Questions? Call Us! (254) 773-7391
   
  
 
   
HELP! My Website's Been Hacked!

We spend a good deal of time talking websites with business owners across a wide spectrum of industries. When it comes to website security, comments we hear on a daily basis include: I don’t take payments on my website, therefore, I am not at risk of being hacked. I don’t care if my site gets hacked; there is nothing anyone would want there anyway. And the most common: Why would anyone want to hack my site?
 
 
In the good-old-days a website hack was merely a nuisance. A hacker would gain access to the site files, upload a page or content with sometimes embarrassing content and let the world know your site had been hacked. These hacks could also be destructive, but most were harmless, requiring a cleaning of your site files and restoring the files to a previously intact state. Once this had been completed and more strict security measures taken you were back in business.
 
 
Today’s hackers are far more sophisticated. For most website owners, targeted attacks will be rare, but opportunistic attacks are constant. Opportunistic attacks used to hack into most small and medium size business using typical CMS and HTML websites are mostly automated. These automated tools provide the hacker with mass exposure and dramatically increase the likelihood of success, while reducing overhead and the technical knowledge necessary to initial these attacks.
 
 
Generally speaking a new website will take 30-45 days to begin to be crawled. These bots begin by looking for identifying markers to determine if the website is using a popular CMS application or using exploitable software. If they uncover a marker, the site is set up for the next phase of attack exploitation. These exploits can happen in a matter of minutes, days or months, typically over time with many different types of attacks on known or suspected vulnerabilities. Since these are automated attacks, once your site is on the list the attackers will keep trying.
 
 
The reasons websites get hacked are just as varied as the methods used. However, the most obvious reason is economic gain. These attacks can be as notorious as gaining access to customer credit card data or as simple attempts to make money from your audience using malware. Think of one of your clients visiting your site and the next thing you know, you are getting a phone call telling you that a fake piece of software you recommended on your site has been installed and now their entire bank account has been drained.
 
 
Hackers also employ blackhat SEO techniques to link content on your site to affiliate sites to generate income from purchases. Sometimes these links can be seen, sometimes not. But Search Engines see them and index these links, and once they have been indexed, hackers can generate revenue from your audience.
The majority of website security breaches are not to steal your data or deface your website, but instead attempts to use your server as an email relay for spam, or to setup a temporary web server, normally to serve files of an illegal or harmful nature.  The business of "farming resources” is big business. Botnets, a number of unsuspecting computers linked together to perform simultaneous tasks. Your website, as part of one or more botnets, can be used to send spam email, or even attack other websites or servers using distributed denial of service attacks (DDoS) – attack attempts to overwhelm a server and bring down a site or server by consuming all of its resources.
 
 
It’s easy to feel overwhelmed by the thought of your site being hacked, used as a tool to infect others or provide some ill-gotten gains. We believe awareness and knowledge that if you have a website you need to know that it is being attacked. Ignoring this fact will not help solve the problem. Google indicates that they blacklist 10,000+ sites every day for malware and flag over 20,000 sites for phishing every month.
Website security is not about risk elimination, but rather, risk reduction. Your risk can never be zero and you need to be wary of anyone who says that they can provide you a zero risk website solution. You can employ security measures and tools to reduce your risks so that you do not become part of the problem and just another statistic.
 
 
If you have a concern about your website and hosting environment, give us a call. We’d be happy to take a look at your current solution and provide helpful tips and advice on how to make your hosting more secure.


Related Articles:
No News For this Zone. Please Try Later
Back   
Search Articles:   
  
      
904 S. 31st Street • Temple, TX 76504  |   www.pgpweb.com | 254.773.7391
Created by PGP Web Solutions Copyright © 2013 All Rights Reserved.