The chances are that sooner or later you will be the victim of a hacker. If so, the most important thing is to be able to detect it quickly so that you can react quickly and correctly to the incident.
When a house has been broken into, the signs are usually obvious: the forced front door; the broken window; house contents turned upside down, and valuables stolen. In contrast, a hacking of a website is much more subtle and therefore difficult to detect.
Hacker vs Cracker
Whether your website was the victim of a hacker or whether your website was the victim of a cracker are two quite different things.
Few people will know the difference, however it is a fundamental one: hackers build things, and crackers demolish them.
The cracker will steal some or all of the content from your website. The hacker will modify the content of your website for malicious purposes. We will only cover hackers in this article.
Did you know?
The hacker ethic – Steven Levy, 1984
- Access to all computers should be illimited
- Information should be free
- Mistrust authority—promote decentralization
- Hackers should be judged by their hacking, not criteria such as degrees, age, race, sex, or position
- You can create art and beauty on a computer
- Computers can change your life for the better
So why do hackers do this?
A hacker’s motivations are diverse:
- To set themselves with a challenge: simply to prove that they are capable of it.
- To have fun: ridiculous though it may be, it is a fun activity for them.
- To Increase the power of their network: they will use your site’s server and many others to launch a large-scale attack later.
- To withdraw money: the hacker sets up a blackmail by explaining to you that after having paid a certain sum of money (which will have to be settled in bitcoin which has the advantage of being untraceable), he will return your site to its original condition.
- To exploit confidential data: making your data accessible to the public (especially if the data is sensitive) or sell the data to your competitors (industrial espionage).
Types of hacks
- Targeted and manual website hacking
A targeted hack is carried out by a person or a group of people and directly targets a site. A small or medium-sized business is rarely faced with this type of attack.
- Bot hacks
This hack is more organised and larger. There are hackers who develop software programs to analyse and exploit the security vulnerabilities of several tens, hundreds, or even thousands of sites – and all at the same time.
How do they get in?
- Weak passwords
This is the simplest method. Hackers can use techniques that can guess passwords by trying multiple passwords until they find the correct one.
- Insecure themes and plug-ins
Outdated and unpatched themes and plug-ins are very often the cause of website security breaches.
- Social engineering
Social engineering is the act of manipulating people to make them do something specific. For instance, sending emails asking people to give information.
Your website is likely to have been hacked if:
- Some strange content has suddenly appeared on the website
- Your site is abnormally slow and/or develops bugs
- A sudden drop in website traffic
- Suspicious user accounts in WordPress
- Your site redirects to questionable sites
- Your browser warns you that your site is potentially malicious
- You have been notified by Google that your site has been hacked
How do I know for sure?
There are a few ways you can check if your website has been hacked
Check your files
If you are familiar with code, the first thing to do is check your website files. Most hackers attack website via .htaccess, .php or media files. Hackers can insert hidden links or code in those files. Searching your entire site for “base64” is a good way to find them.
Use security tools
- Google safe browsing checker will scan your site and let you know of any suspicious activity associated with it. Paste this URL into your browser and amend yourdomain.com with your website address. http://www.google.com/safebrowsing/diagnostic?site=yourdomain.com
- Google Search Console will provide you with metic essential tools as well as checks that will determine the health of your website.
- Sucuri will check your website for known malware, virus, errors and malicious code.
- Plugins. Our favourite being Wordfence.
It is hacked! What do I do now?
It depends a lot on the backup and prevention work you have done before. Hacking is sometimes harmless: and only a single file is affected. All you have to do is clean the file and everything is back to normal in a few minutes. Unfortunately, most hacks touch many source files. It is then difficult to clean if you are not comfortable with coding. If you have a “healthy” backup of the site (before it was hacked), you can just reinstall it. However, you will have lost any modifications made since the backup. If you do not have a backup, you will have to proceed with meticulous patience. Get the log file of your host, which stores and dates all attempts to access your site and the modifications will – for most of the time – allow you to locate the infected files. If your database is infected, it will be tricky to flush out the additions made by the hacker and clean them up.
Will my site be safe once it’s cleaned up?
Viruses are like invasive plants. If you overlook a small element of them during cleaning, they can continue to harm your website or even manage to reinstall themselves completely. Furthermore, if you simply reinstall the site from a backup or simply clean the infected files, your site is then in the original state which allowed the hacking initially. A new attack will have the same consequences.
To limit the risks, it is important to:
- Change your passwords
- Apply updates to your CMS (Content Management System) whether it be WordPress or any alternative
- Update or remove vulnerable plugins
- Check your code. You can use this website
- Install security plugins
- Install a backup facility
- Keep monitoring the website
The consequences of a hack
Depending on the complexity and objective of the hacking, the severity will not be the same.
It is not possible to say in general terms what are the direct or indirect consequences of an attack, but owners of pirated sites must always be ready to face these main consequences:
- The cost of cleaning the website
- Loss of trust from the users
A hacked website does not present a good company image. Your reputation will take a hit. Users, or even worse, customers, will not dare to browse or order from a clearly hacked site.
- Drop in search engine rankings
Google sees everything! A hacked page often contains malicious code that spreads malware. If Google recognizes it – and you do nothing about it – your page will be blacklisted. When users visit the website, a security warning will appear for them to see. It can also damage your position in the search engines (SERP).
- Loss of personal or customer data
The hackers most probably gained access to your database, and therefore had access to your data. If you run an e-commerce or membership website, they have probably got hold of all your contact information as well. Remember that you are, with data protection legislation, legally responsible for the personal data collected from your customers, and this cannot be disclosed for any reason without their consent.
Please note that hackers will go for any size website. Just because you have a “small” site doesn’t mean you shouldn’t be actively concerned with its security. Finally, if you are running a WordPress website, the attacks are commonplace. WordPress is a very successful CMS (W3Techs report a total of 35.2% of all websites on the internet using WordPress in 2019.) and therefore highly targeted by hackers.
Don’t panic, though, if you make sure your website is properly maintained, and that you are using strong passwords whilst using a reliable security plugin, the likelihood is that it won’t happen to you.