Get a Free Quote

How to know if your website has been hacked



While you’re busy plugging away at your business, sometimes the unexpected pops up and you’re faced with the dilemma of cyber criminals. We’re all too quick to think “That won’t happen to me”, but the reality is that over 30,000 websites are hacked on a daily basis. So falling victim isn’t so far-fetched afterall.


And even the most high authority websites aren’t an exception, with an iconic example being the attacks on the Australian Government’s Census platform in 2016 – a Denial of Service breach that caused the site to shutdown for several hours.


But while some of these cases are as clear as day to identify, knowing if your website has been hacked isn’t always so black and white. Here are the signs you need to look out for to keep your platform out of the danger zone.


Trust thy Google


It may seem a little basic, but a majority of those that seek hacking recovery services often note that they found out about a breach from an external source. No matter how good your monitoring tools are, they’re not always as accurate as you need them to be.


Thankfully, despite having its hands full with every other facet of the web, Google is also pretty handy at picking up potential hacks and threats to a website. If you use Google Chrome, the browser automatically detects danger and displays big, bold red warnings on your screen. If you or a visitor to your website happens to stumble across any of the following on your website, it’s time to take action...immediately.


Phishing attacks



A phishing attack is the result of a hacker who uses your website to host malware, sending a URL of your website to victims who then initiate the action the hacker wants them to take.


Malware attacks



This type of attack usually refers to the case whereby an attacker has gained direct access to your site. They will have installed malware on your platform, with the intention of infection the devices that visit your website.


Alternatively, Google may display a small line of text in search results to indicate a potentially harmful website or threat. You may not come across this alert as often, but it pays to read the fine print under the URLs before you click through. In a majority of circumstances, however, Google just removes any hacked sites from results, but it the webpage happens to slip through to results, you’ll spot this warning:



Assess your Google Search Console Alerts


We probably can’t thank Google enough for all the purposes it serves, and yet another is the handiness that comes in form of its Search Console. Previously known as Google Webmaster Tools, this platform sends email notifications to webmasters of a site if it has been infected by malware. For this to happen though, you must have the setting enabled in ‘Search Console Preferences’. For an up-to-date list of any threats, head to the ‘Security Issues’ panel to view warnings that may indicate a breach.



Consult your hosting provider


In some cases, your host may actually catch the threat before you even realise, especially if they receive reports from visitors or security systems. The usual action for this is to immediately take the website offline to avoid any further damage to the site, the business and visitors to the page.


However, it’s also important to quickly consult your hosting provider if your website has been taken offline, as some companies have varying policies about reformatting infected servers, accounts and platforms. This is to stop threats from spreading to other websites in their clientbase, but a good host will have backups on hand if this occurs.


Ways to catch a threat first


Ultimately, while it’s great that external sources like Google or your visitors may alert you to potential attacks, it’s always ideal to catch these threats before they do, to avoid any security concerns or other challenges.


Luckily, there are a few ways you can do this, including:


Malware scanners: Many infections are not visible to visitors, so a malware scanner can detect hacks if no one else is able to notify you about them. These tools automatically inspect your source codes and PHP for malicious patterns, and will notify you if there is any risky business occuring.


Monitoring solutions: Some monitoring services allow for downtime of a website to be tracked. In a nutshell, these tools assess any significant changes and alert you if a tiny percentage has been tweaked – often a sign of an attacker being present.


Visit your site frequently: Obvious but important. Regularly visit your own website and scan it for strange text that seems to have popped into your pages. At the very least, this will give you some peace of mind.


Remote scanners: Similar to malware scanning tools, remote scanners assess the ‘rendered’ version of your page to analyse the HTML you produce, rather than the actual source code. This may seem like a bit of jargon, but it essentially allows you to detect if a hacker has placed malware into certain parts of the HTML code in your backend.


Stay alert


Just like you would with the physical presence of your business, stay on your feet in the digital world. If something doesn’t look or sound right, chances are it's not. Trust your gut, and listen to those around you; learn from the insights you’re getting from various tools and systems, and allow teams to react accordingly. Above all, if you feel overwhelmed about keeping your website secure, invest in a good web hosting or security company who can help you keep on track and out of danger.


Think your website may need a bit of a refresh? Contact the experts at Havealook on 1300 367 009.