Hacked websites: chronic webmasters report fights with their vulnerable sites

Only admnistrator owned posts can execute the include me shortcode

StopBadware and Commtouch have published an interesting report on compromised websites. The report talks about how website owners have been hacked and repair damage and presents interesting statistics on the subject.

The study found that, in most cases, legitimate websites are compromised without the website owner even noticing that their website has been compromised. Over 90% did not notice any strange activity, although their websites were misused to redirect visitors to other links, send spam, host phishing sites or distribute malware. Over 66% did not know how the piracy occurred.

Do hackers target specific website programs? Is there a specific content management system (CMS) that is more vulnerable than others? The responses received seem to identify WordPress (28%) as a big favourite of cybercriminals, perhaps because of its popularity and plug-in culture.

Other interesting statistics :

Only admnistrator owned posts can execute the include me shortcode
  1. About 50% of website owners only discovered hacking when they visited their own website and received a browser warning
  2. 26% of website owners had no idea how to solve the problem
  3. 40% changed their mind about their web hosting provider after a compromise.

The survey results highlighted several aspects of webmasters’ experience with compromises websites that might interest the security community, said Maxim Weinstein.

The report contains many examples of hacked websites and contains the following basic tips to help webmasters not compromise their websites:

  1. Keep your CMS software and plug-ins up to date.
  2. Use strong and different passwords and login information.
  3. Scan your PC for malware.
  4. Check and use the appropriate file permissions on your web server.

Read also: Have I been hacked?

This information graph illustrates the interesting statistics very well.

Download: StopBadware PDF report.

By the way, I recently blogged on WebsiteDefender. If you’re looking for a free online security monitoring service to help protect your website or blog from malware or other hacking activities, take a look!

Only admnistrator owned posts can execute the include me shortcode