control

Comments Hide Comments (0)

Feel free to join in on the conversation. All comments are moderated before publishing. Comments posted by subscribers don't necessarily reflect the views of Recruitment Directory.

Your Name: * Required
Your Email Address: * Required
Website URL:
Comments: * Required
Refresh
Enter the code you see in the image above (case sensitive). Click on the image to refresh it.
 


Back to Menu Back to Menu



Random Blog Articles

Job Board Statistics - February 2010
Published: 4:12pm Wednesday 03 March 2010

Was the NSW Government Job Board Hacked?
Published: 8:34pm Monday 26 January 2009

Cut the fat. If you still use IE 6, it's time to upgrade
Published: 9:51pm Tuesday 25 May 2010

Australian Job Board Statistics - July 2010
Published: 9:00am Thursday 01 July 2010

Ethical Considerations when Drug Testing in the Workplace
Published: 7:05pm Monday 01 June 2009