• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

2014 Website Defacements

January 1, 2015Ben Martin

0
SHARES
FacebookTwitterSubscribe

When a website has been defaced, it is often the most visual and obvious hack that a website can suffer from. They also come parceled with their own exquisite sense of dread. Nothing gives that gut-wrenching feeling of “I’ve been hacked” more than seeing this on your home page:

Defaced-Website-Upgrade-Security

Most malware that we see on a daily basis is driven by some desire to profit off of victims – classic pharma spam or theft of credit card details and personal information.

By contrast, most defacements have little to no financial incentive. They are almost always done to further some political, religious or ideological goal. It may appear as though the websites are defaced by Anonymous or groups like the Syrian Electronic Army. The FBI even warned about ISIS hackers defacing WordPress websites. Some attackers will try to deface as many sites as possible with their ‘calling card’ just to prove how “l33t” (elite) they are, or to give attention to whatever cause they are trumpeting.

These hacks remind me of by-gone days when computer hacking was done primarily for mischief and trouble-making and less associated with the nefarious criminal underworld. We also see school websites defaced on a regular basis by students. Don’t underestimate the number of bored kids who are learning how to hack.

A lot of the time all that is tampered with is the site’s index.php file which can easily be restored by downloading a fresh copy of whatever CMS you use. A more nasty defacement, though, will overwrite something like your WordPress wp-config.php file entirely… and if you don’t have a backup, well, make one right now for a rainy day. 🙂

Now, having said all this, while all website defacements are primarily about the shock value much of the time they are coupled with malware, too. If this ever happens to your site assume it is fully compromised and act accordingly. Whoever defaces a site will almost certainly place a few backdoors for easy access later on. The more harmful hacks will also attempt to infect end user computers visiting the site.

For this reason, if you ever suffer from this sort of calamity make sure you perform a thorough check for any malicious files! Otherwise you’ll likely end up with the same problem soon after.

There are a whole bunch of ways that this can happen – websites that employ poor password management and/or use out of date software are easy, low-hanging fruit for these vandalists. Naturally, our clients using our CloudProxy firewall are protected against such attacks.

0
SHARES
FacebookTwitterSubscribe

Categories: Website Malware Infections, Website SecurityTags: Hacked Websites, Presentations

About Ben Martin

Ben is a Remediation Team Lead at Sucuri. He's passionate about online security and privacy issues. He is also a music production geek and cat enthusiast.

Reader Interactions

Comments

  1. Todd

    January 1, 2015

    I normally agree with the majority of the posts made on Sucuri, but this one I don’t like one bit because of the gallery. I am a strong advocate for web security and blog regularly on the subject. In my opinion this gallery is an insult to the security community. These groups shouldn’t be given any more publicity than absolutely necessary, otherwise you’re aiding them in their anarchy.

    • Tony Perez

      January 2, 2015

      Hi @WireFlare:disqus

      I wanted to take a minute to touch base.

      You brought about valid points in your comment, enough so that we have decided to remove the gallery. The gallery was never designed to be an insult, but we can see how it could be perceived that way.

      All the best,

      Tony Perez

      • Todd

        January 2, 2015

        Thank you for understanding. Keep up the good work.

        Todd

  2. Hilda Coronado

    August 14, 2016

    I’ve just used this guy’s services cyberblackhat41@gmail.com and he’s a legit black hat hacker, he can handle social network hacks, emails and school grade hacks, he’s actually the real deal, I was initially skeptical as I already got scammed before by all the fake email hackers with gmail address but he did come through,I was able spy on my spouse Facebook Instagram email phone

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Sucuri website security

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2019 Sucuri Inc. All rights reserved

We use tools, such as cookies, to enable essential services and functionality on our site and to collect data on how visitors interact with our site, products and services. By clicking Continue, you agree to our use of these tools for advertising, analytics and support.Continue Read More