Don’t Panic: Website Defacements from 2015

January 6, 2016 in Malware, SiteLock Research

Bad actors have attacked websites since the beginning of the internet. They have many reasons for taking over websites — money, infamy, politics, curiosity — though nothing grabs attention more than the visual defacement of a site. Website defacement occurs when a bad actor gains access to the site files, and replaces the index or home page with their own page. We’ve seen many of these over the last year, but what are the real consequences for the sites that are defaced? We’ll discuss the effects of a defacement on a website, and the reasons why they happen. We will also outline what you should know about defacements and how to secure your site against them.

What Is A Website Defacement?

AnonGhost website defacement

The image to the left is the last thing a site owner wants to see on their site, a hacker’s statement where their website should be. A website defacement is the attacker’s “poster,” replacing the site’s content with something surprising, shocking, and sometimes colorful. This creates panic, the immediate consequence of a defacement. Regulars to the website may be frightened, and if a website has been taken over by a malicious actor, they could be in danger just by visiting it.

Effects Of Defacement On A Website

Even after the defacement is removed, the site can suffer long term loss of traffic and business. Sometimes the defacement is only the beginning, and further investigation reveals viruses and remote shells that the hacker has injected to allow them control of the entire site. The attacker may also have deleted the website data.

Sinister Defacement

A Visual Statement

Attackers often go for a dark and disturbing antisocial style to provoke an emotional response. In the above case, the “Abdou Qs” refer to themselves as information geniuses in French, a dark “Alice” set over a Palestinian flag.

While the entire site may appear to be gone, the simplest defacements only cause minimal damage to site content. Once a backup of the index page file is uploaded to the website, the site goes back to its original appearance and all is well. The goal of attacks like this is showboating, not infecting visitors or stealing data.

How Did My Website Become A Target?

Islamic State

Many defacements happen over international borders and lately it isn’t uncommon to see defaced pages like this. The first time someone sees this it can make them wonder if terrorists are targeting their business or site specifically. Fortunately, hacks are mostly random. First and foremost, hackers did not come to torment a site owner directly.

We talk about the motivations of hackers in the article Dispelling the Myth of ‘Why My Site?’, but the message that attackers aren’t after you personally bears repeating.

Sites that aren’t properly maintained are a favored target, and many hackers simply sweep across the web looking for code vulnerabilities that can easily be exploited. The website defacement above claims to have come from the Islamic State, but there is little real evidence the defacement is indeed from a terrorist organization. It may be a shock to see this on your site, but don’t buy into the defacer’s hype. Whoever perpetrated the attack could be completely ordinary.

What You Need To Know

Being the target of a website attack like this can be frustrating and frightening. Security is about awareness, and attackers return to websites they believe aren’t paying enough attention to security.

Preventing A Website Defacement

If you take basic security measures like a web application firewall and malware scanner, defacements can be avoided. Once your website is no longer an easy target, attackers will move on to sites that are more easily penetrated. It’s not literally a terrorist at your website’s door, the site is simply being attacked by someone on the web.

Smileys defacement

Just as important, make backups of your site on a weekly or monthly rotation depending on how often you add content. Hacks sometimes destroy site content, sometimes by accident, and backups are vital in recovering that damage.

Dealing With A Defacement

The first thing to remember is “don’t panic.” In a website defacement, the bad actor is looking for attention and fear. Attackers may do this for politics or enjoyment, but the first thing you can do is resist the personal shock of these attacks.

Once you are used to seeing these defacement images, they no longer inspire fear. If you know how to improve your website’s security, and if you have a plan for recovery when attacks occur, they are only colorful images, which, in the end, is what defacements really are.

Hacked By Hitler

Defacements draw attention to the infiltration of a website, and it is much better to know that a hack has happened than to have unknown code sitting on your website for months or even years. The direct approach of a defacement is shocking, but in plain sight.

Restoring your site means keeping a clear head and knowing what to do. Beyond backups, there are other common web maintenance tasks: performing updates to WordPress and other software, keeping good unique passwords, and making sure your computer’s own security is up to date.

Additionally, SiteLock offers services to help with hacks like the TrueShield firewall to help prevent harm, and the INFINITY malware scanner to clean up the malicious content they added. Just remember, preventing hacks is possible, and in the worst situation SiteLock offers affordable services to undo the damage caused by defacements.

Please enjoy the following defacements with a new awareness.

Are You Lulz

Hacked by
Anonymous Community website defacement
Hacked By Whiterose
Soldiers of Allah website defacement
Latest Articles
Follow SiteLock