Sometimes websites get hacked into. When this happens it can cause a great deal of distress, not only for the website owner but also for the hosting provider and also for visitors to the website if the hack results in a phishing scam. Sometimes a website hack can be obvious because the intention of the hacker was to cause disruption to your site, but at other times hacking can go unnoticed, especially if the hacker wanted to use your domain as a base for a phishing scam.
A phishing scam is where somebody installs files on a website and makes that site look like another website like PayPal or Yahoo! We’ve all received phishing emails that tell us there was some kind of irregular activity on our account and we need to login to set things right. The email will usually contain a link to a phishing site which is made to look like a website belonging to PayPal or an online bank. When you try to login the hackers steal your login details, then use those details to login to your real online bank account and steal your money.
If you own a website there is the possibility that one day a hacker may try to use your website as a base for such a phishing scam. If this happens your site can very quickly become listed on websites like PhishTank.com and anyone using a browser security plugin could find themselves greeted by a rather scary warning message whenever they visit your site.
So what can you do to prevent your site from being hacked?
- If you have FTP login details for your website, make sure you keep those details safe – wherever possible encrypt the data.
- Get into the habit of regularly changing your FTP login details
- Memorise your login details if you have a WordPress installation.
- Keep your computer anti-virus software up to date and run regular spyware and malware scans.
There are two main ways that a website can be hacked into: through someone stealing your login details; or through a vulnerability in a script that has been installed on your website.
Stolen Login Details
Login details for FTP or for WordPress are usually stolen when your computer becomes infected with spyware which records your username and password when you login. Password stealing programs can get onto your computer in a number of ways:
- Via an infected website
- As an email attachment which gets opened
- Through using Skype or other IM (Instant Messenger) software
If you have a good anti-virus program installed and keep it up to date it should be able to prevent such programs from being installed in the first place.
Script Vulnerabilities
Software such as WordPress and Magento are called scripts. These scripts need to be kept up to date in order to remain protected against the latest threats.