Why do small sites get hacked?

small-sites3

If you think your site won't be hacked because it's too small to matter, think again. I'll show why that is a false and dangerous assumption.

Many site owners and webmasters think that hackers only care about popular, highly-ranked websites. They are wrong.

High traffic volume helps boost earnings on partner programs by redirecting visitors to other sites, gets more views of unauthorized advertisements and attracts more clicks on rogue links. But that is not the only way hackers make money.

Unprotected sites with low traffic volume are equally attractive to hackers. It is the way they are used that differs from how hackers monetize more popular websites. Any normal site, with an audience of as little as 30 visitors a day, can still be threatened by hacking and infection. 

"It's the competitor's fault"—A Case Study

The first thing that enters the mind of the owner of a hacked site is: "My competitor did this!"

This is a common reaction. Site owners can think of no other reason their small, innocent site would be a target. Here's an illustration of what I mean.

I was once contacted by a customer with a family-run, brick-and-mortar business in a small town. Their WordPress-based website provided local advertising, contact details, and little else. It was poorly maintained with a very old and out-of-date WordPress installation.

This site had fallen victim to a well-known and critical WordPress vulnerability (soaksoak) in the Slider Revolution (revslider) component. As a result, the site was hacked. Specifically, a set of scripts had been inserted into the WordPress back end, making it part of a spam botnet. The hackers also left behind some useful web shells and back doors for further hacking.

This small business owner noticed nothing until the site was blocked by their hosting provider for 'exceeding resources for tier'. The hosting provider also reminded the site operator (my client) that it was their responsibility to perform anti-virus and anti-malware scanning.

Once I had detected and cleaned out the site, the owner told me she intended to "begin legal proceedings". Not against me, but against a competitor, who just happened to be in the same street and same line of business.

I explained a little of how hackers work and that it was most likely not the work of her local 'nemesis'.

The reply: "But who else would want to hack such a small site like mine?"

How hackers use hacked sites

Hackers don't need high-profile, high-traffic sites to do damage. They may not be interested in the site itself, but in the hosting resource on which it resides. They want it for setting up spam bots, or to install a phishing page for stealing customer data. The number of visitors to the site does not matter—traffic is either not needed, or it can be generated another way.

Another way hackers use a hacked site, of any size, is as their own hosting resource. Hackers need a place to store infected files, such as .apk archives, which can infect mobile devices running the Android operating system. Once on the device, the infection causes redirection of traffic. In the language of medical contagion, your hacked site was just used as a transmission vector, spreading a virus without showing any symptoms itself.

In other cases, attackers can use hacked sites as a base for launching attacks on other sites, such as brute force or DoS attacks. Or they may use them as an intermediate step, redirecting visitors to other infected sites. In shared hosting environments, a hacked site threatens all neighbors on that server.

The hacker's main motive is monetary gain. To orchestrate attacks, you need either a server (or group of servers), or a hosting account. Hackers prefer hosting accounts because they are more profitable—it is cheaper and safer to hack into one account and gain access to a couple of thousand small unprotected sites than it is to rent or buy an expensive fault-tolerant server.

It is the owner of the site who has to deal with the consequences of intrusion. Whether spam, phishing, or infection, all unauthorized actions are restricted by hosting companies and search engines. A hoster blocks websites when their owners violate the hosting platform's terms of service. Search engines issue warning messages, indicating that the site may contain phishing content and a visit to the site runs the risk of revealing a user's personal information. As a result, visitors to the site lose confidence in it, while the owner of the site gets an unnecessary headache, or worse, goes out of business.

What should you do?

  1. Realize that security problems exist and that even small websites with low visitor numbers are at risk.
  2. It is always cheaper and less painful to protect the site proactively. Skilled experts should be engaged to install site protection software.
  3. If you are already faced with a problem and you urgently need help, get in contact with security professionals and do not engage in 'self-service treatment', especially if you are unskilled in these areas. Inadequate safety expertise leads to sites being reinfected or malicious code being removed incorrectly, which ultimately leads to the destruction of the site.

Imunify360 is a complete security solution for web hosters. To learn more, visit Imunify360.com.

New ISPmanager Lite panel with ImunifyAV
Opsani VCTR is now Imunify QuickPatch, the free, v...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 19 December 2018

Captcha Image