Website Hackers are not necessarily taking anything FROM you. Often they want to GIVE you something that you don’t want – like a highly illegal phishing scheme or malware – so it can’t be traced back to them.
Just because your website does not have vulnerable info like credit card information or company secrets, does not mean it is safe from hackers.
Hackers will often try to add pages to your site that you can’t see and don’t know are there. We’ve seen this range from fake New York Times and Wall Street Journal pages touting the efficacy of a new diet pill or the hotness of a junk stock, to fake bank, PayPal, and credit card login pages. The result of such activities can range from the nuisance level to something much more serious. Your site could be shut down and it could remain shut down for 24 hours, a week or more.
Over 9,500 websites get blacklisted daily by Google, Yahoo, Microsoft and others because hackers have injected malware onto their site.
Once you are blacklisted, no one can get to your site until the malware has been removed and an official request has been submitted to Google to be removed from the blacklist. This could result in a loss of revenue and a loss of your reputation.
I recently got a very official-looking email from “American Express,” telling me that I needed to login to my account and “secure” it. Knowing that someone was trying to steal my AMEX info, I still followed the link to a very convincing login page.
This is what I hoped I would find. Look carefully at the URL in the browser window. This is not the American Express site. This is a sub-folder on http://camcogm.com, the site of “Camco General Maintenance,” a janitorial service in Valencia, California.
So is this little janitorial firm a front for Russian (or Romanian, or Chinese, or even, is it possible, American) hackers? Chances are not. Most likely they have no idea that someone has hacked into the back-end of their website, added a folder, and is using it to dupe naive credit card holders.
You can protect your site, much like you do your computer, by keeping the software up to date. Install updates as soon as they are available. Never use “admin” as a username to anything. Use very long, secure passwords. (See our previous article: /easy-way-create-strong-passwords/.)
We can also install additional software on your site to help protect it, and recommend web hosting companies that have great track records for security. Be aware that there are no guarantees – it’s a nasty world out there – so regular backups of both your site and your database files are imperative.
Please call me at 412-563-0976 or email [email protected] if you would like to learn more about security for your website.