Like most businesses, you depend heavily on your website. It handles everything from marketing to eCommerce transactions and all the stuff in between. Without it, your business would face quite a setback. And yet, everyday, many businesses leave their website vulnerable to attack. And this puts their business at risk.
But hey, your website is OK. You have a firewall around the web server and that should take care of your site, right? Actually, it’s not enough. Not even close.
How You Can Tell if Your Web Site Has Been Hacked
Every website, regardless of where it is hosted, is vulnerable to being hacked. While no system can be 100% safe, there are steps you can take to secure your site. And it begins with knowing what signs to look for that let you know you may have already been hacked.
- Strange Content. You and your team have put a lot of effort into creating great content on your site. It closely follows your content strategy and everything looks great. Except on some pages, there is some strange content that you didn’t write. Upon closer inspection, you see links to other websites that sell Viagra, knock-off designer purses, watches and more. This is a tell-tale sign that your site has been hacked and it has been co-opted into the hacker’s network.
- Website Performance. Do you keep a close eye on the technical performance of your website and servers? By regularly monitoring the performance, you will quickly pick up on unusually slow or broken processes. For example, we recently noticed that a checkout page on a client’s website was taking about 30 seconds to load. The normal load time is less than four seconds. This is unusual and was an indicator that we needed to dig further into the situation.
Is That All?
- Broken Code. Are you noticing an increase in the number of errors related to form submissions? Do pages load but are missing most of their content? When hackers get inside a website, they can intentionally or unintentionally break the code, which leads to errors on the page. If you notice an increase in errors, your site may have been hacked.
- Unexplained User Accounts. It is good business practice to know who has access to your database, content management system (CMS) or eCommerce application. You should periodically check the file of authorized users to see if there are any users you cannot account for. If you see unknown user accounts, chances are your site has been hacked.
But, Wait! There’s More!
- Unknown Plugins. Many of today’s websites use a CMS that relies on plugins to handle specific functions. Hackers know this and will often use a tactic where they inject files into your website that can disguise themselves as plugins. If you notice unusual plugins on your website, it is likely that a hacker has gained access. You need to investigate where these plugins came from and what they are doing.
- Your Site Has Been Blacklisted. If your web server has been compromised by hackers and is being used to send out spam or has been enlisted as part of an attack on another website, there is a pretty good chance that your site has been blacklisted in search engines and added to email blacklists. This means your visitors may get a warning notification when accessing your site or they may not be able to get the site to load at all. Additionally, they may not be able to reset passwords because you are unable to send the reset email out to them.
Is Nothing Sacred?!
- Suspicious Activity in Your Website and Server Logs. Website and server logs are an advanced way to detect a hacked website. Often you may see one IP address hitting a particular page over and over, possibly for days or weeks. You may see a page you don’t recognize in the logs being accessed by many different IP addresses. Reviewing your server logs regularly and looking for indicators such as these can provide an early warning about attempts by hackers to gain access to your site.
- Unexplained Server Processes. As I mentioned above, I strongly recommend that you monitor your website and infrastructure on a regular basis. Sometimes you may see suspicious process behavior within that environment that you can’t explain. For example, you may notice that your email server process is consistently hovering around 30% usage, even though you don’t have any active visitors on your site right now. This is a pretty good sign that your site has been hacked and is used to send email. Additionally, if you see perl (a web scripting language) running on your server, but you are certain you don’t use perl, it could be a sign that someone is running an unauthorized process on your server. Regular monitoring of your server will help you detect these situations.
What to Do if You Suspect Your Site Has Been Hacked
Unfortunately, this isn’t an exhaustive list of signs that indicate your site has been hacked. But these are some of the most common signs. But what do you do if you spot any of these indicators? Below are a few steps we recommend:
- Investigate. Just because you spot some strange code or a page is taking a long time to load, it doesn’t necessarily mean that your site has been hacked. Investigate the situation. Perhaps a team member installed a new plugin without telling you. Or, your site may require more memory or processing capability than you currently have allocated to it. This can cause the site to perform slowly. Gather as much information as you can about the situation before reaching any conclusions.
- Shut off access. If your investigation shows that someone has hacked the site, consider closing off access to the site for all users. You need to stop the bleeding and this is the fastest way to make that happen.
- Clean up the site. Once you have eliminated the opportunity for anyone to gain further access into your site, you need to clean up the damage. This could involve cleaning the code or removing unauthorized plugins. In some instances, it could take a significant amount of time to undo the damage. But you must take this step to get things back to normal.
- Prevent future hacks. As I mentioned earlier in this post, you cannot make your site 100% safe from hackers. But this is a good opportunity to review your current defenses and see what you need to do to further shore up your website from future attacks. You’ll also want to make sure you’ve updated your CMS and plugins to the latest versions.
How Atlantic BT Can Help if Your Website Has Been Hacked
At Atlantic BT, we’ve helped many businesses develop a cybersecurity strategy to protect their website from hackers. We also offer on-going monitoring of your website and IT infrastructure to keep an eye on what’s happening. And we do it 24/7/365. If you are interested in learning about our website security offerings, contact us to talk with one of our solutions specialists. We’ll gladly discuss your situation and help you develop a custom security strategy for your website, giving you peace of mind over this critical area of your business.