Stories about large corporate websites and even government websites getting hacked appear in the news media with alarming regularity these days. However, in terms of numbers, this is just the tip of the iceberg. What you never hear about are the tens of thousands of less noteworthy websites getting hacked every day. The business owners of these websites also suffer damage and financial loss but don't get the news media attention because their low profile doesn't merit the attention.
Brute Force Hacking, a Popular Method
If you own a small business website that's been online for several months, and especially if you use one of the more popular content management systems such as WordPress, Drupal, or Joomla, the odds are good that hacking attempts have already been made on your site. Unless you are looking specifically for evidence of these attempts, you will get no indication that your site is under siege.
One hacking method in particular is immensely popular because of its low barrier to entry. The method requires little skill on the part of the hacker who only needs access to widely available hacking software. This method, called brute force hacking, uses password guessing software to log into your content management system.
The software has access to lists of commonly used passwords and also permutates its way through thousands of variations of English dictionary words. Depending on the strength of your password choice, the process may take only a few seconds or years. The software "bots" that do the guessing will patiently keep at it for as long as they are left running. Unless you are monitoring these login attempts, you will go about your business as you always do with no awareness of this activity.
Why Would Anyone Hack My Site?
You may be thinking that your small business website is just one out of millions and is therefore too low profile to get the attention of any particular hacker. Many people including executives I speak with do not see the need to protect website content. While it's true that no one hacker will likely take personal notice of your website, it is highly probable that it will be found by their automated software. Once discovered, the software might employ brute force attack or look for known software vulnerabilities of your type of website. Therefore, hackers will attack your site because it's a target of opportunity. They have automated tools that can find it without any exertion on their part. What is done with your site will depend on the hacker.
What Hackers Do to Your Site
What hackers do to your site depends on their motivation. Some hack websites out of boredom. It's a kind of game that gives them a bit of recognition within their particular community. This type of hacker will often do a simple defacement of your site. That is, they will change your site's appearance just to say that they were there.
Other hackers do their deed for monetary gain. They may infect your site with malware that in turn, infects the computers of those who visit your site. The malware might gather information of value such as bank account passwords. This type of attack is called a drive-by-download. Other ways of making money employ black hat SEO methods that redirect your website's traffic to other sites that may sell pharmaceutical drugs or memberships to online gambling sites. The hacker typically gets a commission for any sales made from the diverted traffic. This is another reason why you need to put something in place to prevent website hacking.
Some hackers want to use your server resources to launch more automated hacking attacks. Automated hacking isn't free because it requires server resources. The more servers they can hijack, the greater their reach. Your server becomes a part of a larger server network called a bot net. One effect you may notice is your website becoming very sluggish. Your hosting provider may also terminate service with you because of your excessive resource usage. Another possible outcome is law enforcement people tracing the hacking attacks back to your server and you.
When your website gets hacked, the victimized traffic and customers won't likely return and may seek litigation against you. Your reputation will suffer which affects your ability to conduct future business. Read our blog "my website is down and I found out from my customer" People will hesitate to visit your website, and will certainly be reluctant about using their credit cards for making purchases. You may also get blacklisted by the search engines and lose the time and money you invested into SEO. Whether this causes you to go out of business depends on your reputation management skills.
Don't wait until you've been victimized. Be proactive with your website security. For more information about this, please contact us at T&T Creative Group.