04
February
(2 votes)

News

What's a Web Host Suppose to do When Your Site Gets Hacked?

Today you went to visit your website only to find that it’s been pwned by some script kiddies from Turkey who think it’s funny to take over your homepage. Maybe you visited your site to discover that it has been taken over as part of some sort of Chinese shopping cart scheme. Or, perhaps you received a notice from your hosting provider that your website is sending out thousand of spam emails with the subject "buy cheap Viagra” or has become part of a bot net DDOS attack and has now been suspended.

Whatever the case, you may not know how your site ended up this way, but you sure as heck want it fixed–and pronto!

What do you do? What should you expect your hosting provider to do for you?

How Did Your Site End Up This Way?

Those are great questions, but first it’s important to understand why your site ended up this way. The number of ways to hack a website can be endless, so it would be impossible to discuss them all here in detail. Though, the most common site hacks are due to the simplest of factors: vulnerable site software and poor security.

Vulnerable Site Software

Hackers are always going to target the easiest prey. Think about it this way: if a burglar shows up in your neighborhood to find a street full of houses that have posted alarm systems installed and one house with no alarm system, which house is the burglar going to target? The house without the alarm of course. In much the same way, If a hacker is looking through a bunch of sites and sees that they all have the latest software installed and third party software that’s all up-to-date, are they going to go through the trouble of trying to discover new security holes in your site software or do you think they’ll move along to other sites using out-of-date software with published vulnerabilities? Unless they’re very experienced and on a mission to find something specific that they know is there, they’re going to move onto an easier site. But why?

You see, most hackers are only interested in using your site for nefarious purposes. Their end goal is to use your site as a place to hide their spamming scripts or DDOS scripts. Even though it happens, most don’t even want to deface your site. They just want to use you for your site. So you have to make it difficult for them to do this.

When you don’t stay on top of updates, it’s like posting a sign in your yard that says, “please, come steal my stuff.” Keeping your software up-to-date with the latest security patches is like posting a security alarm warning in your front yard. Hackers are going to move along to easier targets.

Poor Security

Hackers with a little more determination will use techniques like brute force to guess your passwords over time. Burglars know what those fake rocks look like where you hide your spare key and will check under your door mat. Using a weakly composed password, with your first pet’s name in it, your birthdate, or other easily guessed combinations of letters and numbers will eventually fall victim to a brute force dictionary attack. And what gives with using ‘password’ as your password or ‘admin’ as your username? Why not just invite our burglar in for dinner? That’s basically what you’re doing will hackers when you don’t use strong passwords.

A good hosting company will help limit much of this by enabling or providing the ability to limit failed login attempts in your site software or use their firewall to prevent hackers from trying to brute force your hosting account. If you don’t know anything about this, make sure to ask your host about what they do and what options they provide.

Hackers on a mission will utilize social hacking techniques where they pretend to be you to get at your site and/or information. Find out what your host does to stop this. We provide two-factor authentication and require security authentication answers when attempting to gain assistance to help prevent social hacks. But, again, unless a burglar knows you have a safe with gold bars in it, they’re probably going to leave you alone. Most hackers just want to use you for your site.

So, What Should You Expect Your Hosting Provider to do?

Now that we’ve looked a little into why hackers might be interested in hacking your site and how they might go about accomplishing it, we’re in a better place to discuss what you should expect your hosting provider to do.

Usage of open source software has exploded over the past decade. With such great, free and easy to use scripts out there such as Joomla, Wordpress, etc., it’s understandable why you would choose to use them for your site. We highly recommend them. The problem, as we mentioned eariler, is all too often people don’t keep these things up-to-date. Just like there are huge communities supporting each of these open source projects, there are hacking communities out there that write exploits to take advantage of these vulnerabilities and share them in the dark nether regions of the internet. When you don’t keep your site software up-to-date, who’s fault is that? We provide all sorts of tools for helping keep your site up-to-date and even plans where we go the extra mile to keep everything up-to-date for you for Joomla and WordPress, but ultimately the responsibility to keep sites up-to-date falls to the hoster. You need to figure out how you’re going to keep it up-to-date. What tools are available to you? Would you prefer to not have to think about it? How much will it cost? What is your plan?

So when your site gets hacked, what’s your host likely to do? Hosting companies have to protect their other customers and their network. We’re not sure exactly what you can expect at other hosts, but here at Simple Source, despite all of the protections we provide, sites do get hacked due to customers not keeping sites up-to-date. So, when this happens:

  • we’ll usually find out that a site is sending out spam or utilizing a ton of system resources, track down the source and then suspend the offending account and notify the account holder. It’s in our terms of service. When we hear back from the client, we’ll then run a scan and null root the offending script and allow the customer the opportunity to clean up their own site if they so desire or offer to do a deep cleaning and restoration at our standard hourly rate–work that we guarantee.
  • If the customer has said they have cleaned up their account only to find out that it’s being used for nefarious purposes again, we’ll go through the same process again.
  • If this happens a third time, we will generally suspend the offending account and offer again to clean up the account at our standard hourly rate. If the customer doesn’t want to go that route, we’re happy to send the customer a link to download their site files and databases.

At some point, if customers keep inviting burglars into their house, we have to put a stop to it before it starts to negatively affect other customers. It takes our valuable time to do this which means we have less time to serve our other customers and make Simple Source even better.

Bottom line: we know all of this can be incovenient, but if you’re in the habit of sending out invitations to hackers to hack your site, you should expect it will cost you something in terms of time or money to recover from what they do to your site. 

Leave a comment

Get in Touch

Newsletter