How Do You Know if You’ve Been Hacked?

Forbes stated last year that 30,000 websites are hacked every day. That number is increasing. If you run a website, how do you know if hackers have been able to access it?

Three Ways to See if Your Website Has Been Hacked

Check it Regularly – It goes almost without saying that you’re unlikely to spot anything that’s wrong with your website unless you regularly check it. Check it as a user, clicking from page to page, and check it behind the scenes using your content management system.

See What Google Thinks – Google’s handy Forbes stated last year that 30,000 websites are hacked every day. That number is increasing. If you run a website, how do you know if hackers have been able to access it?

Three Ways to See if Your Website Has Been Hacked

Check it Regularly – It goes almost without saying that you’re unlikely to spot anything that’s wrong with your website unless you regularly check it. Check it as a user, clicking from page to page, and check it behind the scenes using your content management system.

See What Google Thinks – Google’s handy Safe Browsing Diagnostic Tool will tell you if your website’s considered to be safe. It will identify signs of trouble before you might notice them yourself, which is why it’s wise to use it regularly. Just change the ‘www.example.com’ to the domain that you’d like to check.

Look at Analytics Software – Search engines that have identified security risks on a website will still feature that website in their list of results. However, it’ll come accompanied by a warning that the website might have been compromised. Nobody with any sense will click the result and take the risk. If you notice a sudden, dramatic drop in the number of people visiting your website then it might be worth searching for it yourself and seeing what the results say. Analytics software might also show you if visitors are accessing pages of your website that you weren’t aware of.

What Do Hackers Do?

To fully understand whether or not you’ve been hacked, it’s important to have some knowledge about what a hacker is doing. Why do they want your website, exactly?

Phishing

Hackers can gather information from your website, using phishing techniques. There are many ways to do this.

They might:

  • Redirect your existing contact form so that details are sent to their email address whenever someone fills it in.
     
  • Create a brand new webpage using your domain, so that it looks like it’s a part of your website, then add a form so that your customers (who trust your company) will hand over their information without you even being aware that the webpage exists.
     
  • Access customer information that you’ve already stored.

Redirecting

Redirecting is usually a little more obvious. A visitor clicks on a link on your website, or tries to access the home page, and is taken away to another website elsewhere. Be aware that hackers might recreate your site design so that, without looking at the domain, your site visitor will never realise that they’re no longer on your website.

Spamming

With access to your website’s content management system, a hacker might simply choose to edit the content to suit their needs. They could add links, hide bits of text on your website or completely change pages of your website to promote their products. This can also be a malicious form of hacking, to destroy your company’s reputation.

File Hosting

A hacker might not make any obvious changes to a website at all. Instead, they might take advantage of a free hosting service by using your website for file hosting. On the site itself there will be no sign that anything is wrong. If they’re hosting files then your website won’t be compromised, but they’ll certainly be taking up space!

Malware Hosting

Hackers can host malware on your website, which will infect the computers of your website visitors. This can cause serious damage to their PC, or enable the hackers to access personal information kept on their hard drive. They might also install key logging software which will record everything that your site visitor types, including their passwords for other websites.

What Can You Do if You’ve Been Hacked?

If you’ve discovered that your website has been hacked then you can attempt to fix the problem on your own. In some cases, it’s as simple as changing your password and deleting a page that a hacker has added to your site. Unfortunately, many cases are much more difficult. A professional IT security company is a worthwhile investment if they can ensure that all evidence of a hacking attempt can be removed from your website.

Also be prepared to send an email to your site visitors or customers to inform them that your website was hacked – this is particularly important if their private data has been stolen, or if you suspect that malware might have infected their PCs.

Keeping your website, your CMS and any plugins up to date can help to reduce the security risks, though hacking can still happen. Don’t leave your site to run on its own – be prepared, check regularly and act quickly.

>Safe Browsing Diagnostic Tool will tell you if your website’s considered to be safe. It will identify signs of trouble before you might notice them yourself, which is why it’s wise to use it regularly. Just change the ‘www.example.com’ to the domain that you’d like to check.

Look at Analytics Software – Search engines that have identified security risks on a website will still feature that website in their list of results. However, it’ll come accompanied by a warning that the website might have been compromised. Nobody with any sense will click the result and take the risk. If you notice a sudden, dramatic drop in the number of people visiting your website then it might be worth searching for it yourself and seeing what the results say. Analytics software might also show you if visitors are accessing pages of your website that you weren’t aware of.

What Do Hackers Do?

To fully understand whether or not you’ve been hacked, it’s important to have some knowledge about what a hacker is doing. Why do they want your website, exactly?

Phishing

Hackers can gather information from your website, using phishing techniques. There are many ways to do this.

They might:

  • Redirect your existing contact form so that details are sent to their email address whenever someone fills it in.
     
  • Create a brand new webpage using your domain, so that it looks like it’s a part of your website, then add a form so that your customers (who trust your company) will hand over their information without you even being aware that the webpage exists.
     
  • Access customer information that you’ve already stored.

Redirecting

Redirecting is usually a little more obvious. A visitor clicks on a link on your website, or tries to access the home page, and is taken away to another website elsewhere. Be aware that hackers might recreate your site design so that, without looking at the domain, your site visitor will never realise that they’re no longer on your website.

Spamming

With access to your website’s content management system, a hacker might simply choose to edit the content to suit their needs. They could add links, hide bits of text on your website or completely change pages of your website to promote their products. This can also be a malicious form of hacking, to destroy your company’s reputation.

File Hosting

A hacker might not make any obvious changes to a website at all. Instead, they might take advantage of a free hosting service by using your website for file hosting. On the site itself there will be no sign that anything is wrong. If they’re hosting files then your website won’t be compromised, but they’ll certainly be taking up space!

Malware Hosting

Hackers can host malware on your website, which will infect the computers of your website visitors. This can cause serious damage to their PC, or enable the hackers to access personal information kept on their hard drive. They might also install key logging software which will record everything that your site visitor types, including their passwords for other websites.

What Can You Do if You’ve Been Hacked?

If you’ve discovered that your website has been hacked then you can attempt to fix the problem on your own. In some cases, it’s as simple as changing your password and deleting a page that a hacker has added to your site. Unfortunately, many cases are much more difficult. A professional IT security company is a worthwhile investment if they can ensure that all evidence of a hacking attempt can be removed from your website.

Also be prepared to send an email to your site visitors or customers to inform them that your website was hacked – this is particularly important if their private data has been stolen, or if you suspect that malware might have infected their PCs.

Keeping your website, your CMS and any plugins up to date can help to reduce the security risks, though hacking can still happen. Don’t leave your site to run on its own – be prepared, check regularly and act quickly.

About Author
This post was written by Jake Messer on behalf of HANDD, providing Data Security and Managed File Transfer solutions.