Hacked, spoofed, spammed, infected, hijacked, disabled, cross-site scripted, and so on… The words that mean someone’s invaded your computer system or website multiply every day.
Some symptoms that your website has been hacked include: it being used to send spam to others; excessive traffic on your hosting account; getting blocked by Google, slow page loads (although this can have many causes)
Businesses whose website has been hacked always blame the hosting server. (Us, for many of our customers.) But unless every customer on our servers is infected—which has never happened—the problem is most likely closer to home. Verizon identified errors and misuse by authorized users as causal events in 37% of computer breaches.
Here are 3 ways websites get hacked – and how to prevent a breach.
1 – Update much? Keep all plug-ins, apps and themes current.
In one survey, outdated WordPress plugins, themes, and maintenance accounted for 90% of all hacked computers and websites. To protect your computer, you must regularly maintain and update all your software across your system, including WordPress and antivirus software. You should also invest in a business-class firewall. (Hint: we can help with that.)
2 – Passwords in too many hands? Strictly control access.
Even in the smallest company, access to the admin level of your website should be strictly limited.
When you think about “access,” however, you need to think beyond your website logins (e.g., WordPress, Dreamweaver, Joomla!) to:
- Hosting panel
- Server (i.e., FTP, SFTP, SSH)
- Social media forums
Controlling one access point but not others is like locking the door and leaving the windows open. Systems should be in place to protect access across entry points, especially in the event that users change. Limit FTP access, remove old users, and periodically update usernames and passwords (to ones that cannot be guessed).
3 – Got software? Prevent malware from breaching website vulnerabilities with a web application firewall.
Software vulnerabilities extend beyond the website to any associated technologies (e.g., web server, infrastructure, etc.). Anywhere there is a system, there’s a potential software vulnerability waiting to be exploited. This can also extend to your browser (e.g., Chrome, Internet Explorer, Firefox, etc.).
When it comes to websites, exploitation of a software vulnerability is achieved through an alphabet soup of methods: via cleverly malformed Uniform Resource Locator (URL) or POST Headers, an attacker is able to enact a number of attacks, like RCE (Remote Code Execution), R/LFI (Remote / Local File Inclusion), and SQLi (SQL Injection) attacks.
Stop malware before it gets a chance to infect your site with the appropriate firewall. As you may guess, when a website is hacked this way, it takes a seasoned expert to go in and distinguish between the website’s “native” (real) files, and remove files/code that doesn’t belong there.
How we help
FutureLink’s firewall solution includes antivirus, email security, spam filters, web content filters, intrusion prevention, ad blockers, and other protections against security threats. But it doesn’t stop there; we take a layered approach, to cover a broader range of threats. Learn how we can help protect your business; contact us today.