Imagine the scenario: you need to set up a website for your small business, and you know that the right domain name can make a huge difference to your initial success. And, even better, you’ve found the ideal site for your needs. So, you pay for the registration, and get started.
Then, disaster strikes. You find that you can’t control the content posted on the site, and users start to receive notifications to download all sorts of strange files. Something’s clearly wrong – and it’s taking down your business fast.
You’ve been hacked, and it probably happened before you even purchased the site. Website hacking is increasingly common, and it often catches new buyers unaware. So, we’ve put together a guide to buying new site domains that haven’t fallen victim to cyber-criminals.
How Common Is Website Hacking: Should You Be Worried?
Website hacking is definitely a security threat that should be on your radar, whether you are buying a site or not. As security specialists Symantec reported last year, incidents of “cryptojacking” spiked by 1,200% in 2017-2018, as hackers sought to infect websites with cryptocurrency mining apps.
Security consultants WebARX put this into even more detailed perspective, finding that thousands of WordPress and Joomla-based sites were hacked every day in February 2018.
In that case, researchers were only looking at one common form of website exploit, known as Ioncube malware (based on PHP code). So their numbers are just the tip of the iceberg. In reality, there are many other ways to hijack a website, and the actual number of hacked sites is massive.
Why Is There A Market For Hacked Websites?
However, we aren’t mainly concerned with the volume of website hacks on its own. As we said earlier, this blog is about situations where already-hacked websites are then sold to unsuspecting customers. How does this happen, if you are buying from reputable brokers?
Part of the answer lies in the rapid development of a sophisticated market for hacked websites. This provides an incentive for hackers to conceal and increase their activities, finding new ways to deceive website sellers. These backdoors provide total access to the infrastructure underlying websites, including admin panel access and FTP access. They are a slick product in themselves – providing an easy way to inject and spread malware.
At the same time, major website brokers like GoDaddy have a long history of failing to neutralize hackers. GoDaddy’s subsidiary DomainFactory was compromised in 2018, providing infiltrators with access to customer email addresses, passwords, phone numbers, and bank details.
It’s easy to see why many people are shocked to discover that the site they purchase isn’t under their control. Even high-profile domain sellers can’t get a handle on the issue.
How To Avoid Falling Victim To Website Hacking
How can you avoid purchasing a hacked website, and what should you do if you do become a victim of cryptojacking or other exploits?
1. Check the history of the site you are buying
When we buy houses, we run surveys to check whether they are structurally sound. Things are no different when it comes to buying websites.
Fortunately, cyber security experts have responded to the rise of website hacking by constructing databases of compromised sites. None of these databases are 100% comprehensive, but they do their best to log known infiltrations.
Have I Been Pwned is one of the best, offering a Domain Search and the chance to receive notifications about developments. We recommend signing up and scouring their data before buying any sites.
2. Check the reputation of your website broker
Not all brokers are reliable partners when it comes to buying websites. We’ve mentioned GoDaddy, and possibly unfairly, as GoDaddy isn’t the worst offender in the security sector. It just let its guard down where it mattered.
Marketplaces like Flippa are probably less reliable and safe to use (but very cheap in many cases). We would recommend using more expensive providers such as InMotion, which regularly scores highly for support, trust, and efficiency. Try to avoid newer entrants into the market until they have proven their reliability.
3. Use a trustworthy Virtual Private Network
It’s essential to ensure that your identity is shielded when you are purchasing a website, and when you begin to customize and run it. At all stages, hackers could be monitoring your activity (especially if the site you manage has been compromised). And you don’t want to give any sensitive information away.
Basic security audits can detect whether your site has been hacked, but if you don’t have a VPN in place, these audits can come too late. Make sure you read some VPN reviews, or go for elite providers like ExpressVPN, Nord VPN, or PIA. That way, you can explore your new site and make sure it’s safe without giving anything away.
Related Article: How To Tell If your Phone Is Hacked