Phishing attack on website usually happens when a hacker or fraudster or phisher hacks into legitimate web site. Once hacked the attacker (person or program) can add phishing pages to the web site or change the content of the web site. They can even download and execute programs on your web server.
But how do you identify your website is under phishing attack? Intruders usually hack a website and add phishing pages to it to steal sensitive information or to divert traffic. You should have a good monitoring mechanism to identify phishing attacks on your website. You can yourself monitor your website or allow any good third party to monitor your website to prevent or stop phishing attacks.
Let us discuss how can you monitor and identify website phishing attacks.
Methods to Identify Web Site Phishing Attacks
Monitor Traffic for Unusual Changes
Unusual traffic volume to your website or from your website may indicate a phishing attack on your website. Sometimes you can see traffic flowing to an unknown URL in your site. Basically you need to keep track of the below indications.
- Sudden spike in traffic volume directed at your web site.
- Unusual outbound traffic emanating from your hosting server.
- Traffic to an unknown page on your website. This unknown URL may be introduced by the attacker. This may be a phishing page.
Check Your File System
You need to check your website files for any modifications. Malware programs can edit your files once the website is compromised. Keep track of any website file changes. Also you need to check for any new file additions or even database changes. There are tools available for popular website and blog platforms to regularly check website file changes.
Read Related Articles:
Website/ Web Server configuration changes
Check your website and web server configuration file changes. Files like .htaccess need to be validated for any changes or additions. Folder and file permissions should be validated.
Read Related Articles:
- Password Protecting website Pages and Directories Using .htaccess
- .htaccess Tutorial -A guide and .htaccess tricks and tips
- Must Do Tips To Secure WordPress Blog and Site
Once you have identified the phishing attack on your website, you need to take necessary steps to recover from it. It is better to take your site offline temporarily till you clean up the infection. You can request or demand your hosting provider to carry out a clean-up process. You can also restore the entire site from a clean backup. Also ensure that the loopholes are closed so that you can prevent any future attacks.
Join Globinch on Social Media
- Turn your Windows 7 Computer Into a Personal Wi-Fi Hotspot 20 comment(s) | 26,505 view(s)
- Search Engines for File Sharing Sites : Rapidshare Search, Megaupload and More 2 comment(s) | 18,457 view(s)
- Google Translate Now supports Bengali, Gujarati, Kannada, Tamil and Telugu 2 comment(s) | 17,346 view(s)
- Best PDF OCR Tools to Convert Scanned images to Text / Word Documents 4 comment(s) | 13,642 view(s)
- Google Top Searches Today – Hot Google Search Words today 8 comment(s) | 13,504 view(s)
- Globinch Search 0 comment(s) | 10,389 view(s)
- Access Blocked sites, Unblock Restricted Websites 16 comment(s) | 9,453 view(s)
- Password Revealer – How To Reveal- Show Password Behind Asterisks? 1 comment(s) | 8,517 view(s)
- Play Angry Birds Game Free and Offline in Chrome Browser 1 comment(s) | 8,244 view(s)
- Free Online OCR Software to Convert Images Into Searchable PDF, Doc, HTML or Text 2 comment(s) | 8,083 view(s)
- How to Use Wi-Fi the Secure Way
- 5 Apps to Boost Android Performance
- Building a Smarter Site Using a WordPress Platform
- Samsung Galaxy S IV Smartphone :Summary of All the Radical Innovations
- 5 Killer Tips to Increase Traffic to Your Blog
- Domain Parking to Make Genuine Money Online
- SEO Is Not Dead, But You Need to Upgrade The Process
- A Complete SEO Guide on Using Social Media for Better SERPs
- When Should You Use Geotargeting or Setting Geographic Target in Google Webmaster Tools?
- How To Optimize Your Google+ Page And Profile For Search Engines