First steps to mitigate the problem:
When you are suffering from a Denial of Service attack
If the above diagnoses do not help (or you are experiencing a severe performance problem, your site may be the victim of a ‘denial of service’ attack, where a malicious user (or users), try to view the website repeatedly and rapidly (using automated tools), and in doing so crowd out legitimate readers. Sometimes it’s one ‘attacker’ trying to do this to your site, which doesn’t usually cause much of a problem – unless you pay for bandwidth. More common is the ‘Distributed’ denial of Service (DDoS), where an attacker uses thousands of machines under his control to targets a site.
- Step 1: Contact a trusted person who can help with your website (your webmaster, the people who helped you set up your site, your internal staff if you have them and the company that hosts your site).
- Step 2: Work with the company you bought your domain from (like EasyDNS, Network Solutions, GoDaddy) and change the ‘Time to Live’ or TTL to 1 hour. This can help you redirect your site much faster once it comes under attack (the default is 72 hours, or three days). This setting will often be found in ‘advanced’ properties for your domain, sometimes part of the SRV or Service records.
- Step 3: Move your site to a DDoS mitigation service. Examples:
- Step 4: As soon as you have regained control, review your needs and decide between a secure hosting provider or simply continuing with your DDoS mitigation service
When you are suffering from a Website Defacement
- Step 1: Verify that this is a malicious takeover of your website. An unfortunate but legal practice is to buy recently expired domain names to ‘take over’ the traffic they had for advertising purposes. It is very important to keep payments for your domain name in order.
- Step 2: If your website has been defaced, first regain control of your website login account and reset its password, see the Account Hijacking section for help.
- Step 3: Make a backup of the defaced site that can later be used for investigation of the defacement.
- Step 4: Temporarily turn off your website – use a simple landing page or ‘parked’ page.
- Step 5: Determine how your site was hacked. Your hosting provider may be able to help. Common problems are older parts of your site with custom scripts/tools running on them, out of date content management systems, and custom programming with security flaws.
- Step 6: Restore your original from backups. If neither you, nor your hosting company have backups, you may have to re-build your website from scratch! Also note that if your only backups are at your hosting provider, an attacker may be able to delete those when they take control of your site!
- Step 7: Move to a DDoS Mitigtion service or secure hosting provider. Deflect.ca can support you in protecting your site from online attacks. CloudFlare can also block many common attacks. Secure hosting providers such as VirtualRoad/Qurium go to great lengths to detect and prevent such attacks.