Call now for cybersecurity help: 888-646-1616
Josh Ablett

Website Hacked?  7 Free Ways to Tell

October 20, 2020

Website hacked?  Are you worried that it might be?

More importantly, would you even know if it is?

Are you a website hacking target? 

You might think that your business is too small to be hacked.

Think again.  You’ll be blown away by these stats, courtesy of a terrific article by Joey Song:website-hacked-71-percentwebsite-hacked-36000-dollars

And what are they after?  Your data.  Websites are the gateway to customer data, patient data, and credit card data.  These are tempting targets for cyber criminals.

Don’t believe it?  Here’s more evidence:

In 2013, 44% of small businesses were hacked.  It’s gone up since then.  And dealing with a hack isn’t cheap:

website-hacked-fox-business

If you’re in the UK, the news is even worse:

Website hacked? Free Ways to Tell

And

website-hacked-310000-pounds

Why does a hack cost so much?

If your website is hacked, there’s a lot of things that you’re going to pay for out of pocket.

First, you'll have to pay for rebuilding your site to erase the damage.  This usually involves:

  • Password changes
  • Restoring from backup (if you have one)
  • Re-creating your whole website (if you don’t)
  • Investigations to figure out how they got in
  • Fixing the vulnerability

The team at WhatArmy has a great summary:

website-hacked-what-army

But that’s just the tip of the iceberg.  If the hackers get to any of the DATA that sits behind your website, you’re going to be in a world of hurt.

Here’s a great graphic from the folks at BankTech.com that shows you the costs of a breach...

website-hacked-cost-of-breach

And that’s to say nothing about the soft costs.  Having to notify your customers or patients is not just a hassle, but damages your reputation.

My website host is protecting me from hackers

Maybe you think your web hosting company will protect you?  That they have everything in place to stop a website hack?

Sadly, this isn’t true.  A simple search for popular web hosting services turns up lots of horror stories.

Here’s a bad one for GoDaddy, a popular hosting site, where Arun had his website hacked:

website-hacked-go-daddy

A similar story for BlueHost, another popular choice for WordPress, where a website was hacked:

Website Hacked?  7 Free Ways to Tell

My point is not to beat up these vendors.  Cyber security is hard.

It is NOT ENOUGH to assume that your website hosting company will protect you from hacking.

website-hacked-assume

Website hacked? 6 Ways to Tell

Unfortunately, no big alarms will go off when hackers attack your website.

But if you pay attention, you can watch for signs of an attack.

Here are 6 free tools that will show you if your site has been hacked:

1) Monitoring for unusual changes.

The team at AtlanticBT recommend that you look for “strange content” showing up on your site if your website is hacked.  Pages you didn't write, links to weird websites, etc.

website-hacked-strange-content

Want to get notified any time your site changes?  Here's a fantastic free tool.

Change Detection is a free service that been available for years.  Enter the pages to monitor and the email address to alerts when pages change, and you’re good to go!

website-hacked-monitor-page

The site isn’t much to look at, but you can’t beat the price.

It also gives you a ton of options to configure that let you tailor the alert to just get the information that you want:

website-hacked-change-detection

When one of your pages change (because your website was hacked or because of changes you make), you’ll get an email or RSS alert.

It not only tells you that the page changes, but it will tell you WHAT changes.  So you can go back to your website team and check whether they actually made the change or not.

website-hacked-change-detected

2) Monitoring for outages

During a website hack, your website might go down.  Hackers might flood your website with so many fake visitors that it’s not available.

It’s super easy (and free!) to set up a robot that checks your website every few minutes to make sure it’s still alive.

We use a free service called StatusCake.  They offer a free tier that confirms that your site is still alive every few minutes.

Once you create an account, you want to create a test.

website-hacked-create-status-test

Put in your desired name and your website address (don’t forget the http or https!):

website-hacked-add-test

You can leave everything else as the default, and then click “Save Now” at the bottom of the page.

Now you’ve got a little robot that’s visiting your site every 5 minutes or so.  If your website is hacked and it's down, the robot will send you an email.

Readers have also suggested www.websiteplanet.com/webtools/down-or-not/.

3) Google FTW!

Google’s Safe Browsing program does a wonderful (and free!) job of keeping track of websites that it knows are compromised.

If you’ve ever gotten a message like this when browsing the internet:

website-hacked-harmful-programs

That’s Google’s safe browsing program alerting you to a hacked website.

Now the cool thing is that you can check your site’s status on their blacklist as well.  Here’s how to do it:

Step 1: go to https://www.google.com/webmasters/tools/ and enroll your site.

Step 2: log in, and in the left-hand menu click on “Security Issues.”

That’s it!  If your website was hacked and is listed in the Safe Browsing Program, you’d see it here:

website-hacked-safe-browsing

Have someone check this once a month or so to make sure that there aren’t any problems with your site.

4) Google FTW Part 2!

A few years back, Google bought a super cool service called Virus Total.  Think of it as a giant database in the sky of every virus, Trojan, and compromised website that exists.

It’s incredibly easy to use.  Enter your website, and click “Scan it”.

website-hacked-virus-total

In a matter of seconds, VirusTotal scans your website against 67 different virus scanners.

Here’s what it looks like:

website-hacked-virus-total-scan

Again, check this once every month or so to see if you have any issues.

5) Pay attention to your logs

Your website hosting company tracks everything on website in files called “logs.”  They look something like this:

website-hacked-logs

But what you want to find is a SUMMARY of the logs.  They’ll look different at every hosting company, but they should look something like this:

website-hacked-logs-summary

Keep an eye on these.  If you see a sudden spike in one or the other, it could mean that you have a hacked website.  Or it could mean that one of your videos has gone viral!

website-hacked-or-viral

Also, keep an eye on your error logs.  A sudden spike in errors either means you're under attack or there’s something wrong with your site.  Error logs work different from every web hosting company, so reach out to them to find out how they work.

6) Site Scanner

The last free tool that you should try is “Sitecheck” by a company called Sucuri.  It’s super easy to put in your website:

website-hacked-free-site-scanner

And it will give you a result:

website-hacked-sitecheck-results

Despite what the last result says, not every website needs a Website Firewall.  If you host customer/patient data on your website, then you do.  Or if you can’t afford for your website to ever be down, then you should definitely consider a website firewall.

Sucuri does a great job of removing malware from compromised sites if you do get attacked.

Sucuri also sells an automated service that monitors your site.  If it finds a problem, it fixes it automatically.

website-hacked-remove-malware

Conclusion

If you’re not watching your website for attacks, you're playing a dangerous game of "chicken."

You need to start paying attention to your site on a regular basis.  If you don’t have time, ask a member of your team to do it.

Still feeling a bit overwhelmed?

Get some free help!  Talk to an Adelia Risk cybersecurity consultant.

Talk to us!

Now it’s your turn.  Have any other tips to share about monitoring your site from hacking?  Any horror stories about your site being hacked?  Leave them in the comments below.

If you liked this article, please share it!

Leave a Reply

Your email address will not be published. Required fields are marked *

Do you think we might be a
good match?

We help over 100 of the best financial services, healthcare, and manufacturing companies across the U.S. with their cybersecurity.
About
Blog
Copyright 2024 Adelia Associates, LLC | All Rights Reserved