When Your Site Gets Hacked

So, you are running a small business, and some (if not most) of your income comes from your Web site. It could be in a form of actual merchandise sales, or as referrals for service. Just a few years ago, a company Web site was perceived as a cheap alternative to advertising and as a quick way to get a new sales idea on line. Most of the small businesses either did not have revenues to invest in it, or just did not want to, cutting corners at every opportunity. Web sites built on the cheap started popping up all over the place, and the fact that most of the hosting companies have advertised extremely low cost plans, had not helped. In addition, the popularity of easy to customize Content Management Systems (CMS), like Joomla, WordPress, or Drupal, just to name a few, enabled almost everyone to create a site and start selling and advertising for very little money.
Fast forward a few years, in which most of those businesses failed to have a viable strategy to keep those sites updated and secured, and you have a recipe for disaster, in this case a blacklisting by Google.
If you running a site on a shared server (like most of hosting plans), and you have anything more complex than a simple HTML, it's just a matter of time, before some automated script takes interest in your code. You are probably a bit luckier, if you had a budget for a good programming team to build you a custom site. "A good programming team" is a key concept here, since poor coding can be as bad (if not worse) as an outdated CMS. If you decided to use a CMS, hired a team to customize one for your needs, and then cut your maintenance costs down to zero, now you are in much more difficult situation. Content Management systems are excellent for both the initial build of a site and for a subsequent maintenance, since they give you a wide range of customization options, plus allow for almost unlimited functionality extensions, however, they give a false sense of security to the end user. Most of the small business owners will pull any additional resources from their Web project after the initial build, happy that the site runs itself, safely and securely. Unfortunately, the reality usually catches up rather quickly, a few software releases later, when a widely known security hole is not patched up and your site gets hacked. If you notice it fast, and fix it, you might be lucky enough to be the only one to know about it. If you don't (and most of the time you don't, because you are not paying anyone to run you site, so you have no idea), within a few weeks, your site gets blacklisted by Google, and your business disappears from the search results, or even worse, it shows up with a big warning not to visit it.
This is increasingly common scenario for many businesses, as the very underrated and forgotten security on the Web, has been getting wider and wider attention in the past years.
There is a very good overview of the problem on the CNN's business site: Google's dreaded 'blacklist'
What's the best solution?
There is no simple one at this point. As with everything else in business: you get what you pay for. If you want low cost, you are probably not going to get a lot of freedom to customize, and you might have to learn a little, so you can do things on your own. If you need a lot of options and customizations on your site, you need to pay for it, either with your own time and skills, or by hiring someone who knows not only software, but also software security. If you think you can get it all, cheap and high quality, you are denying reality, and, as always, reality does not care... it'll run over you and your Web site sooner, or later.

17
Sep