The 2014 SCORE Customer Friendly Websites infographic reports that though 97% of consumers search online for products and services, and 37% of consumers search online to find local businesses, only 51% of small businesses have websites. If you are one of those businesses, you know how much time and effort it takes to create a really great robust site, and to have that site show up in a top search engine result.
(If you are not one of those businesses, then don’t bother with this post; instead read last week’s post Tips for Launching a Small Business Website, and get one!)
It is scary to think that all that hard work can be compromised or wiped out by the unscrupulous and avaricious actions of a hacker. But, the threat is real. A recent survey of small business owners found that 31% had experienced a cyber-attack or an attempted cyber-attack.
Types of Website Compromise
Website compromises typically take one of two general forms:
- Changing or adding content to benefit the hacker.
This can be anything from simply defacing your website with unwanted content, showing unauthorized ads, or adding hidden text and links to your page. Or it can be a direct attack on your customers by installing key loggers or redirects designed to capture User IDs, passwords, and financial account information entered on your site.
- Installing Malware.
The hacker causes malware to be automatically downloaded to the computer of anyone who visits the page. The malware may be a key logger that enables the hacker to see the user’s activity on any site they visit (for example, providing the ability to steal login credentials for all the user’s bank accounts), may lock the user’s files and demand a ransom to release them (ransomware), or may draft the computer into a botnet the hacker uses for other illegal activity.
Detecting a Website Compromise
It would be nice if there was a way to easily detect that your site has been hacked. A baseline of defense is to check your site each day and make sure that everything is as it should be. However, compromises are rarely so blatant as to be caught with a simple review. Text can be hidden so a normal viewer can’t see it, but still be visible to search engines. Malware can be programmed to install only in certain browser/OS (operating system) configurations. According to a recent report, it takes on average 170 days for a company to realize it is the victim of a cybercrime attack.
In some cases, it is the customers who have seen strange activity or who have had their computers infected who notify a business that its website has been compromised. As bad as that is for customer relations, an even worse scenario is to have Google flag your site as compromised and display that warning to anyone who views your site in search results. A typical warning looks like this:
How does this warning get there? Google examines billions of urls each day as part of the website crawling it does to index sites and provide search results. The Google Safe Browsing feature displays a warning if Google has detected a compromise, to keep people away from potentially dangerous sites.
That’s great protection if you are browsing the web, but a nightmare if Google identifies a problem with your site. However, it is better to know so you can fix the problem than to continue to unknowingly cause your customers to be victimized by a hacker.
Google to the Rescue
If you have a Google Webmaster Tools account (this post provides a great overview and tutorial on using Webmaster Tools) you will be notified of the problem in your console. If you don’t, Google will attempt to contact you about the problem so you can fix it. Email will be sent to the following email addresses common to most sites: abuse@, admin@, administrator@, contact@, info@, postmaster@, support@, webmaster@. If you don’t have at least one of these as an active email account, it is a good idea to add it.
Luckily, Google not only tells you about the problem it provides tools you can use to fix it and have your search results listings returned to normal. These tips and tools are a great resource for recovering any hacked website, regardless of whether you have a problem with a Google warning on your site.
Google provides an 8 Step process for recovering a hacked site. The first step is to get a general understanding of the problem. The following Google video does that, and is also a good way to learn about what could happen to your site. (Forewarned is forearmed!)
The next 7 steps provide very detailed help with tracking down the exact compromise, cleaning your site to restore hacked pages and remove unauthorized files checking to make sure that the site is functioning properly, and getting a Google review of the clean site so that it can be restored to good standing in search results.
Making Sure Your Website is Safe
After reading all this, you are probably starting to wonder if your site is ok. This is a great time to talk to your hosting provider about doing a security review to ensure that there are not any unpatched vulnerabilities on the servers hosting your site.
One easy thing to check is whether Google has found any recent vulnerability in your site. To do this, run the Google Safe Browsing Diagnostic for your domain. Type the following in your browser bar:
where “yoursite” is your domain name. So, for example to check the PaySimple website I would use
Google will return the following information:
- Whether your site is currently listed as suspicious.
- The last date Google visited the site, and whether any suspicious content was found in the past 90 days.
- Whether during the past 90 days Google determined that the site was being used as an intermediary to facilitate the distribution of malware.
- Whether during the past 90 days Google determined that the site hosted malware.
Extra Tip: You can also use the Safe Browsing Diagnostic for any suspicious domain. For example, if you see a strange link in an email or in a social media post, check it out before visiting the site.
If you see a problem noted in your site report, get a Google Webmaster Tools account if you don’t yet have one, and start the 8 Step process for recovering a hacked site immediately. You may be able to fix the problem before it spreads, and before your search results listings are impacted.