"My website is hacked" - What does this mean?

The dawn of the world wide web era has seen our society make leaps and bounds forward into new and exciting technologies. However, the rise in popularity of the internet has enabled hackers to easily infiltrate servers and spread malicious code via unsuspecting websites.

In the early days of the internet, the primary method for distributing mailcious code was via email. Nowadays, with so many websites online, breaking into a website and changing the content is, by far, the easiest and preferred way to spread this bad code.

In 2013, Forbes estimated that around 30,000 websites per day were hacked. In 2014, it was estimated that 38% of all web users were impacted by web attacks, which was an increase by one billion users, compared to those affected in 2013.

It is a common misconception that only large, international corporations are the primary targets of hackers. A successful attack on a business of this kind is, of course, going to return a bigger reward (and is more likely to be reported in the media), but these websites are also more likely to have a higher level of protection and are harder to gain access to. It is the smaller, less protected sites that are left open to hacking due to a lack of knowledge or understanding about the systems that are most at risk.

What does it mean when a website gets hacked?

When you sign up to a web hosting company, they give you space on their server to store your website information. A server is not really any different to the computer in your home or office, except for one key difference: it is set up and configured to make files available to the internet. There is no monitor, mouse or keyboard connected to these servers - everybody, including you, who accesses the server does so via an internet connection.

Your website and the web hosting server have several security systems that determine what kind of access each person has. As the owner of your portion of the hosting server, you have passwords that give you read and write access to your website - ie, you can view files (read) and you can also change them (write). Everybody else only has read access. They can view your files, but they are never, ever supposed to be able to change them, delete them, or add new ones.

A hack occurs when somebody gets through these security systems and obtains write access to your server, the same kind you have. Once they obtain that, they can change, add, or delete files however they want.

How does a website get hacked?

Almost all hacks are automated - self-contained packages called bots are programmed to crawl the internet searching for vulnerable websites. They use whatever methods bring the most results, most efficiently, at any given time. This can be both a good thing and a bad thing.

It's bad, because the internet is one giant interconnected network and simply having a website immediately makes it a target.
It's good, because the bots are looking for easy targets. If you take simple precautions, such as keeping your website updated and your passwords randomly generated and secure, your website will be harder to break into and will likely ward off most attacks made on it.

Your website is most likely to be hacked by the trajectories below.

  • Remote File Inclusion (an RFI attack): A remote file inclusion attack tricks an already-running website script into fetching a malicious script from an outside website. The imported code becomes part of the executing script, so it runs as part of it. It can perform any action allowed by the programming language, thus it has almost unlimited ability to modify website files.
  • Local File Inclusion (an LFI attack): Are the same as RFI attacks except that the attack tricks the already-running website script into displaying the contents of the server's system files that are normally inaccessible.
  • SQL Injection: SQL injection works in much the same way as RFI or LFI - by embedding additional malicious code disguised as commands for querying and manipulating information stored in a database.
  • FTP password theft: Viruses transitted to computers with web server (FTP) access stored in plain text allow this data to be sent to a remote computer. The remote computer then has full owner access (read and write, the same as you would), to attack the website files stored on the server, as well as load a copy of the same virus that retrieved the FTP details to the website so that the virus can continue to retrieve server access through other sites.
  • Password attacks: This attack usually involves eavesdropping over insecure internet connections to detect the passwords used and passing them to a remote computer, or a brute force attacks - literally guessing random combinations of usernames and passwords until the correct combination is guessed. This is why all internet passwords should be randomly generated and secure to prevent this as much as possible.

The first three methods of hacking in particular are of major concern. Most websites make use of an application, made up of thousands of individual files and millions of lines of code, to help build and maintain it, such as a content management system (also know as a CMS, eg WordPress, Joomla or Drupal). These platforms are very, very popular among web developers and there is a large available online 24 hours a day, 7 days a week.

As in all industries, there are programmers who are good at their job and use good coding practices to write their websites and applications, but there are also programmers who are inexperienced or use poor, vulnerable coding techniques. Hackers are just programmers, at the end of the day. These CMS' are routinely examined and targeted for vulnerabilities in the code by hackers. When they find one, a bot to exploit this vulnerability is written. Finding websites that use this vulnerable code is easier than you think - a simple Google search using the right search of data can return almost every single instance of this code on the internet. From there it is just a matter of executing the bot to each website.

What is the purpose of hacking a website?

While it is hard for you or I to imagine what value there could possibly be in hacking a website, the fact remains that if there is a will, there will be a guaranteed way. Below are some of the common reasons that hackers continue to perpetrate attacks on websites.

  • Obtaining use of your hosting company's mail server: This one would have to be the most common that we see here are WebClick. Because the majority of websites these days send email directly, rather than from an email program, all web servers are configured to allow email to be sent straight through the server. Think about that contact form that your users can fill in or the order confirmation email that you receive when you find a great purchase on Ebay. Once a website is infected, thousands of emails can be sent per hour.
  • Obtaining use of your website: This would be the second most common reason to we see at WebClick to hack a website. Your website could be replaced in full or in part by a new website or extra content, usually for illegal activity such as gambling, promoting/selling knock off pharmaceuticals or pornography.
  • Obtaining sensitive financial information: Typically, this would be credit card information, which can either be captured by intercepting the data you submit to a website when making an online transaction or retrieving stored credit card details from a databases (this is considered to be a very poor coding practice, and although it was popular to do in the 1990's, it is rare these days).
  • Obtaining sensitive personal information: This could include any personal data about you that could result in someone using your information illegally, or identity theft.
  • Obtaining use of your website visitors' computer: This could allow target computers to become infected and automatically transmit viruses or trojans to other poorly protected computers.
  • Your hosting server's high-speed internet connection: Because servers typically have a high-speed internet connection, they are favourable to finding vulnerable websites and computers and transmitting new attacks.
  • Your hosting server's processing power: Same as above, because servers are far more powerful than your average computer, they are favourable to piggyback off of it for superior programming power.
  • Gaining your users traffic: By adding visible links that your website users who place a high level of trust in your content can follow (or simply redirecting your whole website to a different website) can give them a boost in traffic to the hackers websites.
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Hacked: After the clean up - What to do after your site is fixed

If you are reading this page then you are on your way to being proactive and actively taking...