December 19, 2018
It’s not only high traffic websites that come under attack from hackers, statistics actually show that it is the lower traffic websites that are actually the most vulnerable. Find out 8 reasons why your website might get hacked.
Why would someone hack my website? I barely get any traffic?
A client recently told us that their website doesn’t warrant spending money on support and security as it doesn’t generate much traffic.
We thought this post would be helpful to showcase a typical month of visits and attacks that our security firewall and support team handle on a site that generates only 500 visits per month.
In a typical month this particular client received 27.9% traffic from desktop devices, 43.8% from mobile devices and 28.3% from bot traffic.
Typically around 4% of all website traffic that hits our firewall is malicious and Sucuri state that 37,000 websites are hacked every day.
Hackers understand security and if your site is unprotected, they will see this as an opportunity, the same way a thief will open your car door, if it’s left unlocked.
Compared to high traffic websites, low traffic websites usually have less security measures and the website owners don’t necessarily worry as much on keeping plugins and security patches up to date.
However most hack attempts are not actually made by people but by automated software or bots. These bots attempt to exploit every website they crawl using a programmed method.
If the method has been successful in the past, the bot will follow the same process to attack more websites to achieve the same outcome. Those without adequate security regardless or traffic size, are the ones exploited for countless different reasons.
What do hackers get out of it?
Here’s 8 reasons why a hacker might want to gain access to your website.
1. Steal Your Data
So a fairly obvious reason, but data is a business’s greatest asset. With the introduction of GDPR to clamp down on companies leaking data like an old tap, data is extremely valuable.
If you website contains signup / contact forms including newsletter signups, the data submitted here can be stolen and sold either for additional advertising or even bank fraud.
If you are selling online, then payment information can also be compromised if collected via the website, all of which are reportable to the ICO if any of your website data was breached.
2. Affiliate Links & Additional Traffic
Once compromised, hackers will use your website as a platform to promote their own or 3rd parties. Placing backlinks and spam links, aiming to direct traffic away from your site to their own.
The increase of traffic will help their own websites, quite possibly earning money from adverts served on the page or generating affiliate money from the additional traffic. Usually directing users to products such as pharmaceutical, gambling or of a sexual nature.
3. Search Engine Disruption
If you rely on organic search results for new traffic, then you will appreciate the importance of your page rank and how long and hard you may have fought to get a prime position.
Once compromised hackers may change page names, and links to other websites for link building, using your reputation to improve their website’s own rank, which will be completely ruined, if a hack becomes detected.
Google will display a message within your search results that informs potential visitors that “This site may be hacked”. Putting off anyone until you are able to resolve the issue. Google do not always update this as quick as you can solve the hack, so even long after your have resolved the issue, the warning could remain displayed.
4. Malware & Spam
If your website becomes compromised, your site could be infected with viruses and malware to capture your visitors information and thus infect their computers or steal their data.
If your visitor’s computers are not adequately protected, hackers could use their systems as well as your server to send out spam emails. As the emails are being sent by yours or your visitors computers, they are barely impossible to trace back to the culprit.
5. Server & Business Disruption
Whether a personal attack or not. Some hacks are an attempt to cause major disruption. Whether that is putting unnecessary load on the server to ensure the website becomes unavailable to users, or just to render your website unavailable so your business suffers i.e. critical websites like ecommerce or paid membership websites.
6. Crypto Mining & Bandwidth Exploitation
Hackers are not just after your data but also your website resources too such as bandwidth. Bandwidth can be expensive, so being able to utilise multiple website’s bandwidth for torrents and other similar traffic can be a quite profitable exercise.
Recently with the rise of Crypto currency, hackers have been hacking websites to use their resources to ‘mine’ cryptocurrency. The BBC reported back in February of the accessibility plugin ‘Browsealoud’ that had been exploited with their users’ computers having their process power hijacked as well as thousands of websites that also used the plugin.
7. Hold your website to Ransom
If your admin account is compromised, then a hacker can revoke your access and then request a payment to allow you back into your website database and content.
Symantec stated that in 2017 typically hackers were demanding on average around $522 to return access to their websites or server.
8. They Want To Watch the world burn
“Some people just want to see the world burn” – Yes we stole this from Batman, but exactly right, some people will just do this because they can. Some people like bungee jumping, and some people seek thrills of hacking websites. Some even hack unsecured baby monitors and spy on breastfeeding mums.
Hacking for fun or simply to learn, and using your website as a guinea pig in their learning journey. Some of these hacks are to deface or vandalise a website, placing visual messages on the site or changing text / images.
In short, insecure websites are obviously at risk from all of the above, and many of these are preventable by having adequate security measures in place.
How would i know if my site is hacked?
1. Someone might tell you.
Firstly have any of your users or customers reported that your website has any incorrect links? Sometimes this may not be the quickest way of identifying that you have a breach, and by this time your site may have been compromised for quite time depending on how much traffic your website receives
2. Google listing identified site hacked
When viewing your brand within search engines, if Google has detected that your website is hacked, it will display a message “This site maybe hacked” notifying your potential visitors as mentioned above, this can be another identifier.
3. Hosting Provider Reports Spam Use
You may be contacted by your host if they’ve noticed some suspicious activity on your server. If a hacker is sending spam emails from another business server yet featuring a link to your website, chances are they have compromised your site. They tend to place a link to their own website, somewhere on yours. The link redirects users without being flagged in spam filters, by using their own, they stand a higher chance of falling into the spam nets.
4. Notice links and incorrect text etc on site.
You may notice certain pages or areas of content that does not appear correctly. Additional text or random links that shouldn’t be there. This could mean that your site has been compromised, a site check will provide an indefinite answer.
5. Do A Site Check:
By opening up a Google search page and entering the following
Site:www.yourdomain.com (replacing your web address) This will bring up every page indexed in Google. Depending on the number of pages your website has, you might be able to recognise any pages or content that seem suspicious.
Alternatively you can run a quicker and far easier test through Sucuri… and it’s free. Check out the link below.
How Can I check?
If you want to find out if your website has been hacked, Sucuri provides a free check via their website, it scans for malware, injected spam and also checks to see if your website is blacklisted.
What Can I Do If My Site Is Hacked?
Give us a call on 020 3355 8747 and we can provide a siteclean service, by either restoring backups or removing any of the malicious data and help provide ongoing security measures to prevent the same thing happening again.
What can i do to prevent being hacked?
Our WordPress Support & Maintenance plans come with Sucuri firewall protection, however you can opt to go direct. The cost is $20 per month.
However a firewall is only one part of the puzzle, we’d recommend many other prevention tactics, most of which are carried out as standard on our Support Plans. You can learn more about our WordPress support plans here or call James on 020 3355 8747 to learn more.
KEEP ON READING
You make a web update, but it just doesn’t show up. Blame caching, the small process that also happens to be a core reason your website functions the way it should. In this article, you’ll learn more about why caching matters, and how you can manage it for better web performance.
There are upsides and downsides to live chat; not every business will be able to take advantage of every positive aspect, and not every business will be able to evade every negative one. However, with proper preparation and knowledge on your side, you’ll be well-poised to make informed decisions about how to leverage the technology to your benefit.
Impact are once again supporting our client Regency Security in their mission to raise £5,000 for Help for Heroes. We’re entering a 6-a-side team into Regency’s tournament held at Carrow Road. Home of Norwich City F.C.