What would you do if your website was hacked?
Websites are attacked or 'compromised' more and more. As the sites get smarter there are more opportunities to get into them.
So you may be asking yourself "what can I do about it?". Well the first thing is to ensure your website and it's databases are kept backed up. Depending on your hosting arrangements there maybe a facility that allows for daily online back ups. It is wise with these to find out how your website can be recovered should the worst happen. It's not always obvious. Many hosting companies have a very strict policy. If a website is compromised or attacked as soon as it is detected the site will be taken offline. This is mainly to protect the server as there may be other website on the same machine that could then be vulnerable. They will insist that the root folder (where the website files live) is completely cleared. Once that has been confirmed then you will only be allowed to restore a clean version of your website before it will be allowed to go live again. Lets hope you have that back up to hand.
The next thing is to ensure the system that your website relies on to work is kept up to date. Whatever it is, WordPress, Joomla, Drupal and a wide variety of others frequently provide security updates and patches which must be installed when they become available. It's the equivalent of keeping your antivirus up to date on your PC. If a hacker finds a way into a website or CMS they will often publish their success and how they did it on any number of hacker forums and websites. Then they'll be a flood of hackers trying the same trick, for the fun of it. Only a small proportion of attacks have anything to do with corporate espionage or terrorism. Most of it is 'for fun' and apparently the challenge.
The attacks that can be a real worry are the ones you don't see. Sometimes links and snippets of code are inserted into the code of the website. These may not be obvious to somebody just browsing the site. Their purpose is to provide a network of links to, well the intentions are rarely good, but for instance to provide a legitimate appearing link to a far from legitimate website, effectively hiding it.
The are many reasons for hacking a website and, as already mentioned, it is mostly 'for fun'. But there are those that are after your data...
Cavespider, backing you up
- Written by Crispin Jones