63% of website owners don't know how they were hacked

[Chiefcrowe]

https://www.zdnet.com/blog/security/63-of-website-owners-dont-know-how-they-were-hacked/10986

 

[Zargon]

some lulz.

seems like its almost always out of date cms stuff or sql related.

my boss got his site hacked, running stock ass joomla unpatched from like 2 years ago

 

[gsellis]

Easy to believe. Resistance to best practice is huge because it usually means you can't have it right now, without some modifications, and some cost.

 

[Jeff7181]

I guess this assumes that the website owner owns the Web server and doesn't use a hosted service. For someone that uses a hosted service, I can see why they may not know how they were hacked. Securing their Web server may not be in their control.

 

[Dravic]

No surprise, everyone wants a website, nobody wants to run a website.

Security above all things is keeping your software up to date and being able to pick out the anomalies from day to day activity. The only logs/statistics most website owners look at on a regular basis are those of ad impressions.

 

[Lemon law]

Makes sense for the hacker too, what good does it do them to hack into a website and then promptly get their hack in discovered. And the future life of their hack is nasty brutish and short. But if the hacker can fly under the radar, they can get away with it for maybe decades.

 

[Lithium381]

i didn't until i just got an e-mail from another website owner complaining . . .turns out i've been compromised since last friday according to my scouring of syslogs