Find answers to your questions

Documentation

How small sites can get hacked

  • 0

If you think your site will not be hacked since it's too small to matter, reconsider. This is an incorrect and unsafe assumption that a lot of small businesses take until it is too late.

Many site owners think that hackers are only interested in popular, highly-ranked websites. They are wrong.

In terms of visibility, high traffic volume improves partner program revenue by redirecting visitors to other sites, getting more views of unapproved advertisements and attracting more clicks to rogue links. But that's not the only way hackers can generate income.

Vulnerable websites with low traffic volume can also attract hackers. The only difference here is how hackers generate their income. Any typical site, with an audience of just 30 visitors a day, can still be threatened by hacking and infection.

How hackers use hacked websites

Hackers don't need prominent, high-traffic sites to do damage. They may not be interested in the website itself, but in the server where the site is hosted. Hackers will be able to set up spambots or a phishing page for stealing customer data. The number of visitors to the website does not matter - traffic is either not required, or it can be produced another way.

A hacked site, of any size, can also be used as a personal hosting resource. Hackers require a place to keep contaminated files, such as .apk archives, which can infect mobile phones running on the Android operating system. Once on the device, the infection will cause traffic redirection. In other words, your hacked site was just used as a transmission vector, spreading a virus without showing any symptoms itself.

Attackers can use hacked websites as a base for launching attacks on other sites, such as brute force or DoS attacks. Or they may use them as an intermediate step, rerouting visitors to other infected websites. In shared hosting environments, a hacked website threatens all the other sites on that server.

The hacker's primary motive is monetary gain. To manage attacks, a professional hacker will need either a server or a hosting account. Hosting accounts are preferred since they are more profitable - it is cheaper and more secure to hack into one account and gain access to a couple of thousand small unprotected websites than it is to rent/buy an expensive fault-tolerant dedicated server.

It will be the responsibility of the owner of the website to deal with the effects of intrusion. Whether spam, phishing, or infection, all unauthorized actions are restricted by hosting business and search engines. A normal web hosting company (like Nuagerie) will block websites when the owners violate the hosting platform's terms of service. Online search engines will also release warning messages, showing that the site may contain phishing content, which means visiting the website will risk exposing a user's personal details. As a result, website visitors will lose confidence in it and the owner of the site will get in deep trouble or potentially go out of business.

What to do

Understand that security problems will always exist, which means even small websites with low traffic will be at risk without malware and antivirus protection. It is always less expensive and less agonizing to protect the site proactively. If you have an issue and you urgently need help, make sure to get in contact with security specialists and do not try to fix it yourself, especially if you are unsure. Inadequate security coverage leads to websites being reinfected or harmful code being eliminated incorrectly, which ultimately leads to a site crash or destruction of data.

For more information about keeping your website or server safe from attacks, make sure to visit our Imunify360 page or contact our agents at any time by opening a support ticket or using our live chat feature.

Related Articles

Is it good to block ICMP requests? The Problem Many network administrators feel that ICMP is a security risk, and should therefore always be blocked at the firewall. It is true that ICMP does have some security issues associated with it, and that a lot of ICMP should be blocked. But that's no reason to block all ICMP traffic! ICMP has many... My Account has been Hacked! Important Information An account is considered pirated (or hacked) when an unauthorized individual (or automated software, such as a virus) has compromised its security measures in order to retrieve information, deface/alter its contents, or use it as a platform for further attacks.   Why would someone want to hack my web site?... Not Secure warning in Google Chrome Starting July 2018, the Google Chrome web browser will display an 'insecure' warning to visitors of any site that does not have an SSL certificate configured. You can see this by clicking the warning icon in the URL bar to the left of your domain. It appears like this: This means you should... Passwords Overview The ability to create a strong password is an underrated tool that should be taken more seriously. Just think, sometimes all that stands between a serious personal threat and your sensitive information is a username and password. That's why it's so important to have a unique form of identification... What to do if your WordPress Website was Hacked WordPress is the world's most preferred way to build internet sites, with nearly 30% of all websites powered by the popular CMS. It's no wonder that the company behind WordPress i.e. Automattic, has a highly skilled and experienced group of developers called the 'WordPress Core Team'. You can...