Keep those hackers away!

Sylwia Lukjanowska, web developer at Blackpool-based full-service agency, Happy Creative, discusses how hackers are looking for holes in your website which could potentially harm your business.

Nowadays, any website can become the target of a hacker. From little known blogs to robust eCommerce sites, hackers are always looking for an easy access. Private information may not be the only thing that hackers are looking for. In fact, a large portion of website hacks is nothing more than breaking the pages.

These are some of the most common ways and reasons why your website could become the next target.

Brute Force Attack

In simple words, Brute Force Attack, is when a hacker tries combinations of usernames and passwords as long as he or she gets an access to your site.

Our advice, protect yourself, your customers and your website. Never use a “admin” username. Never use password like “12345”.

In most instances, the Brute Force attacks are not manual, instead they are being randomly executed by supporting bots, part of larger networks. They’re configured to randomly crawl the web and trying to get access to websites’ back-end.

According to sucuri.net, the top three usernames people use to protect their websites are:

Admin – 84 per cent Administrator – 4 per cent Root – 4 per cent And top 3 passwords are:

password – 14 per cent admin – 10 per cent 123456 – 6 per cent If you use login details similar to above, for a hacker or a bot, it will be a matter of seconds to get your site’s login details.

Phishing Emails

“Phishing” refers to emails that attempts to fraudulently acquire personal information from you, such as your account password or credit card information. The email may appear to be from a legitimate company or individual, but it’s not.

As a general rule, never send credit card information, account passwords, or extensive personal information in an email unless you verify that the recipient is who they claim to be. Many companies have policies that state they will never ask for that kind of information from their customers by email.

If you receive a huge amount of spam, the best you can do is not to open it. But if you’re very curious and have an urge to open them, be very cautious of links and attachments inside of them. Many of them can take you to sites which straight away will install various cookies on your machine in order to get your personal details or even control your machine!

Outdated Scripts and Software

Scripts are often used to develop a website to control everything from graphics to databases. They are also a common element for hackers to get an access to the website. Outdated installation scripts for web-based applications, plugins and add-ons can open the doors to hackers.

It’s highly important that you always keep all plugins, CMS version and extensions up to date. Code you use to develop your website or application has to be valid and according to latest standards.

If you’re unsure how to update scripts or code, ask your web developer for help.

Personal Computer Security

When a personal computer is hacked, the attack could include stealing saved information for websites and logins. These hacks on your machine can come from compromised websites, infected software or through bots scanning various IP addresses looking for weaknesses.

Also, it’s important that you use private, password protected network, instead of public one when logging in to your website.

How to remove malicious code?

If you have a clean backup of your site’s contents, you may be able to restore the site by re-uploading all of the site’s files—including your website software (WordPress, Drupal, other). When doing this, make sure that you are using the latest version of your site’s software. Be aware that you may be overwriting files that have changed since your last backup.

If you do not have a clean backup of your site, manual removal of the bad code may be the best option. Once you have located malicious code, removing it can be as simple as deleting it from all files in which it appears. You should be sure to check for some hidden files where hackers could “inject” some bad code. Remember, that always prevention is a much better solution than fixing. Ask your web developer for any maintenance packages which will keep your website safe and secure.