Website hacked: Worried if infected with Spywares and Viruses.

[sowil0]

Hey guys!
This is a little urgent matter and it would be great if someone here could advise me asap. I have a small e-commerce website which was running pretty well. I though it was very secure with HTTPS and everything.
Last week, the website got hacked and several unnecessary pages were added into it. We found it quickly and removed all such pages as soon as we could. But we are worried if the website is still infected with any malware or spyware. We couldn't take the risk with customers' money and thus website is temporarily closed until a cyber security assessment is done.
I hope after the assessment, we could ensure if the website is clean of malware or spyware. How can we prevent such hacking attacks in future? What kind of vulnerability must have caused this attack? I hope someone could help me.

 

[carnageX]

How can we prevent such hacking attacks in future? What kind of vulnerability must have caused this attack? I hope someone could help me.

Firstly, how was your site developed? Was it a total custom job, or was it built on a CMS framework or other website builder? Secondly, if it was custom-built, what language was it written in? Did you see if there were any malicious database entries that were added? If pages were added (either due to direct server access or vulnerabilities in the site itself), then it's also possible that malicous database entries are/were saved, and thus could "come back" as injected scripts if they're there.

To answer your questions... For the how...that really depends on how your website was built. Though I would suggest using security-scan tools, such as Zed Attack Proxy (ZAP), which is free, from OWASP.org: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

That can give you a basic level of understanding to the security of your site by attempting some of the most common attacks. If you don't own the server it's sitting on (i.e. you're renting hosting space from a company such as GoDaddy), then you should make sure and let them know and/or ask if such testing can be done.

As for the "what kind of vulnerability" - again, depends on how your site was built (i.e. what vulnerabilities exist), how strong of password you had for your admin login account, etc. How did you find out a vulnerability existed? Did you just randomly see pages added? You could check the dates on the web pages (created and modified dates), and then go in and look at webserver logs to find similar access times (if such things are being logged), and possibly see how it was compromised.

 

[1etherer]

Stop advertising.. the infosec company you pay for would tell you all this plus more. So strange you come to a forum when you paying $$$ for support... lmao

 

[carnageX]

Stop advertising.. the infosec company you pay for would tell you all this plus more. So strange you come to a forum when you paying $$$ for support... lmao

Oops, forgot to remove the URL from the OP when I posted this morning.