WP_Post Object ( [ID] => 2110 [post_author] => 2 [post_date] => 2019-10-31 10:03:37 [post_date_gmt] => 2019-10-31 10:03:37 [post_content] => It happens to the biggest ones. Websites are an attractive target not only for your clientele, but also for hackers. And occasionally websites may break. The automatic response to such situations is to restore the site from a backup to get back into the air as quickly as possible, but this is not necessarily the most correct response. In the following article, we will cover the reasons, or motives, for hacking sites, and how to deal with different hacking: Information theft. Typically, it is typical for e-commerce sites or board sites. In this way, the hacker tries to obtain credit card numbers, or contact information with customers in order to make them their next destination. Such hacks may be invited by your competitors, but not only. Hackers often break into big sites just for the sake of the luxury of success in this hack. In other cases, they may try to contact the company's customers via email and offer them business suggestions that "came" from you (phishing). A smart hacker will make sure not to drop the site, so as not to get the webmaster's attention. Instead, it will leave itself through logging in to the management system or database and will continue to "pass" the behind-the-scenes information invisibly. It is very difficult to detect such breaches until they have already caused significant damage. Planting links, ads and referrals. Part of a black hat promotion. The intruder leaves links to another site to raise his ranking on Google, or to generate a fictitious user traffic to the site. These kinds of hacks can be very sophisticated. For example, we already came across sites that directly accessed the site with the typing of the address, looked good. But when searching on Google and tapping the result they would point the user to another site. Sometimes the sites are in the same business field so the stolen surfing traffic is indeed relevant and may reduce the volume of leads or sales on the hacked site, but in most cases the referral is to porn or e-commerce sites for prescription or imitation drugs. Illegal sites that make it very difficult to generate traffic in legitimate ways. Hackings of this kind are also hard to detect, as a smart hacker will make sure the site doesn't fall down so that he can continue to enjoy the user's traffic. Such breaches will usually be disclosed by the users themselves, or by Google notifying the webmaster that there are invalid links on its site. Destruction Defacement - The most identified breach of anti-Israeli movements, in fact, is the abortion of the existing site and an anti-Israeli message will appear. These are the simplest hacks, but they are the most communicative and intimidating. Typically, hackers of this type will be promptly responded to by site owners because the hacking is very visible. ways of handling: In most cases, the instinctual response will be to restore the site from a backup, but this is not necessarily the correct response for several reasons. First, restoring the site from a backup "costs" us with data loss. The sales and leads made on the site appear in his database. To identify most of the threats in the code that we restore the site from a backup, we actually go back to the point in time before the breakout was discovered, so the information accumulated between the backup time and the recovery time is actually run during the recovery itself. Second, and perhaps more importantly. A smart hacker will not discover the hack immediately. It may implant cached site code and wait weeks or even months before revealing its hacking, in most cases the backup systems save the site versions a month - 6 months back. It may very well be that the saved backups still include the same backdoor that the hacker has planted, making it very easy to get things back to normal. So what's the solution? At EOI, in addition to a thorough and thorough introduction to shelf systems such as WordPress, Magento and more, we have accumulated thousands of hours of site restoration experience after hacking. With tools we have developed ourselves, we know how to detect and neutralize code-level threats, or permanently delete them. Our professional team knows the hackers' practices, and knows where to look for the hackers and how to close those backdoors. In some cases, we are able to assemble honey traps for information-theft hackers to locate and identify the hacker, by allowing site administrators to file a police complaint against them. We would be happy to help and advise on hacking cases and secure e-commerce sites and sensitive information systems. [post_title] => Restoration and maintenance after hacking [post_excerpt] => [post_status] => publish [comment_status] => closed [ping_status] => open [post_password] => [post_name] => restoration-and-maintenance-after-hacking [to_ping] => [pinged] => [post_modified] => 2023-01-27 10:46:20 [post_modified_gmt] => 2023-01-27 10:46:20 [post_content_filtered] => [post_parent] => 0 [guid] => https://www.eoi.co.il/?p=2110 [menu_order] => 0 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw )

Restoration and maintenance after hacking

It happens to the biggest ones. Websites are an attractive target not only for your clientele, but also for hackers. And occasionally websites may break. The automatic response to such situations is to restore the site from a backup to get back into the air as quickly as possible, but this is not necessarily the most correct response.

In the following article, we will cover the reasons, or motives, for hacking sites, and how to deal with different hacking:

Information theft. Typically, it is typical for e-commerce sites or board sites. In this way, the hacker tries to obtain credit card numbers, or contact information with customers in order to make them their next destination. Such hacks may be invited by your competitors, but not only. Hackers often break into big sites just for the sake of the luxury of success in this hack. In other cases, they may try to contact the company’s customers via email and offer them business suggestions that “came” from you (phishing). A smart hacker will make sure not to drop the site, so as not to get the webmaster’s attention. Instead, it will leave itself through logging in to the management system or database and will continue to “pass” the behind-the-scenes information invisibly. It is very difficult to detect such breaches until they have already caused significant damage.
Planting links, ads and referrals. Part of a black hat promotion. The intruder leaves links to another site to raise his ranking on Google, or to generate a fictitious user traffic to the site. These kinds of hacks can be very sophisticated. For example, we already came across sites that directly accessed the site with the typing of the address, looked good. But when searching on Google and tapping the result they would point the user to another site. Sometimes the sites are in the same business field so the stolen surfing traffic is indeed relevant and may reduce the volume of leads or sales on the hacked site, but in most cases the referral is to porn or e-commerce sites for prescription or imitation drugs. Illegal sites that make it very difficult to generate traffic in legitimate ways. Hackings of this kind are also hard to detect, as a smart hacker will make sure the site doesn’t fall down so that he can continue to enjoy the user’s traffic. Such breaches will usually be disclosed by the users themselves, or by Google notifying the webmaster that there are invalid links on its site.
Destruction Defacement – The most identified breach of anti-Israeli movements, in fact, is the abortion of the existing site and an anti-Israeli message will appear. These are the simplest hacks, but they are the most communicative and intimidating. Typically, hackers of this type will be promptly responded to by site owners because the hacking is very visible.

ways of handling:

In most cases, the instinctual response will be to restore the site from a backup, but this is not necessarily the correct response for several reasons.

First, restoring the site from a backup “costs” us with data loss. The sales and leads made on the site appear in his database. To identify most of the threats in the code that we restore the site from a backup, we actually go back to the point in time before the breakout was discovered, so the information accumulated between the backup time and the recovery time is actually run during the recovery itself.

Second, and perhaps more importantly. A smart hacker will not discover the hack immediately. It may implant cached site code and wait weeks or even months before revealing its hacking, in most cases the backup systems save the site versions a month – 6 months back. It may very well be that the saved backups still include the same backdoor that the hacker has planted, making it very easy to get things back to normal.

So what’s the solution?

At EOI, in addition to a thorough and thorough introduction to shelf systems such as WordPress, Magento and more, we have accumulated thousands of hours of site restoration experience after hacking. With tools we have developed ourselves, we know how to detect and neutralize code-level threats, or permanently delete them. Our professional team knows the hackers’ practices, and knows where to look for the hackers and how to close those backdoors.

In some cases, we are able to assemble honey traps for information-theft hackers to locate and identify the hacker, by allowing site administrators to file a police complaint against them.

We would be happy to help and advise on hacking cases and secure e-commerce sites and sensitive information systems.

Categories: news, what we do

About the Author

איתמר אורן ישראלי, הוא מרצה להקמה ותפעול של אתרי מסחר אלקטרוני, ומנכ״ל EOI - Web Like This! משנת 2006.

Accessibility Toolbar