Owning a website comes with a responsibility to maintain its security. If your website is hosted by a professional web-hosting company, then you will most likely share that responsibility. Most aspects of monitoring for viruses, malware, hacking and attacks on the server(s) would be provided by the web-hosting company, but you should understand the scope and the limits of the monitoring provided. You also need to be vigilant for any signs of hacking or attempted hacking. Besides obvious signs, such as website defacement, here are some things to watch for to ensure the health and long life of your business online. This article is written mainly for owners of Content Management System (CMS) websites, such CMS as Drupal or WordPress. However, most signs of hacking are applicable across all website frameworks:
- Unknown administrative accounts or changes to permissions in user accounts in your website’s Content Management System (CMS) are obvious signs that an unauthorized person has gained access to your website’s CMS. If you are unable to log in, you should also consider that an unauthorized entity has gained access to your website’s administration.
- Suspicious or unrecognized user accounts in your website’s administration (CMS or otherwise), especially if your website doesn’t allow user registration, could mean that your website has been compromised.
- Changes to your website’s configuration that you don’t recognize should be noted. Changes that were not made by you or your webmaster(s) need to be investigated as potential hacks.
- An increase in bounced spam for your website’s domain could mean that your website is being used by someone or something to send out spam.
- A sudden drop in website traffic could indicate that your website has been hijacked by malware or Trojans that redirect your website’s traffic to another website.
- Bad links added to your website would be the result of data injection, and you will need to address the backdoor used for it.
- Popups or pop-under ads that you didn’t build or approve hijack your website’s traffic by showing spam ads to people visiting your website, and they are an indicator of a hacked website.
- Incorrect page titles or incorrect meta descriptions for your pages in search-engine results are a sign that your website has been hacked and injected with malicious code which modifies your site data in a way that is only visible to search engines.
- Suspicious scheduled tasks in your website’s CMS, such as clearing log files or purging orders, would indicate a hack that exploits scheduled tasks to execute commands on behalf of a hacker. (Note: A scheduled task may be labeled as a "cron job" or simply a "cron" in your site’s CMS.)
- Unrecognized updates and upgrades to you website’s core software, such as Drupal or WordPress, or in your website’s modules or plug-ins should raise your suspicion, because hackers often patch the very website they just hacked.
It takes experienced webmasters to verify the health of your website or to clean a compromised website, so contact your webmaster if you have any doubts about your website’s health status. In the meantime, check with Google if you think your website may have been hacked. To do this, go to: http://www.google.com/safebrowsing/diagnostic?site=yourdomain.com (replace "yourdomain.com" with your actual domain name). Checking the foregoing site is by no means is a complete check for hacks, malware or viruses, but Google will pick up on many major issues that affect visitors to your website.
Remember, if your website runs on a Content Management System, such as Drupal or WordPress, the simplest and cheapest way to keep it secure is to keep the software that powers it up to date, including the core software, plug-ins, themes, modules, and scripts. Non-CMS website owners also need to keep all software and scripts that power the website up to date.