Would You Know if Your Site's Been Hacked?

Slide Show

The Six Dumbest Hacks of All Time

While hackers can be dangerous, not every hacker is a Kevin Mitnick.

Do you know what to do if your company's website has been hacked? Do you even know how to tell if your site has been hacked?


StopBadware and Commtouch published a joint report titled "Compromised Websites: An Owner's Perspective" that looks at webmasters and their experiences with hacked websites. Bottom line: Most of us have no clue if our site has been the victim of an attack.


One of the primary findings was that over 90 percent of respondents didn't notice any strange activity, despite the fact that their sites were being used to send spam, host phishing pages and/or distribute malware. Two-thirds of the webmasters whose sites were attacked had no idea how it happened.


This is all to the advantage of the bad guys. As Amir Lev, Commtouch's chief technology officer, said in a release:

Cybercriminals can significantly improve their open and click-through rates by distributing badware via legitimate domains. Many site owners are either unaware of the compromise or struggle to remove the infection, which directly contributes to the persistence of, and increase in active badware URLs.

A major problem, according to StopBadware Executive Director Maxim Weinstein, is understanding who is responsible for website security. Is it the webmaster? Is it the website hosting vendor? Is it the company's security department, if there is one? The report shows why it is so important for companies to create a security policy that outlines the responsibilities of everyone on staff. It is also vital to draw up agreements or at least understand the usage policies of any third-party vendor you use for corporate means. Website hosting companies do play a role in website security and remediation if the site has been hacked.


The survey said something that did astonish me: Many website owners were unaware that their site could be compromised. I've had numerous conversations with small-business owners who were surprised that their site was hacked, but I attributed that to the whole "I know it can happen but it will never happen to me" attitude that most people have about any type of negative event. But to be unaware that it could happen? I thought we had finally moved beyond the naivete about website security.


Finally, the survey did provide some tips on how to protect your website. Even though they are the standard suggestions that almost all security experts give when providing tips on protecting your data, the fact is that there are still a lot of people out there still learning about good security practices. Those tips included:


  • Keep software and all plug-ins updated.
  • Use strong, varied passwords.
  • Regularly scan your PC for malware.
  • Use appropriate file permissions on your Web server.