Who Is Liable for Fixing a Hacked Website?

A hacked website can negatively affect your business’ reputation, and if you’re dealing with sensitive customer data, it could leave you legally liable. Whether you run a large corporation or a small business, your website can be “hacked” in many ways. According to recent statistics, a website is hacked every 39 seconds. It sounds scary, doesn’t it? But who’s responsible for fixing a hacked website? Let’s dig in!

Unfortunately, most hackers don’t make it easy for you to notice that you’ve been hacked until they execute their objectives. This could be installing malware, collecting information, or spreading the infection to users. If left unchecked, it can cause serious problems for the business and its users.

Ways Your Website Can Be Hacked

Denial of service attacks (DDoS/DOS)

DOS attempts flood your website with a large amount of internet traffic. This comes from the computers of those who have been infected by malware. Cybercriminals typically use denial of service attacks to shut down a website and then demand money to cease the attack.

SQL Injection

The attacker uses malicious scripts to exploit the database of a website. They can use files or lines of code. The attackers will use this kind of attack to steal information or delete your data. For instance, they can retrieve your passwords, personal information, home addresses, usernames, credit card numbers, etc.

Viruses, Spyware and Malware

When cybercriminals access your web server, they can insert spyware, viruses or malware. The programs are then given to the users of the website. The malicious software can make your computer slow, and can give the attacked computer private information of yours.

Redirecting to Fraudulent Sites

Cybercriminals gain access to a website and redirect users to other sites to obtain credit card information. Clearly, this is something that should be avoided to prevent the loss of thousands of dollars.

Brute Force Attacks

Cybercriminals access the administrative section of your website and attempt to guess the authentication details of your website. This is why it is very important to set up a challenging password for your website login details.

Who Is Responsible for The Hacking?

In the actual sense, the hacker is responsible. But much of the answer depends on how the website is built. If it’s a content management system (CMS) like Drupal, WordPress, or Joomla, then the answer will depend on many factors. Most hackers target open-source scripts, such as WordPress, because it’s free to use. It’s licensed under General Public License (GPL) and guarantees the users the freedom to share, run, study, and modify the software.

To answer the question of who is responsible, there are a few things to keep in mind. How did the hack occur? Did vulnerability happen between updates? Were the passwords compromised? The answers to these questions will determine who is responsible.

Can You Blame Your Developer for A Hacked Website?

No. Although this is often the first thing someone might think when they see a notice “dangerous site,” it’s not always the case. Generally, the developer does not host a website or provide website security. They are responsible for building the website, and quite possibly designing the website as well. But it’s usually up to the website owner to maintain the website and keep it secure by keeping scripts and plugins updated.

This is similar to a home builder. If you hire someone to design and build your house and then vandals cause problems, you wouldn’t hold the developer liable for repairs. Though you may want to hire the developer to help fix the house up again. In the same way, a website developer can likely help you get your website repaired, after the attack.

Is the Hosting Provider Responsible?

This will depend on the details of the agreement. If the contract states that the hosting provider is responsible for security, then they are liable. But if the contract states that the client is responsible for backups and security, then the host is not to blame.

What are the disclaimer clauses in the contract? If there’s some kind of legal relationship with the host company on the security of the website, they should take responsibility. The next question is; how do you know if the provider has something to do with the hacked website? Once you discover a malware infection or a hack, you should clean it completely. If the infection came from a website that you share the same server with (shared hosting), you may want to contact the service provider.

But unless the other sites you share a server with have the same problem, then you can’t blame the hosting provider. Perhaps the best way to approach the matter is to do a reverse DNS lookup. The idea behind this is to check whether the sites you share the same server with have evidence of a hack. Remember, you still have to contact the hosting provider to help you put security measures in place.

Are you enjoying this post? If so, be sure to subscribe for occasional email updates from our team!

 

Security May Belong to The Website Owner

What are you doing to protect your website? If you’re using outdated plugins, your website can easily get hacked. Secondly, you should install an SSL certificate and start using the HTTPS protocol. You should also ensure comments are manually moderated.

Maybe the laptop or computer you use to administer the website is infected. It’s your responsibility, as a business owner, to ensure the terminals are secure. Are your passwords secure? Do you change them periodically? If there’re no security procedures in place, you should bear the responsibility. You may also have to pay someone to rebuild the site.

How to Prevent Future Attacks

Be Proactive About Security

The number one defense is ensuring the passwords in your site are secured. You should change them regularly and keep the administrator accounts to a minimum. You may also want to remove unnecessary scripts to keep the site safe from hacks. That’s not all. You must secure the databases and important folders with strong passwords. The goal is to allow visitors to enjoy your site and still keep the security high.

Secondly, you should tighten your network security. This can be done by enabling Two-Factor Authentication (2FA) when you log in. Besides that, you should scan all devices plugged into your network for malware. You can’t just ignore this area. It’s estimated that hackers create 300,000 pieces of malware every day. If you use a CMS like WordPress to manage your website, you should only use plugins from reputable sources. You may want to promptly remove any unused plugins.

Another important step is to set up an SSL certificate. This means your data is encrypted when it is transferred between the browser and the server, making it difficult for hackers to intercept. If you collect credit card data, you may want to consider third-party solutions so you are not liable for hosting sensitive information. Another common cause of hackers taking over your site is because it is using outdated software. You should ensure your core installation is up to date and is using the latest version of the CMS you are using. These actions will not stop the hackers from gaining access to your website but will make you less vulnerable.

Wrapping It Up

If your website is hacked, you should respond quickly and decisively. Trying to cover up the mess could lead to further damage, and it may look like you’re to blame. Make sure you acknowledge the situation at hand and assure your website users you’re doing everything to mitigate the damage.

Unless you can show some negligence of the developer or hosting provider, the burden will always land on the owner of the website. You must have a security agreement in place to prevent a website hack from occurring. This will show you who is responsible in case the website is hacked. You should also stay vigilant to prevent future attacks.

If you have any clarification questions about protecting your website, or need help fixing a hacked website, let us know. You can connect with us via the contact form below.