‘Prevention is better than cure’. Yet thousands of websites are hacked every day because they are not properly secured. Have you ever considered the risks? Fortunately, you can recognize, remedy and prevent a hack.
Why is a website hacked?
There are several reasons why hackers work. A hacker can rely on important information, such as the passwords or credit card details of your customers. Or he wants to carry out attacks from your package. Another motive is sending spam or distributing malicious software to the systems of your website visitors.
‘This website may be unsafe’
If your website has been hacked, you will usually find it in one of the following ways:
- You will see a warning if you click on the link to your website via Google: “This site may be unsafe” or “This website may be harmful to your computer”.
- Your browser shows a message that your website is ‘phishing’. In phishing, a scammer uses a link that seems to come from a real company. If you log in with your login name, password or credit card number, the scammer will have access to your personal data.
- Things happen on your website that you are not used to. For example, files have suddenly been replaced or deleted, without you having ordered them.
- You will encounter an unknown iframe in one of your web pages.
- In some cases, there may be a virus, but your website is usually hacked. A piece of unsafe code has been placed on your website.
What risks are there?
If your website is hacked, chances are that Google will blacklist your website. Customers will see a message on Google that your website is not reliable. It is also possible that your website will no longer be indexed. This allows you to miss out on customers. Another risk is that your company suffers reputational damage if a hacker gets your personal data from your customers.
Possible causes of a hack
A hack can have various causes. Below are the most common:
- There is a leak in the software on your website. A hacker finds a so-called exploit (exploitation) in the software on your website. Think of a form on your website where a hacker, in addition to normal text, also enters a piece of code. Then this code is placed on your server.
- There is malicious software on your computer. There is a good chance that there is a virus or trojan on your computer. Without your knowledge, the passwords of your FTP server, for example, are forwarded to a malicious person.
Eliminate the problem:
- Investigate the cause of the problem. Try to find out what has changed on the website via the log files.
- Check your computer with a virus scanner.
- Change all passwords that you have saved on your computer. These are different passwords: in your browser, FTP server, database and e-mail accounts, software (Joomla, WordPress, etc.). Choose strong, different passwords of at least 8 characters.
- Do you have a backup of your website? First, check that it is safe and then place it back.
Prevent a new hack:
- Change all passwords regularly.
- Make a back-up of your website with some regularity. We recommend that you store it in a different location than on your computer, such as on an external hard disk, CD-ROM or USB stick.
- Install a good virus scanner on your computer.
- Use a website security tool. This scans for all kinds of malware and exploits. When your website is safe, you can even place a security certificate on your website. Visitors know that they are visiting a reliable website.
- When you use a CMS, it is very important that you always install the latest updates. Hackers previously abuse websites with an outdated CMS.
- Keep an eye on your log files. Pay attention to whether you see abnormalities or abnormal peaks in your traffic. This can be done using the statistics of your web hosting package, but you can also install Piwik for extensive web statistics.
Request malware verification at Google
Have you solved the problem properly? Then ask Google for a new malware check. Google then scans your website for malware. When there is no more malware on your website, Google will remove the warning from your website. This takes an average of a day. Is the warning still on after a few days? Then you may not have removed all malware properly.