Home

Spiceworks Community Digest: Into the breach!

Shelby Green Shelby Green
October 24, 2025
Once more into the breach!
(Credits: kimono74/Spiceworks)

It’s Cybersecurity Awareness Month, and nothing brings security into sharper focus than a real-world breach. A recent discussion in the Spiceworks Community started with a simple, urgent question: “Our website was hacked…is there a way that we can find out how the bad actors could get their way?”

The replies from veteran IT professionals delivered a clear, if sobering, message: Nothing is 100% secure, but you have the responsibility to find and eliminate the obvious holes. The best defense is proactive, continuous vulnerability scanning and patching.

The Top Entry Points

The community quickly identified the most common routes of compromise, which nearly always involve outdated software or insecure coding practices.

  • Rod-IT: “Vulnerabilities, insecure code on your side, missing patches. There are numerous ways”
  • jarmbrister: “But if you use WordPress, there are routinely vulnerabilities identified and patches released for many such things. If you (or your web host) are behind on those you can expect problems.”
  • m@ttshaw: “Most of the time the hack/exploit just inserts Adverts, links, links to malware etc. Check that the CMs and other components are up to date.”
  • Alex Fogerty: “IMHO, the biggest cause of compromised websites is SQL injections, if the hackers knows what version of a given software you’re using… they can just look up the known security flaws for that version and exploit it.”
  • maxsec: “Check for outdated software, pluggings to WP etc”

Proactive Defense Strategy

How can you find the gaps before the bad actors do? The community recommended external testing and better internal hygiene.

  • Rod-IT: “Regular pen tests by a trusted 3rd party, patching frequently, including applications, hardening of ciphers, such as SSL/TLS to ensure only modern and secure protocols are used.”
  • kwelch007: “For free options, you might look at using something like Nikto… or Download Burp Suite Community Edition… to scan your website more thoroughly for coding-style vulnerabilities.”
  • Alex Fogerty: “Depending on the website backend, it could just be a weak admin password. If there is nothing to reject multiple attempts at guessing a password… then automation can guess the password (brute force).”

Are you keeping up with your patches and scans? How did you find your last vulnerability? Join the conversation on the Spiceworks Community.

Shelby Green
Shelby Green

Shelby Green is a seasoned content writer with 8 years of experience in the tech and IT industry. She's passionate about helping companies in the cybersecurity, SaaS, supply chain, and tech skill development spaces tell their stories.
Take me to Community
Do you still have questions? Head over to the Spiceworks Community to find answers.

Recommended Reads

AI cyberattacks: How hackers used AI to automate espionage
Security

AI cyberattacks: How hackers used AI to automate espionage

When disaster recovery plans fail in real disasters
Security

When disaster recovery plans fail in real disasters

How to balance privacy and security with the need for speed
Security

How to balance privacy and security with the need for speed

Quantum computers will crack your encryption. Now what?
Security

Quantum computers will crack your encryption. Now what?

How to tackle AI sprawl
Software

How to tackle AI sprawl

Ready, fire, aim: Corporate AI strategy ignores the risks
Security

Ready, fire, aim: Corporate AI strategy ignores the risks