Web Site Vandalism on the Rise
No one wants their web site to look like this screenshot of a site I visited today. It was probably pretty easy to hack into.
Although this example is pretty innocuous, it would still shake up your visitors…especially if you have an e-commerce site and are taking credit card payments.
Web defacement is a significant and major threat…Damage can range from loss of customer trust to loss of revenue. An e-retailer can lose considerable patronage if its customers feel its e-business is insecure. Financial institutions, which emphasize security and credibility, may experience significant loss of business and integrity, due to security breaches in their web site.
-Dr. Yona Hollander, Prevent Web Site Defacement
Unfortunately, web site vandalism is up, and many people making are themselves vulnerable simply by being lazy about logins and passwords.
Way too many web site owners use the default “admin” as their login (I’ve been guilty) on WordPress blogs. There is also a tendency to use the blog or company name. Consequently it doesn’t take much thought for a hacker to already be 50% there. On top of that, I am continually amazed at the number of people who use “password” as their password. If not that, then family members’ names, street name, etc. that are easily obtained.
If the above tactics don’t work, sometimes all a hacker has to do is call and say , “Hey, this is George, your system administrator…I need to make an important update to your site before it goes down. I know the login is YourCompanyName but I must be spelling the password wrong.” This is called social engineering and all too often it works. All they need is one piece of information and it’s easy to get the rest.
I’m not going into all the technical ways to protect your site…I’ll leave that to the techies. But there are simple measures you can use to increase security for your WordPress blog or site. Additionally, by putting forth the effort to make your login and password less easy to exploit, you could save yourself a lot of grief, as well as loss of business.
Search Amazon
Hi from what I understand you can’t change the default name “admin” from the username of a wordpress blog, just the password. Would be grateful if you know how to change it if you could do a post outlining how to make the change.
Having done programming the security world I know firsthand that security is very hard / impossible to ensure. However, there are some things you can do to minimize your security risks.
I hope none of us reading this ever have major problems like this.
Thanks for the reminder to keep our passwords strong and our software up to date.
Georges last blog post..Make Money Money Online With No Investment – No Product – No Expertise?
Yikes! I would be pretty ticked off if someone hacked into my blog or website. I agree that you would lose immediate credibility with your customers and clients.
On a similar note, be careful with letting domains expire. A friend of mine had to give up his real estate domain because of a Realtor® trademark violation and it got picked up by a porn company. It ended up reflecting pretty poorly on his real estate business.
Ryan Martins last blog post..Real Estate Bellingham Washington
This actually happened to one of my sites. It’s actually a blog site. So what I did is I switched to blogsite. It doesn’t make my website sound professional, but I get the security I need. I’m so scared now of putting up ecommerce sites. Is this a problem with the hosting service or what?
Reeses last blog post..Keanu’s The Day the Earth Stood Still New Poster
Second post in a row on this topic. It certainly is becoming more of a reality day to day.
Dennis Edells last blog post..Banners Ads or Text Links?
The last website that I saw hacked, had a shark image on it, I always wonder though, how it exactly got hacked. Wether it was a (too common) password, or if it was some kinda of fault on the server it was being hosted on.
Boris Saids last blog post..Boris Said Daytona 500
Iam newbie, but thanks for ur blog
THia Bebss last blog post..Article: The History of St. Valentine’s Day
Glad to see someone else is giving this message out. I also have clients who leave their username and password as the default and it kills me every time. Spread the word!
Casey
Grand Rapids Web Designs last blog post..First Web Design Tool
if someone is using “password” as his password, his site should be hacked!
aniroy1986s last blog post..New Beta Interface For Google AdWords
I have a few Joomla based sites which also got vandalized.
what they did was replace the config file of the site or just plant an index.html file on our server.
Luckily all our sites are backed up and is took 1 second to fix these problems.
My site was hacked last december actually, webhosting company said my FTP client was the gateway of the culprits, and yes it was vandalized. I have since then tightened up my belt. Hope my experience serves as a lesson for all of us.We need this type of reminder every now and then.
Its a wake-up call to pay more attention. Its ashamed that people will do this knowing they are hurting someone. I guess these people are very hard to catch.
Thanks for the update
Eric- New Orleans Cos last blog post..What is the Difference in Condo and a Town-Home ? How do you Know?
@UK Van leasing – your wish is my command! I just posted it.
@George – me too!
@Ryan – you are absolutely right about that.
@Reese – I would think it’s more a problem of the site owner not being careful about security. Hosting services try to be very tight about security.
@Dennis – it sure is!
@Boris Said – you never know, especially if it was their own server.
@Casey – it happens far too often, unfortunately.
@aniroy1986 – it does seem like they’re asking for it, doesn’t it!
@קידום אתרים – good job! That shows how important backups are.
@Swarovski Crystals – wow, that’s too bad. I need to work on my own sites to make them more secure.
@Eric – I think they’re most likely impossible to catch!
Thanks for the wake up call.In times of peace, we forget about our site’s security. It’s time to make some fortifications now.
Clements last blog post..Do not be deceived, Google Adsense really pays!
Seems like a dedicated hacker could just get a job at a web host and have access to people’s passwords. Makes me uneasy when I have to hand over my password for tech support. But this stuff is going to get worse. They were able to hack into the Super Bowl. Someone’s little WordPress site is certainly an easier target.
My site was recently hacked. It was an awful experience I can say. I should protect it better now
hi Kay,
That screen shot of the hacked site is perfect, because literally it spells out what I think of hackers. Look at the three letters following “hacked by”… heck, they even repeat the word in the next three letters. That’s exactly what hackers are. ~ Steve, the I-see-things-in-letters trade show guru
Trade Show Gurus last blog post..Trade Show Zombies
i actually encountered this kind of scenario,,thanks for the latest updates
vandalism is definately on the rise and some cms are being targeted more than others – anyone with a joomla site will know but keeping updated and just being vigilant should do the trick.
It’s a nightmare when your site gets hacked and spammed to death. I love working on the net but this is something that can you drive you nuts. People should def take the time to learn how to avoid these issues.
Kierans last blog post..Keywords Research and Discovery
Now a days, saving ones site from hacking is major task for website owners. They tell their technical staff to make their site almost hack proof . But normally they forget these small things, you have written above. Lots of our clients’ sites are technically very sound, but still they are using ‘admin’ as their user name, and some silly words as password. I think I need to send link of this article to educate them
.
The last website that I saw hacked, had a shark image on it, I always wonder though, how it exactly got hacked. Wether it was a (too common) password, or if it was some kinda of fault on the server it was being hosted on.
It is a good one and i wish u best of luck but, now a days saving ones site from hacking is major task for website owners. They tell their technical staff to make their site almost hack proof .
This is a great post. One of the best ways to avoid big damages done by hackers is to backup all your files and all your databases. You can use a pendrive or a dvd, or you can save the backup files on your computer. If somebody hacks your stie all you need to do is re-install all the files.
Jimmys last blog post..Save Money With Discount Codes
That should be a disaster, we should think about increased security, but hackers become much clever, if there is no hard work to hack bank systems and even some military, do you think we will be safe?
Picking good passwords is important.The crackers have lists of common passwords and just automatically try them all. An amazing number of systems can be cracked just by trying the most common thousand passwords.
But how do you know what is a good one.
A simple technique is a follows. Pick 2 or 3 unrelated words, of at least 5 letters each and separate them by punctuation symbol. The resulting password will not show up in any dictionary of common passwords and is still easy to remember.
There are about 10,000 possible 5 letter words, and 32 punctuation symbols for over 3 billion possible passwords. A cracker would need to be desperate to try that many combinations.
My blog has been hacked once, weird java scripts used to show on the website…its very important to protect your plugins folder..it is a common hack.
Online Businesss last blog post..Internet Entrepreneur from India: Abhishek’s Rungta Interview
Very interesting post. I’m guilty of leaving my username as the default, I’d never even thought of changing it until now. I guess you wouldn’t treat your bank account with such complacency. I’ll check out your how to guide right now!
i just couldnt imagine what would happen to an ecommerce site if i see the screenshot you had posted here.
Thanks for Sharing!
Your site is Cool and Awesome..Hope we can exchange links.I have already added you in my list.
Thank you.
i just couldnt imagine what would happen to an ecommerce site if i see the screenshot you had posted here.
I run into sites that have been vandalised from time to time, you have to feel sorry for the webmasters and you got to wonder why people do such things.
Sams last blog post..New SEO Tools List Added.
One of the things I’ve learned about wordpress blogs is that you need to watch what you have permissions set for – especially in your .htaccess file. The higher the permissions number, the bigger chance you have of someone getting in.
I think bad hosts are often infected with these attacks. Recently i saw a bunch of websites all with cloaking links to iphoneunlock .
About passwords, u should always change default passwords. Never use terms like : “Password”, “admin” or something like that. Also never use the name of your children, social security number, phone number or birthday. Use a combination of uppercase and lowercase letters combined with numbers.
Your points are absolutely correct. Unfortunately at present many times websites are hacked by people for various reasons. For example, selecting easy to guess hosting passwords is a mistake many people make.
The second idea is scanning computers on a regular basis and from time to time to remedy the security flaws.
its very important to protect your plugins folder..it is a common hack.
One of these days our public security forces will be more advanced that the kiddies who do the hacking/defacing of other people’s stuff just for the fun of it.
I pray that day comes soon~!
Frank
Ouch, i cant imaging how mad i’d be if someone hacks my site. My friend had his site hacked not too long ago, they deleted the database. good thing he had a backup.
First time i heat this word,but like the sense
Web defacement is a significant and major threat…Damage can range from loss of customer trust to loss of revenue. An e-retailer can lose considerable patronage if its customers feel its e-business is insecure. Financial institutions, which emphasize security and credibility, may experience significant loss of business and integrity, due to security breaches in their web site.
seo londons last blog post..Logic Softs No Description
That was kind of ridiculous. Thanks for the useful information and link. I will definitely check it out soon. Thanks for sharing.
We need to maintain security measures for the authentication of secret passwords or if any need to be in confidential. I support this review on security..
Dinissses last blog post..Ponce, Puerto Rico
@Dinissse – thanks for your comment!
It is necessery to password your own resources, but it is the secon price.
Wow, that would be terrible to have your site hacked, but people need to take it upon themselves to use secure passwords. I like using a program called Password Safe, it not only stores your passwords on your desktop, but it can generate random passwords that no one would ever be able to guess. I’m going to go read your post about changing your wordpress login. Thanks for the info!
Diet Blogs last blog post..The Importance Of pH In Our Diet
It’s very hard when your site is hacked by this monsters. Datas lots, information altered, just great.
Free Banner Makers last blog post..Banner Ad Designers
I can not believe how many people use admin or simple passowrds for thier own site or even other things online. Thisis the easiest thing people can steal from you so make sure to take care of any info you use online or accounts.
Phone services last blog post..Broadband phone voip service.