Webmasters Struggle With Hacked Sites – A Commtouch, StopBadware Report

imageI’m often asked why I host this Blog on WordPress.com – why I don’t self host, and maybe make a few dollars, while I’m at it, by running ads. So, I’ll start with the back-end first.

It’s not about money – far from it. I write this Blog to have a little bit of fun; to help keep my mind sharp (often a failing exercise  Smile  ) – and, to be part of a community which recognizes the need to educate computer users that the Internet is not all sweetness and light.

That’s the back-end – but, it’s the front-end that’s most important. WordPress does all the heavy lifting. All elements are taken care of: setup, upgrades, spam, backups, and site security. Site security might be last in the previous sentence but, it was the most important factor in my decision to use WordPress as my blogging platform.

Just a few of the security reasons:

Potential harmful activity is constantly monitored.

Blog PHP code can’t be modified.

Plugins can’t be uploaded.

JavaScript embed codes and CSS, are restricted.

I’m not suggesting that WordPress can’t, or won’t be hacked (nothing on the Internet is invulnerable to cyber criminals) – but, should sites hosted by WordPress.com fall to  the bad guys, those of us who rely on WP, will at least have a fighting chance to recover. This is not always the case for self-hosted sites.

Recent statistics indicate (surprise, surprise) – cybercriminals are increasing their targeting of websites for identity theft, virus distribution, and spamming. And, according to a newly released survey (Compromised Websites: An Owner’s Perspective), from Commtouch and StopBadware – in which webmasters were queried on their fight against hacking – almost half of the survey participants (who had been hacked), had no idea until they received a warning from their own computer’s protection technology.

More particularly, according to the Commtouch/StopBadware report – “about half of site owners discovered the hack when they attempted to visit their own site and received a browser or search engine warning.”  Not a very effective method of discovering one’s site has been hacked. As opposed to WP’s – “Potential harmful activity is constantly monitored.”

Highlights from analysis of the survey’s responses include:

Over 90% of respondents didn’t notice any strange activity, despite the fact that their sites were being abused to send spam, host phishing pages, or distribute malware.

Nearly two-thirds of the webmasters surveyed didn’t know how the compromise had happened.

Twenty six percent of site owners had not yet figured out how to resolve the problem at the time they completed the survey.

Forty percent of survey respondents changed their opinion of their web hosting provider following a compromise.

The report includes several examples of hacked websites, as well as the spam emails that may trick users into visiting these sites. In addition to analysis and quotes from site owners, the report provides tips to help webmasters prevent their sites from being compromised.

The following graphic illustrates why cyber criminals target web sites.


Courtesy – Commtouch

The full report is available for download (PDF format) at:




Filed under Blogging Tips, Cyber Crime, Malware Reports, Reports, Web Hosting

10 responses to “Webmasters Struggle With Hacked Sites – A Commtouch, StopBadware Report

  1. Thanks for mentioning the report, Bill! I’ll also add that, as a nonprofit organization, StopBadware is available as a resource to assist owners of websites that have been compromised. See http://www.stopbadware.org/home/security and our volunteer-driven online community, http://www.badwarebusters.org.

  2. Max

    I recently had some repair work done at a local auto body shop. Looking on the Internet for their phone number, I discovered the shop’s home page had apparently been hijacked and blacklisted by several anti-malware groups. Some of the Web of Trust reports went back to 2009, and spoke of the classic drive-by trojan infections I see so often in my computer repair business. Needless to say, the body shop had never heard of any of this. Businesses need to understand that they put all their customers at risk with these lax security standards. I might have to get another shop to finish up the work on the car. I’m concerned about paying by credit card when their server is almost certainly compromised.

  3. Can’t you backup a wordpress.com site?

    • Hey Marcus,

      You can – but not easily and not very effectively. WP.com has an “export” function but it’s not particularly useful. Personally, I’ve had nothing but trouble with it.

      On the other hand, WP.org is much easier and much more effective. There are a ton of tools available.



      • hmmmm….I’ve run my own server for the last year…and ….(SO FAR!!!)…
        all is hunky dory….
        Backups can all be set up with crontab on a daily basis

  4. Not really Bill…I just try to eat well, take a good fish oil, and keep my brain working properly…

    You said you were having trouble with the export function…wordpress have a happiness engineer at $120 who can help.


    Anyhow, if you do decide to go native with WordPress, I am more than happy to try and help. I actually used a guide to Nginx – http://www.vpsbible.com
    to get my server up and running…

    Took me a while, but well worth it.
    I’ve become a sad Linux / ssh junkie…and it’s all your fault Bill.