One question we get a lot around here is: Why do hackers hack? The simplest answer is, well, lots of reasons. And a majority of them aren’t good. Shocking, we know.
If you find your website has become a target, more than likely it’s for one of the following reasons: distributing malware, using your site to attack other sites, spamming the internet, or stealing information.
Steal? What’s to steal, precious? Welp, hackers may be looking to acquire a variety of things when they attempt to digitally chisel their way into your site and server. Things like:
- Credit card information for online transactions
- Contact info to be sold to unethical marketers
- Usernames and passwords to access and take over your server resources
Absent information to take, they may leave something behind. Hackers can inject malicious code into your site to execute “malvertising” or affiliate spam directed at your visitors. Alternatively, code can create SEO spam directed at search engines.
In some cases, hackers may be scheming to use your server as a resource for a larger hack. More computers equal more processing power and quicker results. Ever hear of SETI@home? It’s a scientific experiment based at UC Berkeley that recruits Internet-connected computers to join the Search for Extraterrestrial Intelligence (SETI). Participants run a free program on their home computers to help with the analyzation of radio telescope data.
Hackers do the same thing, amassing a network of machines—albeit without permission—for a common, nefarious purpose. Multiple hacked servers mean more power and more bad things. Same principle, less aliens.
We’ve covered this before when it comes to WordPress sites, but here are some ways to combat and prevent these types of intrusion attempts—no matter what platform your site is built on.
Always have an SSL certificate in place and active for your website. Keep on top of it. Constant vigilance.
You need strong passwords for everything. That means the trickiest of credentials for your content management system (CMS), hosting account, registrar, FTP, database and any email accounts associated with those things.
Two Factor Authentication
Enable this option wherever it is offered. Seriously. Sure, it could be an added inconvenience for you when you have confirm logins on your phone each time you log in somewhere. But trust us, it’s far less inconvenient than cleaning up and restoring your site after it’s been infiltrated by a legion of covert hackers.