Google has just released a shocking statistic – in 2016 there was a 32% increase in website hacks from the previous year.
Imagine what a customer will do if they land on your website and see this:
As well as the reputational damage, hackers will also be able to access your web database, and if you have an online shop, they will have all your shop financials, and a list of all your clients email addresses.
They also have the ability to send emails from your server once they have got in, which can mean a server is blacklisted, your own emails start getting caught in SPAM traps, and it can be days or even months before the server’s sender reputation is recovered.
And finally, if you are on a shared server, this reputational damage can extend to any other websites sharing the same IP address, which on some can even run into hundreds – all affected by you!
In this digital age your website is your shop front and often manages many of your business processes. Would you use a business that had rubbish and dirt strewn around in their window display? I know I certainly wouldn’t.
Unfortunately Google predicts that this scenario is likely to get worse, as many CMS websites become out of date and with new security holes. Hackers are aggressively targeting these vulnerable sites.
How do I know if my website has been hacked?
You get held to ransom! Seriously; this is the worst case scenario and is become more and more common. When a hacker finds a vulnerability in your website they can even take full control of it, blocking your access completely. As one website owner found out;
“The first I knew about my website being hacked was an email from a hacker in Russia. They were demanding a ransom of £2000 to give me back control of my website. We were unsuccessful blocking their bad code and every moment it was in their control I was losing money from lack of sales. Reluctantly we felt we had no option but to pay the money. Fortunately we did get full control of our website back”
Other Types of Website Hacks
Because of the similarity of the majority of hacks, Google has grouped them together and have offered guidelines on how to solve them:
- Gibberish Hack: These fill a website with non-sensible sentences and keywords with the hope they will show up in the search results. When someone clicks on them they are redirected to an unrelated website, often a porn site. Details of how to fix a gibberish hack.
- Japanese Keywords Hack: Your website is filled with Japanese words which link through to fake branded goods for sale. The hackers then earn money through affiliate schemes. Details of how to fix a japanese hack.
- Cloaked keywords Hack: At a first site this type of hack may be missed. The website still looks very similar but the wording has changed and there are links to other sites. Sometimes it can be hidden on a 404 page so again easy to miss. Details of how to fix a cloaked keyword
What can you do?
- Ensure your site security is up-to-date. Many content managed websites (CMS) will alert you when updates are needed.
- Ensure you have verified your website with Google Search Console. If your site is hacked you will be alerted by Google. Apparently 61% of website owners never received a notification that their sites were hacked because they had not verified with Google Search Console. It is a free tool to use and provides a whole host of other website information that is extremely useful to any business owner. Here are some details about how to verify your site.
Is My Website Vulnerable?
In our experience almost all the sites that get hacked, are the ones that didn’t do their security updates when they became due. It is the nature of Opensource software that anyone can see the code (not in your site, but they can download its for themselves, from Wordpress, Drupal, Joomla, or whatever platform you are using). Some website owners feel that they can save money by not doing the updates when they become available, particularly on the larger and more complex sites where there are more to do. However the costs of repairing a hacked website, email system, and damaged sender reputation, far exceed the savings you think you may have made by avoiding the routine security updates.
Hosted by Channel?
If your website is hosted by Channel Digital, we also have in place a raft of security measures far in excess of almost anything available on the web. To each of our client websites we:
- Firewall Applied: A firewall detects and blocks intrusion attempts, produces reports of them, scans your website for mal-configuration, and blocks the IP of any address seen to engage in suspicious behaviour.
- Rigorous Security Measures: We build websites with our rigorous hardening processes, following all best practice, secure passwords, file permissions, and other measures to make attacks more difficult.
- Server configuration: Our servers also benefit from a range of configuration changes, moving services to non-standard ports, disabling not required services, and regular (free) server software updates and enhancements, all of which are designed to minimise the attack vector for all of our clients sites.
- Rigorous backup system: Our regular automated backups mean that even if a site was exploited, it can rapidly be cleaned and replaced with a version from before the exploit.
- Recommend updates: For all our clients we recommend updates to their websites when new versions become available. On our premium servers, dedicated servers and Virtual servers, these are compulsory and carried out by us for a reasonable fee when they become necessary. On regular servers these are sometimes the responsibility of our clients, but we still retain the key concept of collective security, by pushing clients to keep their sites up to date and secure for the benefit of all.
Here is an older blog post about website security, and particularly who is responsible for which aspects of it, as well as what is included within your hosting.
Recovering Damaged Websites
The Channel team are often able to recover websites built or hosted by other companies, and which have become out of date and been exploited. The difficulty does depend on how much the sites have been damaged, whether backups are available, and so on. However if you have been unfortunate to have your website damaged on another server we can normally assess the situation within a few hours, and let you know whether the materials exist to recover the website. If not, and there are no backups available, then the only option may be to build a new site.
At Channel Digital we are here to help your business succeed and are very happy to have a chat about what you can do to maintain your website in a secure fashion. Please do give us a call, or contact us we look forward to hearing from you.