We’ve all heard about the recent Target data breach that happened last December. Over 100 million people were possibly affected and among them was my wife who, like many others, had done some Christmas shopping at Target. It’s a fact of life that people are out there hacking into our systems with the intention of gathering personal data, monetary gains, or just for the fun of it. In the case of Target, there’s really nothing the victims could have done to prevent it, short of never using their credit card. It was entirely up to Target to be the first line of defense. However, when it comes to your website, you are your own first line of defense against hacking.
Why is my site a potential target?
It’s easy to understand why companies like Target, TJX, Adobe, or Twitter have recently been targeted by hackers. They are huge organizations with gigabytes of data to harvest. Why on Earth would hackers bother attacking your website? In the case of those companies I mentioned, the attackers were after data that resided within those systems. When it comes to your website, the vast majority of attackers aren’t after anything on your site. They want to use your site (or more specifically your server) as a tool to spread their own spammy or malicious content. Just recently, attackers used the combined power of 162,000 innocent WordPress sites to launch an attack against a single target site.
There are many kinds of hacks that could happen to your website. Here are a few of the most common types:
- Drive-by Downloads. A drive-by download hack is a bit of code that, when visitors come to your site, attempts to deliver a malicious file to their computer. This can be done by injecting links into your site which starts a download if clicked, or a download can start just by loading your site.
- Traffic redirects. This common hack will redirect visitors to a different site when they try to access yours. Sometimes it’s just about getting traffic to these sites. Other times it can be malicious and the site they are redirected to will attempt to download malware onto the visitor’s computer.
- Pharma Hacks. A pharma hack gets its name from the product it often peddles. Its job is to replace your website’s search results with its spam, usually in the form of prescription drug ads. A pharma hack is particularly nasty because it targets search engines instead of real people which makes it almost invisible. You and your visitors may never see anything, but when a search bot like Googlebot crawls your site, that’s when the hack will inject spammy content into your site. As a result, the product it’s promoting will get a higher ranking in Google search results. Naturally, Google is pretty smart in detecting this, but it comes at the cost of your site’s reputation.
In the end, almost all attackers want to hack your site in order to use your server as an access point to power these (and many other) types of naughty behavior.