If a website has been compromised, the cyber-attacker can perform various harmful activities to the users visiting the platform:

• Insertion of suspicious code or scripts;
• Insertion of iFrames containing malware;
• Redirection to other infected websites;
• Generation of spamming or phishing attacks;
• Inserting cookies to monitor the activity of visitors.

To detect suspicious code or iFrames on a website, platforms dedicated to these analyzes can be used, such as the Sucuri platform.

Analysis of links from a the websites can be done with any Link Extractor, such as the WebToolHub platform. This app extracts all links from the platform and displays them according to the type of link. The website administrator can see if suspicious redirects are present.

Generating spamming or phishing attacks is another activity that can be deployed on a compromised website. This activity can be detected by looking at whether the platform’s domain has been marked in spam lists, called blacklists. One of the applications used to check the domain in spam lists is blacklistalert.org, an application that checks for the largest databases with domains listed as compromised and used by attackers to generate spamming and phishing.

Cookies can be installed, intercepted, or even modified by cyber-attacker once the website security has been compromised. In order to observe the types of cookies set on a website, it can be used dedicated scanning and analyzing applications, such as the Cookie-Checker platform. This website analyzes and shows what types of cookies are set on a specific website.