{"id":1583,"date":"2013-04-08T10:19:10","date_gmt":"2013-04-08T14:19:10","guid":{"rendered":"https:\/\/www.kaspersky.com.au\/blog\/?p=1583"},"modified":"2020-12-16T04:46:45","modified_gmt":"2020-12-15T17:46:45","slug":"signs-of-compromised-site","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.au\/blog\/signs-of-compromised-site\/1583\/","title":{"rendered":"Tell-tale Signs that a Site has been Compromised"},"content":{"rendered":"

If a website is compromised by a careful, talented, and well-funded attacker, then the scary reality is that no one will probably ever know that the site had been hacked at all. However, most attackers are not well-funded, not in the sense that we\u2019re talking about, they\u2019re using pre-made, for-profit exploit packs designed so that anyone, regardless of talent, can use them, and, like anyone else, they make mistakes.<\/p>\n

Trying to spot top tier-type, nation-state funded attacks is a fairly futile exercise for the casual Internet user. Fortunately for us, military-hacker groups probably aren\u2019t too interested in compromising our machines. That said, there are a lot of people out there that are very interested in compromising our machines, but again, these people are just like you or me, they make mistakes and they don\u2019t have an unlimited pool of money at their disposal.<\/p>\n

These are the sort of attackers that we need to worry about and here is a list of signs we can look for to help thwart their efforts:<\/p>\n

Browser warnings are the first dead giveaway letting you know when a site is compromised. The search giant Google is heavily invested in trolling the net for safe sites and blocking dangerous, hacked or compromised ones. You will occasionally see a warning that says \u201cWarning: visiting this site may harm your computer\u201d when you try to enter a site. Google claims that its false positive rate with these warnings is incredibly low, so this warning is a very strong indicator that there is something wrong with the site you are about to visit.<\/p>\n

\"website<\/a><\/p>\n

Some modern antivirus products have a built-in site checker, like the Kaspersky URL Advisor<\/a>, which works as browser extension and informs users when their antivirus provider has reason to believe that a certain site is unsafe.<\/p>\n

\"Safe<\/a><\/p>\n

Also, if you enter a site and immediately notice that it has initiated a download onto your computer, then it\u2019s a safe bet that there is something fishy going on there. As the security Journalist Brian Krebs says<\/a>, \u201cIf you didn\u2019t go looking for it, don\u2019t install it!\u201d The same should be applied to all Web-downloads, and the reality is that if you didn\u2019t give permission for a download then nothing good can come of it. If Websites are automatically executing downloads, then that site is likely compromised.<\/p>\n

If you\u2019re familiar with the site you\u2019re visiting, then abnormally spammy and seemingly random content or links that lead to strange and unrelated Websites are strong indicators of a compromise.<\/p>\n

If you\u2019re familiar with the site you\u2019re visiting, then abnormally spammy and seemingly random content or links that lead to strange and unrelated Websites are strong indicators of a compromise.<\/div>\n

We reached out to our friends at StopBadware<\/a>, the non-profit anti-malware organization that attempts to make the Web safer by preventing compromises before they happen and by mitigating and remediating malware-infected sites if a compromise has already occurred. They informed us that search engine results can sometimes reveal the presence of a hacked site before a user even enters it. For example, if you\u2019re trying to navigate to a site by way of a search engine and your searches are turning up bizarre search results, like offers for cheap designer watches and pharmaceuticals that still lead to the site you are looking for, then that site was likely compromised.<\/p>\n

StopBadware also warned of strange redirects.<\/p>\n

\u201cOne of the signs that a site is compromised is when that site redirects to a strange website, but only if you visit it from a search engine,\u201d StopBadware told us. \u201cThis indicates a hacked .htaccess file, and while it\u2019s very common, it can be difficult for website owners to detect because many of them don\u2019t try to access their sites via Google or Bing or Baidu. To make things worse, sometimes these redirects can occur from pages that aren\u2019t the home page, which means they\u2019re even tougher to find if a site owner doesn\u2019t know what to look for.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"

If a website is compromised by a careful, talented, and well-funded attacker, then the scary reality is that no one will probably ever know that the site had been hacked<\/p>\n","protected":false},"author":42,"featured_media":1597,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[9],"tags":[375,369,376],"class_list":{"0":"post-1583","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tips","8":"tag-hacked","9":"tag-malicious-websites","10":"tag-safe-site"},"hreflang":[{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/signs-of-compromised-site\/1583\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/signs-of-compromised-site\/1583\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/signs-of-compromised-site\/1583\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/signs-of-compromised-site\/1583\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/signs-of-compromised-site\/1583\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/signs-of-compromised-site\/1583\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/signs-of-compromised-site\/656\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/signs-of-compromised-site\/1583\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.au\/blog\/tag\/hacked\/","name":"Hacked"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/1583","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/users\/42"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/comments?post=1583"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/1583\/revisions"}],"predecessor-version":[{"id":28573,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/1583\/revisions\/28573"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media\/1597"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media?parent=1583"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/categories?post=1583"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/tags?post=1583"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}