There are three words that can cause an organisation’s blood to run cold. No, they’re not “we’re being audited” or “we’re closing down” – though those are bad enough, but fortunately they are not very commonly uttered. The three words I’m referring to are “we’ve been hacked”.
It seems that more and more frequently Expert is being contacted by organisations whose websites have been hacked. They’re not our clients at this point and they’ve generally contacted us because they can’t get hold of the person or company that built their website in the first place. Seems a bit odd, you’re probably thinking, but here’s a clue – they’re all created in Word Press.
From our experience, there are two main reasons for this phenomenon – the first is that a lot of Word Press websites were built by self-taught web dabblers, often one-person bands who have since moved on to other activities, and the second is that security of Word Press websites is a major concern.
Word Press is an open source product. When a website is built using an open source product the platform used is the current version of the software and this is usually, or very often, Word Press. The very nature of open source software is that software developers can keep adding to or improving the code, and being ‘open source’ means that anyone with a little bit of software development knowledge can access the code. Even the bad guys.
When open source sites get hacked by the bad guys, steps are taken to apply security patches to remove the security breaches, however if the patching isn’t undertaken when updates are released, or if the base code has been modified to suit an organisation’s specific needs, great big holes remain.
Another problem is that because the source code is open and shared, it’s not just the good guys who get to see it. Open source security vulnerabilities are published on the internet and all that is required to find vulnerabilities is to compare the source code for the latest release against previous releases. Then you can easily compromise any website that hasn’t been patched to the latest version.
And it gets worse when someone publishes how to exploit a site, for example, this site which gives step by step instructions on accessing a Dot Net Nuke website as a system administrator.
Depending on the security vulnerability, you can potentially gain access to user data, regardless of how secure that database is locked down. The hacker can see whatever the user is permissioned to access.
Hacking can result in many different results for different websites – there are pages and pages of information about hacking on Google, including learning how to hack a website, how to hack website admin passwords, and there’s even hacking tutorials! Then there are pages and pages of listings on repairing a hacked website – most seem to mention Word Press - and of course there are pages of sites dedicated to selling services for Word Press sites that have been hacked. It seems that cleaning up and booting out hackers from your website is really big business. Conspiracy theorists might wonder if there’s some sort of connection between those that hack and those that provide clean-up services to those who have been hacked.
Experience has shown us that a lot of organisations don’t want to risk using an online hack-repairer to fix their site. This is possibly due to a trust issue, especially when the repairer is off-shore and unknown to the hacked organisation, so we’ve found that quite a few tend to come to Expert to sort things out for them instead.
Another problem often encountered when a website is hacked is tracking down the actual host and knowing what the correct login details are for the site. Word Press is extremely limiting as to what can be done from the admin area, and if the original website creator is no longer operating and can’t be contacted, this in itself can suck up a lot of time. Another problem can be down to the plug-ins that have been used on open-source sites which subsequently haven’t had their licenses renewed.
One of the sinister things that can happen to your hacked website is it being compromised by scammers who use your URL to send out scams and undertake phishing attacks without you having any knowledge of it happening – tech support ones are probably the most common. To learn more about how this is done check out this article.
Regardless of how you’ve been hacked, chances are it will take a fair amount of time for life to get back to normal for your organisation, and in the meantime you need to be able to let your site visitors know that despite not having a clean and functioning website, it’s still ‘business as usual’ for your organisation.
Depending on how long your site is down, you might want to consider creating a temporary page. We can create a mini site on our server with a splash page using your current branding (usually mentioning maintenance) and showing contact details for the time being. Your DNS (domain name server) can be pointed to this site, so you at least maintain a website presence while all the repair and rebuild work is going on.
We’ve found that once we’ve recovered the hacked site, we can usually rebuild it using the existing content and images, and of course by rebuilding it in MoST, clients can be assured that they will not have to experience the anguish of being hacked again.
In this scam-riddled, on-line world that we live in, this is just another obstacle to contend with, but one we can all do without.
Important note to Expert’s MoST clients: we know that as a MoST user you’ll be unaffected by hackers of open-source websites, but you probably know others who are not so lucky. Feel free to share this information with them and we’re happy to talk to anyone who is concerned with website hacking.