avc-community Welcome, AV-Comparatives partners and friends!

This is a place of sharing and exchanging information, the hub of the AV-Comparatives community, where we keep in touch with our partners and friends. We’d like to thank you all for your past, present and future support and for helping us emphasize the importance of independent testing of security software.

My website has been hacked – what should I do?

There are several ways a hacker can attack a website, exploiting poorly executed security policies or taking advantage of unattended vulnerabilities. (See also Online safety for website owners). The attack can be internal or external, often using spam or malware to achieve the purpose.

Currently, browsers such as Google Chrome issue a malware warning for websites that may have been compromised by an attack. This is a visitor repellent warning that no website owner wants to see when accessing his or her web page. Still, if such thing happens, first thing to do is stay calm, take the infected site offline and then assess the situation before proceeding to action.

How can I tell my website has been infected?

Some attacks do not display a victory flag saying “I hacked your site”, that is to say not all intrusions are clearly visible. In such cases, you should suspect that your website has been attacked if you see on or more of the following symptoms:

  • user complaints about the site being blocked by their security software or browser, or about getting malware from visiting your website
  • users report redirection to other websites
  • significant changes in traffic – usually a dramatic and sudden traffic decrease
  • a sudden drop in search engine raking
  • browser warning indicating that the website has been compromised
  • the website is blacklisted by search engines or other databases of malicious URLs
  • the website works improperly, displaying errors and warnings
  • your site contains files and/or code you don’t recognize
  • your pages suddenly don’t validate for the W3C standard
  • after visiting the website, computers exhibit strange behavior.
  • last login IP in the Admin Panel is not from your IP

After taking the site offline, scan all files for malware using the anti-virus of your choice (refer to AV-Comparatives tests and reviews to compare the options). Also, fully scan all computers that have stored your FTP username/address and/or have been used to publish the files of your website. If taking down the website is not an option, use an online scanner and change all FTP passwords or other passwords used for administrative sections of the website, together with e-mail passwords. Do not use software to save the passwords, instead memorize them or write them down on a piece of paper.

Refer to your web developer and ask them to verify the current version of the site to the latest one they have stored for publishing, in search of any suspicious differences.

Check with your hosting provider. Your website might not have been the only victim of the attack, especially if you are using shared hosting. The hosting provider can confirm the attack or indicate a loss of service as the cause of the symptoms, and take steps in fixing the problem.

Backup. Make a backup of what remains left of the website and make a habit (if you do not already have) of backing up the website files at every change. It is a good idea to use a version control service to easily identify the latest version of your website and rollback to a previous version that you know to be safe.

About AV-Comparatives

AV-Comparatives is an independent organization offering systematic testing that checks whether security software, such as PC/Mac-based antivirus products and mobile security solutions, lives up to its promises. Using one of the largest sample collections worldwide, it creates a real-world environment for truly accurate testing. AV-Comparatives offers freely accessible results to individuals, news organizations and scientific institutions. Certification by AV-Comparatives provides an official seal of approval for software performance which is globally recognized. Currently, AV-Comparatives' Real-World Protection Test is the most comprehensive and complex test available when it comes to evaluating the real-life protection capabilities of antivirus software. Put simply, the test framework replicates the scenario of an everyday user in an everyday online environment – the typical situation that most of us experience when using a computer with an Internet connection. AV-Comparatives works closely with several academic institutions, especially the University of Innsbruck’s Department of Computer Science, to provide innovative scientific testing methods.
If you plan to buy an Anti-Virus, please visit the vendor's site and evaluate their software by downloading a trial version, as there are also many other features and important things for an Anti-Virus that you should evaluate by yourself. Even if quite important, the data provided in the test reports on this site are just some aspects that you should consider when buying Anti-Virus software.

AVC Analyzer

undroid