Self-Hosted Forum Hacked, Now What?

2 minute read

October 10, 2013

Self-Hosted Forum Hacked, Now What?

Forum Hacked Checklist

  1. Shut It Down: If your site is compromised, make sure you shut it down right away. Lock down login for all users. Change all passwords for your admins and to your database.

  2. Notify The Community: As soon as you have secured the site, place a message on the homepage giving some details, and clear indications you will update users as you get more info.  Link to a resource that will have updated information (for example a homepage or Twitter account). As a last resort, redirect traffic to another domain where you can share updates. You should also email all users and inform them to change their password on any service where they used the same password. It’s also important to tell your community members that security is paramount. Explain that the site has been shut down so as to not take any chances while the problem is being investigated.

  3. Figure Out How It Happened: Before you bring your site back, you need to figure out how it happened. If you are not sure how it happened, speak with your host, search Google for known exploits, ask for help in the community or seek out professional help. You not only need to figure out how it happened, but you will have to ensure that you remove this issue from reoccurring. Nothing would be worse than having your site hacked again using the same exploit.

  4. Continue Communication: When a site is down, you can never communicate enough with your community. They trusted you with their data, the least you can do is keep them apprised of the developments. Be present on social media and publish frequent updates.

  5. Clean Up The Mess: Do a clean install, and import your community data from a trusted back-up. Test your site and maybe consider hiring a company to do a penetration test.

  6. Relaunch and Reset: When you feel ready to get going again, ensure you force all users to change their passwords. Also be ready to share with the community what happened and changes you have made to secure the forum for the future.

The checklist above should be a good start on what to do if your self-hosted forum gets hacked. Do you have a piece of advice we missed? Have an insight to share? Please share in the comments.

Vanilla Forums offers a secure cloud based solution for your community. We can also help you migrate your old forum to our platform. Try Vanilla Forums Cloud Solution free for 30-days.

Community

Share Your Thoughts

Your email address will not be published.

Adrian Speyer

Written by Adrian Speyer

Adrian Speyer is the Head of Community and Lead Evangelist for Vanilla by Higher Logic. Besides spending many years in digital marketing, Adrian has been building communities of all sizes for over 20 years.

Have an Article for Vanilla's Blog?

Send us an email to [email protected] with your topic idea and we'll circle back with our publishing guidelines.

subscribe-1
Subscribe to the Community Corner Newsletter and get expert insight and analysis on how to get the most out of your online community every Friday.

    Request a Demo

    Schedule a product demo now.

    Contact Us