Welcome To My Website – Take What You Want!

The instances of websites being hacked is on the rise! A recent US survey of 583 businesses (June 2011, conducted by Juniper Networks) showed some alarming data. 90% of respondents said that their network had been breached at least once by hackers in the previous 12 months. 60% reported two or more breaches and staggering 50% said they didn’t feel they could stop future attacks.

Other data by security analysts shows that 75% of all hacking attacks target web applications and obviously the majority of these are websites. The incidence of hacking attacks is on the rise and they fall into three main categories:

1. The Casual/Vandal Attack
   The hacker gets into your website in order to disrupt the operation of the site. Typically carried out by people learning how to hack and those that just want to cause damage.
    
2. The “Redirect” Attack
   The hacker wants to change content in order to direct visitors to malicious pages of their own creation. This may be to try to sell fraudulent products or to then spam the visitor.
    
3. The “Viral” Attack
   The most worrying of all the hacking attacks the attacker installs a virus or trojan into the site’s code. Typical viruses will then take over your PC and tell you that you have been infected and try to sell you the “cure”. A typical trojan will download silently into the visitor’s PC and begin to log every keystroke, which it then sends to the perpetrator through a log on a remote server. This means that when the visitor next types in their online banking address, username and password, it is then sent to the attacker who can log in and access sensitive information.

Worse still is that many of these attacks are detected by anti-virus programs, which means your website will be flagged to the visitor as having been infected. Also if not resolved quickly, Google itself will detect the infringement and notify visitors that the site is unsafe.

How likely would you be to ever visit a website again if you were told by Google not to visit it?

So why are these instances of hacking attacks on the rise? It is my firm belief that OpenSource software has been the fuel to this firestorm of activity. OpenSource is an initiative where a group or “community” of coders work together to create a web application. Joomla, Wordpress, Magento and Drupal are all examples of open source content management systems.

Let’s not dwell on the fact that these systems are not intuitive, designed for technical users rather than end users, difficult to customise and not mobile friendly; the real problem is the fact that so many people have worked on and documented every aspect of how the system works. This means that anyone who has a desire to can easily learn how to hack a website on one of these systems. For instance I ran a few searches on Google using the search terms below and here are the results:

1. “How To Hack Joomla”
   This search returned 7.76 Million results that included instructional videos on how to hack a Joomla site!
    
2. “How To Hack Wordpress”
   This search returned a staggering 48.7 Million results and also included instructional videos.
    
3. “How To Hack Magento”
   This was an interesting one because there were just over 2 Million results and included on page 1 of the results was a company that provided a cleanup service for hacked Magento sites. Clearly a lucrative business.
    
4. “How To Hack Drupal”
   Almost 5.7 Million results with instructional videos included.

“So what should I do?”

The simple answer is that if you are running a business website that you rely on, but you still want to use OpenSource, then you need a really solid backup strategy. You need to be backing up your website in full every night and keeping at least 3 months worth of backups. This will ensure that you can restore a clean version of your website even if you didn’t notice the hack for a long period of time.

However, obviously the best form of protection is to avoid this problem in the first place and use one of many proprietary systems that are inherently safer. That is not to say that they are hack-proof, but added to the fact that they have often had a great deal of effort put into anti-hacking protection, their inner workings are also not known to hackers and so the vast majority of casual attacks are therefore mitigated.

If you would like to know more contact us and we’ll be happy to answer any questions you may have.

The DG Group is dedicated to delivering all the marketing solutions any company may require.  Whether it’s a website or leaflets and brochures, or even some product packaging; The DG Group will manage the whole project, providing sound guidance along the way.