With the massive amount of people and companies moving to WordPress, it is becoming a bigger target for hackers. WordPress is growing at a remarkably fast rate, but WordPress security is growing at a slower rate.
Most people feel sorry for businesses that have their websites hacked, but don’t do anything to stop it from happening to them. The only two obvious reasons for not doing anything are they don’t think hackers would want to target their websites, or they don’t know enough about it.
Well, most of the attacks on websites are automated and not done by a person. Therefore, most of the time when a website gets hacked, it is not intentionally targeted by hackers.
Hackers can use a website for a lot of different things once they successfully hack it, and that is what you are going to learn about today. Not only are there obvious short-term effects; there are some things that can haunt your business FOREVER.
A defacement is a fairly easy thing to detect and can be fixed pretty quickly. Although it can be fixed quickly, it can still scare your visitors and cause you to lose customers. As you are going to see, sometimes it’s not obvious that you’ve been hacked; in fact, it can be months before you even suspect anything.
Instead of doing damage to your site directly, hackers may simply choose to redirect your site to another site. Hackers may do this for several different reasons including, SEO benefits for themselves, to get people to click on their ads, to steal your clients’ information (possibly even payment information), drive by downloads (explained below), or to gain awareness among other hackers.
Many times, websites require a visitor to register on their site or enter information to gain access to something. A hacker could redirect the registration page to another website, but make the URL and design look remarkably similar to yours. The hacker could get your clients’ information such as their name, email address, gender, address, date of birth, age, race, and password. Sucuri recently covered a fascinating case where a hacked website they were fixing was experiencing credit card redirection which is very scary!
A drive by download can appear on your site, a site they redirect to, or both, but the goal is to download malicious software onto the visitor’s computer. This results in the innocent visitor having malware on their system that can cause serious problems. Often times the drive by download may pose as legitimate software, such as an update for Adobe Flash Player, but it is solely for malicious intent.
Stealing Existing Data
Hackers sometimes do use redirects or other methods to steal new customers’ information, but they can also take existing customer data. There are countless examples of this, such as when Sony’s PlayStation Network got hacked exposing over 77 million customers’ information and when the biggest hacker ring ever was busted after stealing 160 million credit and debit card numbers with losses totaling $300 million being lost over a 7-year period.
A backdoor is set up on a hacked website when the hacker wants to be able to gain access to the hacked website at a later time, and hopes that they go unnoticed in the meantime. Often these back doors are interfaces hackers can get access to once installed and configured by going to a certain URL on your website. From this interface, they can do many things such as a drive by download or spamming other sites with comment spam. In some cases instead of using the web interface, they use the command line interface.
Denial of Service Attack (DOS)
A denial of service attack is becoming a much more popular way for hackers to cause trouble… as if there aren’t enough other ways already available! A denial of service attack causes your website to become slow or unresponsive, causing frustration for your customers.
Cross Site Contamination
Sometimes you may be developing, designing, and testing a site, but then stop doing it for a while for whatever reason. The website is probably not secure and up-to-date, which can cause some, if not all, of your sites on the same server to be hacked as a result of cross site contamination.
Using Your Server Resources for a Malicious Intent
Your server resources are precious, and when hackers use them for malicious intent it can slow down your website and maybe make it unresponsive. You probably will be hearing from your hosting provider if it continues for an extended period of time for obvious reasons. Normally a hacker will use your server resources to send spam emails, use your IP as a proxy, or have it be a part of a botnet (which is a collection of other computers and server).
A proxy is used to hide the real IP, and this can be extremely helpful for hackers who have malicious intent because if they are caught it will be traced back to your IP address instead of their IP address. Your server can be a part of a botnet that can be used for taking down other websites through a denial of service attack.
Although it doesn’t necessarily mean your website has been hacked, comment spam is still a significant problem. Everyone who has a blog knows that annoying feeling when you have to sort through spam to find the quality comments. Spam can make your visitors feel suspicious of your site and your products and services.
Having your website hacked can result in harmful short-term effects (such as a inconvenience to you and your customers) as well as long-term effects such as a negative brand reputation, losing money, losing time, losing potential and existing customers, having your server’s IP address blacklisted, being blacklisted by payment processors, and declining search engine rankings.
My goal is to get your attention and hopefully convince you that website security is a serious problem. Be on the lookout for future posts on what you can do to prevent your website from being hacked!