In light of the recent COVID-19 pandemic - OPTASY would like to offer DRUPAL website support for any Healthcare, Government, Education and Non-Profit Organization(s) with critical crisis communication websites or organizations directly providing relief. Stay Safe and Stay Well.

My Drupal Site Has Been Hacked: What Do I Do? How Do I Restore It? 10 Steps to Clean It Up
Drupal
Drupal 8
Tips

My Drupal Site Has Been Hacked: What Do I Do? How Do I Restore It? 10 Steps to Clean It Up

by RADU SIMILEANU on Jun 25 2018

Oops! The worst has happened: your Drupal site has been hacked! Maybe it was precisely one of those critical vulnerabilities, that the Drupal security team has been drawing attention to these last months, that the attacker(s) exploited? 

Now what? What to do?

Should you be:

 

  1. rushing to restore your website to a healthy, good-working state (that, of course, if you do have a clean and recent backup available)?
  2. starting to rebuild it?
  3. investigating how your Drupal site got contaminated in the first place: where's the “open door” that the attackers used to get in?
  4. focusing on closing any backdoors that could make new attacks possible?

     

Now “tormenting” yourself with too many questions simultaneously will only distract you from what should be your main objective: cleaning up your website (and preventing further hacks I should add).

So, let's go about it methodically, step by step:

 

Step 1: Write Down Issues, Steps to Take, Preventive Measures to Apply

Keep your cool and go for a methodical approach to crisis management:

Just open up a document and start... documenting:

 

  • the issues and any suspicious activity that you identify on your site
  • all the steps that your strategy for removing malware and restoring your site should include
  • the preventive security measures you commit to taking for preventing such a scenario from happening again the future

     

Step 2: Make a Forensic Copy of Your Drupal Site 

Before you start running your “investigations” on the attack, on how your Drupal site has been hacked, and way before you get to rebuild anything:

Make a forensic copy of all your files, you database and your operating system environment!

Note: go with an external storage medium for these copies and store them offsite.

As you're scanning through your files, detecting viruses and malware and having them cleaned up, feel free to make new and new “working backups”. And to store them in a different directory (from your regular backup files, I mean).

“But why bother? When will these backups turn out particularly useful?”

 

  1. when you call out to a third party to assist you with the troubleshooting process; these “working” backups will then provide a clear picture of the site before you started “malware detecting” on your own
  2. when you try to fix the issues you detect, but instead you make them worse; then, you can easily roll back those changes 

     

Step 3: Scan Your Servers and PC for Malware, Malicious Code Injections, Viruses

Before you rush to change all the passwords on your site, pause for a moment to think through your next “move”:

What if the attack has been “programmed” so that the attacker should get notified once you change your password(s)? And what if it's precisely your PC or one of your servers that's got infected? Then storing a clean backup of your site precisely there would only make it even more vulnerable.

So, how do you prevent that? You give both your PC and your servers a deep scan before making any change.

And, thank God, you sure aren't nickel and dimed in anti-malware tools and anti-virus software: AVG, BitDefender, Malwarebytes, ESET, AV-Comparatives etc.

 

Step 4: Detect & Remove the Backdoors

One of the crucial steps to take, once you realize that your Drupal site has been hacked, is to “close” all the backdoors.

These could easily turn into hackers' access ticket into your site even after you've removed malware and restored it to its healthy state. But, for closing them you first need to... find them right?

So, where to look?

Here are a few key places on your site that you should focus your “searches” on:

 

  • access logs: while scanning them, be vigilant and look for PHP scrips and POST requests added to directories that have writable access

     
  • eCommerce set up: check all the payment methods, shipping addresses, credit card addresses, linked accounts, looking for any suspicious, newly added data

     
  • passwords: FTP passwords, admin passwords, control panel passwords

     
  • email rules and filters: check that the answers to the security questions are “legitimate”, that messages are being forwarded to correct email addresses etc.

     

Step 5: Consider Taking Your Site Offline

And your decision depends greatly on the nature of your site:

If it's a hacked eCommerce Drupal site that we're talking about here, then don't wait even one more minute: take your site down (along with the internal network and servers) and install a placeholder!

This way, you'll prevent:

 

  • malware from being further distributed
  • spam from being sent to your online store's customers

     

Note: do keep in mind that taking your site offline will instantly let the attackers know that you've detected the malware that they've “infiltrated” and that you are about to “take action”.

If you decide not to take your Drupal site offline at the web server level, ensure that you've got your clean forensic copy at hand before deleting all the sessions.

Note: have you detected suspicious changes of the passwords? If so, use this query here for updating them (Drupal 7):

 

update users set pass = concat('ZZZ', sha(concat(pass, md5(rand()))))

As for the users, they can easily use the reset password tool for updating their passwords.

Word of caution: mind you don't take "Drupal on maintenance mode” for “offline Drupal". They're 2 completely different things! Once your Drupal site has been hacked, the malware could be of such nature that it allows the attacker to infiltrate as long as the site's online.

 

Step 6: Notify Your Hosting Provider That Your Drupal Site Has Been Hacked 

They should be informed about the breach and about your site being taken offline (if it's the case) immediately.

The sooner the better, this way they can:

 

  • start scanning their own systems for incursions
  • get ready to assist you with your site recovery and securing process

     

Step 7: Handle Client Data with Extra Precaution 

And these are the specific scenarios where you'll need to take extra precautions when handling client information:

 

  1. your Drupal site stores client information on the web host
  2. … it leverages the data POST method for sending form data via e-mail
  3. … it doesn't integrate with a 3rd party payment gateway, but manages the payment processes itself

     

If one of these 3 scenarios suits your case, then here are some of these extra precautions that you need to make to ensure the private user data doesn't get exposed:

 

  • update your SSL certificate
  • re-check all logfiles (have any of the hosted client information been copied, updated or downloaded?)
  • implement AVS (address verification system) 
  • add CVV (card verification value)
  • encrypt connections to back-end services used for sending confidential user data 

     

Step 8: Investigate the Attack: Identify the Source(s) of Infection

No matter how much pressure you might find yourself under to get your site back online ASAP, don't let take control over your site's restoring process!

Not until you've detected the main source of contamination on your site. The key vulnerability that attackers exploited, the key reason why your Drupal site has been hacked in the first place.

That being said, make sure that:

 

  1. you first audit, on a staging server, that “clean” backup of your site that you're planning to get online; this way, you track down and remove infected files, unauthorized settings, malicious code 
  2. you compare pre- and post-hack files, looking for any suspicious changes

     

Now if you have a clean (and recent) backup at hand for running this comparison, the problem's almost solved. Just use the right tools to compare your files and track down discrepancies.

But if you don't have a backup at hand, then there's no other way but to:

Manually inspect your files and databases to identify any suspicious changes that have been made.

  • look for any suspicious iframe or JavaScript at the end of the files (if detected, save the code in an external file)
  • look for any sources of “Drupal site hacked redirect”; for links to external URLs

     

Now, as for the places that you should be running your investigations on, let me give you just a few clues:

 

  • .php files, .html files 
  • sessions table 
  • newly modified/created files
  • new/updated user accounts 
  • in writable directories and database 

     

Step 9: Do a Full Restore of Your Site 

So, you've noticed that your Drupal site has been hacked, you've assessed all the damage caused, removed malware and even detected the vulnerability that hackers exploited to get in, not it's only but logical to:

Try to repair your website, right?

Word of caution: never ever run your changes on your production site; instead, fix all detected issues on a staging site. Also, once you've cleaned it all up, remember to run the latest Drupal security updates, as well!

Now, getting back to repairing your site, you have 2 options at hand:

 

  1. you either restore a clean backup, if you know the date and time that your Drupal site has been hacked and you're also 100% sure that none of the system components, other than Drupal, got contaminated
  2. or you rebuild your Drupal site 

     

The latter method is, undoubtedly more cumbersome, yet a lot more cautious. Go for it if:

 

  • you do not know the precise date and time when your site's got contaminated
  • you do not have a clean (and recent) backup available to restore
  • you've evaluated the damages as being already too widespread  

     

Step 10: Give Your Restored Site a Full Check Before Going Live 

Do remember to give your newly recovered site a final audit before getting it back up:

 

  • remove all malicious code detected
  • suspicious files
  • unauthorized settings

     

And, most of all:

Close all the backdoors!

 

Final Word 

A pretty long, complex and discouragingly tedious recovery process, don't you think? 

So, why wouldn't you avoid all these steps that you need to go through once your Drupal site has been hacked?

Why not avoid the risk of finding yourself forced to take your website offsite for... God knows how long, risking to impact your site's reputation and to drive away users/online customers?

Don't you find it wiser to:

 

  • be prepared instead?
  • opt for ongoing Drupal maintenance and support services?
  • make a habit of regularly backing up your website?
  • keep your system and software up to date (and to install all the recommended patches)?
  • stop underrating the security advisories that the Drupal team makes?

     
Development

We do Web development

Go to our Web development page!

Visit page!

Recommended Stories

Drupal
Drupal Migration Services

Drupal Migration Services

  Drupal is a popular open-source platform for content management that provides rich functionality and high customization capabilities to enhance the user experience.  Many companies are already making the switch to Drupal 8 and reaping multiple benefits for their website development processes.  Are you too considering the idea of migrating your website to Drupal? To help you better understand why you should take this step and how can Drupal maximize your website's performance, have a look at these key reasons to start your Drupal migration.   Why should you migrate to Drupal 8? The right question should be: why not? There are plenty of reasons why a Drupal migration should be the next step in your web development endeavors, such as: Drupal 8 has a mobile-first approach out-of-the-box. Unlike previous versions of Drupal, you don’t need to handle any customization for building a responsive website or application. Drupal 8 is mobile-friendly at its core. Drupal 8 provides improved front-end perceived performance. With BigPipe technology being part of Drupal 8’s core, you don’t have to worry about website performance anymore—you’ll benefit from faster loading times out-of-the-box. Drupal 8 is easier to use than previous versions. For everyone complaining about the back-end experience of managing and editing Drupal websites and custom modules, Drupal 8 was designed with these complaints in mind. Managing the content on your website is now easier with Drupal 8 thanks to new features that make editing more accessible and comfortable.  Drupal 8 provides multilingual support. In other words, you can easily create multilingual websites due to Drupal 8’s multilingual core capabilities.  Drupal 8 has enhanced security features. Drupal has been long known as one of the most secure CMS on the market and Drupal 8’s security updates are here to confirm it.  Drupal 8 is highly SEO-friendly. With Drupal's advanced SEO capabilities, your website will have better visibility and rank higher on search engines. Drupal 8 has plenty of tools for upgrading SEO, including a SEO starter kit that you can easily access and manage.    Have you decided to move your website from WordPress or Joomla to Drupal? Or maybe you are looking to upgrade Drupal 6 or 7 to Drupal 8?  If you answered ‘yes’ to either one of those questions, then a Drupal migration is the next step for you. Excellent choice! We know it wasn't easy for you to finally make this decision. We also understand that you may now face a major challenge: migrations are costly and time-consuming. There are plenty of pre-planning requirements for migrating to Drupal 8, which are often long and tedious. Outsourcing your migration projects to a third-party company that provides a reliable migration service might be the safest bet.    Drupal is a scalable and flexible solution that can be moulded into anything you need it to be. It has enterprise-level security and an innovative modular-type system. It also has a steep learning curve because of everything you can do with it. Because of this, it requires Drupal-specific developers who have to know how to use it to its full potential.    Optasy is here to make this transition smooth and time-effective by offering high-quality Drupal migration services. The goal is to have the least amount of impact on your company's daily activities as possible. Downtime = lost revenue and we don't want that to happen.  Our Drupal team of experts will handle your migration carefully to minimize downtime and maximize the power of Drupal. Sooner than you think, you’ll have your migration projects completed and your Drupal website up and running to its full potential.  To better understand the process of migrating to Drupal, have a look at the main migration workflow used by our Drupal professionals.   Steps To Migrate Your Website To Drupal Step 1: Your website will undergo rigorous analysis. Our team of Drupal experts will take a close look at your current system's database. We perform functionality tests and deeply analyze the current framework. We then come up with a customized solution specific to your company's website needs.     Step 2: Decide which modules and design theme your current website can migrate to Drupal. Then we figure out which ones we'll develop from scratch and which ones simply need an upgrade.     Step 3: Once planning and analysis are complete, the migration of your website's components begins. This includes content, your database, usernames, emails, plugins, extensions, and user groups. It also includes metadata so that you don't lose any previous SEO work completed. We handle this with the greatest caution. We secure your valuable data and make a smooth transition from one platform to another.   Step 4: Test, test, and more testing. We test until we are 100% certain that your newly-built Drupal website runs perfectly. And with significantly improved performance.     A Smooth Migration Process We guarantee you that the whole migration process will go smoothly. Our Drupal migration services won't interfere or slow down your team's workflow. It also won't cause any downtime on your website, so you won't lose out on profits.    Our confidence relies on our access to using the best tools and resources. We also apply a proven efficient methodology based on many years of experience.   The migration process of your website happens on your server and behind the curtains. This guarantees zero impact on your daily workflow. It enables you to keep making sales or getting leads while your website migrates to Drupal's platform.     Benefits Of Optasy’s Drupal Migration Services Faster website Improve performance No downtime Experienced Drupal experts Seamless data and content migration Maintain SEO work previously completed     Upgrade To Drupal 8 Upgrading to the new Drupal 8 will make your website work (and look great) on any device to meet the needs of your diverse audience.    Some other key benefits of making the switch to Drupal 8 are:   Mobile-first ready. This version of Drupal has been designed to embrace the shift towards mobile. Fully responsive web design right out-of-the-box. Multilingual features. The platform is built to support any language. Mobile-friendly admin features. Now you can see everything right on your phone. Supports mobile app development. Easier to add content more than ever before. Flexible content delivery. This enables you to create and deliver content to any channel, device, or application.   Your migration to Drupal doesn’t have to be complicated. With the right Drupal migration services and support from a professional Drupal team, you can enhance your web development projects to deliver optimized, accessible, and intuitive user experiences.  “Although you could flex Drupal 7 to adapt to this changing environment, the real power and flexibility comes with having a Drupal 8 architecture where this flexibility is already in the core. That has implications for performance, adaptability, simpler architecture of services around Drupal, etc.” - Alex Moreno, Drupal software architect.      ... Read more
Adrian Ababei / Aug 12'2021
DrupalDrupal 8
Is Drupal Good for eCommerce? 11 Excellent Reasons Why You’d Choose It over Another Platform

Is Drupal Good for eCommerce? 11 Excellent Reasons Why You’d Choose It over Another Platform

    "... wanna run eCommerce on Drupal 8 but don't know if it's a good idea."   But is Drupal good for eCommerce?    And, most of all: Is it better suited for your own online business needs and feature requirements than other eCommerce platforms out there? Some legitimate questions you're struggling with there… To give you a hand, here's a list of 11 excellent reasons why you'd lean towards Drupal eCommerce solutions for building your e-commerce site.    Reason #1: You're in Full Control of the Source Code to Make Any Changes You Want In other words, you don't need to convince the vendor first that the changes you need to make are beneficial for him/her. You're free to extend Drupal eCommerce platform's core functionality, to adapt, and extend its code till it meets your needs entirely.    … till it integrates perfectly into that specific software that you use.   Which is not the case when you go for a commercial solution: you're not granted access to the core code for any custom software development work that you might need to make. Of course, this "reason" becomes a really strong selling point only if/when: you have non-standard business requirements it's a large, complex eCommerce website that you're building Reason #2: Your eStore Grows With Drupal  Drupal scales with your business... effectively.   And by that I mean that it's designed to keep the resources and the time required to handle your online store's growth at a minimum.   Being: flexible by nature (its open-source nature) powered by the API-first initiative … Drupal eCommerce solutions make the best choice if "scalability" is on top of your list of requirements.   Reason #3: You Get to Reach Out to Your Customers Across Multiple Channels  "Is Drupal good for eCommerce?"   It becomes the perfect option for your own eCommerce website if you're planning to reach out to your customers across an entire network of sales channels, thus boosting your digital marketing efforts.  Let's say you have your main/central eCommerce website and you need to pull content from there and to distribute it across a whole ecosystem of channels — eCommerce apps, digital kiosks, conversational interfaces — and devices. Then, the API-first initiative allows you to tap into a headless commerce Drupal architecture and: use Drupal as a back-end content repository configure your content to fit all types of formats and reuse it whenever (and wherever) needed increase your outreach incorporate business automation into your development team's workflow: help them work smart and achieve more Reason #4: You Get to Deliver Content-Driven eCommerce Experiences With Drupal, you get the best of both worlds:   an eCommerce platform (by integrating one of its specialized eCommerce modules into the content management system) a content platform   And this is what makes it ideal for: tapping into the experience-led eCommerce model getting the most out of your content marketing efforts (think blog posts, effectively interconnected product pages, user guides, etc.) Reason #5: You're Free to Integrate Any Third-Party Service into Your Online Store From: marketing platforms to analytics services to payment gateways of your choice (there are 80+ payment options available with Drupal Commerce) to third-party add-ons that would automate your team's tasks and boost their productivity (while boosting online sales, as well) … Drupal & its eCommerce component accommodates any type of integrations you need to make.   Reason #6: "Is Drupal Good for eCommerce?" It Is for Delivering High-Speed eCommerce Experiences Just think… real-time shopping cart updates.  Or pretty much any action that your customers would need to carry out on your eCommerce site, then turbocharge it with top speed. A decoupled Drupal Commerce setup (add the JavaScript framework of your choice here) enables you to deliver such type of dynamic user experiences.    Reason #7: You Have No Limits to How Much You Can Extend Your Drupal 8 eCommerce Website Drupal Commerce can grow as much as your business needs. Whether you need to integrate: a whole network of third-party systems a whole lot of contributed modules an eCommerce Drupal distribution (a bundle of multiple modules) a Drupal eCommerce theme  … and extend your eCommerce store's functionality, there's no limit to what you can incorporate into your Drupal eCommerce website.   Reason #9:  You Benefit from an Extremely Configurable eCommerce Solution "Whereas eCommerce solutions are often developed with an application mindset, highlighting what you can do with it out of the box, Drupal eCommerce solutions were developed with a framework mindset, focusing on what you can build with them." (Source: Drupal.org)   Basically, you're free to customize every little piece of your Drupal 8 eCommerce site, till it: delivers that unique shopping experience you want it to meets all your ultra-personalized requirements: to trigger certain actions based on user input, to display multiple tax rates, to have an out-of-the-ordinary checkout flow, etc. Here, it's up to you and it depends on what you need to build: Are you looking for a cookie-cutter eCommerce solution, that would help you get a generic webshop up and running in no time? Or do you want unlimited customization freedom, that comes at the cost of…  investing more time in writing custom code?   Reason #10: You're Free to Sell Both Physical and Digital Goods And that thanks to Drupal Commerce's flexibility:   It provides you with the functionality you need to start building your product catalog and selling your digital products — subscriptions, tickets, online courses, etc. — on your online store. A key aspect to consider when comparing the features of your best options in terms of eCommerce platforms in 2020.   Reason #11: You Can Make the Most of the Granular and Differential Access to Content Drupal allows you to define different roles for your team members and to assign several levels of permission to each role. Not everyone would then be authorized to edit content, add products, manage orders, publish content, etc. This way you get to: set up a convenient hierarchy harden your online store's security  So, Is Drupal Good for eCommerce? Maybe a more appropriate question would be: "Is Drupal the right solution for my eCommerce business?"  It might be... And these 11 reasons mentioned here do become the best arguments for you to choose it over another platform (Ubercart, Prestashop, Shopify…) if: it's a growing or an already established eCommerce business that you run (otherwise, all that configuration and custom work might be an overkill for a small business) you have complex feature needs for your online store: you need to integrate it with coupon rules, several backend systems, and so on Do you fit the eCommerce business owner "profile"? For we do fit the profile of that Drupal eCommerce agency and development company you're looking for, capable to tweak it till it fits your complex requirements to the slightest detail. Just challenge us and see how Drupal eCommerce solutions can accelerate business outcomes.    ... Read more
Adriana Cacoveanu / Aug 10'2021
DesignDrupalDrupal 8Web Design
What Are the Benefits of Web Accessibility for Your Business?

What Are the Benefits of Web Accessibility for Your Business?

  For people with disabilities, web accessibility is highly beneficial. They use multiple assistive technology tools that often require accessible web design and apps to function properly.  It is obvious how web accessibility benefits users with disabilities, but what about businesses? What are the advantages of building accessible sites for your company? Keep reading, and you'll discover seven key benefits of making your website ADA-compliant.    Why do companies hesitate to invest in web accessibility?   A survey of around 500 U.S. business leaders and web designers shows the main reasons behind the reluctance of some companies to make a website accessible. Most of the respondents confessed they are worried about the financial investments and potentially high costs (73.6%), while 66.9% think optimizing their sites for accessibility will require too much time.  We are here to tell you that making your website accessible for people with disabilities doesn't require too many resources, will highly benefit the user experience, and most probably keep you away from web accessibility lawsuits.    7 Benefits of Making Your Website Accessible   1. Increased traffic on your site. There's a myth regarding accessible websites that says accessibility only benefits the visitors. However, by improving the user experience and making it accessible for anyone, you plant the seeds for: Higher traffic rates on your site Better user engagement Improved search engine optimization rankings Higher conversion rate   2. Lower risk of legal complications. As legal requirements regarding web accessibility are getting tougher, optimizing your site for people with disabilities becomes non-optional—unless you don't mind being prosecuted. Make sure your site meets specific accessibility guidelines and pay attention to the accessibility standards required by the industry that you're operating in.    3. Bigger customer base. Making your website accessible means addressing the needs of bigger social groups, and that, in the long term, could lead to you growing your customer base. By investing in accessible design, you can attract more visitors that are likely to engage with your brand on a long-term basis.   4.  A more innovative business mindset. Building accessible design for your website visitors challenges you to deal with unanticipated issues and thus puts your creativity at work.  The constraint of adapting your design so that it incorporates a whole set of accessibility features challenges you to... come up with innovative solutions—and to preserve that mindset for innovation in the long term. In the current dynamic digital landscape, staying creative and ready for innovation is key to keep up with the ever-changing trends.    5. Boosted SEO efforts.  You can improve your site's accessibility by adding ALT-text to images, writing clear content, or choosing a clutter-free page layout. All of these steps also mean good SEO practices.  So, by making your website more accessible, you're also making it more SEO-friendly. You probably already know the importance of investing in robust SEO strategies in today's digital landscape. It's all about how high you rank on SERPs and the level of visibility that your website is gaining.    6. Improved brand reputation.  Accessibility is also essential for your business as it helps grow your brand reputation. By ensuring your website's universal design grants equal rights and easy access to your content, you raise awareness and build a positive reputation around your business.  Today, having an inaccessible website is the digital equivalent of sticking a big KEEP OUT sign in front of your business.    7. Faster page loading time.  It has been proven that if you improve a page's level of accessibility, you boost its speed score. As modern internet users demand fast website experiences, you want to improve your page loading times to keep up with your visitors' needs. By implementing features designed for users with disabilities, you're making your site a better place for all users.    There are many ways in which you can promote accessibility on your website. For example, users that struggle with visual impairments benefit the most from screen readers to help them understand the content on a particular website. This is a way to make your website accessible for people with sight issues and offer some support in making their daily lives a bit easier.    Hopefully, this article sheds some light on the importance of web accessibility for your business and how building a universal design for your site can positively impact your brand.  For more insights on how Optasy can help you make your website more accessible, check out our Drupal Website Accessibility services.    Photo credit: Wirestock on freepik.       ... Read more
Raluca Olariu / Jul 12'2021

Need a new Project?

Dare us to shape and boost your idea(s)!

Start a Project

(416) 243-2431

Contact

(416) 243-2431

Toronto Downtown

First Canadian Place,
100 King St. W. Suite 5700, Toronto

Toronto West

2275 Upper Middle
Rd. E, Suite 101
Toronto

New York

1177 Avenue of the
Americas, 5th Floor,
New York