Do not say we did not warn you! Last night we had another client’s website get hacked. The reason? Out of date software!
In the sage words of our Web Manager, Will Chatham, “it is not ‘if’ my site gets hacked, it is ‘when”.” Right now, more than ever before, the Black-Hat hackers are working to disrupt how we all do business on the internet. There are some reasons that a site gets hacked, and in the last few weeks we have seen all of them in use.
The reasons and the fixes are from Ask Securi:
- Website with known vulnerabilities
- Out of Date Software
- Bad Usernames and Passsword
So, what can you do? My advice would be to hire corecubed to monitor, update and backup your site if that site in is WordPress, but there are the words from another source if you are more of a do it yourselfer:
- Stay away from Soup Kitchen servers – dedicate a server for your testing, staging and production environment. Familiarize yourself with the concept around website cross-contamination.
- Please, please, please update your software – this includes all thing from the web server OS, CMS platform, associate plugins and themes. In the last month or so we have seen updates to both WordPress and Joomla.
- Back up your site, data and anything else associated with the site – don’t back it up onto the same server, that kind of defeats the purpose of a backup.
- Engage a professional – Would you allow your cousin to operate on you if you needed surgery?
- Use unique credentials, stay away from admin and use random generators for your passwords. This applies to everything from your cpanel to database access, every one of those access points are possible attack vectors. Here is an article you might find interesting talking to how someone would crack your credentials, “How I’d Hack Your Weak Passwords“. Here is another one of a small test we did internally to identify the most commonly used credentials through the use of brute-force attacks.
- Don’t forget about your local environment, ensure you are running an AV on your machine – more often than not we see infections initiate from compromised machines housing trojans.
- Educate yourself – learn the do’s and don’ts about operating your own website, even if you have a professional. Don’t let yourself be a victim to a professional.
- Learn how to use .htaccess to lock down your site.
- Proactively scan your site manually to make sure things aren’t missed. There are a number of tools available to you, here are a few free tools (no emails and or registrations required): SiteCheck and UnmaskParasites
We all benefit greatly from the freedom and access we have with the Internet. Now it is time to put some extra locks on that open door, and to protect your self and your business, and those who do business with you. Call us or email us and we will be glad to help!