We have obtained quite a few new clients from other web developers who have had their websites hacked. This is usually because the user has been given a content management system such as Wordpress or Joomla and don't know how to update it when new security issues are discovered, or updates are released.
Once a website's security has been breached it is usually an difficult task to make things secure. This is because the hackers can add 'back doors' into the system, and hide their tracks. Once they have access, they can do a variety of nasty things such as editing your website, capturing all of your customers' details, and using your server's resources for bad things.
It's not just smaller web developers and hosting companies that have issues. Recently Sony, LinkedIn and Microsoft Hotmail have all had their websites compromised. Even NASA report that their websites were hacked 13 times last year.
More worrying, Santander have a bug in their online banking system where clients' credit card numbers are saved in a cookie on their PC. Essentially this means that if you use their online banking and do not erase your cookies (and many people don't know how), any person using the computer after you could find our credit card number. If this sounds a bit far-fetched, I use Santander, so tried it, and retrieved my credit card number in under a minute. And what are Santander doing about this bug? You'll be surprised to know, it seems nothing (for now).
So which websites should you use? Always use trusted websites, and check that the address is correct. Always check that the page is using SSL (look for the padlock) if you're giving credit card information. But most of all, appreciate that no website is entirely secure.
What about your own website, is that secure? Once again, we'd like to stress that no website is entirely secure.
Worrying? Yes it is, very worrying. But don't be too alarmed. Is your house secure? You have a lock and maybe a chain, you could get lockable double-glazed windows. You could go one step further and have a large perimeter wall, CCTV and a security operative. Or you could have security like a bank; but even banks get broken in to.
In short you need to consider the information that you hold on your website; a simple small static website has little to go wrong, whilst an online shop has a lot more. Why would anyone want to break in? If they did would they get anything useful? Is it easy for them to do?
It's a complicated world online, and developers are always battling against hackers to keep things safe; an online 'cops and robbers'.
Feel free to speak to us and we'll let you know if there are any obvious security issues with your website, or answer any questions that you may have about websites that you use.