What is a 'Compromised website'?
A comprimised website is (hacked) content placed on your site without your permission
as a result of vulnerabilities in your site’s security.
Malicious hackers are a devious bunch – always looking for new flaws, exploits and
social engineering tricks that will allow them to compromise a website. With
this in mind, it comes as no surprise Malicious hackers are a devious bunch – always
looking for new flaws, exploits and social engineering tricks that will allow them
to compromise a website. With this in mind, it comes as no surprise that most website
owners simply don’t know how their sites were compromised.
Why would this be bad?
When your website is compromised, not only your website contains changes done by hackers
but it also contains one or more security problems that allowed a hacker to gain access
to your website in the first place. The compromised website provides a useful platform for
a range of illicit activities. These activities include:
- Hosting malware – this may take the form of complex scripts that infect any visiting
PC. Alternatively, well-crafted emails may have convinced a recipient to download a
malware file that is hosted on the compromised site. In most cases the malware script
is hidden in a subdirectory.
- Injected content (SQL). When hackers gain access to your website, they might try to
inject malicious content into existing pages on your site. This often takes the form of
malicious JavaScript injected directly into the site, or into iframes.
- URL redirect – thousands of compromised sites may perform simple redirects to a
few master URLs. This is accomplished with a few lines of HTML code hidden in the
compromised site, forcing the site to act as a 'front door' to the badware. The master
URLs contain spam product pages or malware.
- Hosting phishing, spam pages, pornography – one or two static pages on the compromised
site may advertise spam products (pharmaceuticals, replicas, enhancers, etc.), act as
phishing pages for banks, PayPal, Gmail, etc., or offer explicit (sometimes illegal)
content
- Vandalism – the aim of the compromise might be to embarrass the site owner or,
alternatively, to make some political point – generally known as 'hacktivism'. Some
administrators even reported such vandalism by their competitors.
- Other content or activity – some fairly complex forms of site misuse have
been recorded. For example a spam-sending script.
-
Recommended action
If your site has been hacked or infected with malware, you should act quickly to repair the
damage. First take your entire website offline first. This is pretty impopulair, however if
you consider the fact your might be leaking privacy information or infecting the
systems of your visitors you want to act as quickly as possible.
After you closed your website you will need to clean up the changed area's of your
website.
Tips how to resolve this matter
The safest way to clean the hacked website is to delete it entirely and then upload
a known clean version of it.
- Look for files that have been changed recently or on times your developers are
closed and not placing updates on the website
-
- Look in temporally folders for (executable) scripts
In addition future risk of compromise can be reduced by following these basic tips:
- Keep software and all plug-ins updated. Whether you run popular content
management software (e.g., WordPress, Joomla, Blogger) or custom software,
make sure that software and all third party plug-ins or extensions are updated.
Remove plug-i ns or other add-ons that aren’t in use
- Use strong, varied passwords. WordPress login credentials, for example,
should be different from FTP credentials. Never store passwords on your local
machine.
- Regularly scan your PC for malware and your website for unautherized changes
- Use appropriate file permissions on your web server.
- Research your options and make security a priority when choosing a web hosting
provider. If you aren’t confident you can protect your site on your own, consider
using an add-on security service from your hosting provider or a third party website
security service.
Getting more information
Google's help for webmasters of hacked websites
stopbadware.org has great information, and their forums have a number of helpful and knowledgeable volunteers who may be able to help.
The site antiphishing.org has recommendations on dealing with hacked sites.