Ok, most companies have done this at one time or another. They start a website project with tons of enthusiasm and optimistic completion date expectations. Then running a business and real life hit. The project is delayed and 6 months after the original completion date the site goes live with a small subset of the original ideals implemented. Finally the site is live and you can check it off your todo list and move on to other items. Months go by and the website sits out on the web with little attention paid to it. Completely unknown to the website owner is the fact that hackers are attempting to gain access to the site. Day and night they are trying different passwords and different known security holes to get access. Many site owners think their site isn’t a target because their site doesn’t contain any valuable data. But it isn’t the data the hackers are after! They are after your server resources.
Everyone is familiar with antivirus software on their home and work computers. Right along with the advent of the home PC we had the advent of the computer virus. Many of the first viruses were meant to cause damage by deleting data or at least be a nuisance. But as more and more personal data was stored on computers and computers each had an Internet connection, viruses targeted this personal data and used the Internet connection to attack other computers.
The same is true with websites today. Hackers are writing programs to scour the Internet looking for websites with out of date software or easy to guess passwords. These programs already control thousands if not millions of other websites and have the capability to quickly gain access to unprotected sites. It only takes 10 minutes to crack a lowercase password that is 6 characters long. The reason hackers want access to your site often has nothing to do with the data on your site (unless you are Apple computer or Sony). Hackers want access to your site so they can use your server and your Internet connection as a base for their other attacks.
In the majority of the hacked sites we come across, the only thing the site owner noticed is a lack of performance in the site. Generally the hackers don’t want their presence to be known and they aren’t going to deface your site. There is a 156 day average lapse of time between when a hacker gains access and the access is discovered. Typically they will allow your site to continue operating as it has while they use it as a base for other attacks without your knowledge or as a source for sending SPAM emails. An appropriate site monitoring program can shorten this discovery time to minutes and often even block their attempts before they gain access.
Monitoring your website for hacking attempts is one of the first steps to ensuring your site remains safe. Don’t allow your site to be forgotten out there on the Internet. A basic monitoring package should at least be constantly tracking the usage of your site and blocking access to anyone who seems to be trying to gain unauthorized access. As you will see in our case study being released this month, if a spammer gains access to your site, you could be offline for weeks before your web host allows you to continue using their services.