My website was hacked

Question

We have a website deployed on the AWS instance and was working fine already. The website has faced attacked on 22-March and 23-March and went down due to some files and folders has been deleted by attack. We were not sure reason behind this. I would request to please  let us know steps require from our end to prevent such incidents.  We have already added security rules in .htaccess file. Website is built on PHP language.

Answer

Looking at Security from a Well Architected [perspective](https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/security-perspective.html) would be highly recommended here. Well architected [labs](https://wellarchitectedlabs.com/security/quests/quest_100_loft_introduction_to_security/).

Also, the following should [help](https://docs.aws.amazon.com/waf/latest/developerguide/security.html).

Answer

Hi

I understand your situation when your website is hacked, So when it is hacked you must take down the machine and check what is exactly happened in that machine, Checking logs etc.

**Security Measures:**

1. I would suggest you to User AWS WAF, AWS WAF is Managed Service if your application is in Single Ec2 machine its not possible to you WAF so you can use either Load Balancer or CDN before integration of WAF.
2. You can AWS predefined WAF rules to block unwanted traffic for example bots, query based, SQL injection rules etc
3. If your application is Wordpress, Please check plugins updated and do. not install unverified plugins.
4. Do Configure SSL certificate for the encryption in tranist, if you use load balancer so you will get free SSL from Certificate Manager.

Please check reference architecture https://docs.aws.amazon.com/solutions/latest/aws-waf3-security-automations/overview.html

Please let me know if you have any questions.

Thank You
Ganesh

My website was hacked

Relevanter Inhalt