When talking with customers whose website have been hacked, our support teams often hear the question, ‘Why was my website hacked?’ Getting hacked is a violation. It is a violation of a company’s web properties, or the personal violation of someone’s small business or specialty site. Having the hard work of web development undone, even temporarily, is a difficult experience and SiteLock strives to restore that work as quickly as possible. Our teams are dedicated to this.
This week we’re here to reassure readers that the majority of compromises are not targeted attacks. We will discuss how and why bad actors attack sites, and how to avoid becoming another line in an attacker’s text file of owned sites.
Websites are fish in the sea of the Internet and get caught up in the scanning nets of malicious actors.
Individual websites are not specifically targeted for attacks. Not the majority, that is. Sites are fish in the sea of the Internet and get caught up in the scanning nets of malicious actors. When a vulnerability is published, like the recent Joomla SQL injection vulnerability, attackers craft scanners which search the Internet for vulnerable versions of Joomla and compromise only those sites which they can exploit.
It works the same for WordPress. Attackers scan the net looking for low-hanging fruit, the multiple known exploits in WordPress sites that the attackers know they can reliably exploit, and then they try one or more of those exploits to gain a foothold in the site. Once the attackers have some control, they work to change the site to meet their objectives. The attackers’ objectives are, again, not personal. They don’t want ‘your’ site. They want your site’s resources and good reputation on search engines to drive traffic for financial gain.
And that is why sites are hacked — money. Sometimes it’s notoriety, say in defacements, though those are generally not targeted either. In the majority of hacks, bad actors upload spam or spam file creators to the site and drive search engines to those spam files, driving traffic to, say, online pharmacies or knock-off ski jacket sites. Here we see the beginning code of a spam file creator uploaded to a vulnerable site, which grabs content from a malicious or compromised site to create spam.
Once full control is achieved, through a shell or spam file creator, the attackers fill the site with sometimes tens of thousands of spam files, all waiting to drive traffic. Here we see a very small sampling or brand spam uploaded or written to a site.
Other spam is of the pharmaceutical nature, driving search engines and subsequently users to the malicious sites.
As we’ve shown, nothing referred to or was personal about the sites attacked. We often see patterns of spam content and file names in these hacks, strengthening the wide-net idea of site compromises.
Hopefully we’ve assuaged any fears of a personal attack. Now knowing the how and why of hacks, what should you do to prevent your website from being hacked? Here are three straightforward steps.
It’s not your site, it’s the bad actors. Your site is yours, and with these steps and SiteLock, we’ll make sure it stays that way. Check out our website to learn more about SiteLock’s website scanning and malware-removal solutions.