Google: How to recover your site after being hacked

Google Webmaster Central team blog published a detailed guide “My site's been hacked - now what?” to provide a much needed guidence on how to recover from your site being hacked. […]we recommend covering these four bases:Getting your site off-line Take your site off-line temporarily, at least until you know you've fixed things.* If you […]

Google Webmaster Central team blog published a detailed guide “My site's been hacked - now what?” to provide a much needed guidence on how to recover from your site being hacked.

[…]we recommend covering these four bases:

Getting your site off-line

  • Take your site off-line temporarily, at least until you know you've fixed things.*
  • If you can't take it off-line, return a 503 status code to prevent it from being crawled.
  • In the Webmaster Tools, use the URL removal tool to remove any hacked pages or URLs from search results that may have been added. This will prevent the hacked pages from being served to users.
Damage Assessment
  • It's a good idea to figure out exactly what the hacker was after.
    • Were they looking for sensitive information?
    • Did they want to gain control of your site for other purposes?
  • Look for any modified or uploaded files on your web server.
  • Check your server logs for any suspicious activity, such as failed login attempts, command history (especially as root), unknown user accounts, etc.
  • Determine the scope of the problem—do you have other sites that may be affected?
Recovery
  • The absolute best thing to do here is a complete reinstall of the OS from a trusted source. It's the only way to be completely sure you've removed everything the hacker may have done.*
  • After a fresh re-installation, use the latest backup you have to restore your site. Don't forget to make sure the backup is clean and free of hacked content too.*
  • Patch any software packages to the latest version. This includes things such as weblog platforms, content management systems, or any other type of third-party software installed.
  • Change your passwords - https://www.google.com/accounts/PasswordHelp
Restoring your online presence
  • Get your system back online.
  • If you're a Webmaster Tools user, sign in to your account
    • If your site was flagged as having malware, request a review to determine whether your site is clean
    • If you used the URL removal tool on URLs which you do want in the index, request that Webmaster Tools re-include your content by revoking the removal.
  • Keep an eye on things, as the hacker may try to return.

Full Article

Google, Website, Blog, Search Engine, Indexing, Crawling, SEO, Search Engine Optimization, Tips, Tricks, Tips and Tricks, Hacking