Hacking: The Importance Of Changing Passwords After Being Hacked

This post was written by Internet Marketing John on March 11, 2012
Posted Under: Hacking

The importance of changing passwords after being hacked cannot be overemphasized.

The Importance Of PasswordsIt is likely that when your web site was hacked, the intruder either changed or usurped one or more of your passwords.

Once you regain access and control of your website, notify your web host and have them change your passwords, or do it yourself.

Your user name can be changed by the web host and the FTP password for the site can be changed by you from the cpanel of your web host.

This needs to be done to prevent any possibility of a server wide vulnerability.

If you are using Filezilla or similar program, make sure you change the passwords for all websites that could have been accessed by the hacker.

If you are running a WordPress or Joomlia site, the next thing you need to do after you restore your files from a CLEAN backup, is change your log in password and update to the latest version of your site.

A word about backups.

If you don’t perform regular backups to your site, start doing them immediately.

If you don’t have a backup for your site, contact your web host and ask them if they are able to retrieve an up to date version of your hacked site.

Normally, most web hosts routinely backup entire systems and will probably have a more up to date version of your site available.

The next password you need to change is your SQL database password.

Do this AFTER you change your FTP password.

If the hacker retains control of your FTP password and you change your database password, it’s a simple matter for them to access and change your config files as you can see from the sample below.

// ** MySQL settings – You can get this info from your web host ** //
/** The name of the database for WordPress */
define(‘DB_NAME’, ‘database_name_here’);

/** MySQL database username */
define(‘DB_USER’, ‘username_here’);

/** MySQL database password */
define(‘DB_PASSWORD’, ‘password_here’);

/** MySQL hostname */
define(‘DB_HOST’, ‘localhost’);

/** Database Charset to use in creating database tables. */
define(‘DB_CHARSET’, ‘utf8’);

/** The Database Collate type. Don’t change this if in doubt. */
define(‘DB_COLLATE’, ”);

When you change your database password in your wp-config.php file, make sure you assign “secret” unique phrases and place them in the appropriate areas.

/**#@+
 * Authentication Unique Keys and Salts.
 *
 * Change these to different unique phrases!

 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define(‘AUTH_KEY’,         ‘put your unique phrase here’);
define(‘SECURE_AUTH_KEY’,  ‘put your unique phrase here’);
define(‘LOGGED_IN_KEY’,    ‘put your unique phrase here’);
define(‘NONCE_KEY’,        ‘put your unique phrase here’);
define(‘AUTH_SALT’,        ‘put your unique phrase here’);
define(‘SECURE_AUTH_SALT’, ‘put your unique phrase here’);
define(‘LOGGED_IN_SALT’,   ‘put your unique phrase here’);
define(‘NONCE_SALT’,       ‘put your unique phrase here’);

/**#@-*/

This invalidates all existing cookies and forces all users to have to log in again.

The importance of changing passwords after being hacked is not limited to just the above passwords.

There is an excellent probability that the hacker also obtained active email passwords from your website or computer.

Use a good malware program like Malwarebytes to run a virus scan on any computers that you used to view your hacked site.

Run a thorough malware virus scan on all disks, including all portable storage devices that were attached to your computer.

Once your scan has been completed and any Trojan or virus’ have been deleted or quarantined, go back and change your FTP, SQL database and WordPress or Joomlia passwords again.

Use secure passwords of at least 15 characters and include % ^ @ # * ( : + ] } along with numbers and capitalized letters.

Keep a record on a portable flash drive, not in a file on your computer labeled Passwords.

It’s a good idea to change every password you have saved on your computer, just to be safe.

I was recently contacted by eBay and had my site shut down for purchases that were never made.

The individual who hacked my site used my email password to access my eBay account and bid up several thousand dollars worth of auctions without my knowledge.

Again, the importance of changing passwords after being hacked cannot be overemphasized!

It is very important that you pinpoint exactly how the hacker got into your system.

You can check the change logs and your access logs for vulnerabilities or to see if there has been any suspicious activity.

If you’re not up on how to do this, contact your web host for assistance or hire someone who can.

There could be a back door to your system that only a paid “techie” can find.

For Website malware removal,  Sucuri is hard to beat.

They provide exceptionally fast Web site malware removal and will monitor your site to flag and help prevent secondary infections at a reasonable price.

Although the importance of changing passwords after being hacked cannot be overemphasized, when you protect your sites with Sucuri, you can rest easy knowing that you won’t lose everything you worked so hard to create.

It's only fair to share....Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInPin on PinterestDigg thisShare on StumbleUpon

Reader Comments

Trackbacks

Add a Comment

required, use real name
required, will not be published
optional, your blog address