Why was my website hacked?
By Rashid Herrera.
First, take note that ALL websites are prone to attacks by hackers whether it be static (in pure HTML, although it’s hard, but they can get in through hosting vulnerabilities or by stealing the codes directly from the computer of the company that sells web designs), and the dynamic or programmed websites (in which the user can change the content) are especially vulnerable.
But Why was my website hacked?
1. Sometimes hackers (usually young people who don’t have a job called “script-kids”) just want to feel the power of controlling someone else’s work, and their only objective is to get them out of the internet, change the presentation, or to leave their mark, sending an “I was here” message. There is also a “game” in which script-kids earn “points” for each site that they destroy. There are forums in which they get together and talk about their anecdotes and give lists of sites that they have destroyed. For them it’s just a big game to destroy the work of others. What they usually do is to change the Home Page for one that says “SADXXX (Script-Kid Nick Name) WAS HERE” or something similar, in black, with bright green, red, or black, etc.
2. In other cases, they upload programs that send chain mail with sp@m, using their server, wasting their band width, making it so that other websites add your URL (the www.yourbusiness.com) to their sp@m list, so when you need to send e-mails, some of them won’t receive them.
3. There is also the case of more specialized hackers who upload programs to the website, programs that take the website’s domain and look for big security holes so that they can use them. That way, they can:
a. Upload other files to the server: images, or websites that show the information that they want. Sometimes only one page with the hacker’s information (the nick name and location), in other cases pages with links to websites that they wish to promote, or pages with information that they wish to publish.
b. Modify the website’s data base (if it’s a dynamic website): Why? To change the content of the web pages shown to the public (imagine what it would be like to be able to change the prices of items in an online store!), or to steal important information like e-mail, names, and user codes, or credit card numbers.
c. And something that is common in the year 2010 is the existence of hackers that leave the website exactly the way it is, but they install small fragments of code that display a small window or announcement that requests to download something that is normal for many of us. For example, open a little window that say: “this page requires the newest version of the Flash Player to see it.. Click here to download it,” and when you click, what you are really downloading is a Trojan that will give the hacker access to your computer, who will look for your account numbers, credit card numbers or ftp accounts to infect other websites.
Who did it?
It’s always possible for the webmaster to locate the country in which the attack was done, through the website’s access log. By checking the ip, the country can be defined, ad in my experience, I have seen that it’s done in countries like India, Pakistan, Rusia, China, Germany, USA, among others.
It’s NOT possible to find out exactly which city or house the attack was done form (although maybe the CIA can, especially on TV, but I don’t know how).
An important detail which you must take into account is the most of them use programs which let them cover their ip,or to use an ip that’s not their own, so that information isn’t all the sure.
Can you know who did it?
I can’t. Maybe an expert with more knowledge can give chase until finding out exactly who is responsible.
Will it happen again?
It’s not nice to answer with the truth; nobody will like it, but it’s very probable that it will happen again… Why?
a. Every server has vulnerabilities that can be attacked by an expert hacker. Even if the ones that are in charge of the host (if it’s a serious company) take the time to close all the recently discovered vulnerabilities, a hacker can attack a careless host and violate it.
b. Every dynamic website (independent of the programming language that is used) has programming language vulnerabilities, and every day there are new patches for the holes that are found. If you can have a webmaster which is dedicated to finding and closing all these programming vulnerabilities in your website, then it will be much safer, but take into consideration the fact the everyday there are new patches. It’s a constant job.
c. Every website (dynamic or static) has access codes saved somewhere. If your webmaster carelessly saved them in a non-secure site, or if they are in a computer that doesn’t have an antivirus, or if it has a deficient or obsolete antivirus, the password could be stolen! Sometimes they are stolen from the computer of the website’s owner (who usually has these codes also, and the computers usually aren’t very safe). At least in the year 2010, this is the most common method used by hackers.
Every website is prone to attacks by hackers, even such relevant websites like Google, Adobe, Microsoft, among other millions.
For me, the subject of hackers is like that of robbers who enter houses. Each robber has his/her own reason. Avoiding the entry of robbers into your house depends on the security measures you’ve taken, and the construction materials. In the same way, avoiding having your website attacked depends a lot on the company which works (the webmasters or builders), but it also depends a lot on the security of the programming, or on the construction materials.
If you use a CMS like Joomla, Drupal, Xoops, etc, it is very probable that hackers will attack, because being free, they can download them, study their vulnerabiblities and attack, or they can simply do a search on Google for “vulnerabilities in Joomla 1.5…” and choose which one they wish to exploit. What can do if my website is with a free CMS?
a. Look for somebody to update it every time there is a new version, since the new versions have the found patches.
b. Use a CMS that is not very well known. In that case, it’s possible that the hackers won’t know the vulnerabilities very well.
c. Use a web designing company that will back you up and who will support you in the case that you are attacked by hackers.
d. Use a safe hosting company that offers good infrastructure and software updates, and constant security copies. Fortunately, our web designing company offers hosting that makes frequent backups, and when we have been attacked by hackers, our websites have been cleaned and restored in a matter of two hours.
e. Cross your fingers so that no hacker attacks you.
The subject of hackers on the internet won’t change. It’s like trying to get rid of robbers.
What we can do is to use serious companies in web designing and hosting which will help us in the case of an attack to restore our website, or to help protect us at maximum against the attackers.
