10 Reasons why your Website is being hacked
Actually, everything is quite simple: You update all software components of your website promptly after a security patch has been published. If you do not, your website will be hacked and abused. Sooner or later, guaranteed and without exception. The damage is usually unmanageable.
Most companies are unaware that they will soon be infiltrated without rapid security updates in their web infrastructure.
In recent years we have taken on several hundred web projects, in hosting, maintenance or for a relaunch. The update situation was usually – to put it mildly – in need of improvement. Five-year-old editorial systems were not uncommon, the servers were usually unpatched. But the worst thing here is the ignorance of the customer. The expectation is always to have a secure system. However, the willingness to spend money for this has not yet been learned. The previous agency gave up quickly with update recommendations for the editorial system and no real plan of the server software.
The worst case scenario is tacitly accepted by all parties involved. Asked about it, then:
„We’ll make a backup and everything will be fine.“18
Hardly anyone has a real idea of what the consequences of a hack can be. Usually, however, a hack is a total loss that you can never be sure will ever be 100% repaired.
Who should want to harm us? You can’t get anything from us!
HACKERS EARN MONEY WITH YOUR SERVER
A hacker no longer necessarily breaks into a server, he breaks into a security hole. And this is best done simultaneously on 1,000,000 servers. Fully automated, a few days or even a
few hours after the security update came out and the hacker has analyzed or reverse engineered it. He writes himself a robot script that does the work for him. 20-30 % of all web page views today are from robots – and these are not only those of Google and Bing.
So it doesn’t matter that there is nothing usable on the server from the customer’s point of view. It is far too time-consuming for the hacker to check this beforehand.
We had to learn that our customers can only assess the implications and the real danger when they understand why a hacker hacks web servers at all. As a rule, hackers only want to earn money. To do this, it sells server content or rents server capacity to other hackers. Not individually but in bundles of 1,000 to 5,000,000 servers. I have therefore written down 10 reasons why someone uses this hacker service without claiming to be complete.
#1 Customer Data
The actual customer data can be irrelevant. For example, it only stores whether a newsletter subscription is available or not. But a combination of usernames and passwords is always a nice find for hackers. Because he can then try them out on other relevant sites. A Paypal account is hacked because the login data on a hacked website was identical. People use the same password far too often.
#2 Hacking to hack others
One server is used to hack other servers. The aim is usually to make traceability more difficult. For example, if the White House is hacked, the NSA could only see from which computer the hack came directly. In other words, if in doubt, your web server has hacked the White House.
Hackers rent hijacked servers to spread viruses via their websites. In this case, a malicious code is deposited with which the visitors of the pages catch a virus.
#4 DDoS Attacks
DDoS attacks from many hacked servers to a target paralyze web servers or entire networks. It’s like turning off the power. So many requests are generated that the target server can no longer answer them. Overload.
Hackers do this on behalf of a competitor, for example, in order to switch off the shop. This then loses turnover, customer confidence, and Google ranking.
Some automatically hijacked servers are made available via APIs for such attacks.
#5 Viagra Links
The hacker gets money for traffic to his customers’ sites, that is, for the number of clicks.
He changes links for this. Sometimes this happens obviously or very well hidden if for example only a part of the inquiries is shifted. Then the wrong links may be noticed much later.
A hospital came up to us once:
“Somehow there’s something wrong with Google. Whenever we search our site via Google, we find Viagra hints there. But on our side everything is correct.”
With the help of its conquered servers, the hacker makes SEO optimization for its customers. It installs invisibly, for example, Viagra links on the website, which are only visible to search engines. This increases the number of external links to the target server and thus the ranking for his customer’s site. And he’s getting paid.
Trusted servers that send e-mails sell well. The hacked servers generate revenue per minute by sending spam.
For example, a Formula 1 circuit approached us because they always ended up on anti-spam blacklists. They could not send emails because they were blocked.
Instead of looking for the reasons, however, the admin has only bothered to be deleted from these blacklists again and again. In the end, it turned out that several 100 million emails were sent via his server.
#8 Dig Bitcoins
Hackers use the servers in their power to create bitcoins themselves with these server farms: The power consumption of the hacked server increases and its computing power decreases.
#9 Peer-to-Peer to illegal file-sharing services
The hacked server is used to provide illegal downloads/movies.
We used to have a bank that came up to us because her side was so slow. We tested the system on our own servers first, everything was fine.
A network traffic analysis revealed On the server were films of an exchange platform, 95 % of the server space was occupied, 100 % of the bandwidth was used for the films.
#10 Gate exit node
The goal of the Tor network is to make anonymous surfing possible. Everyone can use it for different things – but also not to be prosecuted. The exit point is a weak point of Tor. If someone provides an exit point for the Tor network, they can become the starting point for a criminal investigation. Hackers use infiltrated servers to create exit points that are not made available voluntarily and also have the option of manipulating outgoing traffic.
Where are the attack surfaces?
- The server and its services: e.g. PHP, Java, MySQL etc.
- Every web software has potential security holes
What can you do?
- Update your web software as soon as a new version is available
- Keep the server(s) and their services up to date
- Make sure that a web application firewall is active
- Regularly test the water tightness of your forms with intrusion tests by a qualified agency
- Regular penetration tests by the same agency reveal security gaps in time before a hacker does it
- An SSL certificate has become a mandatory inventory and it protects data transmission