Hosting,web design,Web Services Website hacking

Website hacking

Website hacking

So you design your content and place it online on your site. You are proud of your work and are perhaps earning from your site. You feel that you’ve already done the job and everything is running well until one morning you access your site and find what is being displayed there is content you didn’t create. Sometimes another person is advertising on your site. Other times, you find your homepage deleted and someone has printed an insult or used obscene language on your front page. And worse, someone has decided to place dirty/gory videos or photos on your website! Well, this means someone has unauthorised access to your site.

So here we ask a few questions about site hacking and answer them. In the end, we hope to have helped you prevent situations like the ones above and enjoy your online presence as you would like to.

So, lets get started.

Why do websites get hacked

When you ask people who have been victims of site hacking, a good number of them will always wonder why their websites got hacked. They don’t consider their content to be so valuable that someone would be interested to hack them. Perhaps they’re not even in any competitive form of trade that they may have competitors to suspect. So why would anyone want to hack their account?

1. automation

When an attack affects a very large number of websites, mostly those created using content management systems (CMS) such as WordPress, drupal, joomla etc it is most probably an automated attack. These attacks are carried out through deployment of scripts or bots on the many sites. The attacks take two forms: attack of opportunity and targeted attack.

An attack of opportunity is an attack where, your site is hacked simply because it is in the web and perhaps you have something that gives the attackers the chance to access the site e.g a faulty plug-in.

A targeted attack is normally reserved for big businesses or organisations, but not always. Hackers target a firm or institution and try to gain access to their site for their own reasons such as sabotage, to acquire some kind of information or even for fun. It makes a hacker so proud if he manages to get into a big company’s site.

How websites are hacked

There are three ways in which a website gets hacked:

  • Access control – This is about how you log in to your hosting account. Methods used to gain access to your account include:

    -Brute force attack

    • This is where the hacker tries to guess your credentials. If he succeeds guessing them right, your account is under their mercy.

      -Phishing

    • use of malicious web pages to capture login credentials (user name and password) of users. Phishing webpages are normally designed to display like legitimate web pages of a given web site. For instance, a phishing web page may be be displayed exactly as your google log in page. So when you enter your details to log in, the site saves your user name and password and this can be used to access your email account.
  • Third party integrations – CMS like WordPress Joomla etc. are very popular. Developers have created many integrations that work on sites built using these tools. Sometimes these integrations are compromised and they give access to your hosting account
  • Software vulnerabilities – some software code used in our sites are not monitored to check for bugs. These software introduce loop holes through which hackers can launch an attack on your site.

How to prevent your website from being hacked

Ensuring your presence online through your website is not just about getting yourself a domain and hosting space then designing a site. Being online comes with its responsibilities. The security of your website is something you will have to be responsible for. If you can’t maintain the site yourself, the best thing is to find a person to do that for you.

Some of the steps you can take to ensure your site is more secure are:

  • Avoid plug-ins that have been abandoned. Plug-ins that have not been updated for 6 months or more carry a high chance of causing trouble for your site. We recommend that you use plug ins that are actively being updated.
  • Keep all your plug-ins updated. Ensure you update plug-ins you have activated as soon as new ones come up. Newer plug-ins are generally more secure that older ones.
  • Download plug-ins from sites that are reputable. Reputable sites provide contact details with their physical location, are professionally designed and have terms of service/privacy policies. Also, google up the sites together with words such as vulnerability(e.g. example.com vulnerability) to see whether there are unresolved vulnerabilities discovered about the site’s products
  • Use strong passwords and not-so-obvious user names. For example, if you use WordPress, avoid creating the user admin. Instead, give the user a different name during installation. If you have already created user admin, create another user with same administration rights as admin and delete the admin user.
  • Use two-factor authentication where applicable. In two-factor authentication, you will log in normally with your username and password, but before access is granted to your dashboard, you have to enter a code that has been sent to your phone or email

What to do if your site is hacked

If your site has been hacked and wrong content is being displayed, you need to follow the steps below to regain security of the site:

  • Reset the passwords for your hosting panel and your CMS administration area. Make sure your new password is strong to avoid access via brute force. Strong passwords constitute of letters, numbers and symbols
  • Restore a backup. If you have a backup of files and database that you are sure aren’t corrupted, restore your site from the backup. If you don’t have a backup, make sure you keep one whenever you make an upgrade of your site. Use the various backup tools in cpanel eg Softaculous backup feature
  • Use a scanning software to remove the hack from your site. Examples of site scanning software include Sucuri or Express Malware Removal

If you get a hitch in performing any of the above steps, you can contact Truehost Support to ask for options they can offer for your site.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post

Website hacking

Website hacking

So you design your content and place it online on your site. You are proud of your work and are perhaps earning from your site. You feel that you’ve already done the job and everything is running well until one morning you access your site and find what is being displayed there is content you didn’t create. Sometimes another person is advertising on your site. Other times, you find your homepage deleted and someone has printed an insult or used obscene language on your front page. And worse, someone has decided to place dirty/gory videos or photos on your website! Well, this means someone has unauthorised access to your site.

So here we ask a few questions about site hacking and answer them. In the end, we hope to have helped you prevent situations like the ones above and enjoy your online presence as you would like to.

So, lets get started.

Why do websites get hacked

When you ask people who have been victims of site hacking, a good number of them will always wonder why their websites got hacked. They don’t consider their content to be so valuable that someone would be interested to hack them. Perhaps they’re not even in any competitive form of trade that they may have competitors to suspect. So why would anyone want to hack their account?

1. automation

When an attack affects a very large number of websites, mostly those created using content management systems (CMS) such as WordPress, drupal, joomla etc it is most probably an automated attack. These attacks are carried out through deployment of scripts or bots on the many sites. The attacks take two forms: attack of opportunity and targeted attack.

An attack of opportunity is an attack where, your site is hacked simply because it is in the web and perhaps you have something that gives the attackers the chance to access the site e.g a faulty plug-in.

A targeted attack is normally reserved for big businesses or organisations, but not always. Hackers target a firm or institution and try to gain access to their site for their own reasons such as sabotage, to acquire some kind of information or even for fun. It makes a hacker so proud if he manages to get into a big company’s site.

How websites are hacked

There are three ways in which a website gets hacked:

  • Access control – This is about how you log in to your hosting account. Methods used to gain access to your account include:

    -Brute force attack

    • This is where the hacker tries to guess your credentials. If he succeeds guessing them right, your account is under their mercy.

      -Phishing

    • use of malicious web pages to capture login credentials (user name and password) of users. Phishing webpages are normally designed to display like legitimate web pages of a given web site. For instance, a phishing web page may be be displayed exactly as your google log in page. So when you enter your details to log in, the site saves your user name and password and this can be used to access your email account.
  • Third party integrations – CMS like WordPress Joomla etc. are very popular. Developers have created many integrations that work on sites built using these tools. Sometimes these integrations are compromised and they give access to your hosting account
  • Software vulnerabilities – some software code used in our sites are not monitored to check for bugs. These software introduce loop holes through which hackers can launch an attack on your site.

How to prevent your website from being hacked

Ensuring your presence online through your website is not just about getting yourself a domain and hosting space then designing a site. Being online comes with its responsibilities. The security of your website is something you will have to be responsible for. If you can’t maintain the site yourself, the best thing is to find a person to do that for you.

Some of the steps you can take to ensure your site is more secure are:

  • Avoid plug-ins that have been abandoned. Plug-ins that have not been updated for 6 months or more carry a high chance of causing trouble for your site. We recommend that you use plug ins that are actively being updated.
  • Keep all your plug-ins updated. Ensure you update plug-ins you have activated as soon as new ones come up. Newer plug-ins are generally more secure that older ones.
  • Download plug-ins from sites that are reputable. Reputable sites provide contact details with their physical location, are professionally designed and have terms of service/privacy policies. Also, google up the sites together with words such as vulnerability(e.g. example.com vulnerability) to see whether there are unresolved vulnerabilities discovered about the site’s products
  • Use strong passwords and not-so-obvious user names. For example, if you use WordPress, avoid creating the user admin. Instead, give the user a different name during installation. If you have already created user admin, create another user with same administration rights as admin and delete the admin user.
  • Use two-factor authentication where applicable. In two-factor authentication, you will log in normally with your username and password, but before access is granted to your dashboard, you have to enter a code that has been sent to your phone or email

What to do if your site is hacked

If your site has been hacked and wrong content is being displayed, you need to follow the steps below to regain security of the site:

  • Reset the passwords for your hosting panel and your CMS administration area. Make sure your new password is strong to avoid access via brute force. Strong passwords constitute of letters, numbers and symbols
  • Restore a backup. If you have a backup of files and database that you are sure aren’t corrupted, restore your site from the backup. If you don’t have a backup, make sure you keep one whenever you make an upgrade of your site. Use the various backup tools in cpanel eg Softaculous backup feature
  • Use a scanning software to remove the hack from your site. Examples of site scanning software include Sucuri or Express Malware Removal

If you get a hitch in performing any of the above steps, you can contact Truehost Support to ask for options they can offer for your site.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post