Has your website been hacked?

Has your website been hacked?

03.07.2017
Written by: J. Zatkulak
Has your website been hacked?

Has your website been hacked?

You know that sinking feeling that you get when you find out that your site has been hacked? You may be tempted to blame your hosting provider for having poor security on their servers. I have had clients ask me to just migrate their site over to a "better" hosting provider to prevent this from happening again. But the most common type of hacks that I see are not “brute force” attacks on the server, rather these hacks are utilizing the code of the CMS (joomla, wordpress, etc) to hack the site. But don't jump to blame your CMS as a bad choice, or blame it on poorly written code. There is no CMS that is hack proof.

Let’s say we migrate your site over to another hosting provider and point your domain name to that new server. If the bot responsible for this hack targeted the site because it found it was one of thousands of Joomla sites running a certain version that does not have a patch installed for this hack, it may have identified “yoursite.com” as a site that it can go back to and re-trigger the hack that exploits that particular un-patched code.

In other words, if we moved the site over to a new hosting provider, it wouldn’t matter. If “yoursite.com” is identified by the bot as a good target, running that particular version of the CMS that the hack exploits, it will just come back around and re-run and hack the site over and over until that exploit is fixed because it just goes to the address and performs the hack on the code, not on the server.

So, in these cases, it’s not the server or hosting provider that is vulnerable, it’s the content management system code that it’s exploiting. That is why I recommend a malware scanner product like SiteLock for all of my clients and has a good track record of being effective for these kinds of known hacks. SiteLock scans the code of the site and looks for known exploits and then (if you have the SMART tool configured) it restores the page back to the original version of the code. SiteLock is not a “firewall” or some other type of system protecting the server from being hacked, rather it identifies and cleans up code that renders the content that people see when they visit the site.

Even with a malware scanner service protecting your site, your site could be targeted for an exploit that has been discovered over and over, but the right SiteLock tool protects your site by monitoring for unauthorized file changes and restoring it back to the original code. Unfortunately, for these types of hacks, if you are using anything other than old-school static HTML code and lock that down, it is not a matter of IF but rather an issue of WHEN a site will be hacked by these common exploits.

There are some handy tools to use if you choose not to have a malware scanning service like SiteLock. For example, there is a lightweight tool that I install on Joomla sites called Akeeba Admin Tools that has a basic file scanner that can show a report on any pages that have been changed or that have code that might be suspicious, but it would be up to the website developer to go in, run the report, review the results and manually clean up the code. So, in this regard I think of SiteLock as a type of “insurance” that helps detect, prevent, and/or clean-up known exploits to common Content Management Systems such as Joomla or Wordpress (and any others you can think of). A website owner can choose to not have that kind of protection, but when a site becomes the target of an exploit like this then they will manually have to do clean-up, apply a security patch for that particular exploit (if one exists), or take other steps to prevent that particular one from being re-triggered, and then wait for the next attack (of this same exploit or one of many other possible exploits).

Sorry for the bad news, I wish I had a better/easier/cheaper resolution for this, but moving to another hosting provider will not resolve this issue. Even re-vamping the site to use a different CMS wouldn’t help since there is not one CMS that is hack proof.