7 Signs That Your Website Has Been Compromised

It’s not just big enterprises like Facebook and Apple that get targeted by hackers. Small and medium-sized enterprises (SMEs) are constantly under threat––especially businesses that specialize in e-commerce.

According to Verizon’s 2020 Data Breach Investigation Report, nearly 30% of cyberattacks in 2019 targeted SMEs. These are businesses with fewer than 1,000 employees. Smaller companies are popular among hackers because they’re soft targets––meaning they’re more vulnerable to attacks than large enterprises.

Here’s something to consider: Hackers earn as much as $75,000 a month launching automated cyberattacks on SMEs. There’s great incentive for them to target vulnerable businesses.

Does that mean your SME will inevitably fall to a cyberattack? Not necessarily.

Most breaches could’ve been prevented had the companies followed good security practices like:

  • Creating secure passwords and changing those passwords every few months.
  • Using up-to-date software to scan machines for malware.
  • Not sending information over unsecured networks.

If you do fall victim to an attack, how will you know? Let’s find out.

1. Your IP Hits a Spam List

Sending spam can be a lucrative business for cyberattackers. That’s why they set up botnets to search the net for vulnerable websites they can attack.

One of the most frequent goals of hackers is to turn your website into a spam distribution point. They will infect your files and install malicious code to set up a backdoor. Then they’ll use that backdoor to control the resources of your site.

2. You Notice Unknown Plugins

CMS plugins are a great way to simplify various website management tasks––but not all plugins are benevolent. Hackers often use plugins with malware to gain backdoor access to websites. If you ever discover an unknown plugin on your website, you should delete it right away if you can’t trace it back to a legitimate source.

3. Your Website is Marked as Dangerous by Browsers and Search Engines

Believe it or not, websites are extremely high-risk assets within your IT infrastructure.

Statistically, a cyberattack occurs every 39 seconds. Botnet owners are constantly searching the internet for websites with vulnerabilities they can exploit. If your systems aren’t protected, you have a high likelihood of falling victim to an attack.

Similarly, browsers and search engines are always on the hunt for websites that could compromise the security of their users. And when they do come across dangerous websites, they flag those sites to warn people to stay away.

deceptive site ahead


4. Your Website has Unwanted Advertisements

Sometimes attackers will inject a code into your website that creates popup advertisements on your site. When visitors land on your website, they’re bombarded with unwanted advertisements. You lose visitors because your site becomes unbearable to navigate, meanwhile, your attackers are generating money through the ad impressions.

Another variation of this is with redirects. Your attacker injects a code that redirects your visitors to your competitor’s website.

5. Your Website Slows Down and Often Shows Error Messages

This is one of the harder issues to notice because websites slow down for a lot of different reasons––and many of those reasons have to do with your visitor’s internet configurations.

However, a sudden drop in speed could also be a sign you’ve been hacked. Malware often requires a lot of resources to run––and if you’ve been infected, those viruses could be draining your server’s resources. If you ever notice that your website is taking a lot longer to load, it’s a good idea to investigate whether you’ve been compromised.

6. You get an unexpected spike in traffic

Companies spend a lot of time and money to drive more traffic to their websites. So, it’s only natural to assume a sudden spike in traffic is a good thing. But it can also be a huge red flag.

If you notice sudden and dramatic spikes in traffic, you could’ve fallen victim to a “spamvertizing” attack. This is when an attacker uses your website to bypass spam filters. Here’s how it works:

  • A hacker embeds a redirect code on your website that sends visitors to the hacker’s website.
  • Links to your website are included in spam emails. Because your site doesn’t actually host the malware, it bypasses spam detection systems that filter out dangerous websites.
  • Unsuspecting visitors land on your website and are redirected to a site where they are phished or infected with malware.

For this reason, you should always conduct a source code scan when you discover an unexpected spike in traffic. This will let you see whether malicious parties tampered with your source code.

7. The Host Takes Your Website Down

If your host unexpectedly disables your website, there’s a good chance your site has been compromised.

A cyberattack might have slipped past your defenses undetected, but expect your host to be more vigilant. That’s because website hosting companies routinely scan their servers for any malicious code. And if they find malware on your site, they’ll disable your site to prevent it from spreading to other websites on their server.

Usually, your host will contact you by email or phone if they take your website down. During this time, they’ll let you know that your website has been hacked and that they’ve blocked outbound points to stop you from spreading malware.

What if you don’t hear from your host and you notice your website is down? You should contact them immediately. They can let you know if you’ve been attacked. They can also tell you whether your site was individually targeted or part of a large, coordinated attack.

Stay protected against cyberattacks

How you respond to cyberattacks is important. The faster you respond to an attack, the easier it is to mitigate the damage.

With that said, prevention should be your number one priority––not response. And that’s where we can help.

BitNinja SiteProtection strengthens your security measures and actively scans for potential threats. That way, you can catch attackers before they succeed. SiteProtection searches for malware and other vulnerabilities and quickly responds to any threats that could compromise your security posture.

Cybersecurity is not an option anymore. It’s a must! Subscribe to SiteProtection Pro and enjoy the Ultimate Website Protection!


If you have any suggestions for further developments, feel free to share them! We are always opened to new ideas.

Let’s make the Internet a safer place together!

The BitNinja Team