If you don’t know whether your website is vulnerable to attackers, you may find out the hard way, as one storage facility did recently when hackers hijacked its homepage to post graffiti.
“I had a couple customers call me, nervous that it was going to affect their computer,” said the facility’s manager, who requested anonymity. “It took IT a couple of days to get it down. It didn’t affect any computers, but it’s pretty scary. I took it very seriously.”
The idea of some kid sitting in a basement in Russia looking at your site isn’t realistic.
— Adam Lucas, director of technology at The Storage Group
While consumers often assume that the goal of every web attack is to steal payment information, the odds of finding credit card numbers on a storage site are slim and hackers know it, according to Matt Van Horn, vice president of Cutting Edge Self Storage Management.
“Online payments go through portals from the website into management software like SiteLink and WebSelfStorage that have all the encryption built in,” he said. “We don’t have anything of value on there; it’s just pictures, locations, prices and services.”
Hackers targeting your traffic
So why would hackers bother a storage website?
“More often than not, they’re trying to steal your traffic,” said Adam Lucas, director of technology for The Storage Group, an Internet marketing agency for self-storage facilities. “They’re going to inject links and redirects so if a search engine goes there, it will link back to the hacker’s sites or products.”
Sophisticated hackers also might breach your website to gain control of your computer and enlist it as part of their robot networks, or “botnets,” which litter our email with spam and prey on the unsuspecting.
Newbie vs. veteran hackers
The sudden appearance of graffiti on your website often is a good sign that you’ve been tagged by hacker wannabes seeking “street cred.”
Lucas said seasoned hackers “don’t do that as a rule because it’s more valuable to keep their back-door presence hidden. If they put up a protest page or ‘I hacked you’ graffiti, then it’s obvious and the host is going to fix it right away.”
While all website attacks feel personal, Lucas said they rarely are. Instead, hackers unleash computer scripts that comb the Internet to identify websites with certain vulnerabilities.
“The idea of some kid sitting in a basement in Russia looking at your site isn’t realistic,” he said. “He may not speak English and may not even see your site. He just has a script that says ‘Here’s another one,’ they put it in their database and now it’s part of their botnet arsenal.”
Responding to an attack
What should you do if your website is hacked?
For starters, don’t freak out. Hack attacks on self-storage sites are pretty rare and annoy more than they destroy.
“Take a deep breath,” Lucas said. “When we get called in, it’s generally the same stuff—the same type of code, the same vulnerability.”
If your site is hosted by a full-service web management firm like The Storage Group or Cutting Edge, it often can fix the problem within hours, as this type of company routinely updates its customers’ sites to repair software vulnerabilities. But if your site is hosted by one of the large companies like GoDaddy or HostGator, “they’re just going to kick it back to you to fix,” Lucas said.
You might even be able to remove cyber graffiti on your own.
“You can always just take the site offline, back it up, delete everything and then call somebody in [to rebuild it],” Lucas said. “The files being on our personal computer are not going to infect additional things.”
Preventing an attack
How can you protect your website from hackers? Lucas recommends these three steps.
- Update your content management system regularly to minimize holes in website security.
- Back up your website every month. This provides the option to combat a cyber attack by reverting to earlier versions of your site.
- Retrieve updates. “If you roll back to a previous version, you need to see if there are updates available that maybe you didn’t install to plug those holes moving forward,” Lucas said.
While Van Horn encourages independent storage operators to work with a full-service web management company like his, he emphasized that storage facilities are unlikely targets for hackers.
“I just don’t know that we would have enough exposure to the general public to make it worthwhile,” he said. “If I’m a storage operator, I’d be more concerned about fake reviews on Yelp than having my website hacked.”