Most people we talk to believe that securing their website is as simple as choosing a semi-difficult to guess password… That’s simply untrue these days!
In the past few months we’ve dealt with hackers accessing several of our clients sites (and also non-clients who’ve asked us to fix sites after an attack) so we thought we’d cover some of the most common ways we’ve seen unauthorised access to accounts recently and what happens when they do get in!
Common Methods for Attack
- Passwords
Bad, insecure, guessable, shared, pinned to a monitor or a dictionary word to us it’s all classified as one thing “Bad Passwords”, your password is the key to your account – you wouldn’t leave your frontdoor key lying around would you? Pick different passwords for your control panel/ftp and email accounts and any software you install (WordPress, forum software etc), make sure that password isn’t a dictionary word and can’t be easily guessed – preferably including some punctuation and numbers and then change these passwords regularly. - Old Versions
New software comes out all the while, we’ve been using software like WordPress for a number of years and it’s never been easier to upgrade between versions than it is now, other software isn’t so easy but the upgrades are no less necessary! New versions don’t just include new features (which you may or may not feel you need) they often include many bugfixes and security updates that are essential for preventing hackers circumventing your password and finding a way into your account. - Permissions
This is a little more complex, always make sure your permissions for files and directories are set correctly (talk to your software vendor if you’re unsure what they should be), failure to do so could see someone upload files that steal your customer data, redirect your site to their site or send spam emails and all with your website name attached.
What Do They Do?
The list is almost endless of what hackers might or might not do if they manage to get access to your account from just targeting your account to trying to escalate that control to the whole server. Recently we’ve seen the following:
- Sending out spam (this may harm your reputation and stop your own emails being delivered)
- Redirecting your visitors (to their own site, to disreputable sites, to malicious sites or even just straight back to Google).
- Stealing information.
None of the above are particularly positive, remember that you are responsible for what happens in your account and the hackers don’t leave a billing address so we can bill them for the cleanup operation so it all comes to the account holder!
What do we do?
We try to tidy up and secure your site as best we can (you can see one example of what happened during a cleanup here), unfortunately without viewing every line of code (a costly exercise) we’d struggle to guarantee your site is completely clean after it has been compromised. Generally we’ll do the following:
- Change your passwords (all of them!)
- Upgrade your software to the latest version
- Check your permissions
- Identify the source of the attack (if at all possible)
- Cleanup any malicious code we can find
Obviously if you do the first three yourself regularly you may never have your account compromised and so the latter will never become necessary, so have a think – how secure is your website and account?
Leave a Reply