Friday, March 23, 2012

Website Owners Don't Know They Were Hacked

 An article by Emil Protalinski of ZDNet talks about a recent survey done against approximately 600 website owners and administrators who had sites compromised.

Here is a summary of the findings:
- 90% didn't notice any strange activity, despite the fact their sites were being abused to send spam, host phishing pages, or distribute malware
- 63% of site owners don't even know how they were hacked
- 26% had not yet figured out how to resolve the problem at the time they completed the survey 
- 20% of those attacks were due to out of date software
- Approximately 50% only discovered the attack when they attempted to visit their own site and received a browser or search engine warning

The article also has a nice flow chart of how/why attacks occur.  Here is a link to the full article.

This is why you have someone test your site, and tell you where you are vulnerable instead of a hacker doing it maliciously.

While a Web Penetration Test does not guarantee your site is 100% safe, it certainly closes holes and makes you aware of where you are potentially vulnerable. 

Another piece of advise: Always monitor and keep backups of your logs!!

No comments:

Post a Comment