Most website owners think “oh, I don’t have any enemies - so why would someone hack me?” Wrong.
Millions of websites get hacked daily, mostly by bots. Therefore it’s not personal, just part of the game being online. Security systems are always a step behind the hackers - the dark horse of progress, but a crucial part of the process.
Most common hack types
Attack type mostly depends on the purpose of the hack. The most popular reasons for these attacks are as follows:
Interrupt website performance. Usually DDOS (Distributed Denial of Service) attack method is used. It basically sends many server inquiries, which causes the site to crash. Giants like Facebook or Twitter have been affected by DDOS attacks. Service becomes unavailable for periods of time, from couple hours to couple days. This type of hack does not depend on code vulnerabilities or anything like that as third party sources are used to overload the server.
How to prevent: DDOS attack prevention happens at the server level. Most hosting providers have their own security configurations and firewalls. Unfortunately, that is not always enough because there are many types of DDOS attacks. At Angle180 we add extra security layers, such as custom scripts, to block certain IP addresses that send too many packets.
Obtain secured data (phishing). Phishing is the attempt to obtain sensitive information and personal data such as: usernames, passwords, pictures, videos and credit card details for malicious reasons. A typical hack would be malicious code SQL injection (database injection). The hacker finds a back door to the site where malicious code can be injected, and once it’s in - they can take over the information without you even knowing it. These attacks are controlled by spam robots and crawlers that search for website patterns. They also utilize preprogrammed hacks.
How to prevent: If you’re running some sort of CMS system – you must keep it updated to the latest version, not only in the core system, but also all the components and plugins. Custom websites that are carefully coded tend to have better level of security, since common patterns are more difficult to find.
Your website is used as a part of botnet. Your website can become part of a malicious network, which operates under hacker control. Most often this is a case where your site is used in a DDOS attack, sending spam emails from your domain name. Advanced scripts are used for this type of hacking – scripts that are able to detect what kind of website you are running, and the hacker exploits your site based on that information.
How to prevent: You should
keep the website updated, but that alone does not guarantee that you will not be hacked. I came up with a manual, bulletproof method to make sure your site is clean - keeping the final website files in a GIT repository that I use to compare if any changes were made to the latest live version that wasn’t sanctioned. By keeping the site software up to date and scanning the files once a week, you can make sure your site is not participating in malicious activity and boosting
the performance of your site.
Working with website files in a GIT repository and comparing them to the latest live version that wasn’t coruptted makes me feel confident the site is clean.
People hacking for fun. These types of attacks are usually not as dangerous as hacker attacks. In most cases they reach out and offer their coding services after proving their skill. And some just do it for the hell of it.
How to prevent: All of the above mentioned tips.
You can never protect yourself 100%. What you do is protect yourself as much as possible and mitigate risk to an acceptable degree. You can never remove all risk. - Kevin Mitnick
“I Got hacked! What are my next steps?”
Take a deep breath... The damage is already done, you only need to clean up the aftermath.
Step 1: Make a backup of the infected site. It’s extremely important, as you will need to track down how the hack happened by analyzing log files.
Step 2: Identify
hack type and patch vulnerable areas of your site. Useful tips:
- Add your site to Google webmasters console (if it wasn’t added before). This will also give you great directions on identifying the problem and tips how to resolve the hack.
- Check if your site got blacklisted by Google, ESET, SiteAdvisor, Norton, Phishtank and other services, because their goal is to make the internet a safer place. In most cases sitecheck.sucuri.net should help identify if the site is blacklisted.
Step 3: Clean infected files and/or database or delete all files and restore the website from the latest backup. If you don’t have a backup, contact your hosting provider. They should have a backup and might also provide some additional information about how the hack happened in the first place. If the backup you have isn’t the most recent one or your site is frequently updated you might loose some data.
Step 4: After the hack is cleaned, you will need to resubmit your site for review in order to get it whitelisted. Just make sure the hack is resolved 100% before you do so, because this might affect your search engine rankings. It’s important to perform these steps as quickly as possible.
Step 5: As soon as you get your site clean, change ALL your passwords. This includes hosting passwords (billing, whm, cpanel, ftp), email passwords and cms admin passwords.
Stay safe, stay sane.
There is no such thing as bulletproof website, never will be, but here are some quick tips that can save your day:
- Keep your system up to date!
- Mask default system access links. For example, WordPress admin link /wp-admin should be changed to a custom link like /admin4457. This is done to fool the script into thinking it’s not a WordPress site and prevent hackers from trying WordPress exploits on it.
- Delete all the readme.txt files from main catalog.
- Do not keep website backup files in folders such “/backup” or ”/old”. These can be downloaded and reveal all the configuration of your site - therefore making it easily hackable.
- Keep your passwords strong and updated. CPanel and super user passwords are crucial.
- Do not use md5 password encryption as it can be brute forced in lots of cases and may lead to user data leakage.
- Monitor your website uptime. At Angle180 we use watchful.li and pingdom.com. If your site goes down, we can address the issue immediately.
To stay sane you need to perform recommended updates and be ready to step in and manage the “unhacking” process. Having a good relationship with your web team also makes things way easier.
Advanced security is a must if your website carries sensitive user data. It’s a very complex, time consuming process that is better left to professionals.