Russian hacking exploits have been all over the news again recently thanks to that Mueller Report causing so many waves and so many headlines all over the world – but what you may not have realized is that this is nothing new, it just so happens it has affected some ‘major players’ recently so has the issue
In fact, take a look at some of these eye-opening stats
- About 30,000 websites are infected with some type of malware daily.
- 73% of Internet users fall victim to some type of cybercrime.
- WordPress powers about 25% of all the world’s website. WordPress hacks are also the most common and, according to hackers, the easiest to execute.
- It only takes about 10 minutes to crack a lowercase password that is 6 characters long.
In fact, the number of hackers from Russia, China, Eastern Europe, the US and even right here in good old Blighty, trying to get into business websites of all kinds has been increasing for some time. Not only can this be bad news for the security of a website in general, but it can also seriously damage a site’s ranking in the SERPs.
Are Hidden Hackers Wrecking Your Site’s SEO?
You may wonder why we are even suggesting you worry about your site being hacked. Yours is simply a small local business, what could the Russians possibly want from you?
According to Google, hackers are rarely specifically targeting a certain business at all. Instead they are making use of hundreds – sometimes even thousands of bots – that scurry around from site to site until they find one that can be exploited.
Even though the hacker’s bots may not be after your site specifically, they will ‘take it’ if they can and if they do, it can have a serious impact on your site’s SEO.
Why Do Small Websites Get Hacked?
Some hackers don’t really have too much of a plan behind their efforts, they are out to cause trouble for the sake of doing so. Often, once they take a site over they replace the content with offensive, or nonsensical copy and don’t do much else.
The biggest aim is to embarrass the website owner. They may not know who that is, but it’s often supposed to be a lesson to those who fail to pay enough attention to their site on a daily basis.
Ad injection attacks, as they are known, are also common. The concept is simple: you distribute your often malicious adverts on to someone else’s site to drive more traffic to your own. This can take the form of simply displaying the adverts on the site or in extreme cases, redirect all traffic to the hacker’s site. These adverts can then contain malicious code that leads to gaining control over a user’s machine or sensitive data.
Unfortunately, not all hacks are visible and some can be quite subtle and difficult to track. For instance, if you are using your WordPress site as an e-store, you might store your client’s credit card details or personal information. This is valuable to any hacker and they will not make their presence known so they can keep exploiting this information. In addition, there is now a new hacking wrinkle; websites hacked only to mine cryptocurrencies such as bitcoin.
While a business owner may be too busy to notice what’s going on, Google – or rather their bots – certainly will and they will pick up that the site has been hacked. They will attempt to notify the website owner via Google Webmaster Tools, but obviously that message will only get through if the webmaster makes use, which far too many people do not.
In the meantime, in the interests of protecting the public, Google will slap a hacked site warning on the affected website. You may have seen these. They are big red screens that advise browsers not to proceed, as they may be headed into dangerous territory. Almost everyone complies with these warnings and so very quickly a once busy site can see its traffic decreased to zero and kicked out of the SERPs to boot.
The DDoS Attack That Isn’t
DDoS attacks–when so much traffic is deliberately aimed at a site that it chokes its servers and shuts it down–are better orchestrated affairs and these are usually aimed at specific sites. Most often you will hear about DDoS attacks that shut down the likes of Amazon, Sony and other multi-million-dollar concerns.
The chances that your business’ website will be deliberately targeted for a DDoS shut down are slim–unless you have an aggressive competitor with a taste for black hat SEO–but traffic surges caused by pesky spam commenters can mimic the effects.
Comments can be useful to a website. They can help drive engagement and to a certain extent Google will approve. However, by allowing them you are opening your site up to a potential hack. Besides leaving spam links that are terrible for your SEO, if too many bots arrive to comment on your site at once they can cause a bottleneck that causes a situation very like that caused by a deliberate DDoS.
How can you prevent all of this? With vigilance. Proper security should be maintained on the site at all times–there are plenty of tools available to help you–and if you do allow comments they should be properly monitored on a regular basis.
Finally, get into the habit of navigating to your own site once a day, not to the back-end, but to the front, in the same way your ‘regular’ visitors do, to make sure nothing looks odd or is failing to function correctly. Doing this will only take five minutes from your day but it could save you days–even weeks–of hassle trying to ‘cure’ a site that has been taken over by those odd foreign bots. And don’t forget to check those Google Webmaster messages. If your site is hackedthey will help you fix the issue – especially when it comes to any damage to your SEO and whenever Google is willing to help? Smart webmasters say yes please.