When your website gets attacked by hackers, it forces you to ask a few difficult questions. The first is usually “Why?” and “How will I fix this?”. The second question depends on how often you back up your website!

The first question may give you a disappointing answer. They don’t hack your site because of any personal grievances. They don’t care about you or your company. They only reason they hack you is because your security is broken. It may be broken in a sloppy way, poorly built and maintained etc. – which can be embarrassing, or it can be broken due to one of your web components. This is beyond your control and can be very frustrating to deal with.

The main problem is when a hack is initiated through the success of a virus.

Most of the current defacements are carried out by scripts and are totally automatic. These are usually placed within your system through finding a vulnerability within your system. This could be through sending spam which gets activated by a variety of means, or they use a fault finding script, which looks for unpatched flaws in your systems. Once one of these methods finds a way in, the script activates. The script, then opens the door to some more dangerous viruses and scripts, and these are placed within the website. These are activated, and within seconds, the website is defaced.

If, you just run your back up, you can clear the mess within a few minutes, however, there is a possibility that you also have the script in your backup and can look forward to your site being hacked again tomorrow!

The trick to avoiding these problems is to ensure that you are aware of every component that makes up your website, and ensure that they are all patched with the latest security patches. So, if, like us, you are running a website based on WordPress, you ensure that WordPress is up to date, every plugin is up to date, as well as your MySQL database and your PHP. Finally, you need to ensure that the server the system is running on is fully patched – and not running any services which you don’t need!

If this sounds like hard work, it is because it is – if you don’t have a patch management process in place. This is where you have a routine for updating your systems on a regular basis. There are programs available which will do all this work for you, however, they can be very expensive and need to be financially justified. The other option is to spend 5 minutes a day ensuring that your systems are up to date.

It is very frustrating to know that most of these hacking programs are used by spotty students with big egos and little technical skills. It is more frustrating that the real clever types who are world class security programmers have their work automated to allow these script kiddies to damage your website.

The most cost effective way of removing these threats is to ensure that your site doesn’t show up on their radar. Just keep your system up to date!