There's almost nothing worse than your website getting hacked, and possibly having to endure days of problems while the host retrieves your files and/or gets you to repair the site. It's important to have some basic knowledge about what happens, as you may be able to save yourself some pain, or minimize it if something does happen to your website!
How websites get hacked:
There are fourmain ways that websites get hacked:
Exploited scripts – outdated scripts with security holes get exploited through the web by baddies. They send special codes to your website that allow them to take over the website.
- Stolen passwords – virus and trojan infections on your computer can steal passwords as they are typed, or from saved password files. Once the virus has your passwords, they are sent up to a central repository and gradually exploited. One of our web developer friends had this happen to him and they took almost 18 months to gradually work through and hack 3-4 of his sites – each with bank phishing sites. Passwords can also be stolen by using them over public WiFi – both POP and FTP send passwords in the clear and shouldn't be used on public (unsecured) WiFi for that reason.
- (2b) Stolen passwords on the server – some webhosts run accounts in such a way that they can see each other's database passwords, and thus each other's databases. Yes, we think this is strange too.
- Root compromise on the server – it is possible to take over a server completely, and hack the web server component so it occasionally sends viruses out to people looking at websites. This is often done randomly, and sometimes only once per computer viewing the site, so it can be very hard to track down. This is relatively rare as thankfully most hosts are able to protect themselves against this. There were some recent examples of this in Australia over the last few years, though I'll refrain from mentioning the companies!
What we do to keep you safe
As we're in a unique position as a webhost as well as a web developer handling a lot of sites, we get to see more than a few sites hacked and we've worked out a methodology that successfully stops most hacking. While we won't mention all our goodies here, some of the things we do are:
- Block known attack signatures – when baddies attack scripts, they often use recognizable attack signatures. Where possible we detect these and prevent them from getting through to your website, giving what's called a "406" error.
- Firewall blocking of security scanners – a common hacker attack method is to "scan" a website by checking a list of vulnerabilities, or trying to guess a password by working through a list of common passwords, amongst other things. If we see an IP doing things like these, we block them in the firewall and that's the last we ever hear of them. While they can change IPs, only a few go that far, so this does cut down attacks.
- Ensure user accounts can't see each other's databases – that way if one account gets hacked, it doesn't spread to others. We hosted a small political organization for a few years that had been hacked around election time via this mechanism prior to moving to us, so it does happen!
- Scan uploaded files – we scan all uploaded files for known virus and other related patterns, rather like an anti-virus on a PC. We don't think many hosts do this yet.
- Do server-based backups – these allow us to recover the unhacked versions of files, if we find out quickly that the site has been hacked.
One of the problems with a server that regularly hosts attacked sites is that it can start to affect things like email (listed in blocking lists) and of course, a server under attack often gets very slow.
What you can do to keep your site safe
There are two things that you can do that will help you keep yourself safe from a hacking attack:
- Do regular backups of your site through cPanel – pop into cPanel regularly and download a backup. You only need to do it every now and then unless you change your site a lot. If you use WordPress, you can automate this with the WP-DB-Backup plugin, which can be asked to email you a backup on a weekly (or even daily) basis. See our Backup article here for more information.
- Keep your website's software up to date – if you use WordPress, for instance, it's merely a matter of logging into your dashboard regularly and running an update if there is a new version available. If you run WordPress and don't have the time to log in regularly and want to ensure you are kept safe, there's a plugin called WP-Update-Notifier that will send you email when a new update is available. See our article on updating web software here.
How we can help if you do get hacked
At the end of the day, any website can get hacked, even though you may have taken precautions, and we fully understand the distress that it can cause.
If you don't have your own developer, or if they would like a specialist to look at it, we are usually able to repair a website within a day, and do our best to diagnose for you how the site got hacked. Contact us if you'd like to discuss this service.