We got a Negative Comment/Bad Review on Social Media! What do we do?!
June 21, 2017
Show all

Why would anyone hack MY website?

Why would anyone hack my website?

Have you ever asked this question? It sounds like it could be reasonable, right? I mean, you’re not a Fortune 500 company doing billions of dollars worth of online business a year, are you? Or an adult dating site full of juicy blackmail material?

You might not even take any kind of personal information through your site at all. Surely, then, no one would ever want to hack YOUR site…right?

Ooooooh no. Not right at all. If you’re on the internet, you WILL be targeted by hackers – and here’s why:

EVERYONE is a target

Most people don’t realise is that 99.9% of hacking these days isn’t done by hackers – it’s done by hacking software. Just like everyone else in the 21st century, hackers have discovered the huge benefits offered by automation – all they have to do is write a “black-hat” program (or buy one on the darkweb), then sit back and watch as their computer does their dirty work for them.

If that wasn’t bad enough (you don’t even have to be computer whizz to be a hacker anymore?!), the worst thing about this situation is a little less obvious: hacking software isn’t discerning; it’s automated and continuous. It doesn’t target specific websites or companies – it sets up a dragnet and attempts to hack every single website it finds.

Sucuri, one of the world’s foremost online security companies, estimates that it takes about 30-45 days for an entirely-new website to be discovered and targeted by hackers. Much like Google, these programs trawl the internet looking for vulnerable targets – and once you’re on their list, you WILL be targeted.

Of course, this just raises another question: why? Why would someone do this? Well…

It’s not actually about you (most of the time)

Most of the time hackers aren’t concerned about what they can do to your site – it’s about what your site can do for them:

  • Hackers may use your site to hack others, either inserting code onto your site that infects your site visitors’ computers with viruses, malware or spyware, or using your own email system to send out emails full of viruses. This is a big problem – not only does it keep the vicious cycle going, it can ruin your reputation with your customers and send your Google rankings down the tube.
  • Hackers may steal your traffic, using your website to sell their own products (either by inserting their code onto your pages, or by redirecting those pages somewhere else). If your customers ever ask you why you’re suddenly selling off-brand pharmaceuticals, online gambling services, or…“adult products”, you’ve been hacked.
  • Worst, hackers may not even get ANYTHING out of it, but do it anyway. Yep, someone might just hack your website to broadcast a political message or to show everyone their Mad Hacking Skillz. That’s not how I get my kicks, but it takes all sorts.

“So, what do I do?”

If your site is going to be attacked (and it is!), the most important thing you can do is try to keep it safe. Here’s what Technology Matters recommends:

  • Keep your site up-to-date
    Life comes at you fast on the internet – new technologies, new security measures, and new hacking techniques pop up all the time, and allowing your website to slip behind for a while can open it up to all sorts of vulnerabilities.
  • Backup and scan! Backup and scan!
    Hacked websites often wind up riddled with malicious code, which regular scans will pick up and alert you about. And of course, the faster you jump on a compromised website, the better, especially if you need to delete it all and restore from backup. Of course, you need to have a regularly-updated backup of your site for that. It’s like insurance – you don’t want to ever have to use it, but if you ever do then you’ll sure be glad you had it!
  • Sign up for a Website Care Plan!
    If you don’t want to think about protecting your site against hackers, why don’t you leave it to us? We are experts, after all, and we do this every day. We offer a few levels of support, ranging from regular software updates all the way up to more advanced security measures like external firewalls.

It’s not all doom and gloom!

If you’ve been reading along and getting progressively more worried about your website’s safety, please let me reassure you (in a roundabout kind of way): you’ve probably been attacked about a dozen times while reading this article. And if your website is still up, that means you’ve survived it!

When it comes down to it, facing hacking attempts is a part of life for web-facing businesses in the 21st century, no matter who you are and what you sell. But as long as you’re proactive, you should be all right. While no one can ever guarantee that you won’t be successfully hacked, if you follow the advice above you’ll a) have a better chance of avoiding it, and b) be able to recover faster if you do get hit.

If you’re still worried, or you want some more personalised advice about keeping your business safe online, please contact Technology Matters. We’re only ever a phone call or email away.

 

Is your WordPress website up-to-date?

Make sure with our WordPress Care Plans

Nathan Dorey
Nathan Dorey
Nathan has been involved in nearly every aspect of web development for 12 years – from scoping to design, and coding to copywriting. He oversees Technology Matters' Association Suite, bringing together a range of services catered to professional associations.

4 Comments

  1. Yogesh says:

    I have my website designed by developer but now we are getting rid of him due to faulty and unprofessional services so we got owned hosting shared space. After domain tranfer to our godayy account and transfer f of website Content is there any possibility errant developer can damage our website in view of his grudge towards us.

    • Nathan Dorey says:

      Hi Yogesh, it depends what kind of site you have – if it’s running a content management system, your original developer would likely still have admin login info (maybe even super-admin).

      And depending on how the hosting transfer was performed, the package and the database’s login information could have stayed the same, too.

  2. John says:

    Hi nathan , im a web developer/ designer. Whilst i always provide full lists of , gwt, gmb ,analytics, hosting service and if its a cms the admin passwords. I always advise them to change it , not for their own safety but mine. Should the site get hacked , i will not be in the line of fire.

    That being said. This is referring to the comment above from yogesh , what alot of us developers do as an insurance is put a kill script in the website. This can do one of two things , wipe the entire public folder clean , or wipe itself out only, depending on what url you visit.( Many people run off with drafts and then use another dev to finish it off ) . Then we can wipe the hosting servers public html clean simply by entering a url, with no access to any login. If they pay we wipe the script and then its locked down from us from there on.

    Its a tough one Yogesh, because i know there are bad devs but also good ones , but you know how stereotyping goes.

    I dont know your story with this guy , but a good contractual agreement is always the place to start and set your terms. If he breaches that then you have good grounds to boot him. I imagine you payed a deposit , upon your sudden exit from his contract i expect you did not get it back ?

    • Nathan Dorey says:

      Hi John – interesting thoughts. While most clients that we’ve had have been pretty great, I completely agree: it’s extremely important to have a good contract in place – for everyone involved!

      Even before that, though, I feel that the REAL work is the vetting process before anything is written up. That’s when we all make sure that we’re a good fit for each other, that we’re all clear on what we’re building and for what reason, and that we all have the same expectations. THEN comes the contract, to set all of that in stone.

      It also helps that, generally speaking, Technology Matters is looking for long-term relationships. No “churn and burn” for us. We want to build a continuing relationship with a client, to help them build their website and their business over time – not to mention to keep it secure and up-to-date. That is probably a big part of why we’ve never felt the need for a “kill switch” or to advise clients to lock us out of the site completely – we hope to continue serving them for a long time after the site launches.

Leave a Reply

Your email address will not be published. Required fields are marked *