Been Hacked Lately??

In just the last week I have been contacted by 2 different website owners who have had their sites hacked. One noticed that their site was automatically re-directing to sites of an “adult” nature. The other got a notification from Google letting them know that there was an issue. Both infections were somewhat similar, but still different enough to mean cleanup was done differently.

I see this as a growing trend. Unfortunately I see more and more in web searches that a site has been hacked, or may be malicious. This is good that the search engines, mainly Google, are notifying users, but it is still reactionary to a problem that most times is preventable.

How do they get in?

That is the million dollar question. If you knew how they got in, that hole wouldn’t be open for very long before it was closed. The problem is that those who hack websites are constantly changing their tactics and finding new and inventive ways to cause havoc.

It could be a hole in coding. If you have a dynamic site, built with PHP or Perl, not handling fields in forms correctly, or not passing variables in the right manner could both be holes that a hacker could exploit.

If your site is running on WordPress (https://wordpress.org/), Drupal (https://www.drupal.com/), Joomla (https://www.joomla.com/), or any other Content Management System (CMS), there are potentially security holes. In any software, Operating systems included, there are software bugs. When a hacker finds it, it can mean problems for you or your site.

Luckily companies and groups that are in charge of CMS development are constantly putting out fixes and new versions of code. The downside is that not all users or site managers will install new versions as they are released. If forgotten, your site can very easily and quickly be out of date and ripe for hacking.

A few other avenues for Hackers to get in can be easy to guess passwords. These passwords, in your email, cPanel, WordPress Admin, or FTP are portals directly to your site.

What do they affect?

When hackers get in they can do just about anything to your site or your email. They can add files at will. They can modify existing files. They can show things to your visitors that you really do not want them seeing.

All of this affects more than you can imagine. Search engines see this and start reducing your search result rankings. Your potential customers see this and assume that you aren’t worth doing business with. Your current clients see this and it lowers their trust in you. General site visitors see things like this and may never come back.

If you happen to have any client data for your business on your site, this can mean that now you’ve lost customer information. Credit card numbers, phone numbers, addresses, or social security numbers are all things that could potentially be lost. And we all know how that worked out for Target (http://goo.gl/gAMJNZ).

How to prevent it…

I’ve always said that if someone wants to hack your site, it will be hacked. You can never keep 100% of the people out. But you can have measures in place that will keep out the vast majority of people.

1. Change your Passwords (often)

Having a 12-16 digit password, using both letters, numbers and a symbol makes guessing or cracking a password infinitely harder. Still not impossible, but much harder. Yes, this makes the password hard for you to remember. But if you check out one of my past posts (Too Many Password? – http://opiescomputers.com/too-many-passwords/), you’ll find different methods to help you cope with passwords.

2. Keep software installations up to date

By keeping all of your software, like your CMS, up to date, you can ensure that you have the latest bug fixes and security patches that will protect you. As a particular version of software gets older and older, exploits become more well known. This allows hackers to scan for sites with older versions to exploit.

3. Know your site, and monitor it

This is probably the hardest to do, and I admit that I have issues with this myself sometimes. But knowing what files to expect where is a good start. And if you’re not sure about your site, contact and pay a professional to monitor for you. Knowing your site and what files to expect is a good thing to help clean up from a hack as well. Being able to notice that there is a hack before anyone else can definitely save you some headaches down the road.

Conclusion

I believe what Google is doing is a VERY good thing. But it isn’t enough. It isn’t stopping the problem. Just like you are required to have car insurance to drive, it is a very good idea to have someone watching out for you.

Opie’s Computers offers options to let us help you keep your website up to date and protected. If you are running a WordPress site, we have monthly plans that will keep everything up to current released versions, reducing your risk of attack.

In the worst of instances that your site is still hacked, we can help you recover the site, your reputation with Google, and get that nasty “This site may be hacked message” removed from your search result listing.

photo credit: Power Of One via photopin (license)