Signs that your site has been hacked
- Warnings and alerts from browsers: the browser will show the warning messages to the visitors. In Google Chrome, the background colour of the warning messages will be red and titled as a huge exclamation symbol following the problem type found on the website.
- Warnings from Google Search Console: if the website has connected with the Google Search Console, a warning message will be sent from Google when the website has been hacked. Also, the rankings in Google search will also be decreased dramatically. Google will flag “This site may be hacked/harm your computer” close to the search result of the website.
- Actions from hosting company: the hosting company of the website will disable the website, to ensure the potential risks will not spread to other websites on the same server. Besides, some outbound ports may be blocked by the company, such as 80, 443, 587 and 465.
- Reports from customers: the increasing number of reports from the customers who claim that their credit cards have been hacked and received the transactions detail but have no idea.
- Unfamiliar code snippets: some parts of code, especially those look strange, possibly are the snippets to redirect, steal passwords and other sensitive information of the website.
- Redirect to other sites: (continue to previous one) when trying to open the website, it redirects to other spam sites instead of the e-business homepage or the subpage supposed to show. Sometimes, no contents of the website are available to show, even the redirect ones.
- Unexpected error messages: the error logs appear some unexpected types of errors related to undefined offsets, deprecated functions, connection denied or other types of errors.
- Unexpected ads & pop-up windows: Cross-site Scripting (XSS) or malicious code injection may result in the website visitors see unexpected spam advertisements and pop-up windows.
- Unexpected traffic spike: Spam-advertising, or ‘spamvertising’ results in a traffic spike, either traffic rise or drop; however, on a page that does not exist on the e-business website.
- Recent modification on source files: the hackers possibly have hacked the core files to run the malicious code and send spam emails. The last-modified time can be very recent.
- Slower speed: the hackers possibly are using the server resources if the speed of actions on the website becomes dramatically slow, specifically, for the pages of login and payment.
- Emails marked as SPAM: the hackers have sent many junk emails to a large number of people, and thus, the email address of e-business may be marked as SPAM in many email servers, which causes the future of the email sent from this address will be categorised to SPAM folder.
- New and unknown admin users: the new users have been created recently in administration, database, CMS and FTP. The creation of the new users was not under internal permissions.
- Alert from external security services: the security services, such as Wordfence, if you have subscribed one or more, will alert you the suspicious risks once it detects them. This can shorten the period between infected and discovery, and thus decrease the loss.
I am taking an example as my personal website “yuhaosun.com” as an example, which is not a popular and large-size site like an international e-business website. However, I still can receive the attacks globally, and some people are always trying to log in to my admin panel. Whenever the security company has found suspicious risks on my website, I can receive an email with the subject “[Wordfence Alert] Problems found on yuhaosun.com”. Additionally, a weekly summary report including “Top 10 Failed Logins”, “Recently Blocked Attacks” and “Recently Modified Files” will be sent to me. All of this can make my website more secure, and I can give further suitable actions immediately and accordingly.
Major types of attacks & damage
- Denial-of-Service (DoS) & Distributed Danial-of-Service (DDoS) attacks: common types of DoS include IP fragmentation, TCP SYN flood attack, DNS spoofing, Smurf attack, buffer overflows and Ping of death attack. A DoS attack will usually overwhelm the resources of the website system, and thus the website will be unresponsive to most of the service requests. Another resulting damage can be making the website offline, and other kinds of attacks can be successfully launched. DDoS makes traffic flooding originate many different sources, which means it will be tougher to stop the attack by blocking a single source.
- SQL injection attacks: SQL injection is a frequent type of attack. An SQL injection attack will read the sensitive information of the website, insert/update/delete the data in databases and execute administrative operations. SQL is one of type of input validation attacks; other kinds include buffer overflow attack, Cross-site scripting (XSS) and canonicalisation attack.
- Man-in-the-Middle (MitM) attacks: MitM attack can happen when a connection is being made between a visitor and the website, making it looks like a regular exchange. A MitM attack will read the private and confidential information on the website, including username & passwords, credit cards detail and passwords. This information usually is precious to the website; thus, MitM attacks can cause a financial disaster to e-business sites.
- Insider attacks: it is hard to distinguish and recognise an insider attack from the internal. Typically, the sensitive information will be accessed by a current or former employee and overused this access. The types of insider attack include malicious insider, careless insider and a mole, which can cause the different degree of damage result.
- Malware attack (Virus): a virus may infect the computer of the website visitors if s/he opens the application containing the virus. Two examples of the virus are “WannaCry” and “Clop Ransomware”, both will encrypt the files on the infected computer until payment has been made to the hackers. The Clop ransomware will disable numerous security application on the Windows computer before the process of encrypting.
- Malware attack (Worm): a worm usually spread via email attachments. It can send a copy to every contact of the infected email address without human intervention. It also can overload the email servers and cause the DoS attacks on the network. An example of a worm is “BuluBebek”, it spreads via the flash media drives. The only damage of this worm is the files or folders on the infected computer cannot be opened. The removal of the worm can successfully solve the problem.
- Malware attack (Trojan horse): a Trojan horse hides in useful applications. It can construct a back door for attackers to access private information and listen to the website. An example of a Trojan horse is “MEMZ Trojan”. It will move the mouse cursor randomly without the intervention of users, open the Google webpage and search with the words like “how 2 remove a virus” automatically and open the applications randomly such as a calculator.
In addition, system and software bugs and misconfigurations, password crackers, Intercepted Transmissions attack, XSS attack and Brute Force attack are all possible types of attacks.
Weak Authentication & Encryption
Unlike the strong authentication and encryption on most computers or laptops, the limited memory capabilities of mobile devices typically make that the mobile devices have a weaker authentication and encryption than computers. For example, in mobile payment (especially WeChat Pay or Alipay), the users make a transaction only need to scan their fingerprints, or scan their faces, or input the passwords. Compared to mobile payments, payment on computers is more complicated. For credit card users, they are required to input any details relevant to the credit card precisely, including the card number, cardholder name, expiry date, Card Security Code (CSC). For debit card users, some of the banks require users to download a kind of security certificate and install it on the computers to ensure the high security of the environment. A well-known fact is, the safety performance of payment decreases with increasing convenience. Besides, a fingerprint even can be reproduced by the residual impression of fingerprints on the surface of mobile devices. It sounds like “the password of your phone is on your phone”. For the devices lacking authentication (such as using simple unlock passwords or no passwords), the information in the devices can be elementary to access by others. However, professional says various wireless protocols are lack of authentication, at this stage.
Mobile devices are easy to lose and be stolen
Most of the mobile devices have the characteristics of small size and easy-to-take, i.e. portability. Therefore, this causes that the stolen or missing issues of mobile devices are frequent. If the mobile devices with quite a lot of personal and private information and the information have not been backed up, the data will be lost forever, and the confidential information can be leaked to some people with harmful purposes in the worst situation. The money in WeChat Wallet may be also stolen under this circumstance if the users did not set a password (or an easy one).
Untrustworthy Mobile Devices & Apps
Almost all mobile devices have installed some applications originally, which means there are some apps already on the phone before the users activate the devices. Some of the apps are indeed necessary to be installed on the devices so that the system can run successfully and smoothly. However, not all apps are essential, and even some of the apps may violate the rules issues by the local government (such as the CIA). This kind of apps always claim to execute task A, but task B/C/D has been performed, which is challenging to find out. The apps always ask for extra permissions. A classic example is, a mobile application targeted in providing worldwide news to users, but always accessing the photos in the gallery. A similar problem can be found in the using device itself, which means the internal system of the device is not trustworthy due to the insecure components. Compared to the apps above, this kind of issue is almost impossible to find out by users as its high level of the profession. Instead, the issue possibly can be prevented from the sources of device sellers.
Phishing SMS: Virus, Worms and Trojans
Malware attacks can happen in m-commerce environment. Some hackers may send phishing SMS to users which contains the virus URL. These SMS are often disguised as official institutions in a formal tone, making it difficult for users to distinguish between authenticity and fall into the trap. If users click the URL, the virus/worms/Trojans may be downloaded to their devices automatically. The malware potentially can extract the contacts of the device, read and send text messages, read the password saved on the device, and redirect the call. However, 70% of mobile users have a false sense of security which their devices can prevent themselves from malware attacks ideally without human intervention. In addition to SMS, a large number of unknown-sources QR codes can cause the same situation aforementioned. Some people may create fake QR codes with similar interfaces of WeChat Pay, and thus the users scan the QR code may lose their money of valuable information.
For international e-business, the most significant challenge is language. An interesting fact is the international e-business companies that have added the components of various languages result in more profits than those companies have only limited language services. Specifically, adding the components of various languages include, provide multiple language choices on their e-business website and can automatically change to a suitable language according to the current location of the customer, as well as provide various languages in the phone numbers of customer service centre. From the customer’s perspective, a website with multiple language choices can have a higher possibility to change from the viewers to buyers. Good examples can be Amazon and Apple.
However, to maintain an international e-business website with multiple languages is a time-consuming and finance-consuming assignment. Firstly, the homepage of the website and all subpages of it should be well translated to other targeted languages. This means the owners of e-business websites should maintain multiple different sites and thus, cause more workload than before. Secondly, it can be deemed as a tough task to synchronise the contents among the different sites. It is also tricky to well translate the original words to another language, which involves the local culture difference and the level of the local economy. Thirdly and most significantly, the financial investment on this e-business project from owners will be increased exponentially. Taking a simple calculation here, more expenses include the upgraded server fee, the fee for extra language-professional staff, and potential new synchronising system fees, etc., which will be not a small number.
The second significant challenge is exchange rates. As an international e-business merchant, it is essential to exchange the home currency to other different currencies and relevant financial information, for those potential customers who come from the countries other than the company located country. Additionally, from the customer’s perspective, they may prefer to directly see the price on the website shown with their home currency, instead of receiving the bill and realise how much they have cost or do the calculation themselves. The price can indirectly result in the final decisions of buying. As the merchants cannot provide a precise conversion, an approximate price display can be provided to customers. It is a significant question of how to reduce the loss of profits due to exchange rate conversion, which is relevant to the payment methods issue. In addition to exchange rates, different countries have different forms of weights, dates, measures and other information. For a British customer, it is easy to feel what size is it of 20 inches; however, it will confuse to Chinese customers (many Chinese do not use the unit “inch”).
The third challenge is payment methods. In China, currently in 2020, the people prefer to use mobile payment, including Alipay, WeChat Pay, and some kinds of NFC Pay (Huawei Pay, Mi Pay, Samsung Pay, etc.). However, in some other countries, the people there prefer to pay with a credit card, issued by Visa, MasterCard, American Express, or other institutions. In addition to mobile payment and credit cards, pay with a debit card is also a preference for some people. However, it is not on the case that all of the debit cards can be paid online, as online payment needs to be activated separately, and some people have never done it. Besides, some infrequent payment methods include bank transfer and cheque.
If an e-business would like to fit into the globalisation, the payment methods should also be various. The website should prepare the types of payment methods as many as possible to satisfy the requirements of all customers. To ideally take the plunges of different payment method components into the website, it should be finance-consuming due to the necessary correspondences with relevant institutions. For example, the staff should contact MasterCard or Visa for credit card interfaces on websites.
Global Trade Management, Logistics & Risks
The ultimate challenge, but also non-negligible, is global trade management, logistics and risks. For an international e-business, it is mandatory to obey the rules and regulations, mainly issued by local governments and organisations. In an adverse circumstance, inappropriate actions may result in the block and obstacles by some local governments. Additionally, the fees for post-orders, including shipping charges and tariffs, should also be well considered and analysed by software. For example, logistics software for shipping products across borders are needed.
Some risks potentially threaten international e-business. Firstly, telecommunication frauds happened frequently in specific regions and countries, which can cause risks to these merchants. Secondly, the lack of an address verification system is also a sign to cause the potential risk. Commonly, the customers typed wrongly of their address; however, it will cause a financial disaster if the merchants find that when the delivery company could not find the given address. It is essential to construct a suitable address verification system for all places e-business involved. Thirdly, the personal credits of the customers. For local Chinese customers, it may be possible to adopt Zhima Credits of Alipay to check how is the credits of a customer. However, it is hard for merchants to do the same thing in all other regions and countries; and also, not sure whether they have such a thing.