Is Your Site Hacked?
Spot the Subtle and Not-So-Subtle Signs
The Australian Cyber Security Centre reports that the average cost of a cyberattack to Australian businesses ranges from $39,000 to $88,000 in direct damages. Here’s how to save yourself thousands of dollars in damages by spotting the telltale signs of a hacked website and taking the necessary precautions.
But First, a Word to the Wise
No news isn’t always good news
Much like a slow leak in a tyre, unseen threats to website health can go unnoticed until they become a major breakdown. Their covert nature is what makes them so dangerous. It’s important to remember that a website that looks perfectly fine on the surface can still have silent sabotage under the surface. This is why taking proactive and preventive action with regular site scans and a strong security package is crucial to your site’s well-being.
If you are worried that your site might already be hacked, here’s a guide on the most critical clues to look for.
Unexpected Content Changes
Your website is like your storefront or office space, but online. Just like you’d be concerned if you found items rearranged or new items appearing overnight in your physical business space, unexpected changes on your website should raise immediate red flags.
If you or your users suddenly notice strange text or images on your website, chances are that your site has been defaced by hackers. Hackers do this just to show off, and often resort to including profanity and obscene material on defaced sites. Note that these types of hacks are relatively less common these days, as most hackers prefer to operate under the radar.
While it is a good idea to regularly monitor your website’s pages to ensure that everything looks as it should, remember that most hacks may not have such obvious visible signs.
Unexpected Pop-ups and Ads
If a visit to your site suddenly brings up pop-up ads, especially inappropriate or irrelevant ones, there’s a good chance your website has been compromised. These ads can be irritating to your visitors and can harm your reputation. Monitor your site regularly to ensure that no unsolicited ads appear.
New, Missing, or Changed Content
Discovering new articles, or regular pages being replaced with different content that you didn’t authorise, should be a concern. Hackers often add links to unrelated websites amongst your text. If you discover a long list of links, or hidden links that are coloured the same as the background or set in a tiny size, then these are clear indicators of hacking.
Having a system that logs and tracks all user activity, and notifies you of suspicious behaviour and logins, can help you detect sabotage. An effective website security solution can help automate this monitoring.
User Experience Distortions
If users are suddenly unable to access your site in particular, while other sites work normally, this might be a sign of a network or DDoS attack.
If visitors are redirected to other sites, especially unrelated or malicious ones, it’s a clear sign of compromise. Often, these redirects will take users to phishing sites, ad-filled pages, or other hazardous destinations. Make it a practice to occasionally test your website’s navigation to ensure users land where they’re supposed to.
Unusual Download Prompts
Malicious software often tries to disguise itself as legitimate downloads. If your visitors are being prompted to download unexpected files or software, this could be a sign of a security breach. Always make sure any downloadable content on your site is intentional and safe.
When your regular users or clients experience difficulties accessing their accounts, or report that their credentials are no longer valid on your website, it might be indicative of a break-in. Ensure that your login process works smoothly and that users aren’t locked out without reason.
Suspicious Email Activity
Your business email is a lifeline for communication with clients, vendors, and partners. When something’s amiss in this arena, it can not only disrupt operations but also damage trust.
Hackers can craft emails that appear to come from your business, asking recipients for personal information or to click on unsafe links. Regularly remind your clients and subscribers to be cautious of emails asking for personal data, even if they appear to come from you. And always encourage them to reach out and verify if in doubt.
An alert from your mail service about abnormally high usage levels on your mail server is a bad sign. It suggests someone might be using your email system to send out spam or malicious content. Always investigate unexplained bursts of mailouts.
Complaints from Users
If your users contact you about suspicious or unexpected emails claiming to be from your business, take it seriously. This could be a sign of someone spoofing your domain or that your email server has been compromised. Maintain an open line of communication with your user base, and appreciate their feedback in such scenarios.
Excessive Server Resource Use
Your website’s server is like the engine room of a ship, ensuring everything runs smoothly on deck. However, if the engine starts consuming too much fuel (resources) without any apparent reason, it’s a cause for concern.
Unusual CPU Usage Spikes
Regularly check your server’s CPU usage. If you notice sudden and unexplained spikes, especially during off-peak hours, it could suggest unwanted processes running in the background, such as unauthorised cryptocurrency mining.
Increased Bandwidth Consumption
A sudden surge in bandwidth use, without a correlating increase in genuine visitor traffic, can be indicative of a breach. This could be due to data being syphoned off or other malicious activities.
Storage Space Depletion
If your allocated server storage runs out unexpectedly, it could be because of unwarranted data dumps or files being hosted for malicious purposes. Regularly review your storage use and be wary of unfamiliar files or unusual data accumulation.
Unauthorised Admin Activity
Any unexpected activity displayed on your admin area dashboards should be treated with the utmost seriousness.
Mystery User Accounts
Finding new admin accounts that you didn’t create is a glaring sign that someone else might have access to your website’s backend. Regularly audit user accounts, especially those with administrative privileges.
Unexpected Setting Changes
From changed passwords to altered website settings, any modification that wasn’t initiated by an authorised person is suspicious. Periodically review your website’s configurations to ensure they align with your intentions.
Unfamiliar Plugins or Themes
If you find new plugins, themes, or extensions installed on your website that you didn’t authorise, it could be an attempt to create backdoors or vulnerabilities. Ensure you only have necessary and trusted plugins or themes active on your site.
Your online reputation is invaluable. Any alerts or flags associated with your business’s digital presence can severely damage trust and credibility.
Search Engine Warnings
Search engines like Google actively scan and flag websites they believe may be compromised. If you see warnings like “This site may be hacked” when your business appears in search results, it’s a clear sign of trouble.
Feedback from Users
Sometimes, your visitors can be the first to spot something off about your website. If they report seeing odd ads, unexpected redirects, or any other suspicious activity, it’s vital to investigate immediately.
Several online platforms and security tools maintain blacklists of sites known to host malicious content. If your website ends up on one of these lists, it’s crucial to address the root cause promptly and get it removed. Lime’s Advanced Security package includes checks for Spamvertising, Spam and Blocklisting.