Dat klopt, de meeste hackers richten zich niet specifiek op één bepaalde website. In plaats daarvan schrijven ze scripts of geautomatiseerde programma’s om tientallen, zo niet honderden, websites tegelijk te hacken. Deze scripts zijn niet selectief en proberen elke kwetsbare website die ze tegenkomen te gebruiken voor hun doeleinden.

De reden achter het schrijven van deze scripts is vaak om zoveel mogelijk reclame te verspreiden en zo geld te verdienen. Ze plaatsen bijvoorbeeld advertenties op gehackte websites of sturen e-mails via het domein van de gehackte website om producten of diensten te promoten die de hacker aanbiedt. Dit kan voor hen lucratief zijn, vooral als ze toegang krijgen tot een groot aantal gehackte websites en zo een breed publiek kunnen bereiken.

Voor veel hobbywebsites kan het verwarrend zijn waarom ze het doelwit zijn geworden van hackers, maar in werkelijkheid hebben de hackers waarschijnlijk geen specifieke reden om juist die specifieke website aan te vallen. Ze richten zich gewoon op kwetsbare websites in het algemeen om hun eigen winst te maximaliseren. Daarom is het belangrijk voor alle website-eigenaren, of het nu hobbywebsites zijn of bedrijfswebsites, om hun websites goed te beveiligen en regelmatig te controleren op mogelijke kwetsbaarheden. Zo kunnen ze de kans verkleinen om slachtoffer te worden van dergelijke geautomatiseerde hackpogingen.

Hackers committing cybercrimes have become increasingly common. Hacking can be done from the comfort of one’s home, and hackers can remain anonymous if they know how to cover their tracks.

1 in 5 Dutch individuals will eventually be confronted with a hacked website, hacked social accounts, compromised computers, or even hacked smartphones.

Money or in some cases “fame” is the motivation for hackers to target websites, especially if they can redirect visitors to their own (often illegal) websites. For hackers, it’s not about quality, but quantity. If a website is easily hackable with a script, hackers will use it as a means of advertisement.

Hackers can monetize their activities by operating websites that fish for bank credentials or sell products. By increasing the number of visitors and links to their website, they can rank higher on Google and generate revenue from product sales.

Hackers often evade capture by using proxies or different IP addresses. They might operate from internet cafes or use other people’s Wi-Fi connections. Similar to how burglars work at night to avoid detection, hackers try to remain unseen. Once a website is hacked and redirects visitors to an illegal website or webshop, the hacker behind the attack is concealed, and the compromised website becomes the end of the line.

Hackers can gain entry to a website personally by phishing for usernames and passwords, but more often, they exploit known vulnerabilities within a system. They may use brute force attacks to try multiple passwords rapidly or perform a SQL injection to access the MySQL database and disable security or create their login credentials. Other methods include gaining access through FTP, admin panels, databases, or malware that records keystrokes and sends them to the hacker.

Yes, hackers are considered criminals as their actions often cause harm and incur costs to website owners. Cybercrime is not limited to individuals with tattoos and criminal records; even seemingly innocent individuals like teenagers or young adults can engage in hacking without realizing the legal and harmful consequences.

To protect against hackers, using Ithemes Security PRO is recommended. This plugin ensures that WordPress is not easily exploitable, and it thwarts hacker attempts to hack into the system. It tracks login attempts and injection trials, and it also creates backups of the database and records server changes, allowing easy restoration of the website if needed.

The internet is anonymous, and as a customer told me last week: ”The internet is full of weirdos and malware.”

Types of individuals we deal with:

Regarding hacks and malware, we encounter a wide range of individuals, but of course, we never get to know the person behind it since every “weirdo” has the intelligence to hide behind a proxy.

Professional Programmers

An example of brilliant programming work:

Today, we came across JPEG images in the uploads folder.
Not strange, right?

Until you open the file with a PHP editor and find code that opens up your WordPress website to hackers.
The hackers go beyond this trick and provide a good piece of programming work to make these files executable.

The Script Kiddies

An internet term used to refer to individuals who simply execute a script to “hack your website.”

This is a large group, mainly consisting of young people. They watch some YouTube videos and follow the steps taken by seasoned hackers to hack a website.

Unfortunately, with the average WordPress website lacking additional security, they still have a chance of success.

The Weirdos

There’s a group of hackers seeking “fame”. It doesn’t matter which website they breach, as long as their name or advertisement appears on the site.

In some cases, you might end up with an entirely new homepage with a fictional alias and an image displaying their logo clearly. Most of the time, however, your website unknowingly promotes expensive products that you have nothing to do with. Sometimes legally, sometimes illegally.

Conclusion

Individuals from all over the world target WordPress users, ranging from brilliant people doing it for “big money” to those who only have a computer and deep debts and want/need to earn something because they don’t receive benefits in most countries, and their entire family is suffering.

Each person has their motive for engaging in these illegal activities, and it is our responsibility to ensure they can’t access your WordPress!

Our website is full of articles and tips on how to prevent weirdos and malware. Feel free to read more!

Placing even a small piece of code on your website can allow a hacker to display advertisements on your website, which can earn them money through affiliate programs.

How much money does a hacker make?

A simple hacker may earn around 10-50 euros per month by targeting a few websites. However, if a hacker or a team of programmers cracks a plugin and gains access to 10,000+ websites through that plugin, the earnings can be significant.

There have been cases where companies with programmers nearly go bankrupt and resort to hacking websites to generate income through advertising networks or selling their own products. Such actions harm many websites and can quickly generate substantial profits for the hackers.

How innocent is hacking a site?

Injecting a link into a website. That should be harmless, right?
WRONG! It is an intrusion into someone else’s property. It robs the victim of their income and the investments made to build a good website.

Hacking, whether it targets small sites or large business websites, is a criminal act.

The hacker gains, and you lose

 

Your Google ranking takes a hit..

Google will notice that your website is displaying information that doesn’t belong to it.

Especially in the case of adult content or illegal pharmaceuticals, your reputation will quickly deteriorate.

If a hacker’s code redirects your website to another site or offers unsafe files through your website, Google may choose to block access to your website with a red warning screen. This warning appears on Google Chrome browsers on desktops, tablets, and phones, as well as in the description of your website in Google search results.

You lose potential customers..

Customers visit your website or online shop but see that it is unsafe, so they perform a new search on Google and end up at your competitor’s website.

Restoring a hacked website..

You need to ensure that your website is free from viruses and hacks. Searching for malicious code takes time for every programmer, not to mention finding and closing backdoors; otherwise, the website may be hacked again within a few days!

Preventing your website from being hacked

A hacker uses specific tricks and exploits vulnerabilities in plugins and WordPress. These can include forms, upload directories, the well-known login address, files containing sensitive information, the database, and more.

We secure WordPress websites against hackers, offering hack-free guarantee!

Get your WordPress website secured now

Imagine your WordPress website has been hacked, but you don’t have any security plugins running. Or worse, the hacker has disabled the security plugin.
Then you have no idea what has happened, you don’t know which files have been modified, how the hacker gained entry…

Finding Server Logs in DirectAdmin

Server logs record EVERYTHING. However, they are in raw server language without any formatting. In DirectAdmin, you can find the server logs by logging in and navigating to Your Account » Site Summary / Statistics / Logs » Full usage log.

Understanding Server Logs

A lot of information will be presented to you.
There is a specific order in which we will guide you through the logs, so you can understand them.

1. First, you will see the IP address.
   This points to the computer/router of the potential hacker.
2. Next, you will see the date.
   Keep in mind that the server time may differ from your local time.
3. Then, you will see a GET or POST command.
   This is important because a hacker or script will typically execute POST commands on your server/website.
4. After that, you will see the requested URL.
   Here, you should see regular pages and information that a visitor can request.
   If you see URLs such as XML-RPC.php and other files on the server, you can assume that it’s not a regular visitor.
5. Finally, you will see the User Agent.
   This refers to the browser/operating system being used.

Now that you can read the server logs, you can investigate the history of your website and the actions of the hacker.
Here, we use the term “hacker,” but in 9 out of 10 cases, it refers to a script executed by the hacker or even an automated script that the hacker no longer pays attention to. They only look at the outcomes and results.

Finding the Hack(er)

A server log can easily contain 2000 lines, and you may only have the logs for the last 24 hours.
(We assume that you have discovered the hack on time or that it is a recurring hack.)

What to look for:

You will search for specific keywords, which can be done by opening the log file in your browser or using your favorite text editor.

1. POST – As mentioned earlier, a hacker or script executes a command on your website to achieve something.
2. XML-RPC and other PHP files – A visitor opens pages and posts, NOT PHP files.
3. IP addresses from strange countries – If you have visitors from China, Russia, Germany, France, etc., while your website is targeted at a Dutch audience, and they access a large number of pages and/or files, it is highly suspicious. Use the IP Location finder to determine the country of origin for a user.

As a programmer, you can do this using Notepad++ or any other code editor that allows you to highlight lines directly.

Knowledge is Power, but not Victory Yet

Now that you can read the logs, have found the hacker, and know which actions they have taken, you can start undoing the consequences of the hack.

In many cases, the hacker has placed files or inserted text ads. These can be removed or reversed by restoring a backup.

But! You’re not done yet

The hacker has gained entry, whether manually or through a script, and it will happen again unless you secure your website with a WordPress Antivirus plugin.

Configure the plugin properly and follow all the necessary steps to make your WordPress site secure and hacker-proof!

And as always, back up – back up, and back up some more backups!