Why has my website been hacked?
The importance of a good website for any business has increased exponentially in the last 5-10 years. With the increased availability and sophistication of mobile electronic devices and the improvements in mobile coverage and cost, it is now essential for any sort of organisation to have an internet presence at all times.
The increase demand and reliance on websites has also raised the profile of websites as a tempting target for hackers, vandals and those with too much time on their hands.
Ultimately the goal of most websites attacks is financial gain for the attackers although there have been occasions when the motive is more political or designed to cause financial harm.
Recently we have seen an increasing trend for these attacks to originate from Eastern European and Asian countries with the primary focus of taking control of the webserver the website is hosted. Once under control, the attackers can then use the webserver to propagate spam emails and viruses – typically advertising online pharmaceuticals, sexual liaisons and cryptolocker style viruses.
How are websites hacked?
Websites are built and run off software platforms and like any software there are always going to be bugs and vulnerabilities that can be exploited. Attackers will write bot programs that trawl websites looking for these known vulnerabilities and exploiting them when found. These bot programs will also try to connect to websites using default or standard settings for authentication and log in pages.
Anatomy of a typical hack
As mentioned above, the most common use of a compromised webserver is to use it to send emails to propagate other harmful software (viruses) to end user devices (desktops, tablets, phones etc).
Once a website is successfully compromised, there are typically three types of scripts added by the attackers to achieve their goals;
Mailer Script – as the name suggests these scripts are used to send spam email. A typical attack will install and hide many of these in the initial penetration. Only one script is active at any one time, with the idea being that if one script is found and removed there will be others that can continue sending emails.
Injector Script – These scripts are used to create additional mailer scripts and are not often active as hackers do not like them being found and removed. Typically there will also be less of these scripts present as remaining unobserved is the key to being effective.
Control Script – Designed to find other websites with vulnerabilities, control scripts are less common than both Injector and Mailer scripts and rarely called so as to avoid detection for as long as possible.
Consequences of being compromised
Once your website has been compromised there are several consequences that can occur.
- The first step taken by your ISP will be to shut down your website to stop the flow of spam/virus emails, removing your online presence and potentially affecting the attraction of new clients and the retention of existing clients.
- Depending on the sophistication and severity of the penetration you will most likely be faced with many hours of consulting times to repair your website to a functional state.
- Recently one of our new customers was faced with a ransom of ~$1800 to unencrypt files after suffering a cryptolocker virus attack. Due to lack of adequate backups, the customer was forced to pay in order to restore access to the files or face the loss of significant intellectual property.
How to PREVENT your website from being compromised?
Unfortunately there is little that can be done to prevent hacking attempts, however there are many steps to be taken to mitigate the risk of your website being compromised and to also mitigate the consequences.
- Keep your software up to date – Most software developers will frequently release updates to remove vulnerabilities as they are discovered. If you do not keep your software updated with the latest security patches you leave your website at the mercy any who might want to take advantage of it.
- Backups – Regular backups are necessary for any valuable data whether it be an excel spreadsheet or in this instance a website.
- Change default paths and logins – Default usernames and passwords are frequently used in attempts to access restricted pages. It is fairly good practice to disable generic usernames (like admin) but to also enforce password complexity of 8 or more characters/numbers/symbols/upper and lower case to make it as hard as possible for hackers to access your site (no passwords of ‘password’ please!)
- Log/Restrict access attempts – Often attacks come from the same computer/location and depending on their frequency may impact your site performance. By monitoring the origin of these attempts (and blocking them outright after repeated failures) you add another hurdle for any malicious attack on your site.
INCUB8 can help...
Understanding how and why websites get attacked will help you better prepare to prevent a successful attack on your own site. However INCUB8 appreciates that some or all of the above information might be daunting, of concern or worst still be a description of what you are currently experiencing.
INCUB8s business grade hosting includes a maintained hosting platform hosted on servers in secure data centres, nightly backups and redundancy. Our premium website security subscription provides extra peace of mind by including;
- Update service – Using a program called Watchful we are notified any time there is a security update/patch for software used in your website. INCUB8’s web eggsperts will also apply any of the patches to keep your platform as up to date as possible.
- Dedicated firewall tool – INCUB8 will also install a module that allows for easy and secure maintenance of user accounts. This tool also allows us to monitor your website for unexpected changes in files or site behaviour, log in attempts and origin of attempt with the view to blocking them if there are repeated failed attempts.
- Guarantee – INCUB8 will cover any costs associated with recovering your website to an operational state if the unthinkable should occur under whilst we are taking care of your hosting.
Please contact us today if you have any questions about the blog or would like a free review of your current website.