Compromised websites from a site owner’s perspective

Malicious actors are often able to compromise legitimate websites without the site owners’ knowledge: over 90% of respondents didn’t notice any strange activity, despite the fact that their sites were being abused to send spam, host phishing pages, or distribute malware.

Nearly two-thirds of the webmasters surveyed didn’t know how the compromise had happened, according to a Commtouch and StopBadware report.

Other highlights from analysis of the survey’s responses include:

• About half of site owners discovered the hack when they attempted to visit their own site and received a browser or search engine warning.
• 26% of site owners had not yet figured out how to resolve the problem at the time they completed the survey.
• 40% of survey respondents changed their opinion of their web hosting provider following a compromise.

“Cybercriminals can significantly improve their open and click-through rates by distributing badware via legitimate domains. Many site owners are either unaware of the compromise or struggle to remove the infection, which directly contributes to the persistence of, and increase in active badware URLs.” said Amir Lev, CTO at Commtouch. “Commtouch does its part to protect end-users, enterprises and service providers from compromised sites with a range of cloud-based email security, Web filtering and antivirus tools.”

“The survey results highlighted several aspects of webmasters’ experience with site compromise that may prove eye-opening for the security community,” said StopBadware Executive Director Maxim Weinstein. “There’s a lack of clarity for webmasters about who’s responsible for site security and where to turn when a website is compromised. Webmasters and the wider Internet community therefore benefit from continual efforts aimed at educating them about their responsibilities and those of their hosting providers.”

The report includes several examples of hacked websites as well as the spam emails that may trick users into visiting these sites. In addition to analysis and quotes from site owners, the report provides tips to help webmasters prevent their sites from being compromised.