How did I get hacked?

The first question website clients always ask is "How did I get hacked". There is no simple answer because there are many, many opportuntes available for hackers to attack and access your web hosting account and use it without your knowledge. Let's start by considering why hosting accounts are attacked.

In some cases the attack is a show of power. Your site is defaced and displays a shocking or abusive message. Often your files and data will have been corrupted or deleted. These attacks come straig to your attention becuase you can see teh result of teh attack, feel teh result in loss of normal functionality or be told about it by yoru visitors.

In some cases the intention is to use your hosting account to send spam or as a relay for file transfers or other deceptive processes. These infections often occur without your knowledge until your site is closed down for abusive behaviour. Attackers useg your account for illicit and harmful urposes because when detected, the responsibility for this action will fall squarely with you, allowing hackers to operate outside the law while placing you squarely in the frame. This is a key aspect of cybercrime and it thrives by infecting small business websites where operators have little knowledge or skill in cyber security and do not appreciate the risk to their own business of operating a hosting account.

Hackers seek out vulnerable webistes using automated processes that probe for well-known (to hackers) weaknesses in software commonly used on hosted accounts. Once a entry hole is found, automated processes exploit the weakness by uploading "malware" - unauthoirised software that will run as required by the attacker. The attack outcomes may become active immediately, or the infection could lie dormant until triggered. The nature of attacks and the results they produce vary widely. Unless you are actively on guard for attacks, you will not fond our that you have been hacked until it is too late. By that time your webiste is closed down, you email might be too and your entire website coudl be corrupt or deleted entirely.

Don't take it personally. It is suggested that as many as 30,000 websites are attacked every day.

To answer the original question in general terms, your website was hacked because the systems you were running were vulnerable to known exploits. When your website was probed and the vulnerabilities found they were exploited. Your site was infected. Once your site has been infected it is likely that it will identified as an easy target and become the target of repeated attacks.

From this discussion, the ways to avoid being hacked involve reducing the opportunities your present to hackers. Closing all the default access points, ensuring software is as bullet-proof as possible (using latest versions) and making passwords very difficult to guess or compute.

Keepig your software up to date is a simple thing to do that will dramatically reduce your risk of being successfully attacked.

A security overhaul and tune-up will close up the unused entry point in your hosting account and website and make access subject to scrutiny and accountability. This is hardening your website and further reduces the risk of attack. For most websites simply having this security puts you in the top 10% of secured sites and most hackers will simply pass you by. There are millions of other websites that can be exploited far more easily than yours at this point and the majority of hackers will simply move on to easier targets.

See clickonIT security services to access security services to match your risk tolerance and budget.

Was this answer helpful?

 Print this Article

Also Read

Recover a compromised website

If your hosting account has been compromised through hacking or unauthorised activity, it may be...

Bandwidth Abuse

Service abuse can take the form of overuse of your website. Very high use can result in your...

Powered by WHMCompleteSolution