How to Avoid Website Hackers, and What to Do When Hacked
Here’s a dirty trick that’s happening to more and more businesses each day.
Your company homepage gets hacked and is injected with a malicious code designed to install on a visitor’s browser. Google and other search engines then list your website as dangerous, and people visiting your website are experience warnings from their browsers, spam blockers, and anti-virus applications.
Essentially, your online business is toast.
And now you are open to liability if anyone had recently visited your website and can prove your website infected their system.
Maybe your small business has hundreds of computers across multiple locations. Now you will have to worry if any of these computers have been infected. And in some cases the only way to make 100% sure that the infection has been removed is to do a complete reinstall of the operating system.
Types of Infection
Most of these infections are activated by a link that launches when an infected website is visited, unpacking a Java Script and a ‘Password Key Encryptor’ on the hosts’ website browser.
The first question most businesses ask is “how in the heck did this happen!” Here are some reasons:
1) Direct server hacking into your hosting server.
2) Someone working on your website using an infected machine and/or browser.
3) Vulnerable scripts (old scripts) on your web server.
4) Unauthorized use or compromise of your website passwords.
5) Weak or easy to guess usernames and passwords.
6) Using an unreliable hosting company (you pay for what you get).
7) Failing to update or administrate your dedicated server software.
If your website becomes infected you’ll need to take steps quickly to remove the malicious code. Find a web professional to analyze all your website files, folders and any online assets connected to your website.
Once your website has been cleaned and repaired, your webmaster should request a malware review via Google webmaster tools. You will need a Google webmaster account to do this.
Steps to preventing future infection of your website
Protect the access to your website. This means guarding the FTP, RDP or VPN passwords used to upload content to the site and the local computers used to upload content to the site.
Do not trust just anyone to work on your website. Make sure you hire a professional who has the right references and reputation to get the job done right.
Hackers are always looking for old, out-of-date software to exploit so they can hack your website files.
Computers should be protected too because an unprotected computer could be infected with a virus that is stealing your usernames and passwords, and passing them on to a hacker.
Protect your website
If you use any web development software such as WordPress, Joomla, Dot Net Nuke, Drupal, Magento and other third party software and scripts, you must install all required updates or new versions containing the latest security fixes.
Remove any files, folders, scripts, and other digital assets that you are no longer using. Change any testing passwords that came with the software you are using such as (admin/admin).