You have probably heard stories of businesses who have had their entire website changed or defaced by a hacker. The homepage now looks ominous and threatening with dark backgrounds, black and white images, bold letters and the calling card from your hacker. The idea of having your website defaced is disturbing, but what actually are website defacements and how do we avoid them?
A website defacement is an online hack that changes the visual appearance of a website by adding malicious images to the homepage and, often, other pages. Though it does not necessarily mean that your entire site is not working, it will most likely result in a loss of traffic, revenue, and trust in your brand. Often, website defacement is achieved by SQL injection, a code injection technique, which gains administration access. Once access is granted, the website defacer will add their image to the website.
Though it looks ominous and a little scary, it is more a nuisance than anything threatening. Website defacements are often little more than graffiting or what’s known as “hacktivism”, where the hacker is using the homepage to spread political or religious messages and ideologies. This is why government and religious websites, particularly those that have poor website security, are regular targets of these attacks. Very occasionally, however, they can be used as a distraction to cover up more sinister attacks such as uploading malware or stealing/deleting files from the server. Despite of this, website defacement are less common than usual online attacks and, according to Securi, only make up a small percentage of the malware family.
Other than tightening up your security, as mentioned in our last blog, the best way to protect your website from these attacks would be to set up file monitoring system. This will constantly monitor your website for any suspicious activity and alert you immediately if something is wrong. Alternatively, a website firewall should outright protect your website from hackers gaining access at all. If you are unfortunate enough to be hacked and given a website defacement, then please either contact us immediately or head over to Securi for assistance in removing this annoyance. Fortunately, these types of hacking are usually detected and resolved very quickly.