Has your website been hacked?
HOW DO YOU KNOW YOUR WEBSITE IS HACKED?
You have maybe recently learned that your site has been compromised (hacked, infected) by receiving a message from a search engine, or a notification on your browser, an email from a friend, or even an email from us.
At Elakoon we regularly crawl the web looking for websites that have been compromised. Once we find hacked websites, we may contact the site owner to let her know the risks her and her site’s visitors might be facing.
Still not sure?
Even if you have received the type of messages stated in the point above, you may still feel unsure whether your site has been hacked or not.
If this is your case, our advice is that you can register your site in Google Search Console. Google will scan your site and warn you if they have detected signals that your website is compromised. Once at the Google Search Console page, check under the section Security issues for URLs of your website where Google has detected that your site has been hacked. Consider that if you have just registered your site, Google still will take some time to scan and display the results.
Don’t you see malicious content in your site?
You are now sure that your website has been hacked, but you’re unable to see hacked content on the URLs provided in the Search Console. In this case, the hacked content might be using a technique known as cloaking. Cloaking shows different content to visitors and search engines. For example, if you access an URL on your site which has been detected as hacked, you might see a page without content. When a search engine accesses the same URL, it will read the content with spammy words and links.
To check for cloaking, use the following techniques:
– Use the site: operator at Google and search for your site’s domain. For example, if your site is named www.example.com, type site:www.example.com in the search field. Make sure there isn’t a space between the site: operator and your domain. The site: operator will only return pages related to your domain name. If there is unusual content or keywords in the search results, there might be hacked content on your site. You can use the site: operator in conjunction with keywords to check for specific types of spam in your website. For example, site:www.example.com viagra cialis.
– In addition, it’s is essential to use as well the Fetch as Google option in Google Search Console. This option will present as results the web page as it is indeed read (seen) by Google, instead of as how it is shown to your visitors by web browsers. Use this tool, introduce your site’s URL and check the output for any suspicious text or links that could have been added to your site.
Why has your website been hacked?
Hackers, also called attackers, are mainly motivated by financial gains. In their criminal pursuit, hackers are interested in both, big and small sites.
Although it is evident for big sites’ owners that security is a must, for small sites’ owners to come to that same conclusion may be not evident. In fact, small sites’ owners generally think that hackers cannot be interested at all in their websites and therefore they feel they are safe. Unfortunately, that’s the type of thinking that keeps a site owner from taking any action to prevent these attacks from happening. The result is that the owners and their visitors alike are put under a huge risk. The facts show than 30 thousand websites are infected every day and almost 80 percent of them belong to small and medium-sized businesses.
It is important to understand that most attacks are automated. It’s generally not your website in particular that hackers are after. Hackers create bots that continuously crawl the web searching for websites that have vulnerabilities. Once sites with those vulnerabilities are found, hackers can either use free available malware, buy or even create their own malicious software that can exploit those vulnerabilities on many sites throughout the web. Your site may be only one of the thousands affected.
How has your website been hacked?
Most sites are compromised through either a security hole in their hosting provider, outdated or insecure software or plugins they are using, stolen passwords, or even insecure folders or files permissions. Hackers can also install malicious software on websites administrators’ personal computers that then steals login credentials when they access their site.
Once a hacker has got access to your site, she can now assume any action on the site like:
- Adding spammy content.
- Adding and distributing from your site malicious software also known as malware.
Adding spammy content to your site
In the spammy strategy, hackers do not want to spend time and money to create a legitimate business online that attracts visitors to their websites thanks to positive reviews, backlinks, and quality content. Instead, they hack innocent sites with a good reputation online to add spammy texts and links to their own websites. The crime often goes unnoticed by using cloaking techniques which hide the spammy text and links which, in turn, makes the site owner completely unaware of it.
However, when search engines bots visit those sites and automatically process their content for search results, they also scan the malicious content and if not correctly detected, they will index it for future search results, increasing hackers’ own sites reputation due to the additional backlinks received, which in turn, will make their sites ranking upper in search results.
Adding malware to your site
In the malware strategy, hackers embed malware that is downloaded and installed into your visitors’ computer who in turn become victims. The malware has been specifically crafted to evade detection. Once the malicious software has been installed, attackers can install keystroke logger programs to record passwords or credit card numbers. They can also capture screenshots of the victims’ monitor display in real time, turn their webcams on and watch remotely from any location in the world, turn a victim’s computer into a zombie bot as part of a larger botnet and use it to launch a distributed denial of service attack (DDoS) … And again, all of this without the website owner nor her website visitors ever even knowing what is happening.
Moreover, attackers will also be in a privileged position to gain access to any other device within the victims’ network. If it happens to be a corporate network, attackers could gain access to valuable business data assets like customer databases which could put the company out of business if the data is destroyed, will probably mean receiving a fine by the competent data protection authority, and will certainly impact its business reputation.
What are the implications for you?
And what about you, the website owner, and your website?
Well, if your website has been compromised, your server and your network have probably been too. In this case, you are under the same risks as your visitors. Moreover, search engines will discourage potential visitors going into your website, which will be blacklisted and which will be automatically demoted in search engines’ results … affecting both, your overall reputation and your website’s traffic negatively. It will, unfortunately, cost you time, effort, business, money, and leave you with a lot of headache and frustration.
Is recovery possible?
Yes. Recovery is absolutely possible.
The recovery process requires specialized knowledge, skills, and network capabilities that make this process difficult for being carried out successfully by non-experts. It is not only essential to clean the site, but it is also equally important to find the root cause or vulnerability that allowed the cybercriminal to gain access to your site. If the right root cause is not found and corrected, it will be highly likely that, even if your site’s content is restored, either the same cybercriminal or a new one strikes again.
Therefore, you may want to put the recovery process on the hands of trusted experts like us at Elakoon. During the recovery process, we will protect you and your visitors, identify the vulnerabilities, fix the problem, clean the site, complete the review process with search engines, and provide site maintenance guidelines for keeping your specific site secure and performing. Your site will return online even more robust.
Once the recovery process is over, if you wish so, we can also migrate your website to our own secure and reliable hosting service. Security and performance are of primary importance for us and part of our reason to be.
Do you need help?
Please send us a message!