RescueTheWeb is Identifying Infections.
Why are Websites Hacked.
Most website owners are surprised to find that their website has been hacked. Most intrusions are hidden from the website owner. This is probably on purpose, since the attacker wants to get the most from your server and your bandwidth.There are many types of security infections that a website can have. Some are completely hidden and can not be found even with anti-virus or anti-rootkit detection software installed on your server. Some infections are intended to be hidden from sight so that the attacker can simply use your webserver as a robot in a larger swarm of hijacked websites. Together the attacker is building a supercomputer of crime that allows them to perform their devious acts with speed and voracity.
However, some attackers invade your website to simply point people to their websites. Why? To sell scam items and to steal credit card numbers. This is big business! The attacker simply wants to use various tricks to get more people to visit their scam-sites. These infections are visible because some form of link must be present between the two sites for the attacker to draw people to their site.
The interesting thing is that most website owners don't know their website has been hacked. Usually there are two main reasons why the website owner doesn't notice the intrusion.
- The attacker places the infected content on new webpages that you are not aware of. The attacker uses this type of infection when they want the customer to see something the attacker has to sell. For example, if the attacker is trying to sell some pharmaceuticals and they need a place to put an advertisement, then they could create a new webpage on your website and place the pharmaceutical advertisement there. In some cases they place multiple pages on your server, resulting in nearly an entire new website all within your website, a website that you are paying for.
- The attacker makes the content only visible to search engines. If the content is only visible to search engines then you will not see the content when you visit the web page. However, if you search on an appropriate key word (such as a pharmaceutical drug name) in a major search engine (such as Google or Yahoo!) then your website would show up. The attackers use this type of attack when they want to draw visitors to their main scam website. The attacker is using your webpages to point thousands of links to their main scam site. The thousands of links encourages major search engines to think that the scam website is real and very well liked. Sometimes the hidden links point to other webpages with more hidden links. The links eventually link back to the main scam website.
How RescueTheWeb looks for Infected Websites.
RescueTheWeb finds website infections that are visible. We do not interrogate, scan or test your webserver for infections. Instead we look at the webpages your website is serving and inspect them for abnormalities. If something abnormal shows up then we verify the infection by comparing it to other infected websites. For example, if your website contains a webpage that has hidden text within it that links to a known online pharmacy scam website, then more than likely your website has been hacked.We use a large collection of infection patterns and multiple sources of data when considering if your website has been hacked. Our goal is to have a 100% accurate decision on if your website has been hacked.
If we find a hack on your website we will inform you with a Security Notice. The Security Notice will state the specific reason why we think your website was hacked.
