Blog -

Has your website been Hacked?

dijitul

Thanks to improvements in CMS platforms (apart from Joomla *shudder*) hacked websites are not as common as they used to be. I remember a time when one of our websites would be targeted (and often compromised) on a monthly basis!

Our two current chosen CMS platforms  (WordPress and Opencart) are both secure out-the-box, and as long as the company making your website doesn’t do anything silly you should be fine and fairly un-hackable (made up word alert!) However, we do still see a website getting fully screwed over a couple of times a year – and that’s where our Security Team step in…

Here are a few examples of “symptoms” you may experience which could mean your website has been hacked;

  1. Pages redirecting – This is most common, the “hacker” would get in and modify certain pages on your site to redirect traffic to a “You been HACKED” kind of page.
  2. White/blank pages on your website – This could be a result of the above example going wrong – if they inject code to try and redirect traffic, and it injects it in the wrong place it could break certain pages.
  3. Disk space suddenly all used up – Often hacked sites with issues (see above) cause log files to go from a few MB to a GB or two within a day, this can cause remaining disk space to be consumed very quickly.
  4. Emails from you not sending – If you can’t send emails all of a sudden, its likely you have some kind of mail relay running on your hosting account using your allocated mail-per-day setting in a few minutes.
  5. Emails to you bouncing – Often if you have been hacked, you will have become a source of spam (see above) and this could cause you to be blacklisted.

Depending on the type of website, the disinfection process varies quite a lot. Sometimes the hack is due to a newly introduced feature and therefore restoring a backup from before the feature was added is the best bet. Often, the issue is with a file that has only just been found to be exploitable (like the TimThumb hack from a  few years ago) and this requires a different process as technically the exploit has always been available (it was just previously unknown) so the part of the website that uses that script potentially needs reworking to use something else. Additionally if your server has been blacklisted then there is the extra step of having it de-listed on one of the hundreds of blacklists used by mail providers worldwide.

We have a few tools in-house that allow us to deep-scan the website files for further infections as once a script has been exploited – the “Hacker” can then often do whatever they want and force the infection to spread across multiple files.

Our security team have recently encountered a very strange hack indeed! We inherited a really poorly put together online shop from another web company, and they failed to inform us that at one point in its life the website had been compromised and a “hacker” had been allowed free rein. We believe that the hack was patched up by changing file permissions of the offending files, making them inaccessible for anyone trying to access them via a browser – but as the website was Zipped up and sent to us to restore on our server, all the file permissions were reset and the back-door reopened.

We very quickly noticed something was wrong, and managed to find and plug the issues very quickly – however due to the nature of the website (made of lots of free scripts and example code – VERY poor!) it would cost a fortune to fully plug up – so we’re doing a similar temporary fix the last web company did, and then pushing forward with their new online shop which doesn’t contain any bugs of back-doors!

In a nutshell, make sure you do your homework when choosing a web developer or “designer” as many people in our industry profess to be able to “make you a website” when in fact all they do is produce you a bug filled website that will end up causing you more issues than its worth.

And this is a note to all wannabe web designers and developers – if you are not 100% aware of what you are doing, how you are doing it, and why you are doing it that way – you shouldn’t be doing it in the first place! 

Contact our Security Team today if you are having a problem with your website or you think its been hacked!

Leave a Reply

Your email address will not be published.