Has Your Website Been Hacked or Compromised?

Meet our newest Guest Blogger.  Laura Wheeler, and her husband Kevin, own Firelight Web Studio, located in Medicine Bow, Wyoming.  I’ll be featuring Laura in a later post as one of our featured Creative Entreprenurs and she will be contributing to this blog periodically as a Guest Blogger.  Meanwhile, here is must-know information if you own a website.  Read Laura’s article and learn.  You’ll be glad you did!

Site Hacking

By Laura Wheeler

No, I’m not teaching you how to do it… I’m teaching you what to do if it happens to you, and how to avoid it. This is a longer article than normal, but it is not a simple subject.

First off, let’s be clear about one thing…. The correct term isn’t actually “hacked”, it is “cracked”, or “exploited”, or “abused”. But not everyone knows what those mean, so I’ll use the word “hacked”, because everyone knows that is BAD NEWS.

You might think that if your site is hacked, you would know immediately. This isn’t true. They are sneaky… They bury themselves in sites in an inconspicuous manner. They hope to go undiscovered to do their dirty work for as long as possible before they are caught.

So what, exactly, do they do?

1. They abuse your forms. They use your online forms to SEND bulk email to spam lists instead of contacting you.

2. They bury a folder deep in your site, and install a phishing site – an exact duplicate of a PayPal, AOL, Google, eBay, or other site, to collect personal info for identity theft or account abuse.

3. They embed a virus into your site files, where it perpetuates across the net, installing malware onto computers.

4. They embed other malicious code into your site, where it perpetuates and harms other people.

5. They may steal sensitive data from your site. This is rare on small business sites, tends to be targeted at big companies, but can happen from random attacks.

6. They also spam your site if they can. This isn’t exactly hacking, but it IS abuse.

So Who is at risk?

Everyone. You may think that you are small potatoes, and nobody would want to hack you… WRONG.

This is the second most common misconception about site abuse.

IT ISN’T PERSONAL!

IT IS SYSTEMATIC AND OPPORTUNISTIC.

You see, 99.9% of hack attempts are AUTOMATED. A hacker creates a script that is designed to look for common exploit opportunities on a site – it will try common usernames and passwords, it will look for vulnerabilities in your site, and try different things. If it strikes out, it moves on. If it succeeds, it does it’s dirty work, and either flags your site for repeat dirty work, or moves on. More often than not, your site is marked as an easy target, so even if you clean it up, if you don’t go far enough, they’ll come back.

How do they find you?

1. They use the Whois domain database to scrape domains, and then they proceed through the lists.

2. They use search engines – See, if you have a dynamic site, each site type leaves a “footprint”. They go searching for that footprint, and then work their way through the hits.

So What do you Do About It?

By this time you may be in a state of panic… don’t be. Getting hacked is actually a reasonably remote possiblity, and you can eliminate 99% of the risk just by taking sensible precautions:

1. Do not use HTML forms in your site, unless they are processed by a third party company (like MyContactForm.com), or they are written securely and well supported (the built in form in Joomla is ok).

2. If you have a dynamic site (like Joomla, CRELoaded, White Label Cart, WordPress, CMSMadeSimple, etc), make sure it stays updated with the current version. This will ensure that known problems are repaired. If you are on a retainer with us, we will do this for you.

3. Use “unguessable” passwords. That means combine numbers and letters, upper and lower case, and symbols where allowed.

4. Don’t share your passwords unless necessary, and only if you absolutely trust the person you are sharing them with. When possible, set up a separate login, which can be deleted if needed.

5. NEVER EVER install “Resale Rights” software onto your hosting! This software is ALWAYS carelessly written, and often has intentional exploits left in by the programmers.

6. Use well supported software with a large user community, and an active developer community. Avoid lesser known stuff that is not regularly updated.

7. Protect sensitive data using common and reasonable strategies, such as SSL, encrypted passwords, place sensitive site areas into an unpublished sub-domain, etc. Ask if you need to increase security on a sensitive site area.

8. Keep regular backups. If you are on monthly maintenance with us, we’ll do monthly backups, and backup additional times on request, but we can also teach you how to do manual backups yourself.

What do to IF I get Hacked?

Usually you will discover you have been hacked in one of three ways:

1. Someone informs you that something is odd with your site – a suspicious link, they received a phishing email, or something else. Be careful, because scammers also do this. Check it out immediately though, because you may have some lead time to solve the problem BEFORE one of the next two things happens!

2. Your hosting company shuts you down without notice.

3. Google flags your site as a malicious site – this is BAD, because it notifies the world that your site is distributing malware.

Once you discover this, it is important that you act fast .

1. Get a pro on the job as quickly as possible. If you cannot afford a pro, get on the line with your hosting company. They can often help you – there may be a charge, or not.

2. Shut down the site, put up a maintenance notice until you work everything out. SERIOUSLY… it is better to have a sitedown notice than to have the search engines discover the breach.

3. Move the hosting account – you can stay with the same web host, just open a new account to put the restored site into. DO NOT use the same passwords for the new account as for the old one!

4. Restore the site from backups from before the breach occurred. You may have to do some rebuilding – you also need to change all admin passwords and usernames.

5. Make sure the software on the site is running the latest versions – this is critical, because if the hacking happened because of a known security hole, you MUST patch it or it will happen again .

6. Direct your domain to the new site, close out the old hosting account.

7. Report the exploit to the FBI. Ask us, and we’ll point you to the website where you report this. Doing so may help them form a complete picture to close in on the perpetrators.

Having your site hacked is not a pleasant experience, and there are NO guarantees that it won’t happen. By doing the smart stuff, you reduce the risks, but cannot completely eliminate them. There is no point in being paranoid, it happens, but it is fairly rare. We’ve had to deal with about 4 different site hack variations in the last 9 years – with a clientele of hundreds, those are not bad odds, and we’ve learned how to reduce the risks with each episode.

If it happens to you, we WILL help you. There may be some costs involved, or not, depending on the terms of your previous agreements with us. But we can help you get your site back up and running in the least amount of time.

For more information, check out this blog post by Laura.

2 thoughts on “Has Your Website Been Hacked or Compromised?”

  1. Liah, Yes, you can usually rescue the site but you need someone who knows what to look for that hackers may have added to the code. And her suggestions about setting up a new hosting account, etc. are excellent.

Leave a Comment