Our Blog

Website Hacks and Intrusions

By Heshy Friedman

There are an increasing number of websites being hacked, and this can cause websites to malfunction, be entirely disabled, or even worse, hijacked. There are several types of hacks with different ramifications and fixes. The most common type of hack is a brute force attack. This happens when a hacker writes a script that penetrates an FTP to gain access to your web server files, frequently resulting in the hacker uploading malicious files on to your web server.

Brute Force Attacks are usually random, with the hacker not intentionally looking for your website to hack. The malicious program scans the web for websites to attack, seeking servers that it can penetrate using a script to replicate hundreds of login examples, with one combination eventually being successful. Once hacked, the script may rewrite certain files or scripts within the website file structure, as well as add new scripts that adversely affect the website.

Scripts that are placed on your server from an intrusion are known as malware. Although they may be relatively benign, where certain pages will redirect to a different website, they may also be malicious, and can route the page to pornographic websites or to websites that can place a virus on the visitor’s computer.

These malicious scripts are often blocked by a browser or by anti-virus and anti-malware software installed on the host computer or user’s computer. Google will block websites where a redirect to a known malicious script or redirect is detected. When Google blocks a website, this prevents the site from being visible, and it also causes a demotion in SEO rankings.

Another type of hack is a SQL injection. This type of hack usually involves an exploit in a website with a database where the intrusion can penetrate into a database and cause the content to be hijacked. This is usually caused by scripts that allow data to be written to a database that are penetrated, thereby writing malicious content to the database. SQL injections usually require fixing an exploit at the coding level or updating software versions.

Another type of hack is a direct, intentional hack. This involves a hacker directly targeting a specific website either to extract sensitive data or to intentionally disable the website. This is the most uncommon type of hack but the most pervasive and difficult to deal with. These are usually done by professional hackers that use several methods to hack in by breaking through standard website or server security. These are the types of hacks that will affect banks to extract sensitive data, or will attack a politically sensitive site for malicious purposes.

When a hack occurs, the first thing to do is clean up the site and change the passwords. The malicious files or scripts need to be removed from the code or the database, and the passwords need to be changed. The hosting company can sometimes do the cleanup by doing a restore to an earlier date prior to the intrusion. A copy of the website should always be stored locally as well, in order to restore from the correct local copy if necessary.

There are instances when it can be difficult to clean a site after an intrusion, or when a restoration is not possible due to newer data in a database. These circumstances require a website security company such as Sucuri.net to perform cleanup. They specialize in understanding the various malware and intrusions and are experts at cleaning it up. They also provide monitoring services to detect any suspicious activity on a website. If a website has suffered from a hack on more than one occasion, this type of service is a requirement to maintain the website’s health.

If Google detects malware on a website, it will block it with a warning message that states “This site may be compromised.” Even once the site it cleaned and the vulnerability patched, Google may still block the site. The way to get this corrected is with Google Webmaster Tools. In addition to SEO tools, this free service from Google has a Malware review request that allows you submit the previously-infected site to Google where they review it and remove the malware notice.

Sometimes hacks cannot be prevented. However, preemptive measures can be taken to minimize malware intrusion possibilities. One of the most important things is to have a strong FTP password. Strong passwords contain a combination of uppercase and lowercase letters, digits, and special characters. Such passwords make it much harder for Brute Force Attacks to occur. Coding should always be reviewed for exploit possibilities, especially on scripts that upload files to a server. When using popular CMS platforms such as WordPress, the version as well as plug-ins need to be kept up to date. Aside from making the system better and more stable, the updates often install patches and repair exploits and vulnerabilities.