Cyber-crime is serious business. Learn how this concerns you and why your website is a target.
Is my website safe?
There is no 100% safe website. Most use complex content management systems (WordPress, Joomla!, Drupal,…). Whenever a new vulnerability in one of these systems is found hackers use it to mass attack websites all around the world. This makes all CMS powered websites potential targets. On top of that there are countless targeted attacks due to religious, political or ideological motives.
More than 50% of all successful website attacks stay undetected for months.
On average, malware infections stay undetected for 255 days.
Google blacklists more than 9.500 websites every day due to malware infections.
Your website was hacked. What now?
We recommend to:
- Take your website offline immediately
- Clean your own computer with updated antivirus software
- Ask a professional IT engineer to remove all traces of malware from your website
- Change all passwords
- If your website was blacklisted, request removal from all blacklist providers
Hacking as a business
So why would anybody attack your web server? In the end it is all about money. If you run an online business there is obviously a lot of valuable data sent to your website. But even if you do not: Your server can be used to distribute computer viruses, Trojan horses and other malware. The higher your reputation, the easier it is to convince online visitors to install downloaded software.
Your website can also be used to:
- Remotely access your server’s computing power
- Steal data
- Commit online fraud
- Send SPAM e-mails
Protect your website
stopbadware.org - a non-profit organisation fighting malware recommends:
- regular backups
- only use the most current CMS versions and plugins
- remove unused scripts, plugins and software
- critically analyse quality and trustworthiness of new scripts, plugins, themes
- use SSH and SFTP instead of Telnet and FTP
- sign up to services like Google Webmaster Tools
- use a website scanner like nimbusec
Malware? Software created to cause damage to a computer.
Web shells/backdoors? Software designed to grant unauthorized access to a web server
Unsafe configuration? Settings of a content management system that enable attackers to break into web servers.
Defacements? Attack on a website that changes its design and/or content.
Blacklists? Blacklists are maintained to prevent users from visiting malicious Websites. If a site is blacklisted users wil be warned against visiting the site.