Nobody’s Going to Bother Trying to Hack My Website…Right?

Internet hacking and data breaches have become a recurring theme in the news, but don’t fall into the trap of thinking that your site isn’t worth hacking, or that no one would take the time to try. The truth is, websites of all sizes and topics are the target of hacking attempts every single day. Today, hack attempts are coming not just from real live hackers, but from automated scripts that scour the web, sniffing out potential exploits and vulnerabilities everywhere they exist…from the multi-million dollar e-commerce site to the “I’m pretty sure my mom is the only person reading this” hobby blog. The goal of these exploits is no longer simply gaining access to financial information or credit card numbers. Now, hackers are after anything they can use to their advantage, and your website (no matter the size or scope) offers an abundance of such resources.

Server Resources

Storage

To a hacker, a vulnerable website could just as easily be seen as a gaudy neon sign advertising “Free Storage.” While some may just be attracted by the low price tag, others are trying to avoid storing illegal software and content on their own servers.  As a website owner, footing a hacker’s bill is the least of your concern: you could be unwittingly hosting malware, and stolen data on your site. When storage is the purpose for the hack, the website itself typically remains unchanged, making this type of hack especially difficult to notice.

Bandwidth and Processor Resources

Another valuable commodity on the internet is bandwidth, and hackers are eager to commandeer a website for its share. Using stolen bandwidth, hackers are able to run their own programs on someone else’s server, thereby avoiding the cost. This bandwidth can also be resold for a profit. Processor hacking is especially prevalent after the explosion of cryptocurrency, as “miners” looking to cut costs find extra processing power by hacking vulnerable websites.

Online Reputation

Companies that operate online browsers and search engines want the internet to be safe to use, so they actively block malicious IP addresses (each website uses either its own unique IP address or a shared IP address with other sites on its server) from appearing in the search results. Unfortunately, this means malicious actors on the internet need to consistently find clean IP addresses to use. One of the most valuable assets your website has is its “reputation” on the internet. (When we say reputation, we mean the fact that its IP address hasn’t been flagged or reported for hosting malware). “Reputation” helps determine where a site ranks in the search engine result pages (SERPs) and can even impact visitors’ ability to access it (because Google and other search engines will sometimes remove URLs of sites infected with malware from its index).

By gaining access to your website, hackers can also gain access to your clean IP address – which they can use to execute phishing attacks. These attacks – used to steal passwords and financial information – are more successful with a clean IP address, which can trick failsafes such as Google Safe Browsing. Hackers may also want to send spam email from your clean IP address to get past spam filters, or use your site to attack another site (ensuring their own anonymity).

In the aftermath of these hacks, one of the most significant setbacks is the loss of your IP’s reputation, as your website has most likely been added to internet blacklists for malicious intent. This frustrating situation can be difficult to fix.

Traffic to Your Site

Redirects

Placing redirects on a site is a direct way a hacker can benefit from someone else’s web traffic. Redirecting users attempting to access your services to a dangerous site not only affects the credibility of your website, but your business in general. Hackers are refining this technique, and usually only instigate a redirect under certain conditions in order to avoid detection.

Drive-By Downloads

Another threat to a hacked website’s users is a “drive-by download,” or a download that happens without a user’s knowledge or understanding. These hacks are a common way to distribute malware, spyware, or viruses to your site’s visitors. Not only does this attack the reputation of your website and company, but it puts the privacy of your website’s visitors at risk.

Black Hat SEO

Search engine optimization (SEO) is a concern for anyone with a site to promote, and like most things in life, not everyone likes to play by the rules. “Black hat SEO” is a blanket term that refers to unethical or illegal techniques that violate a search engine’s terms of use. One black hat technique is for a hacker to gain access to a legitimate website and inject links to another website. Hackers offer this as a paid service. (Hint: don’t do it! The search engines impose strict penalties for “paid” links and devalue links from non-related websites).

Defacement

Blatant defacement of a site is one of the most brazen acts of hacking. While hackers usually want to remain undiscovered for as long as possible, sometimes hackers view defacing a site as a challenge. Hackers can also be engaging in “hacktivism,” supporting or rejecting a cause (often political) via someone else’s website. In layman’s terms, a hacker hijacks your website in order to display their own message or malicious content.

User Data

One of the most dangerous compromises a website can face is the breach of user data. If your site deals in e-commerce, this is especially serious as your visitors’ credit card information could be stolen and exploited. However, sites without e-commerce functionality are not immune from data breaches; other types of data such as personally identifiable information can be used by a hacker looking to make a profit. In addition, your visitors’ username and password combinations can be stolen and tried on other websites – when people use the same username and password for multiple sites, such as online banking – this can become a real problem.

The question is no longer why would anyone bother trying to hack my website, but rather, what can I do to ensure it’s not? Any site can be hacked, and every website has something valuable to protect. When you work hard to create something on the internet, it’s devastating to see it be taken advantage of. That’s why we at DigiSage take cyber security so seriously. Part of our approach to security includes taking daily offsite backups, running realtime antivirus scanning with alerts, using CloudLinux sandboxes, and consistently updating the sites we manage. Learn more about the online security measures we take to ensure the integrity of your website.

Posted in: Blog