What to do if your website is attacked?

Common Website Attacks
Website was attacked in many ways, however, due to the current server comes with a firewall and website programs are relatively mature, many outdated attacks are difficult to implement, even if it takes a lot of effort to invade, but also quickly found by the webmaster, otherwise long-lasting stability, the following list of 4 kinds of attackers are still using the attack. 
1.DDOS attack 
One of the most common attacks on the website is DDOS attack, the attacker is mainly competitors and hackers extortion, hackers use the control of the equipment on the target traffic bombardment, so that the target server is directly paralyzed, can not provide services. Read more: What is a DDOS attack 
2.CC Attack 
 CC (Challenge Collapsar) attack is actually a type of DDoS attack, why is it listed separately, because it is very common for websites to be attacked by CC, mainly because the attacker utilizes forged requests to exhaust the resources of the target website or server until it goes down and crashes. 
3. SQL Injection 
SQL injection is a type of attack specific to SQL databases, SQL databases use SQL statements to query the data, these query statements are generally HTML form post or get and other forms of submission and execution, and then go to the database request, if you do not configure the database permissions, or the database vulnerability, then the attacker will use the attack to control the database to perform Some read, create, modify, delete database operations.  
4. cross site script (XSS) attacks 
xss (cross site script) cross-site script attack is also a web site to avoid the network threat, the attacker will be injected into the site, when the user browsing, embedded in the web page script code will be executed, so as to steal the user's sensitive information or damage to the site.    
What should I do if my website is attacked?
1. What about the website being attacked by DDOS?
DDOS attacks at present there is no such thing as technical means to solve, essentially resource to resource, money, you can refer to our previous article “DDOS how to defend, three typical response methods explained!”, so access to CDN services, in order to one-step, rapid problem solving.
2. What if the website is attacked by CC?
Website CC attacks, in general, if their own server provider broadband is cheap, you can temporarily upgrade to try to resist, if the problem can not be solved, still need to access CDN services, as for the characteristics of the limitations, man-machine authentication, IP restrictions, open the firewall, can only be said to be an auxiliary, can not solve the problem, or need to access the CDN professional service providers to deal with the attack.  
3.What should I do if SQL is injected?
If you have been injected successfully, and there is no backup, then your project is basically cool, so, compared to what to do when injected, defense is the king's way, common means of protection need to be professional programmers in the design of the database operation, for example, parameterized queries, the latest permissions principles, full coding and regular audits, however, now the firewall technology is very mature, common injection can be basically intercepted. 
4. XSS attack how to do 
XSS attacks with SQL injection, the need for professional and technical staff to deal with, you can analyze the logs, code audit, backup restore the original problem, you can do some prevention through the front-end security, such as VUE front and back-end separation, escaping HTML, prohibit the implementation of some functions, PHP and other ways to do. At present, the mainstream CMS or mainland China's Pagoda administrator tools come with a firewall, which can basically solve most of the XSS attacks.  
Frequently Asked Questions:
Can a hacked website be recovered? 
Can a hacked website be recovered? Yes, you can recover a hacked website by removing malware and restoring backup files. 
What happens when a website is hacked? 
It could be used to steal passwords, credit card information, or other sensitive customer information. It could also be used to redirect your visitors to other malicious websites, pop-ups, advertisements, and more. Our security researchers recently found malicious jQuery code in a large number of hacked Magento stores.