If your site is hosted with our eCommerce hosting solution for business, we have a hack-free guarantee and information security specialist in the team. That means we will work through your website, remove the hack, and make suggestions on how to prevent it in the future. We have strong skills in information security and a lot of experience on how to make secure enterprise-level systems. If you’re with another hosting provider, you’ll need to involve them. However, in that case, you would need to do much of this yourself.
A step-by-step guide to recover from a hack
The steps you need to take will depend on how your project has been compromised, and you may not need to go through all of them. The steps we’ll go through will look like:
Do not panic and keep your mind cold
We know that the worst thing you can say to someone who’s panicking is “don’t panic”. But you really need to have a clear head and cold mind if you’re going to be able to find the root cause and fix the problem.
If you can’t think straight right now, put your website in “Maintenance Mode” and leave it for an hour until you’re feeling calmer. Which, again, sounds easier, we know it, but this can help you to make a plan from the right steps and prevent excessive emotional actions that could be fatal for now. Or you will miss an essential detail because of emotions.
Don’t pay to attackers
Contact hosting team and run force backup
Before you start to recover your website you should do backups. It will help to find the ways of hack and from where it was started and make a full picture of how it can be prevented in the future.
Put your project in maintenance mode
We think you don’t want visitors to find your site in its compromised state. Also, we suggest that you don’t show your website while you’re fixing it. So put it into maintenance mode, if you can.
This is easy and needs only several clicks in the admin panel. In case you can’t restore access, contact us, and we will help you.
Remove suspicious users and update their credentials
Sometimes, to get a hold of the attacked system, hackers create copies of administrator accounts with additional characters or similar email! You have to check everyone and exclude that there are such users. Disable all users who are suspicious from your point of view.
Reset all passwords and accesses
Since you don’t know which user or admin was used to gaining access to your project and you don’t know the way your project was hacked, it’s important to change all of them to prevent the attacker from using them again. Also, you need to ensure that other administrators reset their passwords too, or you can do it for them.
This isn’t confined to your CS-Cart password and API access key: reset SSH/SFTP passwords, database credentials, crypt keys, and all the things and services that are connected to your project.
Initiate extra virus and backdoor scanning on the server
We take CS-Cart and Multi-Vendor security very seriously at our hosting solution and have implemented active and passive methods to stop hackers’ attacks. But there is always a chance that your website could get infected with malware or some vulnerable third-party code/blocks (old CS-Cart/Multi-Vendor or any add-on and theme version, weak admin password, or forgotten insecure files/backups from developers).
That is why we offer free virus removal service for all our customers to ensure that your site, visitors, and servers won’t be compromised.
Remove unwanted files
To find out if there are any files in your CS-Cart or Multi-Vendor installation that shouldn’t be, you’ll need to check any changes in core files via “Admin panel -> Administration -> File changes detector” which will scan your website and tell you if there are any files there that shouldn’t be changed. Also, you should check unwanted files accessible in the public directory (the root of your website), for example via SSH/SFTP, and make a diff of them with a clean CS-Cart version.
Update and reinstall add-ons and themes
The next step is to make sure all of your plugins and themes are up to date. Go to “Admin panel -> Add-ons -> Manage add-ons” in your site and update everything that’s out of date. Uninstall and install add-ons and themes one more time.
You should do this before attempting any other fixes and actions because if an add-on or theme is making your site vulnerable, any actions you make could be reverted via vulnerability. So make sure everything’s up to date before you proceed.
Reinstall CS-Cart and Multi-Vendor core files and make an upgrade if it is accessible
Contact developers to reinstall your core files and make an upgrade for your CS-Cart and Multi-Vendor because old and un-updated software has security issues and misconfiguration, which is fixed in a new version. That is why you should always keep your software updated.
Regenerate your sitemap and double-check for Google/Yandex/Bing search console
One cause for a site to be marked as hacked by search engines is your sitemap.xml file that might be compromised and changed with spurious links.
You can regenerate your sitemap, but you’ll also need to double-check that the sitemap file has been cleaned. And the correct links to sitemap files are located in the robots.txt file. Also, add your site to Google Search Console or any other app and submit a “new” sitemap to tell search engines to re-crawl your site.
This doesn’t guarantee that your site will be crawled immediately. Sometimes, it can take up to two or three weeks. There’s nothing you can do to speed this up, so you’ll have to be patient and make a retrospective of how to avoid this in the future.
Analyze all the things and log files
Rethink what happened and take measures to prevent it in the future
Make a retrospective of how not to keep this from happening in the future. Finish a plan of changes.
Make changes to improve security
Finish necessary changes from the previous step.