We all see and come across hacked, hijacked, compromised websites all the time. The majority of sites mentioned in this blog are only mentioned because they have been compromised and taken over or used by criminals and scammers.
We can all accept that it is difficult to stop a determined “hacker” taking over, defacing or enrolling a website in a malware spreading campaign. However there are a few classes of websites where we generally expect and in fact DEMAND a much higher standard of security and protection.
Apart from the obvious candidates like Banking, Finance and online shopping sites from well known companies like Amazon, EBay and the major supermarkets, who all have ( or should have) 24/7 security & web monitoring services and teams proactively blocking attempts, there are several other groups or “businesses” where a compromised or breached website is completely unforgiveable.
- Security sites, like anti-virus companies and blogs and other InfoSec sites like this one. If you are “offering ” a security service and advice on protection, it not only looks bad if your site is compromised and spreading malware but your reputation immediately goes down the drain. How can you be trusted if you don’t “practice what you preach” ?
- Web design, hosting and SEO services. If you are unable to properly protect your own site, then that proves you are unable to offer proper, safe, secure web design and hosting to a client. Put your own house in order before fixing somebody else’s.
Almost all compromised sites happen due to either out of date software and plugins in CMS like WordPress, Joomla or out of date Apache, PHP, MySQL or other webserver software. All software will have some vulnerabilities and if you are the unlucky one that is the first target of a new previously undiscovered, then nobody can or will blame you. But 0 days are rare and normally carefully targeted at where the bad guy will get the most “bang for his bucks”. Keeping up to date with all your webserver software will reduce the avenue of attacks.