If you’re a website owner, the online security of your website should be something you consider, well before the sliding effect on your jQuery slider. Security is something that, with the rise of third party plugins, themes, and frameworks, will become increasingly important in future.
In the last six months, we’ve seen more and more cases of hacked websites that we’ve then been asked to help fix. Reasons for these cases usually follow the same theme:
- Shared unmanaged hosting without firewalls or basic security prevention.
- Often WordPress websites with outdated themes, or plugins.
- Website is rarely updated or maintained.
The purpose of this article is to help website owners understand why websites get hacked, why they were able to be hacked in the first place, the course of action when your website is hacked, and then, finally, how to prevent your website being hacked in future.
It is worth noting that the people and scripts that hack your website are usually very illusive, it is often the case that:
Your website may be hacked and you might not even know.
It’s true, hacked websites rarely have a big sign plastered across their pages, advertising: “this site has been hacked lolz”. Often, a malicious bit of code works in the background, and it’s not until Google’s malware check picks it up, or a clients “Norton on-line security” flags it up, that you become aware of it – This is usually far too late.
So, prevention & regular maintenance is just as important as the cure in the case of hacked websites. On that note:
Why Would Someone Want To Hack My Website?
The first thing you should be aware of, is that it is rare for an actual person to hack your website. Usually it’s a crawler made by a programmer with too much time on their hands, that will hack your site. The crawler does what it says on the tin: crawls websites in search of specific vulnerabilities. At a first crawler will identify say: out of date WordPress websites, and your website will then be added to a “short-list” if it matches this rule . Then, a second crawler will go through that “short-list”, attempting a range of out of the box hacks & exploits., and if your running out of date software and are not on secured hosting its matter of time before an successful exploit is run on your site.
Reasons Why They Do It:
- They are looking to gain the personal information of users on your database. Data stolen this way, such as credit card numbers and social security numbers, end up on illegal trading sites, on which, criminals buy and sell large quantities of personal data. You should be especially on top of your websites security if you’re running an Ecommerce website.
- They want to promote another service or product online, by using your site to redirect customers to usually dodgy sites, you know the ones, selling things like performance enhancing drugs. In doing this, they are aiming to gain commission the sales of their wares. Sometimes, they’re more clever with this, & often up-sell you products related to the hacked website.
- They want to aid the SEO of another website, by creating links to the site, using your own, to improve their Google ranking – Black hat SEO at its finest.
- They simply have malicious intent, and wish to hinder you or your business for personal enjoyment. Most of the time, this will not be the case.
Hacking is not rare occurrence. Take it from someone that’s had to monitor server logs: your website is constantly being probed for vulnerabilities.
How Were They Able To Hack My Website?
Good question. It’s often tricky to figure this out, even after they’ve already gained access.
Some reasons include:
- Your website content management system may not be up to date or you may be using out of date plugins or themes. Updates are a must if you want to avoid an attack. This is because updates ensure your site is safe from known insecure patches and holes in previous versions. If you continue to keep the current software, and do not keep up with new releases, your website will be chock full of publicly-known security holes to exploit. This makes your site easy prey for bots and malicious hackers, who search for sites that still have these exploitable issues.
- Your website could have insecure hosting. – I began to type out a long paragraph on why hosting is important, but then, I remembered, I’ve already written an article on the importance of hosting!: Why Hosting is Important (I may update this at some point) TLDR: Having good hosting is important.
Often it takes quite a bit of investigation to pinpoint exactly why and where a third party was able to gain access to or exploit your website, but 99% of the time, it is down to poor hosting set-up or insecure/outdated website software.
My Website Has Been Hacked! What Should I Do?
Come up with a plan and then work through it in order to get your website back up and running.
However, it’s imperative to move fast. Moving sluggishly can give Google time to pick up on your websites’ situation, which means your site will be blacklisted – removed from Google’s listings. If Google finds anything potentially malicious or harmful on your site, it will paste a warning over it, telling the general public that your site may harm their computer, or that it may have been hacked. This is something you want to avoid, as it could mean customers lose faith in your site or even in fact get malware of a virus from visiting your website.
If You Are A Website Owner:
- Assuming you are a website owner, you need to contact your website developer asap, or if they are not readily available, your website host. Explain the issue in as much detail as you can.
- Have you got access to the CMS (such as wordpress)? If you do, login in and attempt to install a maintenance page plugin: https://wordpress.org/plugins/wp-maintenance-mode/. This will prevent your website visitors from being affected by any malicious code, it will also prevent any warnings from being applied to your site by Google, and buy some time.
- If you have access to your website via a CMS, you should now thoroughly check and scan your local environment, this could have been the source of the attack. If you had/have malware running in your local environment such as your desktop or notepad, this could have contributed to the issue. It’s important to run a thorough scan on your machine. Particularly nasty viruses are able to hide from AV software, so it’s a good idea to try an alternative such as http://www.adlice.com/software/roguekiller/ . Although this is rare in the case of hacked websites, its always worth double checking. Make a note to update/change your passwords.
Advice For Web Developers And Hosts:
- A good move would be to check the FTP, to look at the latest change dates, and hopefully detect the affected files. – do this first and take note before you move any files using FTP and lose the last modified date.
- Take the code off live environment and put up a maintenance page. As your site will have to be taken off of live environment, this maintenance page will mean users won’t be faced with an error or 404 code when they search up your site, and will, hopefully, return to your site again soon.
- Do not revert to a backup and re-launch. – Yes, by all means use a back-up for a non-infected version of the site, but if you revert to a back-up and re-launch the site, the crawler will re-infect the site again, usually within a matter of hours. This is not fixing the issue, it’s just buying time until the exploit that first allowed your website to be hacked, is exploited again.
- We recommend Clam Av as a good virus scanner – http://www.clamav.net/ for scanning all files.
- Search the websites files for malicious coding techniques, such as base 64, which is used to hide codes in your files, Base64 is the process of encoding so that the malicious code appears to mean nothing to the human eye. If you are able, use a base64 decoding script, to see the type of code you’re dealing with.
- You should check file permissions. Depending on your server set up and php handler, your permissions will vary, however for the time being, make sure nothing is set to 777.
- If you are using WordPress , you will need to change your secret keys in your WP config file, to ensure you have an updated set of random, unpredictable, encrypted passwords.
- Lastly, perform a full update of all themes, plugins and the CMS itself, and then run a thorough check to ensure all facets affected, run smoothly.
How Can I Prevent This From Happening Again?
Here’s how to prevent another attack succeeding:
- Firstly, don’t just leave your website alone and ignore it for 6 months. A website running a CMS needs maintenance and updates. Get in touch with a developer and make sure you have regular updates & maintenance scheduled in.
- Check out your hosting, make sure its secure. If you’re not sure, just get in touch with us and we’ll give you a free audit of your websites hosting.
- Consider a website monitoring service, such as https://www.pingdom.com/ . If you notice high peaks or slow responsive time, especially at nonsensical times like 3 in the morning, it could mean you’re being targeted.
- Make sure you have good anti-virus on your local machines. It’s also worth considering a malware solution. I’d recommend: – https://www.malwarebytes.org/
In summary, if you take one thing away from this article, let it be that your website needs constant maintenance and good, secure hosting to prevent it getting hacked.
If you believe that your website has been hacked, or if you’re worried about your security set-up, get in touch or give us a call on: 0207 870 5794. we’ll be happy to help you.