Home Pagecheap uk web hostingcheap domains with cheap web hostingcheap web hosting for web designers5 Minute Website Builderquestions about our cheap uk web hostingabout cheapest web hosting ukcontact us for cheap web hostingcheap web hosting support

How to prevent website hacking



Why is there so much hacking going on?
Hacking into websites for the purpose of setting up web-based applications from which to conduct criminal activities has become a mayor industry on the world wide web due to a huge demand by the criminals for server access which cannot be traced back to a fixed address or person. And because police forces either don't have the mandate or the resources to police this type of cross border activity, this industry is growing at an incredible rate. And because illegal server access is often terminated as soon as site owners or data centres detect it, there is an ongoing demand for new hacked account access.

What is hacking?
Hacking is unauthorised use of a computer or network resource. A hacker used to be someone who was seen to be a very skilled programmer. But now (2011), a hacker generally is assumed to be a criminal, although there are skilled programmers who offer their services in order to probe networks and systems for security holes. They too are hackers, but they have permission to break into systems to test for vulnerability and are not referred to as hackers.

It is not just the good guy who builds the nice browser we use, who is a clever programmer. The bad guy who builds hacking software is equally clever. It is also not uncommon for a good guy to join the bad guys because the pay is much better.

Why do sites get hacked?
In the old days, website hacking generally just consisted of changing web page content, in most cases. Hackers were showing off their skills to each other. But as Internet crime grew into an industry, the demand for anonymous server access from which the fraudsters can set up their criminal activities grew too.

The requirement for hosting accounts who's mail servers can be used to mail out spam is the main motive for hacking into website accounts. The reason behind this is that if a hacker purchases a legitimate hosting account for the sole purpose of sending out spam, the webhost will delete the account as soon as it finds out this user is spamming from their servers, because spamming does not only place enormous loads on a shared server which will slow down all the other websites hosted on it and degrade their hosting service, but it often also results in the webhost having his IPs blacklisted which means that most users on the server will be unable to send or receive emails.

The spammer may also be taken to court by the host for breach of contract. However, the spammer could simply purchase another hosting account, but this account will also get deleted very quickly with maybe even more court action against him. It can get very expensive if a spammer has to purchase a new hosting account twice a day, not to mention all the time he has to spend in court. And, if the spam he is sending out is to sell fake Viagra or some other illegal scam, the police may also be knocking on his door. Therefore, ideal hosting access for a spammer who is committing online fraud is from a server who's owner does not know his name or address. That's why hacking is such a huge business. Most hackers do not send out spam, they just sell access to hacked accounts to the spammers.

But spamming is not the only reason for the requirement of hosting accounts. Phishing is now also a huge activity. The way it works is the criminal sets up a web page to look just like the login page of an online bank. In the old days, when you looked at the domain name for the fake login page url, it would appear to look authentic, for example

www.PayPal.com.loginpage_03928834322_0393943-blah-blah_lots_of_numbers.x9internet.com

It is basically a domain name with lots of sub sections in font of it and the url is so long that you could not see the actual domain name right at the end, x9internet.com, as in this example, as it is off the screen on the right and not visible in the location bar. What you do see clearly is the beginning which starts with www.bank-name, so it looked trusting. Then they emailed millions of folks and the naive ones, or newbies, who also happen to bank with that bank, may "log in" with their username and password and date of birth and hat and shoe size and all the stuff the criminals needed to grab your funds, only for this user to find later that the bank must have "made a mistake" because all their money is gone!

But since then the hackers got even better because the modern browsers offered them the opportunity to make this scam even more authentic looking. The new browsers allowed them to fake the url without having to add lots of numbers to shove the real domain name outside the visible field. With these new browsers they are allowed to replace the actual url with a fake url, such as
http://www.natwest.com/account_login/ which is all the victim will see in the browser location bar.

Looks quite authentic and normal, don't you think? And this login page looks just like the one the customer is used to log in every day.

We found out about this trick when using an old classic Macintosh computer. The widget which is being used to hide the real url does not work on an old Mac and we can clearly see the url is pointing to a hacked hosting account.

Some hackers also carry out the actual criminal activity, and those ones are harder to spot because they trickle out their spam in order to not get detected, at least not for a while. But most hackers simply just sell access to hacked accounts to as many spammers and phishers they can find and this often overloads the server which then crashes, taking every single website offline - even the ones which were not hacked into. The spammers don't wait for the server admin chap to restart the server before they carry on with their spamming, they plug software into the hacked account which will check if the server is back online before sending out more spam until it crashes again, and so on. This goes on for as long as it takes for the server admin chap to study log files to figure out which account was compromised.

How do sites get hacked?
Some hosting companies will say hacking is caused by insecure or incorrectly configured servers and will use this line to lure your business away from your current host. Some old-school customers will immediately move to another host when their host announced that a server was compromised because they ignorantly believe their hosting company does not know what it is doing.

The truth is, as soon as you connect a server to an IP address, someone will be connecting to it for the purpose of gaining unlawful entry. Hackers do not target specific users, firms or servers. Their software hunts through a list of IP addresses. If your server IP number happens to be on the list, then your server will become a target.

The best way to hack into a hosting account is not to try and hack into a server because that has become pretty much impossible now, but to look at the software a user may run on his/her hosting account. Any software which can send email is a potential candidate. Wordpress is the most used application and accounts for 19% of all websites on the Internet. When you install Wordpress the software will automatically create the administrator user which is names 'admin' and then you set your preferred password. And because your cat's name is Molly, you figure it cool to use Molly as the password. The criminals who are preparing their hacking software to break into your Wordpress account don't yet know that your password is Molly. But what they will assume is that you never bothered to change the administrator username from admin to something harder to guess. Most people don't bother. So the crooks take a list of registered domains and feed that into their hacking software which will attempt to log into Wordpress as the user 'admin'. Now there is only one layer of protection for your Wordpress site, your password. But the thieves have got that one covered too. Their software runs a combination of dictionary words, and names of cats, and they will have logged into your account in no time at all.

Okay, renaming the username from admin to something hard to guess and also using a secure password with upper and lower case letters and other symbols like the plus and pound sign or underscore, now there is less chance they can brute force their way into your Wordpress account. But the Wordpress Botnets are working on this now.

But there is a much easier way to break into your Wordpress account.

The hackers know that many Wordpress account owners are lazy and just don't bother to update their software. Other folks may install Wordpress to set up an online business, only to find that it is not making money, so they just abandon their site and because they may have prepaid hosting for a whole year, this gives the criminals plenty of time to develop an exploit for that version.

And another easy way for the crooks to get into your Wordpress account is to build a cool plugin which does something nice, then offers it as a free download. You then install the hacker's software in your account and the hacker has access to your site. It's really easy.

As soon as they gain access they can upload and install whatever they like and sell it to the spammers and phishers. That's when your account will be switched off by your host. You cannot submit a support ticket to request that they click something with the mouse to unhack your website. You will have to start rebuilding it from scratch because if you had your site hacked in the first place, you most certainly will also not have made a backup of your content or database. However, you may have signed up for dedicated file backups, but these backups may also be infected because the hacker may have a long list of hacked accounts for which he installed backdoors. He may not get round to selling spammer access for your site for some time, and the server would just backup the backdoors.

It is not just Wordpress which the hackers target. Joomla and a number of ecommerce applications and galleries are also in the firing line. Any popular software which sends email or allows remote uploads is targeted.

Just looking at a web page can get your PC infected and your mail or ftp account hacked.

You may remember the Microsoft Internet Explorer issue from 2010, when Germany's Federal Office for Information Security advised their entire population not to use any version of the Internet Explorer browser. France and Australia did the same. The clever hackers discovered exploits in Microsoft's browser and by creating popular websites, such as free download and porn sites, innocent visitors arrived in their IE browsers and as the page loaded, a clever little bug jumped onto their PC from the website. One such bug, Aurora, allowed the hacker access to companies' internal systems. Another type of bug looks up the ftp and email login details as well as the password, because most folks are lazy and just save the password in the program, because it is so much easier and saves having to use some brain cells trying to remember it without having to spend energy moving those fingers over the keypad.

The bug emails these login details to the hacker and then deletes itself to prevent detection and the criminal installs scripts on the victim's hosting account. These scripts are operated remotely by logging into a url, such as www.yourdomain.com/images/3gif/temp/scamming-page.php and even if you change your ftp password, the hackers who already have their scripts installed, will stay there until the account is deleted by the data centre.


How can I help prevent my site from getting hacked and having to go through the trouble of creating my website from scratch again when it got hacked?
Choose a strong password and keep it safe
I good password which is also easy to remember is your mobile phone number combined with your car registration and followed by a question mark for the first login and perhaps the exclamation mark for a second login, and so on.

Do not save your ftp or mail logins inside the program
This will guarantee a compromise at some point. The feature of allowing you to save your password inside the program should have been removed many years ago.

Keep your software scripts up to date
Installing Wordpress and just let it run on its own is a guaranteed way to invite the hackers. Always check and install updates, patches and new versions. If you are running a CMS or forum, avoid random plugins and only download plugins from websites which you trust.

Keep your PC virus free
A large amount of criminals gain access to your hosting account via a Trojan, Virus or Key Logger which was planted on your PC when you visited a seemingly innocent website, created by the hackers. Internet Explorer users have been exploited in this way. Macintosh users don't have this problem, yet.

Do not use 777 permissions
Assigning this permission to a file or folder is like leaving your front door key under your font door mat. Scripts which were written with security in mind, will still function when you assign 755 to files and folders to which the script needs to write data.

Backup your website
By backing up your entire site regularly and saving all recent recent backups, data loss will be kept to a minimum with only minor work required to rebuild your website on a cleaned hosting account. Unless you have purchased a separate backup service for your hosting account, a hosting company is not responsible for your data.

Don't place blame elsewhere
When your site gets hacked, submitting a support ticket to get your hacked site "fixed" may not be successful. Web hosts are not responsible for websites which are hacked. It really is your responsibility to generate regular backups, to keep your login details safe and to not install components from the Internet from sites which you do not know.


Where can I get a hosting account which will not go offline when another user on the shared server gets his site hacked and the spammers are using up all the server power? I also would like regular backups carried out and saved as restore points, so that if my site gets hacked, all I need to do is to revert to an earlier copy of my site to a time before the hacker got in to plant his back doors all over the place - Click Here >>