It was a weird couple of weeks. An extremely popular component used by over a million websites got hacked on June 13 and spread like wildfire around the web. Are you safe? Here are some helpful tips and info on how to check and what you can do to protect yourself, your business and your organisation.
Why Would Someone Want to Hack MY Website?
Hackers love a soft target. If they can tunnel in and do some damage, they often feel like they have accomplished something. In the case of the JCE hack, it allowed the attackers to redirect your website traffic to their Amazon.com profile and get affiliate credits toward their profile. Kind of stupid really — as this can be traced right back to them. However in many hack attacks, the attackers install bogus copies of banking websites etc to use for phishing — to trick people into revealing their login and passwords so that the hackers can coordinate a break-in to steal money, private information and other data.
How Would I Know if My Website is Hacked?
In most cases the owners of hacked websites never know until it is too late. Gone are the days when hackers were just trying to deface a website and gain notoriety on the dark web. In this recent hack, some telltale signs are:
- Web pages abruptly redirect to other pages,
- New user profiles are created to allow access for more hacking,
- Warnings on Google Search or in Google Search Console.
An Ounce of Prevention is Worth a Pound of Cure
In many cases it required a couple of days to remediate the damage caused in the current attack. However if you have recent backups of your website it could take just a couple of hours at most to roll back your website to a previous, un-hacked state, then install any patches required to keep it safe — from this attack.
To be properly safe, all websites need to be kept up to date against known threats. Best practices are to back up the website — then test the backup by installing it elsewhere, then update the system and any plugins to the latest versions — then push those updates to the live production version. Untested updates on a live site break in a percentage of times, and so it's not recommended to install untested updates on the live version. We have a comprehensive service that covers this — and more.
Real Loss to Businesses and Organisations
The biggest pitfall in having a website hacked — aside from potential loss of functionality or online sales — is the reputational damage from having your online presence defaced or corrupted. Imagine how it would look for website users to see your listing on Google with a 'This website may harm your device' warning. In a worse case scenario, the hack could spread to your website visitors' devices — or even infect your entire organisation with ransomware.
Free Website Security Audit
If you're not sure about your current online security status, please get in touch for a free website security overview. We can test for known threats and also inspect your overall security setup for potential vulnerabilities. After 30+ years in delivering comprehensive solutions around the world, you'll be able to rest easy. We share the ongoing results with you and explain the details in plain English (Or Japanese if you prefer π) so you keep your finger on the pulse of your Online Security and reputation while we handle all the technical stuff.
Ready to start getting results? We are ready to help.
I personally architect and oversee all our online and cyber security work. Happy to provide references and examples of successful results too.