Your site's been "hacked".

If you're lucky, your site may have been merely defaced. If you're unlucky, you'll be spending the next several days, if not weeks, coordinating with your legal department, law enforcement, management and whomever else may have a financial stake in your business.

stock photography
When the shock subsides and the finger pointing comes to an end, it's time to take steps to prevent your Web site from getting hacked again.
Web sites both big and small are tempting targets for crackers that want to cut their teeth on 'net-facing systems, or generally make a name for themselves.

So if you haven't already heard it for the millionth time: keep up with latest security updates! Not just for your OS, but also for the software that's driving your site. And a check of your settings, network configuration and account access policies couldn't hurt.

Remember, hacking a site is a form of network intrusion, and it should be treated as such. This means identifying and plugging any holes that the attacker slipped through, even if it delays your site from becoming operational.

After all, it's not worth taking shortcuts if it means you'll be doing it all over again soon.

This week, AO members discuss their tips for getting back on your feet after an attacker has taken your site down for the count.

Note: The opinions expressed below are solely those of the individual posters on the AntiOnline forums.

This Week's Spotlight Thread:
How to recover from hacked website?

Poor ksel_ah's friend got a quick lesson in Web security.

One of my friend's websites is being hacked and all "functionality" has been suspended by the hacker.

Anyone have any idea on how the hacker might do this or how to recover from this? Do you know any tips to prevent this from happening again?

Tiger Shark points out that a simple Google search on a target site's backend will sometimes reveal an overabundance of vulnerabilities, helpful for both the site admin and an attacker.
It's a PHP based BBS. Search Google for the exploits against the particular board and you will most likely find the way (s)he gets in.
SirDice provides this concise checklist on getting your downed site up and running again. Customize it for your particular setup.
Recovery is easy:
Backup your important data
Reinstall the server using original media
Update everything.

Prevention is also rather easy:
Update your system on a regular basis! (this includes php-nuke!).

How'd "they" come in?
They probably exploited a recent SQL-injection bug in PHP-Nuke.

incideagent adds some more things to consider.
Make sure that when you backup, you don't update some backdoor with it or some infected file because after a break-in, nothing in the system can be trusted. So be careful where you tread.

Also review the logs if it's *nix based, and get one of those forensic analyzers. Just Google it, there are plenty of free ones out there.

Updates, security and a watchful eye are all required. Watch the logs for something that may be developing again. Get some more security: IDS (Snort), and perform some penetration tests from home and after you're done locking down the server, scan it (Nmap, GFI LAN guard).

Have tips of your own? Share them!

What is AntiOnline?

AntiOnline (AO) is home to many of the most popular computer and network security discussion forums online. Here, participants engage in candid and thought-provoking exchanges on the latest hazards and how to protect your systems against them.

We invite you to join the AO community (it's free!), share your wisdom and discover a few things in the process.