Has Your Site Been Hacked?

Why Is Website Security Important?

Is your WordPress website redirecting to another site like this HOA’s site?

ardiente-lastest scan proof
ardiente-malicious-files-2
NOT SECURE
thumbnail_GMB Ardiente Clubhouse

In most cases, you’d realize your visitors are being sent to spam or obscene websites.

This horrifying ordeal is a result of being hacked.

When this happens, it’s crucial to fix it immediately!!! I noticed our HOA website had been compromised nearly a month ago.

I notified a respected HOA Board Member of the hack/breach and it’s seriousness, yet nothing has been done to fix it.

myardiente-malicious-code

COMPROMISED

HACKED

BREACHED CODE

It’s unacceptable in today’s environment of extreme hacking. Our HOA’s site doesn’t even have an SSL Certificate, so it’s no wonder it was so easily hacked. IT’S ELEMENTARY, WATSON! The site is hosted on a large shared network w/ a lot of bad actors already noted. The site code is full of vulnerabilities, so removing the malicious code is not enough to protect it from being hacked again.

Some people just don’t know what they don’t know!

Our HOA association has clearly neglected to hire competent developers and has yet to remedy the situation, which is infuriating to a cyber security expert like myself. Again, unacceptable.

I certainly won’t be using that site and everyone who is still using it within our community should be alerted that their personal information has been exposed. Don’t be surprised when you find personal information being sold on the darkweb.

Notice in the image to the left that our HOA’s GMB page has not even been claimed. It hasn’t been optimized either, which is the primary reason Google Maps sends everyone to the wrong entrance. It should be mapped so that Google Maps will direct everyone to the MAIN GATE! It’s maddening, really!!

Presently, GMaps sends visitors to the north gate, which is for residents only. So everyone who arrives at the north gate has to turn around and contribute to damaging the area which allows the turn around.

Nobody wants their personal information revealed because of site development ignorance. Nobody wants malware on their computer. Learning to be proactive about your computer’s security and having strong malware protection is a smart way to avoid a malware intrusion.

Here, I’ll show you different ways to take back control of your site. I’ll also tell you how you can prevent this from happening in the future.

Website security is extremely important and even more so if you run a website on WordPress. This is because WordPress is a popular choice among website owners. It powers over 30% of all the websites in the world and has, therefore, drawn the attention of hackers.

“WordPress is becoming more and more popular and as more people enter the world of blogging. It’s likely that WordPress security issues are going to grow.” – Matthew Woodward, award winning business & internet marketing blogger

Even though security protocols grow stronger every day, hackers are not far behind in finding ways to break in. So if you’ve been hacked, you’re definitely not alone. According to a report by Sucuri, WordPress infections rose from 83% in 2017 to 90% in 2019.

“My website is being redirected to another site. How is this happening?”

There are a few tricks hackers use to get your site to redirect, the most common ones being:

    • By injecting malicious code into WordPress files and database.
    • By changing the home URL and site URL in the database.
    • Adding themselves as a ghost admin on your website.

wordpress php malicious code hacked

A sample of malicious code injected in a php file

In most cases, visitors are redirected before landing on your homepage, but the tricky thing about these hacks is that they can lie anywhere on your site. It could be a link somewhere on your blog or a landing page that’s redirecting your visitors. Unless they bring it to your attention, you could be hacked for a long time before you realize it.

If you’ve noticed your website is redirecting, you need to remedy it immediately. Redirects can cause serious damage not just to your site but to your visitors as well, and can, therefore, have severe repercussions.

Negative Impact of redirection?

Hackers can inflict serious damage to your online presence simply by redirecting traffic from your website. If your website is redirecting, here’s how it can be damaging to your website:

    • Brand hit – A visitor to your hacked site could be redirected to websites selling illegal or spam products. Your brand will definitely take a hit. Going one step further, if your visitor ends up ordering any of these banned products, it could land him and by extension you, in a whole lot of trouble.

    • SEO Impact – When visitors are led elsewhere, your rankings will plummet and you will lose traffic to your site. This means years of hard work will vanish, not to mention a serious loss of customers too.

    • Blacklisting – When the search engines find out your site is infected by malware and your involved in spam or the sale of illegal products, your site will be blacklisted. Visitors are given a warning that your site is infected.

    • Host suspension – Your web host may shut down your site, lest other websites on the same server also get infected with malware.

    • Breach of Privacy – Visitors may download software that’ll infect their system, resulting in a breach of privacy. This could also lead to potential data loss on their end.

    • Loss of Revenue – All of the above will ultimately lead to a fall in revenue. This might be hard to recover from depending on the severity of the issue.

The longer you take to fix the hack, the more dire the consequences become. So let’s get to figuring out the root cause of the problem and how to fix it.

Detect and Clean Malicious Redirects

Your site is redirecting due to the presence of infected codes added by hackers. To remove these spam redirects, one has to find malicious codes or malware and remove them. Malware might be in the database, htaccess file, theme or plugin, WordPress core or even in your uploads. You can scan a hacked website either manually or by using automated tools.

Step 1: Scan WordPress Website

The first step involves scanning your WordPress site to locate the malicious code. You can do it either manually or by using a security plugin.

There are a few ways to manually identify WordPress hack or malware on a WordPress website.

Manual Scanning

Pattern or Signature Matching: During manual scanning, the website owner may find himself searching for known patterns of malicious codes. Upon finding one, s/he can go ahead and delete these codes. The problem with this method is that it only matches a known pattern. The code can exist in an infinite number of patterns. Moreover, the method is tedious.

 

Pros & Cons of Manual Scanning

 

Keyword Identification: Another common way of looking for malicious codes is to find known keywords ‘eval’ or ‘base64_decode’ that are usually parts of many malicious codes.

The drawback with this method is that you’ll find that these keywords are also part of legitimate codes. In fact, many plugins too, have these keywords in their code. Hence searching for these keywords is not a fool-proof way of finding malware. You may end up deleting a valid piece of code leading to malfunction of your WordPress website.

Comparing the Difference in the Core Files: The WordPress core files determine the appearance and functionalities of WordPress software. Sometimes malware is inserted into this part of the site. Since WordPress is open-source software, its files are publicly available. By comparing the WordPress core files present on your website with the one publicly available, you can come across a file that should not present on your site.

Comparing the differences in the core files is an effective way to detect malware to some extent. However, it too has its limitations. Without proper technical understanding, you may end up comparing two different versions of WordPress resulting in false alarms.

More file checks that you can perform

Matching Plugin Files: Another thing you could possibly do is match plugins. Make a list of the plugins that you have already installed. Next, download the same plugins from the WordPress plugin repository. Now match these two. This a decent way (albeit a time consuming one) of finding malware. As you might have guessed, this too comes with its own set of problems.

You see, there are different versions of plugins, and not all are publicly available. Some of these have modifications that are often not captured in the repository. These factors make matching WordPress plugin files tedious and unreliable.

Look For Recently Modified Files: There’s a good chance that recently modified files are part of a hack. The hacker may have injected malware or malicious codes into these files. You should treat suspiciously any file that was not modified by you or anyone else handling your website. But if the hacker is worth his salt, he would have reset the time of modification. Good luck finding the modified file then!

Look for Unknown Files & Folders in WordPress Root Folder: Typically, a WordPress website owner doesn’t need to access the WordPress root directory (/public_html), making it a vulnerable target for injecting malware. The plugin (/wp-content/plugins/) folder and theme folder (/wp-content/themes/) present inside the root directory are also at high risk for attacks. Hence, looking for unknown files present in the directories is the general rule of thumb.

While theme and plugins come with known sets of files and folder, unfamiliar, yet safe files may also be present. Deleting them unwittingly could cause the plugin to misbehave and you should avoid them.

Given the complexity of finding malware manually, the success rate of these above-mentioned methods is always very limited. Hence it’s better to choose an automated WordPress malware scanner over manual scanning.

Scanning Using a Security Plugin

As with anything WordPress related, there are tons of Security Scanning Plugins available. But unfortunately, most of these security scanners including the top ones rely on ineffective methods we just discussed. Unlike other WordPress security plugins, MalCare does not rely on pattern matching or keyword identification. Instead, MalCare uses the knowledge from the hundreds and thousands of websites it is already installed on to find new and complex hacks.

To learn more about WordPress website scanners, take a look at the top 5 WordPress malware scanners.

Step 2: Clean Malware Redirects

Ideally, the security plugin that you choose to scan your website for malware should also undertake the task of cleaning it. Let’s take a look at the different cleaning options available to WordPress users:

 

malware removal services

 

One-Click Automated Cleanup:  MalCare is the only WordPress security plugin that offers Automated one-click cleanups. Our product is unique in the sense that it allows users to remove malware from your WordPress websites with a mere click of a button. There is no external security personnel involved, and therefore absolutely no need to wait. MalCare offers three different packages and irrespective of the package you choose, it includes an unlimited number of cleanups.

Different Levels of Cleanups: A popular security plugin Sucuri, offers different levels of cleanup, depending on how fast you want to clean your website – from 30 minutes to 12 hours. Typically, cleaning your site involves security personnel who’ll need your website’s details like SFTP credentials, etc. The silver lining in buying Sucuri’s cleanup is that you get a year’s cleaning service free of cost. Meaning, within a year, no matter how many times your website is infected, they’ll clean your website at no additional cost.

One-Time Cleanups: Several WordPress security plugins or services offer one-time cleanup and charge a one-time fee for it. They scan your site and upon finding a security vulnerability, they fix it as well. Unfortunately, this option usually does not guarantee a turn-around time. This means it could take anywhere between minutes or days before your website is clean. There are several adverse effects of prolonging the cleaning of your site. For one, Google and other search engines may blacklist your site. Or your web host may take your site down, lest you infect other websites on the same web host server (in case of shared hosting).

Final Thoughts

Simply locating the malware and cleaning the site will not fix your WordPress site. It’s important to take security measures that’ll protect your site from future hack attacks. Here’s what you can do –

  • To manually implement WordPress recommended security measures would require technical expertise. It’s better to use WordPress security plugins like MalCare to protect your website.
  • Take time to invest in reliable backups to ensure that you can get your website up and running if something goes wrong.
  • Once you are set, stop worrying about the security of your website and focus on growing your business by many folds.
  • There is a hacker attack every 39 seconds.
  • Nearly half of all cyberattacks are committed against small businesses.
  • Russian hackers are the fastest.
  • 300,000 new malware is created every day.
  • Multi-factor authentication and encryption are the biggest hacker obstacles.
  • You can become an American citizen for $6,000.
  • The average cost of data breaches will be about 150 million in 2020.
  • The cybersecurity budget in the US is $14.98 billion.
Las Vegas websites are the most hacked in the entire U.S.Russian and Chinese hacker bots are the most prolific offenders!

Most tech-savvy folks are familiar with the standard forms of malware: phishing scams, adware, spyware, viruses, worms and the like. However, as technology advances, so do cybercriminals, and they are attempting to fly lower under the radar to get your information. As a result there are newly emerging forms of malware that you may not be aware of.

Social Media Scams and Malware

Grayware is a form of malware that doesn’t really do any physical damage to your data as other malware can, and it presents itself in a more annoying matter, such as adware and spyware. It has a high prevalence in social media, usually in the form of “click bait”, where an enticing article will lead you to a website that asks that you fill out a quick survey before accessing the media. That information is then collected and sold to other cybercriminals and can be used in attempts to hack into your personal accounts. If you want to learn more about how to protect yourself against these kinds of scams, you can check out an article I previously wrote about Social Scams, when the fake Robin Williams “Goodbye” Video SCAM went viral.

In addition to grayware running rampant on these platforms, there are also high risks of encountering dangerous malware across social networks. When the television show, “Breaking Bad”, was in its heyday, there was a popular Twitter scam making the rounds. Links were posted luring users to download a leaked copy of the next unaired episode. Following the link led the user to a page where a file is downloaded. The page directed users to another link to install a program that would allow them to play the video. The link sent users to an affiliate program, which was how the spammers made money. Granted, this scam seemed fairly harmless to the user’s computer, however, there are other instances where what is downloaded can be a dangerous malware program. Always use caution when clicking on unknown links and attempting to download unknown files.

Exploit Kits

Exploit kits are generally what they sound like – a malicious toolkit that searches your computer for software that has not been updated. These kits look for security holes in software with the goal of implanting malware on the user’s machines. This can happen by visiting websites that have malvertising on them. Malvertising can be found on any website, trusted or unknown, and it uses online advertising by embedding malicious code in legitimate advertisements. Recently, Yahoo was a target of this by hosting malicious ads that redirected users to websites hosting these kits. Exploit kits are not always found in malvertising, however. The popular men’s website Askmen.com was recently compromised to redirect users to a site hosting an exploit kit. This is why it is very important to make sure all of your software is up to date.

Mobile Ransomware

Ransomware on computers isn’t a new threat, but recently it has started to migrate to popular mobile platforms. Ransomware is a program that will target important files such as photos and documents and encrypts them, blocking the user from accessing them. The user is then sent a message demanding payment to unlock the files. Earlier this year, the first versions of mobile ransomware were spotted in the wild. The ransomware is contracted by visiting an infected site and then is automatically downloaded to the phone, or by downloading a malicious app. If your device becomes infected, do not pay the fee! Instead, make sure you get in the habit of regular backups and restore your phone from the most recent backup.

There have been a few instances of gaming malware in the media lately. One that may not cost you money, but it can cost you the many hours you’ve spent building up your characters. Twitch.tv, a website used to stream live gameplay was recently infiltrated by a bot in their chat rooms that lured users using raffles. Upon clicking the link to enter the raffle, a Java form displays a phony raffle form. After filling out the form, the malware installs itself on the user’s computer, targets the user’s Steam account and then wipes out the entire Steam wallet and inventory. In turn, the cybercriminals will sell the user’s items on the Steam community for money. Similarly, there was an issue with a malicious trojan in the popular World of Warcraft game, masquerading as a legitimate game add-on. Once installed, the trojan completely takes over the user’s account. It is highly recommended that users not disable their antivirus programs when playing online games.

Browser Extension Adware and Malware

Browser extensions are a very popular add-on used for a multitude of tasks while surfing the Internet. But I bet you’re not aware that some of them can be stealing your information! Some malicious extensions will either track every site you visit or inject adware into those sites. While this is not a huge concern as far as what this will do to the data on your computer, it is a pretty large privacy concern. Attackers can use these extensions to perform click fraud by adding rogue ads to websites and redirecting you to those sites. Although this is lower on the threat level, this newer form of malware is evolving into something much more invasive. As a matter of fact, the European Union Agency for Network and Information Security (ENISA) has warned that there has been an increase in malicious browser extensions that are aimed at taking over social network accounts. So while at the moment, they’re not at the top of the threat list, they’re definitely something to keep an eye on.

Internet threats can appear in all shapes and sizes, many of which you may not be aware of.

Consumers are uneasy about digital transactions.

This is evident by the fact that identity theft is one of the top three consumer complaints to the Federal Trade Commission every year for more than 15 years.

Your website is your business, your brand, and perhaps your bread and butter.

If it’s not protected, then critical business relationships are at risk, especially your number one asset, your customer.

The more a small business can do to protect it’s website, the more customers are likely to visit, shop, and return.

A single security breach could mean the end of a small business.

So isn’t it time you took control of your website security?

How To Check Your Website’s Security

FIRST…GET AN SSL CERTIFICATE!

THIS SIMPLE ADDITION ADDS SECURITY AND GOOGLE COMPLIANCE!!

There are certain areas within every website, such as Contact Forms, Login Pages, etc. that allow user input, which are extremely vulnerable and therefore should be protected appropriately.

The process of identifying such grey areas within websites and securing them is usually known as web application penetration testing. The security experts that perform these tests are known as penetration testers.

Penetration testing is the best way to test the actual effectiveness of your security.

However, penetration testing can cost thousands of dollars and may not be a viable option for small businesses.

What To Look Out For?

Here a list of website security-related areas which usually need to be checked:

1) Contact Forms
2) Login Forms
3) Credential Testing
4) Server Testing
5) Vulnerability Testing
6) Website Cookie Testing
7) Testing For Open Ports
8) Website Files and Folders Scanning
9) Testing against popular website attacks like BruteForce, DDOS (Distributed Denial of Service), SQL Injection, and Cross-Site Scripting (XSS).

To get started with checking your website’s security without getting too technical, you can make use of website scanning tools.

These website security or scanning tools usually scan your websites within a matter of minutes and present comprehensive reports.

Use Website Virus Checkers

Invest in a website security checking tool – or website virus checker to help you assess your website’s security status so that you can take appropriate security measures.

Start protecting your business today before it’s too late.