-3

My website had to be shut down on being hacked by some sql injection and some XSS which has shown some of the loop holes in my script I used.

So me being new to such situations My question is what are the steps That I must take so that the user data is not compromised and I can securely restart my website again ?

Is there a way to know the hacker's identity ?

Are there any legal action that I can take against the hacker as the identity is unknown ?

I'm on shared godaddy hosting so I don't have to care about server on the whole .

  • 2
    @thel3l is referring to the link to your website that you just gave to a group of security researchers. Sadly, you're not going to be able to find out who did this, you should now be taking steps to ensure your and your customer's data is safe in case of another breach. Nuke it from orbit, diagnose and fix the issues, harden, redeploy and stay vigilant. – INV3NT3D Dec 23 '16 at 18:26
  • 8
    Related: [How do I deal with a compromised server?](https://security.stackexchange.com/q/39231/2138) – user Dec 23 '16 at 18:32
  • Why so many downvotes ? – Black Mamba Dec 23 '16 at 18:33
  • @IshanMahajan For one: You still haven't removed the link to your compromised site. For two: It sounds like you're hunting for some vigilante justice. For three: You're asking the completely wrong question here. –  Dec 23 '16 at 18:37
  • Asking for legal advice is off-topic here. – Xiong Chiamiov Dec 23 '16 at 18:38
  • Should I shut down my website on the whole ? I can remove his account which will help me regain my website but then I'll have no proof of it .Moreover It's information security issue so I won't get a better answer from anywhere else . – Black Mamba Dec 23 '16 at 18:38
  • Yes, absolutely you should, especially if any customer's data is on your site, your sense of justice shouldn't even be a consideration. And how do you know for sure that it is the person you think it is? Have they admitted to it? Do you have their fingerprints all over your website? Anybody could spoof their address and information to make it seem like they are anyone. Sure, maybe they were extremely sloppy in their breach, but you won't be able to prove anything. Sadly, you **should** take your site down, fix er' up, and come back better than before. Removing their account will do nothing. – INV3NT3D Dec 23 '16 at 18:49

1 Answers1

1

Whenever you are thinking about the possibility of legal action, the first thing to do is to take a copy of the whole machine. Preferably in front of independent witnesses - but that is verging on the legal stuff and I am in no way in a position to give legal advice even if this site allowed it. Get proper legal advice before doing anything.

Once you have a secured copy for evidence, you can get on and fix things. Clearly, in this case you've realised a number of coding/security errors so you should go get those fixed - on a server that isn't connected to the Internet.

You've learned a valuable lesson and with little cost it seems to me. Hopefully next time, you will be a little better at testing your code for vulnerabilities before putting it on the Internet.

As for whether there are actions you can take against the person you've found? Apart from maybe thanking them for helping you improve as a programmer ;-) All I will say is that revenge is never a good idea.

Legally, it is likely that you have little to go on anyway - did you have clear terms and conditions in place that would discourage someone from making use of vulnerabilities? Was what they did even illegal in their region? Just be thankful and move on.

Julian Knight
  • 7,102
  • 18
  • 23