Website Security Video Series with CarTek Consulting - Signs You have Been Hacked

Here are the top seven signs your website may have malware 

1) Missing or Inappropriate Content

After you have created a beautiful website that includes all of the graphics and content that your heart desired and your web designed could deliver, you notice some ads that you didn’t authorize.  The ads could be from online dating services to sales for counterfeit shoes and handbags.  This is a tell-tell sign that something is seriously wrong.

2) Website Performance

As a business owner, you obviously understand that your website is the online representation of company.  Because of that understand, you consistently check your website to ensure that everything looks and functions as it should.  Well, on this day, you clicked the link to your blog and you noticed that instead of the instant response, it took 30 seconds for the page to load.  You initially chalked this up to a service provider issue, but the issue persists for several days.  If this happens,  please don’t ignore it any longer.  Reach out to your technical support staff or CarTek Consulting to investigate.

3) Broken Code

You may notice that you are getting complaints from customers regarding links on your website not working or sending them to different websites.  Maybe you notice that your number of contacts through your “contact us” page has dropped dramatically.  This is could be an indication that someone has changed the destination address for the contact form.  This is an indication of compromise.  Don’t wait, reach out for help.

4) Unexplained User Account

Reviewing your access list for persons approved to make changes on your website should be standard operating procedure.  If it isn’t, please make sure you add it.  This simple process of reviewing your access list can tell you if someone who shouldn’t have access, has access.  In this case, you should delete the account and change all passwords associated with your site, and have any personnel who have access to do the same.

5) Your Site Has Been Blacklisted

A few years back, I was doing a technology review for a client.  While there, they complained that they were receiving notices that their domain had been blacklisted.  They also complained that they were sending emails to clients and the clients were not receiving them.  Well, this was an indicator of comprise.  What in-fact happened was that there network had been infiltrated and the attackers were using my client’s computers in a botnet (computers that are under command and/or control by an external entity).  The service providers recognized this and blacklisted my client’s domain.  This meant that they were unable to send emails sourced from their domain because the service providers were blocking them.  If you notice any symptoms like these, you should contact your technical support staff or reach out to CarTek Consulting to develop a response.

6) Suspicious Activity in Your Website and Server Logs

First, let me say, if you detected that your website or network has been compromised, that is AWESOME.  That means that you are actively monitoring your logs and you are doing what is necessary to protect your company’s reputation and by extension, long term viability.  Two of the symptoms you should look for in your logs:

1. One IP address hitting a particular page over and over, possibly for days or weeks.

2. You may see a page you don’t recognize in the logs being accessed by many different IP addresses.

Reviewing your server logs regularly and looking for indicators such as these can provide an early warning about attempts by hackers to gain access to your site.

7) Unexplained Server Processes

I strongly recommend that you monitor your website and infrastructure on a regular basis. Sometimes you may see suspicious process behavior within that environment that you can’t explain. For example, you may notice that your email server process is consistently hovering around 30% usage, even though you don’t have any active visitors on your site right now. This is a pretty good sign that your site has been hacked and is used to send email.

If you see any of the Signs Listed above, you should respond immediately.  In the case where you don’t have the technical expertise in-house, contact a professional.  Our network of security engineers can assist with any IT security needs your firm has.