I own and operate my own website, and I have to admit that at times it is no picnic. My website is over two years old now. It is what I consider to be an on line market place, some would refer to it as an auction site; but it is so much more than that. I have also opened up my site to members from all over the world, which may have been a mistake. Whether it was or not I am not about to let some people ruin it for others. During the time my site has been in operation it has been hacked numerous times. My site has nothing to offer in the way of financial gain and yet these people continue to feel the need to hack my site. For the safety of my site I am not mentioning the name of it in this article. No reason to provide more incentive to someone else to hack it.
And that is the sad truth behind why people are hacking my site. No credit card information or other financial information is stored here. My site and its members use pay pal and other forms of on line payment services. Those independent companies handle the financial information. So, they are not coming onto my site for those purposes. It is hard to understand for me why anyone would want to hack a site with no means of financial gain. They could be hacking my site to try and steal someones identity, but I do not see why they would want to do this either. Members do not have to sign up using their real names. The only useful information stored on my site by members is their mailing address. What good does that do a hacker? You certainly cannot do much in the way of identity theft with just their mailing address. So, I don't think my site is being hacked for that reason either.
No the sad truth is that my site is either good practice for a hacker in training, or they just have nothing better to do. Keep this in mind when you are trying to figure out why someone has hacked your site. Sometimes they are after nothing at all. Their only goal is to cause you trouble, and they draw some amount of satisfaction from this. I am reminded of the line from Batman The Dark Knight which goes; "Some men just want to watch the world burn". The basic meaning is that some people just do stuff to be mean. That is the only conclusion I could come to as to why people seem to enjoy hacking my site. So, if you own your own website like me there are some things you can do to make their lives more difficult.
1) The most important thing you can do is to make sure you are using a top notch program. This does no good to me, because my site is already up and running. If I had it to do all over again though, I would have picked a better program for my website. The better the program the better the measures to prevent people form hacking that program.
2) Use a web hosting service that will handle the security for you. I am going it alone, because fortunately I have access to my own server. I have a relative who is in the IT business and we own a server. So, my site is on this server, but we lack the man power and resources to monitor our servers like the bigger companies do. So, if you are going to have your own website, host it with a good company. The bigger the company, the better the security, and the safer your website is.
3) Make sure your Admin panel user name and password is more complicated and less predictable. Many of us like to choose passwords that are easy for us to remember. The problem with that is that we usually choose names, dates, and locations in some combination to form those user names and passwords. This makes it easier for a hacker to gain access to your account, if you used familiar information when you created your user name and passwords. Try to pick something not so obvious for user name, although it is no where near as important as your password. Be sure to make sure your password is long, and contains numbers and letters. Make sure to use both lower and upper case letters.
4) This is probably the most important one of all. Do not store your information on your computer! If someone gains access to your computer and you have all of the information written down than the whole point of user names and password secrecy is out the window. I know it seems like a good idea to write this information down and save it in case you forget the information. If someone hacks your computer than they will have the keys to your website. They won't need to hack, all they have to do is go to your website and use the information they took from your computer. I would recommend writing down all of the important information that has to do with your website in a notebook. I have one of those daily planner books to keep all of my information in. At least if someone steals this information, they are close by. Someone you can call the police on. Not some guy sitting in front of his computer in Nigeria or someplace else.
I have reported the people that have hacked my site over the years to the FBI. The reality is that there isn't much they can do about it if the hacker is sitting in the middle east somewhere. That was the region the last hacker of my site was from. Somewhere in Pakistan I believe. I reported it simply so that the FBI has a record of the incident. If this hacker does it enough to my site and other people's sites, than perhaps something will be done about it. I am not holding my breath though. I would recommend that you do the same though. The FBI handles computer fraud and they have a section on their website for reporting Internet crimes. If someone hacks your site than report it to them. That is how they build cases and come to deal with these people.
In the end no website is 100% secure. The sad truth is that as long as web sites exist, hackers will exist. Using smaller websites like mine as practice until they feel they are ready to move on to bigger and better fish. The only thing that website owners like us can do is try our best to make our sites as secure as possible. Continue to undue the damage done to our sites when we do get hacked. Giving up is too easy. I can imagine that any one of the hackers that hacked my site are disappointed every time they log on to see that my site is still there. I could simply shut the whole thing down, and let them win, but I can't do that. I will not stop doing business on line simply, because someone felt the need to create more work for me. So, I will keep on repairing the damage done. A word of advice. Anything you have written up about your website you should back up and save on your computer. I am talking about stuff like your Terms & Agreement, Legal Policies, Help text, etc. Save this stuff once you have written it up and posted it on your website. I learned this the hard way. When my site got hacked this last time the hacker felt the need to delete all of this text from my site. I had to rewrite all of it. So, be sure to save any part of your web text that you do not wish to have to re-write. So that if your website is hacked one day, you will at least have what you need handy to undo the damage.
And that is the sad truth behind why people are hacking my site. No credit card information or other financial information is stored here. My site and its members use pay pal and other forms of on line payment services. Those independent companies handle the financial information. So, they are not coming onto my site for those purposes. It is hard to understand for me why anyone would want to hack a site with no means of financial gain. They could be hacking my site to try and steal someones identity, but I do not see why they would want to do this either. Members do not have to sign up using their real names. The only useful information stored on my site by members is their mailing address. What good does that do a hacker? You certainly cannot do much in the way of identity theft with just their mailing address. So, I don't think my site is being hacked for that reason either.
No the sad truth is that my site is either good practice for a hacker in training, or they just have nothing better to do. Keep this in mind when you are trying to figure out why someone has hacked your site. Sometimes they are after nothing at all. Their only goal is to cause you trouble, and they draw some amount of satisfaction from this. I am reminded of the line from Batman The Dark Knight which goes; "Some men just want to watch the world burn". The basic meaning is that some people just do stuff to be mean. That is the only conclusion I could come to as to why people seem to enjoy hacking my site. So, if you own your own website like me there are some things you can do to make their lives more difficult.
1) The most important thing you can do is to make sure you are using a top notch program. This does no good to me, because my site is already up and running. If I had it to do all over again though, I would have picked a better program for my website. The better the program the better the measures to prevent people form hacking that program.
2) Use a web hosting service that will handle the security for you. I am going it alone, because fortunately I have access to my own server. I have a relative who is in the IT business and we own a server. So, my site is on this server, but we lack the man power and resources to monitor our servers like the bigger companies do. So, if you are going to have your own website, host it with a good company. The bigger the company, the better the security, and the safer your website is.
3) Make sure your Admin panel user name and password is more complicated and less predictable. Many of us like to choose passwords that are easy for us to remember. The problem with that is that we usually choose names, dates, and locations in some combination to form those user names and passwords. This makes it easier for a hacker to gain access to your account, if you used familiar information when you created your user name and passwords. Try to pick something not so obvious for user name, although it is no where near as important as your password. Be sure to make sure your password is long, and contains numbers and letters. Make sure to use both lower and upper case letters.
4) This is probably the most important one of all. Do not store your information on your computer! If someone gains access to your computer and you have all of the information written down than the whole point of user names and password secrecy is out the window. I know it seems like a good idea to write this information down and save it in case you forget the information. If someone hacks your computer than they will have the keys to your website. They won't need to hack, all they have to do is go to your website and use the information they took from your computer. I would recommend writing down all of the important information that has to do with your website in a notebook. I have one of those daily planner books to keep all of my information in. At least if someone steals this information, they are close by. Someone you can call the police on. Not some guy sitting in front of his computer in Nigeria or someplace else.
I have reported the people that have hacked my site over the years to the FBI. The reality is that there isn't much they can do about it if the hacker is sitting in the middle east somewhere. That was the region the last hacker of my site was from. Somewhere in Pakistan I believe. I reported it simply so that the FBI has a record of the incident. If this hacker does it enough to my site and other people's sites, than perhaps something will be done about it. I am not holding my breath though. I would recommend that you do the same though. The FBI handles computer fraud and they have a section on their website for reporting Internet crimes. If someone hacks your site than report it to them. That is how they build cases and come to deal with these people.
In the end no website is 100% secure. The sad truth is that as long as web sites exist, hackers will exist. Using smaller websites like mine as practice until they feel they are ready to move on to bigger and better fish. The only thing that website owners like us can do is try our best to make our sites as secure as possible. Continue to undue the damage done to our sites when we do get hacked. Giving up is too easy. I can imagine that any one of the hackers that hacked my site are disappointed every time they log on to see that my site is still there. I could simply shut the whole thing down, and let them win, but I can't do that. I will not stop doing business on line simply, because someone felt the need to create more work for me. So, I will keep on repairing the damage done. A word of advice. Anything you have written up about your website you should back up and save on your computer. I am talking about stuff like your Terms & Agreement, Legal Policies, Help text, etc. Save this stuff once you have written it up and posted it on your website. I learned this the hard way. When my site got hacked this last time the hacker felt the need to delete all of this text from my site. I had to rewrite all of it. So, be sure to save any part of your web text that you do not wish to have to re-write. So that if your website is hacked one day, you will at least have what you need handy to undo the damage.