How do I report a hacking attempt on my website?

Published on January 13, 2009 How do I report a hacking attempt on my website?

If a hacker tries to gain access to your website or claims that they have, what can you do? Who can you report it to? Hacking is a very serious computer crime so there are a number of places you can go from your hosting provider to the FBI to attempt to trace the hackers and have them stopped.

First, report the hacking attempt to your website hosting provider.  They will be able to trace the activity of the hacker on your server and will probably be able to block them from returning to your site, and possibly the entire server. They may also be able to reverse-lookup the IP address of the hacker and tell you what Internet Service Provider they are using. You can then write to the ISP and report them there. Most ISPs and hosting companies have an ‘Abuse’ email address or contact form to report inappropriate behaviour of their customers.

Next, search for the hackers name on Google.  This is a fantastic resource for you as many hackers publish their hacks as trophies.  Visit these hack sites and see what you can find out about the hacker who is attempting to infiltrate you. If you find a website for the hacker you can then do a number of things:

• Look up the domain name of the hacker on a website like whois.sc. This will give you a lot of information about who registered the domain name and what company it was registered with.  If the details are fake or incomplete, this is often against domain registration rules in most countries so you may be able to report them for inappropriate domain name use.  At a minimum this will help you trace them as their domain name provider will ask them to update their details, or even better they may be penalised for inappropriate details.
• A whois lookup will usually be able to also tell you who the hosting provider of the website is. You can then write to the hosting provider and inform them that one of their customers is using their account for hacking – a serious crime that most hosting providers will terminate an account for if it can be proven to be true.
• You can also report the hacker to the police. The Federal Police in Australia have a computer crime division with contacts in many countries of the world. If you have actually been hacked or defrauded online, it is a crime against your business and therefore a crime in Australia.
• Report the site to Google so their site is not indexed
• If the crime is international or your website is on a US-based server, you can also report your crime directly to the FBI computer crime website. They have a detailed online form for you to fill out and take every computer crime report very seriously.

Preventing crime: what can you do?
Given the profitability of shopping carts, they can be a target for computer criminals if they are not kept in a secure and PCI DSS compliant environment. Take advantage of any website tracking software that monitors the visitors to your site in real time (if your shopping cart or website provider offers such a service).

Keep your own computer secure too. Make sure you have up-to-date virus protection and anti-spyware software installed so hackers can’t track you logging into the administration section of your shopping cart website and have a firewall installed if you have one.

If you choose a reputable ecommerce website provider who takes security seriously and you know what to do if someone attempts to hack you.