Protect Your Website

185% Increase in Websites Hacked in 2015

Google’s documents webspam in 2015, revealing the following info:

  • An algorithmic update helped remove the amount of webspam in search results, impacting 5% of queries.
  • Google sent more than 4.3 million messages to webmasters notifying them of manual actions it had imposed on sites affected by spam.
  • Google saw a 33% increase in the number of sites that went through a spam clean-up “towards a successful reconsideration process.”
  • Most worrying of all was the massive 185% increase in hacking from 2014. If you haven’t already, it’s time to seriously think about the security of your website.

When your website’s down, it takes your search rankings down too.

The first page of search engine results is prime real estate. And every webmaster is trying to get their website to show up there. Websites  ranking dropped like a rock when  your site was hacked.

Why hackers hack

Often, they want to pick your pockets. They’re not just nerdy teenagers looking for an ego trip. No, they’re hacking to get rich quick, using your passwords, your identity, your banking information, your credit card information, and anything else they can get their hands on. That’s why they’re called cyber criminals.

Other times, they want to use your website or computer for their clandestine activities – pirated software, phony prescription drugs, pirated music – and pick other people’s pockets.

These cyber pirates opt to leech your computer juice or good reputation for their questionable activities instead of doing the hard work of building a reputable business themselves.

To do this, they identify a vulnerability in a software, create a software that exploits that vulnerability, then send their program into the web to comb for unsuspecting sites that have the vulnerable software.

If your site is one of them, it gets attacked. Once the hacker has gained access to your site, they will either spam your site or install malware.

The difference between spam and malware

We’re all familiar with email spam. Who hasn’t gotten those emails posing as a well-known brand name that wants you to verify your information or claiming that a destitute widow’s son is dying in the hospital?

Well, website spam is text that is riddled with links to the scammer’s website. This kind of spamming can be happening without your knowledge. Many times, the code with spam links is hidden deep in your website and is redirecting your site’s visitors to the scammer’s website.

Malware is malicious software that takes over your website or computer and uses it to spread the infection. Your computer may become part of a botnet, a zombie army of computers that unleash copious amounts of viruses and spam into cyberspace. These botnets then harvest sensitive financial and identity information from a broader range of victims.

How your site becomes vulnerable?

It’s not enough to create a great website and leave it set. A healthy website requires ongoing maintenance.

If you’re like many website owners, you’re using WordPress, a free open-source software. But that means that any vulnerability that is found in the WordPress core software, its themes or its plugins is posted publicly. Malicious cyberpunks love to lurk in the dark recesses of outdated WordPress plugins and themes.

If you happen to slack on the mundane task of installing updates, you may become the target of a malicious hacker. Outdated software is the number one reason that websites get hacked.

Your site can get blacklisted by Google

If Google thinks that your site is infected with malicious software, it will blacklist your site. They call it quarantining, but regardless of the term, your site will be flagged or removed, which means your search rankings will plummet. This happens to around 10,000 websites daily. If your site’s been blacklisted, you can expect to lose about 95% of your traffic.

A new hacking threat has surfaced recently in the form of cloaked PDF pages. Sophos, a software security company, discovered hundreds of thousands of these on search results.

Cloaking is the cloak-and-dagger version of website hacking. Hackers used PDF files, which were possibly more trusted by Google’s algorithms, to embed spammy links that direct hapless visitors to unscrupulous websites.

Google is upping their aggressive war on spam by changing some of their search algorithms and rigorously removing hacked sites.

Fixing and preventing hacks on your website

Fixing a hack can cost thousands of dollars, not to mention lost revenue from customers being afraid – or unable – to step foot on your site.  Unraveling the labyrinth of malware code from your website, rescuing or rebuilding your content, and getting de-blacklisted takes times.

Some brave webmasters tackle it themselves, but for most, it’s a task best left to professionals. It depends on your depth of computer savviness.   To prevent hacks, keep your site updated. You can dramatically decrease hack attacks if you update.

Backup your site regularly. Your data isn’t safe just because it’s online – it needs to be backed up just as much as your local desktop files.

Invest in some real-time monitoring. Updating and backing up your site won’t automatically insulate your website. A real-time monitoring service watches for malicious activity on your site and fixes and cleans it before you can say “boo”.

How MVI protects your website:

1. Keeping platforms and scripts up-to-date

MVI always keeps all software up-to-date. We carry out upgrade operation every month to make sure that all software, operating system files, CMS, frameworks has latest version and security patches installed.

2. Toughen up access control and network security

MVI restricts access to the server and website very strongly. We do not allow any SSH access from unknown IP addresses. We also allow FTP transection via secured channel.

3. Web application firewall.

We use multi-layer web application firewall. Beside of WAF installed in our system, we always use CloudFlare and Sucuri to protect e-commerce and high traffic websites from malware attack, XSS attack, credit card theft and DDoS attack.

4. Limited file uploads.

File uploads are a major concern. No matter how thoroughly the system checks them out, bugs can still get through and allow a hacker unlimited access to your site’s data. We take every pre-caution necessary to prevent this to happen. We prevent direct access to any uploaded files.

5. Use SSL

Most of the site hosted in MVI servers are SSL enabled. We always strongly recommend our customers to use SSL certificate for their website. Beside of securing the website, SSL certificate can play major role to increase site’s SEO ranking as Google now emphasizing making the site secured.

6. Back-up frequently

We make backups of all website and database regularly. We also have backup archiving system that keeps daily, weekly and monthly archive of the website and databases. We can go back to website and database up to one month old. Beside of onsite backup, we also keep a copy of the backup offsite. So that if anything happens to our data center, our customers data will still be retrievable.

How MVI protects your emails:

1. Strong spam filter

MVI Usage the strongest available spam filter. Beside of in-house spam filter, we also have third party spam filter that filter our emails before reaching MVI server.

2. Protection with policy

We use specific set of policies that prevents hackers to break into your email box using brute force attack. If someone try to access your mailbox by guessing passwords randomly, our system will block IP address of the attacker automatically after certain try. MVI email system policy also prevents sending out and receiving mass spams.

3. Secure Webmail / POP / IMAP / SMTP access

MVI email system usage SSL to secure all kind of email transections. Whether you access it via webmail or POP/IMAP. MVI provides secured channel between your device/computer and MVI server to protect your email transection.

Summary

Take action now to prevent hacks – long before they have the nerve to take up residence and take your website rankings to the black hole of search engine blacklists. As they say, “An ounce of prevention is worth a pound of cure.” A high-caliber security and backup system will keep your website where it should be, on prime search engine real estate.