Hackers attack your ecommerce website when you become popular. Hackers and spammers alike usually starts to become a big problem along with piracy.
As far as prestashop is concerned and with its fork Thirtybees ecommerce, it is and has not been immune. Infected sites have become numerous and too frequent to count. I was just at the Drupal website, and they instituted a really good way of arresting it, but sacrificing at the same time users accessibility. For me, it has never been a question of why, but of, “what can be done about it?” from an ecommerce website developers and owners’ end – before the attack happens.
There are minor steps that an ecommerce website owner or ecommerce website developers can do to combat hackers and spammers. Here are some steps how we at shoptech.media approach about this.
Prevention is many times better than fixes.
What this means is, we take necessary steps before hand to prevent or at least make it hard for hackers to get past our shield. It is wiser to take the necessary precautions before becoming infected. So, rather than waiting to see if the site is attacked and wondering later how to solve the problem. We put in place important steps to make ecommerce website that we build, fight against spammers.
The steps recommended here are not guarantee 100% spam or hack proof. But will make your ecommerce website life a little bit better and will save you hundreds if not thousands of $$$ when hackers attack your ecommerce website!
Important steps to make ecommerce website fight against spammers.
- Change your FTP access frequently (especially the password).
- Do not just give access to any developer (which you find on the web) that you do not trust absolutely … they can modify files on your hosting without your knowledge.
- Change access when a breach is performed then block the Prestashop employee account.
- Do not install modules found on questionable sites or without approval by the community. Shoptech.media has created performance modules that we installed when you develop your webshop with us. And we DO NOT spam anyone! Going through Prestashop free Addons is a guarantee of security vulnerability. You will never know the extent of security of the source code ( spyware ).
- Get a real good hosting provider that is big in customer support. Don’t go for cheap hosting. That is a recipe for spam and hack attack.
These 5 steps are absolutely valuable preventive measures.
More preventive steps before hackers attack your ecommerce website
- Protect your directory and files by implementing proper CHMOD file permission.
- Block the IP addresses that are questionable and which you are certain is not where your customers are coming from (Russia, Iran, Morocco etc ).
- Turn off your computer at night, do not leave it on without you monitoring it, it might automatically install doubtful software or “crack”. Those trojans in your computer will later find its way to your ecommerce website files through your ftp uploads.
- Backup, Backup, Backup your files regularly.
Now, You might wonder, Why would people-hackers attack your ecommerce website?
Well, there are various reason people do it. Below are some of the reason I could come up with.
Reasons Why hackers attack your ecommerce website
- They want to get customer information from your user table (mails, addresses etc …)
- They want to get credit card numbers (in the database, if possible)
- Someone want to destroy an e-commerce competitor or to harm a web solution
- They want to generate links to third party sites, to improve the visibility of the websites they work for
- They just want to do it for pleasure without particular purpose. Just knowing that they can do it is good enough reason for people that wants harm done to others.
I know this are really distressing for people who are really working hard to sell a product. That is why at shoptech.media, we take necessary steps to arrest those possibilities of attack before they happen.
Now we get to the meat of this post. What to do when one of our ecommerce website gets infected? Once infected, take the following steps:
Steps to take when hackers attack your ecommerce website!
- Change the password of all your accesses (CPanel/ FTP / email / hosting)
- Ask the host to do a SCAN of your shop to see if it locates infected files …. The quality of the SCAN depends on the host and the filters set up, hence the importance of having a host that is up-to-date and reliable in terms of security.
- Type the URL: http://www.google.com/safebrowsing/diagnostic?site= yoursite.com to find out if Google identifies it as suspicious or not.
- Download a backup of your webshop, then make a comparison via WinMerge with your local version. Or check with your prior backup files, download the original version and compare the files . Do not include the images(they take a lot of space and usually are not infected). This process can be long and tedious, but allows you to see if a file of the kernel have been modified compared to the original version. We have released an article on how to back you your ecommerce website please read it and absorb, then implement it to your own.
- If the infection is too deep, it is best to redeploy your clean backup up (granting that you do backup your files regularly, step 4 above) with the help of your host or your ecommerce website developer.
If you cannot or you have not the time to do all that are given above, get yourself a reliable ecommerce website developer. Give us a call or email us. Never underestimate internet security, there is a clear and present danger all the time!
What Have we got here?
When an ecommerce website crashes or is infected, it is a serious matter especially if it is your main source of income. This can happen to all, do not take internet security lightly. The importance of having a regular backup version of the site can never be under-estimated. Changing your password and other security access details will go a long way for you as an ecommerce website owner.
Let us know in the comment section if this article has been helpful. Or what steps have you taken to secure your ecommerce website that we have not mentioned here. We are looking forward to your comments!