Why Website Security Is important
No matter if you have a single landing page website or a complex eCommerce website, strong security and prevention of website hacking is vital. Websites are a collection of programs and computer scripts that are running on a computer. Just like your office or home computer, those files and the computer server need to be updated regularly and protected by security tools.
If your website is not properly protected, then you could very well end up with a hacked website. That means that someone with less than desirable morals has done terrible things on your server. Here are some of the problems we often see with website hacking.
- File Injection
- The hacker finds a vulnerable weak point to upload (inject) malicious files into your server. Those files then replicate viruses or execute commands that are destructive in nature. This is often used to infect unsuspecting visitor computers to your website with viruses or to steal passwords and financial information.
- Modification of Files
- Hackers may make changes to your files to suit their needs. They can use this to grab confidential information or content that is entered on your website. It can be used to generate spam advertisements. It can also be used to redirect your viewers to bad websites.
- Deletion of Files
- This generally happens when someone just wants to be mean. This serves no real purpose to a hacker other than to make your life difficult.
- Resource Hijacking
- With this method, a hacker gains access to your server control panel by using a scripted bot to methodically guess your login information. Or, they may have obtained the login by other means. They can also gain access by one of the methods mentioned above. The hacker then uses your resources for their own gain. They might use your email service to bombard people with spam emails. Or they might use your server to launch an attack on another unsuspecting website owner.
- DDoS and DoS Attacks
- This type of attack happens when a hacker bombards your server with massive file requests. They use a scripted bot program to do this. Their goal is to shut your website down or make it run so poorly that no one will want to use it. The only reason for this is because they either do not like you, or they are just enjoy being obnoxious.
The effects of those attacks can be minor or extremely damaging. Here are some of the symptoms you may experience.
- Google marks your website as a dangerous or hacked website. This is a warning to potential visitors that your website is not safe.
- Your website server ip address or domain name is listed with Spamhaus as a known source of spam. Spamhaus is the international blacklisting agent for spammers. It is what tells email programs that your emails should be blocked or sent to junk mail. This means people are not getting your emails.
- Your email stops working. This is due to abuse or overload of your email service on your server.
- Your website is down. Either it has been damaged or your web host has suspended the service as a protective response to the hacking.
Common Security Issues
- Your web host does not have the best security tools installed or activated on your web hosting account.
- Your web host or website does not monitor for suspicious activity.
- Your web host chooses not to protect against DDoS or DoS attacks. Some web hosts will penalize your when an attack occurs.
- Your website files were not properly coded.
- Your website files are outdated and unsecured.
- Your website utilizes plugins or programs that have known security issues.
- Your eCommerce website or website that handles private user information is not secured with SSL encryption.
- The login credentials (username/password) are too weak and easy to hack.
- Your content management system gives out information such as administrative usernames, making it easier to hack into.
Website Security Tools
Motion City Media recommends that you start from the ground up with a secure web host. Look for a web hosting company that provides protection from DDoS and DoS attacks. They should have 24/7 monitoring of systems and the ability to shut down suspicious activity or the hosting account if there is a problem.
If you collect sensitive information on your website such as credit cards, social security numbers, etc, then be sure that your website uses SSL encryption.
Make sure all of your passwords are random combinations of lower case letter, upper case letters, number, and special character such as !@#$. Passwords should be 8 to 16 characters long, depending on what the system will allow. Do not use common words, your name, your company name, or anything obvious in your password.
Choose a website designer that knows how to develop secure websites. An amateur designer might make a website that looks decent, but is a disaster waiting to happen. You will want to confirm that your designer will also keep your website up-to-date at a fair cost in the future.
Consider monthly website maintenance plans that ensure your website is kept up to date and monitored for suspicious activity.
If you have been experiencing attacks, consider web hosting which specializes in hacking or DDoD attacks. You would also add an extra layer of protection and enhanced website speed by utilizing CloudFlare with your website. *Note: We are not affiliated with CloudFlare.
Need Help Repairing Your Hacked Website?
Motion City Media can stop the current attack, restore your website or repair damaged files (if the files are available), determine the cause of the attack, and implement security measures to aid in the prevention of future hacking. We will also get you removed from any Google hacked website or Spamhaus listings.Get Secured!