OK, this is probably your worst nightmare, but luckily it almost never happens, right? Wrong!
Hack attempts happen almost every day to all sorts of websites great and small. It’s a nasty fact of life for anyone who operates an online presence. If you’re not prepared for that fact, then it might be all too easy to fall victim.
You might think that your website is just too small and insignificant for a hacker to bother trying. After all, you don’t sell anything online and your website is just a 5-page brochure for your business, so nothing worth hacking into? Wrong again.
The question of “why do hackers bother?” can be answered two ways:
1. The reality is that it’s little if any effort. The hackers usually aren’t actually doing the hacking themselves, they use software to automate processes and hack attempts so they don’t need to do it all manually. Even the processes they follow once they gain access to your website is automated too, and attempts can be relentless. It’s really not likely to raise too much sweat for the hacker. In fact, it’s probably all happening while they chow down on a cheeseburger in front of their PlayStation. A breach of your business premises by some offshore criminal is not done with any concern of consequence to you at all.
2. On a large scale, it’s likely to provide a great benefit to the hacker one way or other, and the hacker will target websites for specific purposes. Usually, (but not always), hacking a website is done in a way that doesn’t disrupt the front-end function of the website, so you or your users may not see any sign that there’s a problem. However, the hacker may be collecting data from you, intercepting financial transactions, piggy-backing on your hosting services, redirecting functions or resources on your site, redirecting your visitors or one of many other nasty little tricks. On a single site-by-site basis, this might not amount to much, but once a large network of automated hacked sites starts working for the hacker there’s probably plenty of reward at their end.
Don’t panic yet.
Because there are so many different types of website and an almost limitless combination of servers, hosting platforms, CMSs and functional configurations, not all websites are targets. There will be plenty of easy pickings among the most common ones.
Still don’t panic.
What are the Consequences of your Website Being Hacked?
Many different things can happen when your website has been hacked, and the severity of the consequences vary by a huge amount. Here’s some of the stuff your website could be doing:
Your site and your server’s mail protocols might be hijacked and be used to send emails to a large number of random or selected people in an attempt to get information from them such as bank or credit card details direct from their email.
Your site and your server’s mail protocols might be hijacked and be used to send thousands of spam emails designed to scam people or convince them to visit websites that use virus injection, sell illegal products or services, advertise illegitimate or criminal business operations etc.
Your website may be re-engineered by the hacker to collect login or other personal data from your users who visit the site. It may be used to impersonate another website or business that the user gets tricked into trusting with their info, like a bank.
Your website could be used to place a virus into the computers or devices used to browse your pages. This could lead to your users being robbed or scammed and might even threaten all of their contacts too if email or phone details are stolen.
Your website may look fine and your users may experience absolutely no issues when using it, but bots like Googlebot and Bingbot may be redirected to other websites for “black hat SEO” purposes to artificially boost the rank of a destination website. These are often for gambling, drug sales or pornography websites.
Your website may be redirecting your visitors to a website they didn’t intend to visit. These are often for gambling, drug sales or pornography websites.
Your website may have hundreds or even thousands of new pages added into it with content that promotes the hacker or their clients’ websites. This content injection hack might have no apparent effect on your website visitors so it’s possible you never even find out this has happened until someone else who finds an injected page brings it to your attention. Usually the injected pages are designed to get Google rank for counterfeit brand products, gambling, drug sales or pornography.
Many website design companies do not offer firewall and virus monitoring as part of their service. Sometimes you can purchase it as an optional extra, just like you would with your PC.
If you read through all this and realise your site is not protected, panic now!
Better still: find out how to protect your website in our next article…