Monday, March 25th, 2019

W WebWorks by Terry Young
Hackers, hackers, everywhere!!



HACKERS, HACKERS, EVERYWHERE!!

And they're probably targeting you.



There has been much controversy in the news following the recent revelations that a Chinese hacking group has been targeting many U.S. web sites. While many people think hackers only go after large corporations and government agencies, that is a belief dangerously far from the reality.

Just over the last few weeks we have seen an incredible increase in hacking attempts of our servers and web sites. We see as many as 200 attempts a day from IP addresses all over the world. None of the sites targeted are in any way large corporate or government sites. They are simply small local businesses.




The psychology behind these hacking attempts is not the traditional Hollywood portrayal of hackers: rebels wanting to take down the man. These are aimed at creating disarray, or worse, committing a criminal act of some kind.

I have covered this topic before. In some cases the hackers are just looking to find servers that they can use to quietly send out spam or viruses. Other, more criminal motivations include a hacker attempting to access a site in order to upload phishing files.

Phishing sites are aimed at tricking people into giving away sensitive personal or login information. They are usually paired with a bulk email being sent out through compromised mail servers on other hacked systems.

Hacker motivation in cases like these is to simply spread themselves out as far as they possibly can while staying below the radar. Because a hacked site usually shows no unusual signs, their activity may go undetected by the owner or webmaster, allowing them to exploit the server, sometimes for months. Okay, so what can you do to prevent this? Commercial hosts stay up on server security measures and updates as a matter of routine, but that doesn't address issues with the site software itself.

Imagine you are looking for a security system. Would you buy
one that has thousands of known bugs,
all of which are
published online
for a criminal to study and exploit?

About 60% of the hacking attempts on our sites are hackers trying to exploit open source security bugs, most commonly those found in sites created with WordPress.

Anyone who reads my columns knows how much I dislike open source software. Not because of its principle of community development, but because of its many security issues and bugs.

Software like WordPress is sold-on by many web designers because it is free, and, with a fast turnaround, they can make a large profit. What most people don't understand is that open source is exactly that - open, to all.

Imagine you are looking for a security system. Would you buy one that has thousands of known bugs, all of which are published online for a criminal to study and exploit? Of course not.

At the time of writing this, WordPress alone has 3,626 open bugs. Furthermore, WordPress can use plug-in programs, and these also currently have 673 recorded open bugs.

The bottom line is that if you have an open source web site, such as WordPress, Joomla, Magento, etc., you need your web designer to go back regularly to the place they downloaded your site, and any plugins, and apply all necessary security patches. Failure to do this ongoing maintenance can cause a big problem.

Luckily, our WebUpdate system is not open source. It was created by us, and, as such, we can quickly fix any bugs that may arise. This is why we have none.

WebUpdate also has more in-depth security tracking. If, for example, someone tries to access a known open-source exploit, they are immediately blocked from the server, permanently. This means that they are also blocked from all other client sites on that server.

Your site is one among thousands of others offering the same products or services. Believe it or not, you can look your best without breaking the bank.

If you have concerns with your web presence, now is the perfect time to look into our WebUpdate 6 system sites, which take advantage of advanced marketing, SEO and promotion, and security features to give your business the best, and safest competitive edge online.





Terry Young is the founder and CEO of Internet Marketing and Design,
the award winning web and multimedia design agency in Chesapeake.