If your website got hacked, how would it affect your small business?


Website maintenance falls into two categories:

  • Content updates to keep it topical and current
  • Software updates to keep it secure and stable in an ever changing environment

The first one is usually given priority by most small business website owners and current content and regular updates are important for all sorts of reasons like search engine optimisation and keeping your customers up to date. But really, keeping your hosting and site software up to date should take priority in the interest of keeping your website secure.  

Quite simply ... if it's out of date the hackers will know the vulnerabilities and will know how to get in. All they have to do is find your site. Updates and patches 'plug those holes' and it's important that they're installed regularly.

Most small business owners mistakenly think that their website is low profile and unlikely to be a target and take a 'why would they bother with my little website approach?' I liken it to a situation I experienced a few years ago where my modest and ageing hatchback was broken into while parked in between two very high end and very shiny new cars. Quite simply mine was easier to get into. The other two were secure with alarms and far more up to date and sophisticated security.

Every website is potentially a target irrespective of it's size and out of date software just increases the risk because it's an easy target. Cyber crime is big business and the reasons for hacking into a website are many. If you want to know more about why, you can read about it in an earlier post 'Why do hackers hack?'.

Continue reading
  606 Hits
606 Hits

Why do hackers hack?


I've had to deal with a few hacked websites and this is the question that I get asked most frequently. Why do they do it?

All websites are potentially a target ... however small. The motivation of the hacker is fame and fortune. A hacker isn't necessarily looking for financial details. They want to access your website so that they can use it for various money making activities and also gaining notoriety among the cyber criminal community. There are various financial gains to be had from hacking a website:

  • sending spam
  • adding malware to a website so that information can be stolen from the computers of visitors to your website.
  • phishing activities
  • using your site for their own SEO
  • using your website to attack others on the same hosting account
  • passing on the access to other hackers for financial reward

A hacker is also looking for notoriety among other hackers. They're then able to market themselves within that criminal community.

If a hacker gains access to one website of several on a hosting plan, they may not place malicious code on the original site where they gained access. They're more likely to infect one or more of the other sites on the hosting plan keeping the original point of entry open for future use and re-infection.

Once they've gained access they will install something called a back-door shell in various places on the hosting account giving them access to all the files on that hosting account and therefore access to all the hosted websites. So even if you've managed to locate and remove the original point of entry, the back-door shells provide an alternative means of access so that they can keep on re-infecting your website.

Continue reading
  1021 Hits
1021 Hits

How do you stop your small business website getting hacked?


The bad news is that you probably can't guarantee it never will be. The good news is that there are a lot of simple things you can do to reduce the chances. This post is by no means comprehensive, but its intention is to give you a few 'easy to implement' first steps to help keep things secure.

User Account Names & Passwords

When you're installing your CMS make sure that you pick an obscure username. If you're building your own website and haven't considered security you're very likely to leave the superuser as 'Admin' or some similar default name set during the installation process - after all, we all get fed up with remembering umpteen different combinations of username and password. Don't! Make sure you pick something obscure that cannot be guessed or linked back to you or your website's content. If you leave the superuser account name as the default any potential hacking attempt can be made with brute force tactics on the superuser password.

Once you've picked a strong superuser account name make sure you employ the same principles to your password. Make sure it's unique and you haven't used it elsewhere. There are lots of free tools available for generating passwords. Try http://freepasswordgenerator.com/ which will generate passwords depending on your chosen criteria of letters, numbers and symbols and also of varying length.

If you're still not convinced about unique and strong passwords have a read of this article by VPN Mash ... Secure Passwords 101: Why they matter and how to create them.

Site Software Updates

This is an important one. Once your chosen site software has been 'out there' for a while the weak points will have been identified. Not only by the developers but also the hackers. The CMS developers are constantly patching these and it's very often a simple one-click process to keep it current. Make sure you do. 

Continue reading
  711 Hits
711 Hits

Connect with us

Web Design Twitter Web Design Facebook Web Design LinkedIn


Web Design Unlimited

44 Consultancy Limited
Redbriar House
High Wycombe
HP13 5UY 

Registered in England 7258197

Telephone 01494 474555
Email enquiries@webdesignunlimited.co.uk

FSB logoMem b