Has your website been hacked?

We must, and do, worry about the security of our web applications and our data. But don't forget that a simple website can also be hacked.

Often companies outsource their website development. This may be due to a lack of technical skills, or because they think it is a "marketing" job. It doesn't matter what size your website is, or who developed it. Any website can be a target for attacks.

So this question is important for all of us: Has your website been hacked?

Why would anyone hack my website?

Owners of small websites often think that they are not at risk of hacking. It's easy to understand why a hacker would target a big company or an online system. But why hack a small website, or a low-traffic blog?

The answer is simple: resources. Your company and your data might not be valuable to a hacker, but your website resources are.

Here are some of the resources that an attacker can exploit:

  • Attackers can use the processing power of your web server to run their own programs. For example, blockchain technologies used for cryptocurrency need lots of resources.
  • Attackers can use your internet connection and your reputation. Your site has a clean reputation — in other words, it hasn't been blacklisted. Browsers, like Chrome, warn you if you try to access a blacklisted site to protect you. Attackers love a nice clean site where they can host malicious code, like phishing pages.
  • Even small websites might have interesting user data. Or there might be traffic that can be redirected to a malicious site.
  • Your website is important to you. Would you pay to get it back? Ransomware attacks are becoming more prolific every day.

How do I know if my website has been hacked?

This is not a silly question. Companies often don't realise their sites have been hacked for days - or longer.

IOCs, or Indicators Of Compromise, are signs that your website may have been compromised. Yes, there is an acronym for this! The IT industry - and the security industry - would never miss an opportunity for YAA (Yet Another Acronym).

(You might remember I asked this question before: How do you know if something went wrong?.)

Here are some things to watch for on your website:

Website defacement

The most obvious compromise is website defacemen. This is an attack that changes the visual appearance of the site. For example, the hacker may replace your content with his own message.

A defacement attack is public proof that your website has been compromised, and will damage your reputation.

Check your site often for any defacement. The embarrassing alternative is to wait for a visitor to tell you.

Content that redirects

Apart from obvious messages from attackers, check for content that shouldn't be there. This may include:

  • Popups that you or your team did not create.
  • Links that redirect to an unknown site.
  • Spam ads — usually for adult content, gambling, or other suspicious activities.

Warnings or blacklisting

If your site has been used for phishing attacks or distributing malware, you will find yourself on the wrong side of the blacklist.

When Google blacklists your website, it removes your site from the search engine’s index. Chrome users will see messages advising them to avoid your pages. You've seen this message before:

Screenshot of error message your browser displays if the site is not safe

Before blacklisting you, Google will first try to notify your webmaster via Google Search Console. Your ISP might also send you a warning that your website has been flagged for malicious activity. Don't ignore these messages — or you'll discover that your site has been disabled.

Less obvious indicators

Here are a few other things to keep an eye on:

  • Check your rankings. Another IOC is if your site ranks for spam keywords like Japanese characters.
  • Make sure there are no extra files in your folders.
  • Monitor files for recent modifications that you did not make.

To start, use Google's Safe Browsing Tool. Just type in your URL and check your site's status right now.

Next week I'll discuss ways to clean your site if it has been hacked.

As always, please share your thoughts and comments.

Leave a Comment

Your email address will not be published. Required fields are marked *

Thank You

We're Excited!

Thank you for completing the form. We're excited that you have chosen to contact us about training. We will process the information as soon as we can, and we will do our best to contact you within 1 working day. (Please note that our offices are closed over weekends and public holidays.)

Don't Worry

Our privacy policy ensures your data is safe: Incus Data does not sell or otherwise distribute email addresses. We will not divulge your personal information to anyone unless specifically authorised by you.

If you need any further information, please contact us on tel: (27) 12-666-2020 or email info@incusdata.com

How can we help you?

Let us contact you about your training requirements. Just fill in a few details, and we’ll get right back to you.