Why Is My Website Getting Hacked?!


Last month when multiple security weaknesses were discovered on Open SSL – the software used by thousands of companies to encrypt online communications – the world got reminded of how interdependent we are on everyone maintaining his or her website security – especially those who maintain the web components we all share.  The fact is, we have come to expect security of the Internet and our web sites as almost a given.  But the reality is that much of the Internet, as security expert Krebs points out, “…runs on technology maintained by a handful of coders working on a shoestring budget.”   It’s amazing what has been done to protect and secure our web sites and the Internet they run on.  That said, the question remains for many website owners, why could my website get hacked?  I’m not a big corporate presence on the web. Who would want to bother me?


One of the reasons why its so critical that small to mid-size  businesses and organization websites like yours take your security more seriously is because you are the new targets….of automated attacks.   Hacking as a web service has grown and is being made available to a large number of those interested in the hacking arts regardless of skill.  And these tools can make even those with little skill successful.

Random Attention

It could be a plugin or exposed information about your website’s platform, Crawlers take about a month or so to actually find something about your site that looks interesting. Then they are looking for some identifying markers like whether your’re running a CMS platform or bugs in the code or some component vulnerability.  Once you have been crawled, you’re on the list for attack.

Targeted Attacks

In recent days, we’ve had an example of a targeted attack.   Sometimes these include a form of Hacktivism which can include defacement.  The FBI and US-CERT both issued warnings on a probable defacement hack campaign suspected of being generated by ISIS against WordPress sites.  Several types of sites of small to mid-size business and organizational sites were included in that notification.  At the same time an XSS vulnerability was found in a common WordPress component and again, a warning was issued. These and other exploits happen now on a somewhat regular basis for most CMS platforms.

What Are They Getting Out Of It?

What are hackers getting out of attacking your site?  More than you might think. Of course, there is the financial aspect.  You probably already know about malware that can be loaded onto your computer from an infected site, which then looks for and gathers enough information to be able to drain your bank account or access medical records and other sensitive information.  Then there is affiliate revenue that can be generated by site redirects through what is known as Black Hat SEO Spam campaigns (injection attacks).

There are gains to be had from farming your actual resources: your computing power.  Hacking groups can use your system resources for themselves or lease them.  Then the combined resources are used for brute force attacks (DoS or DDoS) .

As mentioned above, there are also hacktivists: people or groups trying to make a statement  by defacing or taking down a site.  Recent examples have been the ISIS defacement attack as well as taking down the Indiana gov site in defiance of the RFRA.

Last but not least is the boon of just being able to do it because they were bored.  These are not always limited to but usually are the “script kiddies”, unskilled when compared to sophisticated big time hackers but still dangerous exploiters of security lapses in a website.

So now that you know why, give SOS a call to help you to protect your web site with a monthly security package! 

Speak Your Mind


This site uses Akismet to reduce spam. Learn how your comment data is processed.