If you've recently looked at your site only to find that it is unexpectedly down for maintenance, then there's a good chance that you have been hacked and we are working to fix the problem.
Website hacking has really changed over the years. While we occasionally still see simple defacements by hackers who just want to prove that they can hack your website, most hacking attempts that we are seeing more malicious. We’ve seen website hacks that spread computer viruses, send SPAM, that area being used as part of elaborate phishing scams, and hacks that are used to sniff user’s credentials in hopes that the user is using the same login information for their financial institutions.
The attacks themselves have gotten more sophisticated as well. Hackers are now using multiple computers in multiple parts of the world to perform various portions of the attack making it difficult to block a single source. In addition, hackers have compiled catalogs of sites and the software versions they run so that they can directly target these sites as vulnerabilities emerge. Some of these systems are so good that if you aren't patching your website within a few days, and in some cases within a few hours, of the vulnerability being found, you can assume that your website has been hacked whether you realize it or not.
With the increase in threat most companies, including our providers, are amping up their vigilance and expectations on us and our clients and we can no longer leave hacked websites in place while we attempt to locate and fix the problem. In light of this, we have adopting the following policies with regards to website hacking.
What we do...
- If we find that your website has been hacked in any way, we will take it down and replace it with a message that says “Our site is currently down form maintenance. Please check back soon.”
- We will then remove all of the files from your account and store them in a secure location until we can determine our next step. This is done to prevent any additional problems from arising with the compromised website.
- We will then attempt to contact you to determine our next step which is usually to restore the website from a recent backup.
- The minimum fee to address a hacked website is $500.
A Few Frequently Asked Questions
- Why was my website hacked? Isn’t your server secure?
Our web server employs multiple firewalls and other security features that minimize the effects of attacks at the server level. Anyone who has even been locked out of their account for several hours because they typed in the wrong password a few times can attest to that. The problem is usually that the website is using an out of date version of their CMS software (Joomla!, WordPress, Drupal, etc.) that has vulnerabilities that have not been patched. So it is usually the website itself that has the problem and not the server.
- Why aren’t you keeping my website software up to date?
If you do not have a website management agreement with us, then keeping your website software up to date is your responsibility. We are happy to help you on a fee for service basis if asked.
- Doesn’t my website management agreement mean I have free hacking support?
No, but it will ensure that you have a recent backup, a discount on all service fees related to fixing the issue, and possibly a few free hours to use towards fixing your website if you haven’t already used them for other updates.
- Is there anything we can do to make my website more secure?
We have a number of CMS specific updates and security products that we would be happy to install and configure for you. If you would like this service, please just ask and we will send you additional information.