Insecure websites are very common.
We're gathering more data, but preliminary analysis shows that hundreds of thousands of websites have already been compromised, millions of websites contain insecure software and configurations, and nearly every
website has been scanned for vulnerabilities by hackers. Looking at just websites that show vulnerability through malware infection, about 1 in every 150 websites have been hacked
There are lots of reasons for insecure websites, but the primary reason seems to be lack of understanding about how easy it is to have an insecure website. Some other reasons include:
- People are not upgrading their website software packages once they install them.
- Poor website programming practices.
- Use of easy to guess passwords.
- Incorrect server configuration.
- Most servers do not utilize application, server, or database firewalls. Anti-virus software does not help webservers.
It's not easy to make a website hacker-proof. A determined hacker can usually succeed (even high-technology companies are hacked). However, blatant security gaps have a high chance of impacting your business, your customers and other websites on the Internet.
How they hack your website.
Simple security things to check on your website.
Technical list of things to verify on your web server.