In light of the recent COVID-19 pandemic - OPTASY would like to offer DRUPAL website support for any Healthcare, Government, Education and Non-Profit Organization(s) with critical crisis communication websites or organizations directly providing relief. Stay Safe and Stay Well.

My Drupal Site Has Been Hacked: What Do I Do? How Do I Restore It? 10 Steps to Clean It Up
Drupal
Drupal 8
Tips

My Drupal Site Has Been Hacked: What Do I Do? How Do I Restore It? 10 Steps to Clean It Up

by RADU SIMILEANU on Jun 25 2018

Oops! The worst has happened: your Drupal site has been hacked! Maybe it was precisely one of those critical vulnerabilities, that the Drupal security team has been drawing attention to these last months, that the attacker(s) exploited? 

Now what? What to do?

Should you be:

 

  1. rushing to restore your website to a healthy, good-working state (that, of course, if you do have a clean and recent backup available)?
  2. starting to rebuild it?
  3. investigating how your Drupal site got contaminated in the first place: where's the “open door” that the attackers used to get in?
  4. focusing on closing any backdoors that could make new attacks possible?

     

Now “tormenting” yourself with too many questions simultaneously will only distract you from what should be your main objective: cleaning up your website (and preventing further hacks I should add).

So, let's go about it methodically, step by step:

 

Step 1: Write Down Issues, Steps to Take, Preventive Measures to Apply

Keep your cool and go for a methodical approach to crisis management:

Just open up a document and start... documenting:

 

  • the issues and any suspicious activity that you identify on your site
  • all the steps that your strategy for removing malware and restoring your site should include
  • the preventive security measures you commit to taking for preventing such a scenario from happening again the future

     

Step 2: Make a Forensic Copy of Your Drupal Site 

Before you start running your “investigations” on the attack, on how your Drupal site has been hacked, and way before you get to rebuild anything:

Make a forensic copy of all your files, you database and your operating system environment!

Note: go with an external storage medium for these copies and store them offsite.

As you're scanning through your files, detecting viruses and malware and having them cleaned up, feel free to make new and new “working backups”. And to store them in a different directory (from your regular backup files, I mean).

“But why bother? When will these backups turn out particularly useful?”

 

  1. when you call out to a third party to assist you with the troubleshooting process; these “working” backups will then provide a clear picture of the site before you started “malware detecting” on your own
  2. when you try to fix the issues you detect, but instead you make them worse; then, you can easily roll back those changes 

     

Step 3: Scan Your Servers and PC for Malware, Malicious Code Injections, Viruses

Before you rush to change all the passwords on your site, pause for a moment to think through your next “move”:

What if the attack has been “programmed” so that the attacker should get notified once you change your password(s)? And what if it's precisely your PC or one of your servers that's got infected? Then storing a clean backup of your site precisely there would only make it even more vulnerable.

So, how do you prevent that? You give both your PC and your servers a deep scan before making any change.

And, thank God, you sure aren't nickel and dimed in anti-malware tools and anti-virus software: AVG, BitDefender, Malwarebytes, ESET, AV-Comparatives etc.

 

Step 4: Detect & Remove the Backdoors

One of the crucial steps to take, once you realize that your Drupal site has been hacked, is to “close” all the backdoors.

These could easily turn into hackers' access ticket into your site even after you've removed malware and restored it to its healthy state. But, for closing them you first need to... find them right?

So, where to look?

Here are a few key places on your site that you should focus your “searches” on:

 

  • access logs: while scanning them, be vigilant and look for PHP scrips and POST requests added to directories that have writable access

     
  • eCommerce set up: check all the payment methods, shipping addresses, credit card addresses, linked accounts, looking for any suspicious, newly added data

     
  • passwords: FTP passwords, admin passwords, control panel passwords

     
  • email rules and filters: check that the answers to the security questions are “legitimate”, that messages are being forwarded to correct email addresses etc.

     

Step 5: Consider Taking Your Site Offline

And your decision depends greatly on the nature of your site:

If it's a hacked eCommerce Drupal site that we're talking about here, then don't wait even one more minute: take your site down (along with the internal network and servers) and install a placeholder!

This way, you'll prevent:

 

  • malware from being further distributed
  • spam from being sent to your online store's customers

     

Note: do keep in mind that taking your site offline will instantly let the attackers know that you've detected the malware that they've “infiltrated” and that you are about to “take action”.

If you decide not to take your Drupal site offline at the web server level, ensure that you've got your clean forensic copy at hand before deleting all the sessions.

Note: have you detected suspicious changes of the passwords? If so, use this query here for updating them (Drupal 7):

 

update users set pass = concat('ZZZ', sha(concat(pass, md5(rand()))))

As for the users, they can easily use the reset password tool for updating their passwords.

Word of caution: mind you don't take "Drupal on maintenance mode” for “offline Drupal". They're 2 completely different things! Once your Drupal site has been hacked, the malware could be of such nature that it allows the attacker to infiltrate as long as the site's online.

 

Step 6: Notify Your Hosting Provider That Your Drupal Site Has Been Hacked 

They should be informed about the breach and about your site being taken offline (if it's the case) immediately.

The sooner the better, this way they can:

 

  • start scanning their own systems for incursions
  • get ready to assist you with your site recovery and securing process

     

Step 7: Handle Client Data with Extra Precaution 

And these are the specific scenarios where you'll need to take extra precautions when handling client information:

 

  1. your Drupal site stores client information on the web host
  2. … it leverages the data POST method for sending form data via e-mail
  3. … it doesn't integrate with a 3rd party payment gateway, but manages the payment processes itself

     

If one of these 3 scenarios suits your case, then here are some of these extra precautions that you need to make to ensure the private user data doesn't get exposed:

 

  • update your SSL certificate
  • re-check all logfiles (have any of the hosted client information been copied, updated or downloaded?)
  • implement AVS (address verification system) 
  • add CVV (card verification value)
  • encrypt connections to back-end services used for sending confidential user data 

     

Step 8: Investigate the Attack: Identify the Source(s) of Infection

No matter how much pressure you might find yourself under to get your site back online ASAP, don't let take control over your site's restoring process!

Not until you've detected the main source of contamination on your site. The key vulnerability that attackers exploited, the key reason why your Drupal site has been hacked in the first place.

That being said, make sure that:

 

  1. you first audit, on a staging server, that “clean” backup of your site that you're planning to get online; this way, you track down and remove infected files, unauthorized settings, malicious code 
  2. you compare pre- and post-hack files, looking for any suspicious changes

     

Now if you have a clean (and recent) backup at hand for running this comparison, the problem's almost solved. Just use the right tools to compare your files and track down discrepancies.

But if you don't have a backup at hand, then there's no other way but to:

Manually inspect your files and databases to identify any suspicious changes that have been made.

  • look for any suspicious iframe or JavaScript at the end of the files (if detected, save the code in an external file)
  • look for any sources of “Drupal site hacked redirect”; for links to external URLs

     

Now, as for the places that you should be running your investigations on, let me give you just a few clues:

 

  • .php files, .html files 
  • sessions table 
  • newly modified/created files
  • new/updated user accounts 
  • in writable directories and database 

     

Step 9: Do a Full Restore of Your Site 

So, you've noticed that your Drupal site has been hacked, you've assessed all the damage caused, removed malware and even detected the vulnerability that hackers exploited to get in, not it's only but logical to:

Try to repair your website, right?

Word of caution: never ever run your changes on your production site; instead, fix all detected issues on a staging site. Also, once you've cleaned it all up, remember to run the latest Drupal security updates, as well!

Now, getting back to repairing your site, you have 2 options at hand:

 

  1. you either restore a clean backup, if you know the date and time that your Drupal site has been hacked and you're also 100% sure that none of the system components, other than Drupal, got contaminated
  2. or you rebuild your Drupal site 

     

The latter method is, undoubtedly more cumbersome, yet a lot more cautious. Go for it if:

 

  • you do not know the precise date and time when your site's got contaminated
  • you do not have a clean (and recent) backup available to restore
  • you've evaluated the damages as being already too widespread  

     

Step 10: Give Your Restored Site a Full Check Before Going Live 

Do remember to give your newly recovered site a final audit before getting it back up:

 

  • remove all malicious code detected
  • suspicious files
  • unauthorized settings

     

And, most of all:

Close all the backdoors!

 

Final Word 

A pretty long, complex and discouragingly tedious recovery process, don't you think? 

So, why wouldn't you avoid all these steps that you need to go through once your Drupal site has been hacked?

Why not avoid the risk of finding yourself forced to take your website offsite for... God knows how long, risking to impact your site's reputation and to drive away users/online customers?

Don't you find it wiser to:

 

  • be prepared instead?
  • opt for ongoing Drupal maintenance and support services?
  • make a habit of regularly backing up your website?
  • keep your system and software up to date (and to install all the recommended patches)?
  • stop underrating the security advisories that the Drupal team makes?

     
Development

We do Web development

Go to our Web development page!

Visit page!

Recommended Stories

DrupalDrupal 8Tips
Acquia Maintenance Services for Drupal Enterprise

Acquia Maintenance Services for Drupal Enterprise

  Acquia Cloud Enterprise is a fully managed cloud service that provides the infrastructure, tools, and services to run your site on the Acquia Platform. Acquia for Drupal Enterprise is an enterprise-ready version of Acquia's award-winning platform for building and running websites with Drupal 8. It includes all of the features you need to build, manage, and scale a modern website. It also comes with preconfigured modules, themes, and other content so you can get started quickly. What makes Acquia the right Drupal hosting provider? Acquia Cloud Platform offers secure and compliant web hosting services built exclusively for Drupal. You can use them to host your site and develop your content using Drupal 8, Drupal 7, or any other version of Drupal. They offer fully managed Drupal hosting, as well as a range of development tools. Their enterprise-grade security features include SSL certificates and access control lists (ACLs). They also provide world-class customer service. The following are some of the key benefits of choosing Acquia: Fully managed hosting - No servers to install, configure, maintain, upgrade, patch, or monitor. All you have to do is deploy Drupal. Focus on innovation - Having a fully managed Drupal hosting solution allows you to create digital experiences that focus on what matters most: the customer. Highly scalable - Acquia’s cloud architecture scales from small sites to large global deployments. Built for performance - Acquia has built its hardware and software solutions to ensure that your site performs at peak levels. Streamline compliance - Compliance requirements such as GDPR, PCI DSS, HIPAA, and more are easily met through Acquia’s robust data protection practices.   Top features of Acquia web hosting for Drupal Drupal 8 support. Acquia supports Drupal 8 out of the box. This means you can start developing and deploying your next great project immediately. Built-in security. Acquia includes strong authentication and firewall controls. Robust developer tools that provide automated testing for development, staging, and production environments.  Real-time monitoring tools (Acquia Insight) that measure and report on application health. Add-ons. Acquia offers hundreds of add-on modules and themes to help you customize and deliver cutting-edge experiences. Best Practices for Acquia Setup & Maintenance  In order to optimize the performance and functionality of your site, we recommend the following best practices when setting up and maintaining your site on Acquia. Set up the environment before starting work. The first step in getting started with Acquia is creating an account and installing Drupal. Once your site is live, it’s important to keep it running smoothly by regularly updating core, contributed modules, and third-party extensions. Use the Acquia Dashboard. The Acquia dashboard provides a single place where you can view all of your settings, including installed modules, configuration options, and user roles. It's also where you can manage users, groups, and ACL permissions. Keep your database clean. As part of regular maintenance, make sure your database tables are properly maintained. For example, if you have many content types or custom fields, consider using the Field Permissions module to prevent orphaned records. Keep your database optimized. If you use the MySQL Query Cache feature, it will be automatically enabled. To ensure optimal performance, disable caching whenever possible. Optimize your codebase. Use the built-in Drush command line tool to perform updates and upgrades to Drupal core and other modules. Optimize your site architecture. Make sure your site has a clear separation between presentation logic and business logic. This helps separate concerns and makes it easier to maintain your site as its complexity grows. Make sure your site has a clean separation between presentation logic and data access logic. This helps separate responsibilities and makes it easier to update your site when new features are added. Test your site thoroughly. Test your site from multiple devices and browsers. You should test on mobile phones, tablets, laptops, and desktop.    FAQs about Drupal hosting How does Acquia compare to other Drupal hosts? Acquia is one of the few companies offering truly integrated Drupal hosting. The brand has combined its expertise in both technology and business management to make it easy for users to launch and grow their online presence. What is the difference between Acquia Hosting and Acquia Cloud Platform? With Acquia Hosting, customers get all the benefits of a full-featured, managed Drupal platform without having to manage servers themselves. With Acquia Cloud Platform, customers get all the advantages of a private cloud infrastructure with the convenience of a shared environment. Both options allow you to build, test, and deploy websites quickly and efficiently. Is there a free trial available for Acquia Hosting? Yes. You can try our services completely risk-free by signing up for a 30-day free trial. After the trial period ends, you will be billed $9.99 per month. Can I host my website using Acquia Hosting if I am not interested in running an enterprise-level site? Absolutely. Acquia Hosting is designed to work well with any type of website. It comes with everything you need to launch your new or existing website, including: A powerful Content Management System (CMS). An intuitive user interface. Easily scalable resources. Advanced security. Access to thousands of premium WordPress themes and plugins. Support for multiple languages and currencies   To learn more about Acquia Drupal, check out this page.          Photo credit: Unsplash.... Read more
Raluca Olariu / Apr 29'2022
DrupalDrupal 8Tips
How to Find the Best Drupal Developer for Your Needs

How to Find the Best Drupal Developer for Your Needs

  Building a robust Drupal development project that supports your business objectives can be challenging and time-consuming. But with the right Drupal partner that has the experience and expertise needed to help you build a website that will meet all of your needs, you will find this process a lot easier. This article talks about the competitive advantages of hiring Drupal developers and how you can find the best fit that meets your Drupal project needs.  The benefits of hiring Drupal developers Hiring a Drupal developer is an investment in your company's success as it provides plenty of competitive benefits that set you apart from the competition. These advantages include: Building highly-personalized Drupal projects that boost your brand awareness and increase sales. Designing and developing custom Drupal features and functionalities that suit your project requirements. Dedicated support for your Drupal project throughout its lifecycle from content migration and system integration to API design and web accessibility. Having access to ongoing updates and continuous maintenance and support. Reduced costs and increased ROI by having a dedicated team working on your project. What are some of the challenges of hiring Drupal developers? Hiring a Drupal developer or a Drupal development team may not always be easy because there are many factors involved when choosing a Drupal developer. Some of these factors include: Finding a good match between your skillset and their technical knowledge. Choosing a Drupal developer who understands your business goals and objectives. Finding a reliable Drupal partner at a price that fits your budget allowance.     How to spot the right Drupal partner for your business requirements There are several things you should consider before hiring a Drupal developer. Here are some tips to help you identify the right Drupal developer for your project: Do your research first and gain a good understanding of what a Drupal developer is and what are their responsibilities.  A Drupal developer has plenty of duties like conducting research and installing Drupal modules that best fit your needs, extending existing modules so their functionality increases, managing how your website looks and works for high-quality user experiences, migrating existing websites and content, architecting  Drupal projects and web infrastructures, etc.   Also, a Drupal developer can have three main roles that you should pay attention to: Drupal Front-End Developer. A front-end developer is responsible for designing and building the interface of your site using HTML, CSS, JavaScript, jQuery, Bootstrap, Foundation or any other framework. This includes elements such as buttons, forms, navigation menus, or tables and also includes how your page looks. Drupal Back-End Developer. A back-end developer is responsible for programming the logic behind your site's functions and processes. This includes writing code that handles database queries, creates pages, manages users, and more. Drupal Theme Developer. A theme developer is responsible for styling the look and feel of the entire website including the layout, colors, fonts, images, and anything else that makes up the overall appearance. They will work with the front-end developer to ensure that everything on the site matches and flows well together.        2. Identify and examine your project needs.  Now that you know in more detail what a Drupal developer does, it's time to understand your project needs and what you require from a developer's services. Key questions to ask at this stage are: Do you need a back-end expert or a full-stack developer? Do you only need Drupal maintenance? Do you need a whole new enterprise-grade Drupal solution? Would you like to hire a freelance developer or a contract-to-hire? Do you just have a rough idea of what you’d like him/them to develop? What type of experience do you want them to have? How much time would you be willing to spend working with them? How many hours per week would you be able to dedicate to the project?       3. Know where to look for talented Drupal developers. Top channels to consider for passive searches: job portals like LinkedIn, Monster, Glassdoor, Indeed online Drupal (or PHP) communities freelance platforms like Upwork, Toptal, Scalable Path Top channels for your active searches: social media Drupal groups local IT communities LinkedIn (when you start analyzing particular profiles on LinkedIn your passive search becomes active) Drupal.org (select the top Drupal profiles there and start evaluating them against your own requirements) developer communities like GitHub, Stack Overflow       4. Ask the right questions. Among the most important questions to ask potential Drupal partners are: How long have you been working with Drupal development solutions? What Drupal experience do you have? Are you familiar with my business model? Can you provide references? What Drupal skills do you possess? What Drupal technologies do you use?       5. Evaluate your potential Drupal partner carefully. Essential things to consider are: How experienced they are in working with different Drupal versions What their technical expertise is / How skilled they are at Drupal module development Their GitHub Profile (how much time they spent on different projects, samples of their written code, details on their contributions) Their involvement with the Drupal community What past clients say about working with them   Optasy's team of experienced Drupal developers is here to help you We are a development company and we are ready to leverage and to "fuel" your project with all that Drupal expertise that we've been gaining as a Drupal firm during these +10 years: whether it's custom module development, Drupal migration, AI implementation, or any type of new feature integration with Drupal that you need us to do. We're web developers, but with a mobile-first approach to our website development projects, in fact: we commit to helping you deliver the message to your users in an intuitive, effective, and nonetheless appealing way, on all devices.  We'll be in for the long run: our Drupal development services include 24/7/365 support & ongoing maintenance, which means much more than just rolling out patches and updates; we'll ensure that your OPTASY solution (be it Drupal, Laravel, WordPress, Magento, React or Angular-based) keeps meeting your goals, that it continues to remain relevant in the context of future technology changes. From structure planning, to Drupal website development, all the way to maintenance and long-term support, we've got your back; stay assured: full-cycle projects are our specialty as a Drupal 8 agency. As a development company in Toronto we have the experience and the expertise to handle your most specific requirements:   back-end development: we design and develop the custom features and functionalities that suit your project requirements front-end development: from custom themes to user-friendly Uis, to user experience design, to designing responsive layouts content migration system integration API design and development web accessibility  website maintenance: pass over the maintenance burden on our shoulders; we provide ongoing updates and continuous maintenance and support   For more information on how our talented Drupal experts can help you build a robust project for your web development needs, contact us.    Photo credit: Unsplash.... Read more
Raluca Olariu / Jan 21'2022
DrupalDrupal 8
7 Key Stages Every Drupal Development Project Should Contain

7 Key Stages Every Drupal Development Project Should Contain

  Drupal is a content management system that has been around for more than 10 years. The first version of the CMS was released in 2003, and since then it has grown to become one of the most popular open-source applications on the web today. Drupal is used by many different types of businesses, including small business owners who want to create their own website or blog, as well as large corporations looking to build a robust online presence. Our development team at Optasy has helped hundreds of clients with their Drupal projects over the past few years. In this article, we will go through each stage of our Drupal development process and provide you with some insight into what makes each phase unique.     What makes Drupal a popular choice? Drupal provides plenty of user and business benefits that can transform any web development project into a successful one. Some of those benefits are: Flexibility. Drupal is flexible enough to be used by small businesses or large corporations alike. It’s also easy to customize the CMS to fit your needs. Scalability. The platform supports thousands of users, making it perfect for eCommerce sites with lots of traffic. High customization. You can easily scale Drupal websites to match specific needs and traffic fluctuations.  Security. Drupal offers multiple security features that make it an ideal solution for government agencies and other organizations that need to protect sensitive information. Large community. There are over 1 million active members in the Drupal community, which means you have access to tons of support when you run into problems.     How do you know if your Drupal development project is successful? With the right insights or a team of Drupal experts by your side, your future website will: be feature-rich, which means it’s more likely to be used by your target audience. have an intuitive user and digital experience that allows visitors to easily find what they need without having to go through multiple pages. be mobile responsive, which will make your site look and function properly on any device. include rich media. This means that you can add video, audio, and other multimedia elements to your site with ease. be optimized for enterprise-level security. ship with a granular user management system tailored to your organization's specific needs when it comes to custom workflows. be "loaded" with custom Drupal modules to fit unique functionality needs. leverage an enhanced content management system; where content gets found, filtered — and, therefore, perfectly structured —  with utmost ease. be conveniently modular and extensible.   7 Key Stages of Successful Drupal Development Projects Drupal development projects are complex, but with the right insights or a team of experts to guide you through each stage of the project, you can be successful.  Let's have a look at seven essential steps that Optasy includes in every Drupal project created. 1. Identify the needs of your business. The first step is to identify what you want your website to achieve. You need to know why you’re building it in the first place so you can create a strong digital strategy. Our Drupal experts will ask questions like: What do you hope to get out of it? Who will use it? What problems does it solve for them? How much time will they spend on it? These questions help the development team understand how your site fits into your overall marketing strategy. 2. Create a vision for your website. Once we know who your audience is and what you want to accomplish, it’s time to create a clear picture of what that looks like. A good way to start is by creating a graphic design and representation of your brand identity and deciding which way to go with the infrastructure management. This helps us define the colors, fonts, and other elements that make up your brand. It also gives an opportunity to think about how your site might fit into your overall marketing strategy and messaging. 3. Design an architecture that works. Your website has many moving parts—from the navigation menu to the contact form. Each part must work together to provide users with a seamless experience. That means choosing which features to include and which ones to leave behind. For example, if you don’t want to offer live chat support, then don’t add it to your site. If you decide to include social media sharing buttons, then make sure those buttons are easy to find so visitors can share your content easily. 4. Deploy the development process. If your site is designed properly, there shouldn’t be any surprises when it goes live. But even the best-designed sites sometimes encounter unexpected challenges during deployment. To avoid these issues, we are using a staging environment before launching your site.  5. Migrate your content carefully. Migrating your content from one platform to another may come with some unexpected issues. In fact, migrating your data isn’t always straightforward. There are several different ways to move content between platforms. Some methods require manual intervention, while others automate the process. Regardless of which method it is chosen, we highly rely on testing the migration process thoroughly. 6. Optimize for search engines. Search engine optimization is an important aspect of any web presence. Without a proper SEO strategy, your site won’t rank high enough in search results. And without traffic, you won’t see any return on investment. So, we put a lot of emphasis on optimizing your website to have a high ranking on SERPs. 7. Test and plan your QA strategy. As your website is being built, testing it is imperative. Tools such as Google Analytics can monitor visitor activity and track conversion rates. Once you’ve reached your goals, it’s important to continue monitoring your analytics to ensure that everything continues working smoothly. Regarding the QA strategy, the following are important: Having a dedicated QA team member responsible for testing your site. Setting up automated tests to check functionality and usability. Creating a list of bugs and prioritizing them based on severity. That's it! We've walked you through Optasy's Drupal development stages so you can gain a clearer picture of how our team of Drupal experts can support your web development journey. Contact us now and let's start building your website.   Photo credit: Unsplash.... Read more
Raluca Olariu / Dec 21'2021

Need a new Project?

Dare us to shape and boost your idea(s)!

Start a Project

(416) 243-2431

Contact

(416) 243-2431

Toronto Downtown

First Canadian Place,
100 King St. W. Suite 5700, Toronto

Toronto West

2275 Upper Middle
Rd. E, Suite 101
Toronto

New York

1177 Avenue of the
Americas, 5th Floor,
New York