It’s been a while since I’ve posted to my blog the main reason being that my site was hacked just before Christmas.
The experience has been a real headache and an ongoing saga and not something I’d like to go through again. It has really opened my eyes to how prolific website hacking is becoming and how it could bring someone’s business down. Fortunately, I’m not too reliant on enquiries coming through my site, so although I may have missed out on some enquiries, it hasn’t really affected my business. However, this could really affect a small business, particularly those reliant on sales through the web and could quickly be the death knell for a business, made even worse in the current economic climate.
I don’t want to scaremonger, but web security is something all business owners need to be aware of, even if they’re not looking after the site themselves. Yes, it could happen to you! I’ve learnt a lot from Debbie Mahler of Mice Training who helped me sort out this mess and have learnt important lessons from the experience.
I had visions of the hacker working away in dark room randomly trying to access websites, but in fact it’s now all automated and hackers use ‘bots’ to find vulnerabilities in websites and an easy way in. They’re mostly amateurs, not the kind of hackers who spend months and years trying to hack in to Government and Corporate websites. Once in a site, they insert code into sites known as ‘malware’ which can affect computers, or insert links sending visitors to dodgy websites.
In my case code was injected into two files, one which was easy to find, the other much more difficult.
I’ve documented the experience in more detail on two posts on the Savvy Marketers website, which you can read here:
Has Your Website Been Hacked Yet?
WordPress Security – Ignore at Your Peril!
So what’s next?
Now that I’ve sorted this mess out, the next step is to re-optimise my site and gain back the rankings I’ve lost. Hopefully it won’t take too long before I start receiving new enquiries again but I’m going to be paranoid about web security now!
{ 2 comments… read them below or add one }
There are so many ways to attack a website, it’s just not possible to cater for them all on a constant basis if you’re a small company, so the next best thing is to try and cover the most commonly found holes like the ones described in this article, and hope that puts off the intended attacker.
We use an automated file system scanner called Eyefile. It’s good for detecting any kind of backdoor injection (this is what appears to have happened to your site) and works for any kind of website.
It can be found here:
http://www.website-security-tools.com/
Hope this helps.
Hi Steve
It’s always useful to know about tools that can help prevent hackers getting in!