Why they attack my low traffic website?
Everyone always wonder why their sites are being attacked. It is hard to understand what value a low traffic site on entry-level hosting might hold. Unfortunately, an attacker views your website as a juicy collection of resources they can use, generally to make money. People who attack sites are just criminals with technical skills, criminals who exploit any vulnerability that they can find.
Your web server is a computer that can be used to run their programs. It’s connected to the internet and likely has a squeaky-clean reputation. It might include interesting user data like email addresses, usernames and passwords. While it might be modest, it has some traffic coming to it. And finally, it’s important to you.
Let’s look at some of the reasons that they attack your site in order to make money.
Cryptocurrency mining, which is a computationally intense process that puts your web server’s computing power to work on behalf of the attacker. Almost $100,000 in just every few hours.
Hosting phishing pages remains a popular way to leverage a hacked website. A phishing page is one that attempts to fool you into sharing sensitive information, like your password, credit card number or social security number. An example of a phishing page is a fake login page that gives you the impression you are on an online banking login screen. You enter your credentials and the attacker logs them and can now sign into your real online banking account and steal data.
Because your site has a clean reputation, when attackers host phishing pages on your site, services like Google Safe Browsing that would normally warn users about suspicious websites won’t know to alert visitors to the danger of the phishing page. Well, until the phishing pages are reported. Then, you may end up on a blacklist.
Hosting spam pages and injecting spammy links. Attackers love to plant SEO spam in the form of pages and links on your site, boosting SEO rankings for their malicious businesses. It’s important to remember that while your site alone isn’t capable of boosting an attacker’s SEO results, thousands of compromised sites can really move the needle.
?acked websites being used to send spam email all the time. Getting spam email past spam filters is a difficult endeavor. Email clients use myriad techniques to identify and block spam. Almost all spam filters rely on IP blacklists to block everything from IPs known to send spam. That’s where your web server comes in. Not only does your server have all of the hardware and software spammers need, but the reputation of your IP is likely perfect. By sending spam from your web server, cybercriminals have a much better chance of getting their spam delivered.
Eventually, spam filters pick up on what is happening and blacklist your IP as well, so the attacker simply moves on to the next victim, leaving the reputation of your IP address in ruins.
Attackers will compromised sites to attack other sites. We saw hackers use this approach in the cryptocurrency mining attack we discovered recently, where an attacker was controlling a botnet made up of thousands of other people’s WordPress sites that were simultaneously mining for cryptocurrency and attacking other websites. Your website is an attractive attack platform because your IP address is likely not on any blacklists.
?dd redirects to their content. Visitors to your site don’t even have to click on a hyperlink to visit the spam site–the redirect will just take them there directly. In some cases, attackers will go so far as to redirect all of your traffic to malicious sites. But in most cases, they employ measures to avoid detection, only redirecting traffic to specific URLs or for specific browsers or device types or if the traffic is coming to the site from a search engine.
In the case of defacements, the attacker just wants to get their message out. By taking over your website, they are able reach your website visitors, at least until you figure out what they’ve done. Attacks of this nature often represent a political movement or are just looking for “street cred” in the hacker community.
One especially nefarious way attackers monetise hacked websites is to use them to spread malware. They install website malware that installs PC malware on your visitors’ computers or devices when they visit your site.
As a site owner, this is especially scary, as not only do you risk having your site flagged as malicious by search engines and other blacklists, but your visitors — potential customers and prospects — are not going to be happy with you. Your reputation, both online and with your site visitors, could be damaged for a long time. In addition, a hacked website can have a long-term negative impact on your search engine rankings.
Even if you don’t accept credit cards on your site, an attacker may still find valuable data to steal. For example, if you capture other data via forms on your site, there might be something worth taking. Additionally, attackers can use stolen username and password pairs to try to log in to other sites.
Unfortunately, cybercriminals have come to this conclusion, too. Regardless of the size of your website audience or the cost of your hosting plan, criminals will happily find a way to monetise it if they can break in.
