In 2013, Forbes estimated that around 30,000 websites per day were hacked. In 2014, it was estimated that 38% of all web users were impacted by web attacks, which was an increase by one billion users, compared to those affected in 2013.

It is a common misconception that only large, international corporations are the primary targets of hackers. A successful attack on a business of this kind is, of course, going to return a bigger reward (and is more likely to be reported in the media), but these websites are also more likely to have a higher level of protection and are harder to gain access to. It is the smaller, less protected sites that are left open to hacking due to a lack of knowledge or understanding about the systems that are most at risk.

What does it mean when a website gets hacked?

When you sign up to a web hosting company, they give you space on their server to store your website information. A server is not really any different to the computer in your home or office, except for one key difference: it is set up and configured to make files available to the internet. There is no monitor, mouse or keyboard connected to these servers - everybody, including you, who accesses the server does so via an internet connection.

Your website and the web hosting server have several security systems that determine what kind of access each person has. As the owner of your portion of the hosting server, you have passwords that give you read and write access to your website - ie, you can view files (read) and you can also change them (write). Everybody else only has read access. They can view your files, but they are never, ever supposed to be able to change them, delete them, or add new ones.

A hack occurs when somebody gets through these security systems and obtains write access to your server, the same kind you have. Once they obtain that, they can change, add, or delete files however they want.

How does a website get hacked?

Almost all hacks are automated - self-contained packages called bots are programmed to crawl the internet searching for vulnerable websites. They use whatever methods bring the most results, most efficiently, at any given time. This can be both a good thing and a bad thing.

It's bad, because the internet is one giant interconnected network and simply having a website immediately makes it a target.

It's good, because the bots are looking for easy targets. If you take simple precautions, such as keeping your website updated and your passwords randomly generated and secure, your website will be harder to break into and will likely ward off most attacks made on it.

Your website is most likely to be hacked by the trajectories below.

  • Remote File Inclusion (an RFI attack): A remote file inclusion attack tricks an already-running website script into fetching a malicious script from an outside website. The imported code becomes part of the executing script, so it runs as part of it. It can perform any action allowed by the programming language, thus it has almost unlimited ability to modify website files.
  • Local File Inclusion (an LFI attack): Are the same as RFI attacks except that the attack tricks the already-running website script into displaying the contents of the server's system files that are normally inaccessible.
  • SQL Injection: SQL injection works in much the same way as RFI or LFI - by embedding additional malicious code disguised as commands for querying and manipulating information stored in a database.
  • FTP password theft: Viruses transitted to computers with web server (FTP) access stored in plain text allow this data to be sent to a remote computer. The remote computer then has full owner access (read and write, the same as you would), to attack the website files stored on the server, as well as load a copy of the same virus that retrieved the FTP details to the website so that the virus can continue to retrieve server access through other sites.
  • Password attacks: This attack usually involves eavesdropping over insecure internet connections to detect the passwords used and passing them to a remote computer, or a brute force attacks - literally guessing random combinations of usernames and passwords until the correct combination is guessed. This is why all internet passwords should be randomly generated and secure to prevent this as much as possible.

The first three methods of hacking in particular are of major concern. Most websites make use of an application, made up of thousands of individual files and millions of lines of code, to help build and maintain it, such as a content management system (also know as a CMS, eg WordPress, Joomla or Drupal). These platforms are very, very popular among web developers and there is millions of these applications available online 24 hours a day, 7 days a week.

As in all industries, there are programmers who are good at their job and use good coding practices to write their websites and applications, but there are also programmers who are inexperienced or use poor, vulnerable coding techniques. Hackers are just programmers, at the end of the day. These CMS' are routinely examined and targeted for vulnerabilities in the code by hackers. When they find one, a bot to exploit this vulnerability is written. Finding websites that use this vulnerable code is easier than you think - a simple Google search using the right search of data can return almost every single instance of this code on the internet. From there it is just a matter of executing the bot to each website.

What is the purpose of hacking a website?

While it is hard for you or I to imagine what value there could possibly be in hacking a website, the fact remains that if there is a will, there will be a guaranteed way. Below are some of the common reasons that hackers continue to perpetrate attacks on websites.

  • Obtaining use of your hosting company's mail server: This one would have to be the most common that we see here are WebClick. Because the majority of websites these days send email directly, rather than from an email program, all web servers are configured to allow email to be sent straight through the server. Think about that contact form that your users can fill in or the order confirmation email that you receive when you find a great purchase on Ebay. Once a website is infected, thousands of emails can be sent per hour.
  • Obtaining use of your website: This would be the second most common reason to we see at WebClick to hack a website. Your website could be replaced in full or in part by a new website or extra content, usually for illegal activity such as gambling, promoting/selling knock off pharmaceuticals or pornography.
  • Obtaining sensitive financial information: Typically, this would be credit card information, which can either be captured by intercepting the data you submit to a website when making an online transaction or retrieving stored credit card details from a databases (this is considered to be a very poor coding practice, and although it was popular to do in the 1990's, it is rare these days).
  • Obtaining sensitive personal information: This could include any personal data about you that could result in someone using your information illegally, or identity theft.
  • Obtaining use of your website visitors' computer: This could allow target computers to become infected and automatically transmit viruses or trojans to other poorly protected computers.
  • Your hosting server's high-speed internet connection: Because servers typically have a high-speed internet connection, they are favourable to finding vulnerable websites and computers and transmitting new attacks.
  • Your hosting server's processing power: Same as above, because servers are far more powerful than your average computer, they are favourable to piggyback off of it for superior programming power.
  • Gaining your users traffic: By adding visible links that your website users who place a high level of trust in your content can follow (or simply redirecting your whole website to a different website) can give them a boost in traffic to the hackers websites.

What do I do now?

Once you have been alerted to the fact that your website has been compromised, it is imperative that you take action as soon as possible. Here at WebClick, we take our server security and reputation very seriously. The effects of running a hacked website from our servers has the potential to significantly impact not only your business and viewers of your website but also our ability to provide reliable hosting services to our clients.

If action is not taken quickly, it may become necessary to take your website offline until the problems can be resolved. We always hope it does not come to that, but please be aware that it is a potential course of action we may not be able to avoid.

You should know that it is likely that you will need to pay any development company or freelance developer to firstly restore the website and then to repair it to secure the website to prevent future hacks.

However, it is also true that it is possible to narrow your chances of being hacked significantly by ensuring that the application that powers your website (ie, WordPress, Joomla, Drupal) is kept updated and actively maintained.

Clean up the hacked code

The first thing that needs to be done is to remove the changed, exploited files from the hosting server. One of the best ways to (temporarily) resolve a hacked website is to restore the files and database from a known good back up. While restoring the site does not fix any problems in the code permanently, it does provide a clean platform to then perform the necessary upgrades to prevent the website from becoming compromised repeatedly.

Your web developer should have a clean copy of your website, which once uploaded to the hosting server will ensure that the code has no malicious code remaining. If you do not have a web developer or your site was built by PerthWeb (PerthWeb Website Design Studio and WebClick's parent company), WebClick can provide you with a backup.

Upgrade the website

The Content Mangement System should then be updated to the last released version of the application. This not only applies to the base code, but all themes and plugins in (both active and inactive) that are installed as well. Again, your web developer or WebClick can do this for you.

Most applications now have an auto update feature built in, so if your Content Management System is missing this feature, upgrading to the latest version should allow you to enable it.

Change all passwords

It is always wise to err on the side of caution and this is no exception. Because your system has been compromised, there is no telling what data was retrieved and changing all the passwords associated with your website is the best course of action to take. This includes the passwords for the database, the FTP server and all admin accounts.

We're Here To Help

  • Local Servers and Data Centre
    All our servers are located in Perth and we host all your sites and data on our equipment at our Data Centre.
  • Local Perth Support Team
    Enjoy local support and assistance with every account from our on-premises support team.
  • KnowledgeBase
    Featuring many answers to common hosting questions, our KnowledgeBase is regularly updated with all the information you need to manage your hosting services.
  • Remote Assistance
    Our team can safely and securely remotely access your computer to resolve a range of issues.
  • Unlimited Email Support
    Access your support ticket area from the portal to get issues addressed quickly.

Can't Find What You Are Looking For?

That's where we come in. With our knowledge & know-how, we can guide you to the right hosting plan for your needs. All WebClick sales are handled by our support team, so you know you are getting the right advice for your needs with no tricks and no upselling.