Monday, June 26th, 2017

W WebWorks by Terry Young
Website Security



WEBSITE SECURITY

Nobody wants to hack us! Yes, they do!

Often when I am speaking with prospective clients, they are surprised when I show them the number of hacking attempts against our existing clients that our WebUpdate system intercepts on a daily basis.

Webupdate catches and prevents around 1,000 attempts a day. The highest was 7,000 in one day.  As I write, there have so far been 890 attempts today, from different IP addresses worldwide, some as far afield as Chile, Algeria, Colombia, Indonesia and Syria.



All of these attempts were trying to access our clients' sites; none of which are large government or corporate entities, just entrepreneurial local businesses. Luckily, we coded our system to detect these attempts. The hackers only get one or two tries, then they are blocked from the server, and all other sites on the server.

Entrepreneurial business sites
that are not being monitored or
updated regularly are perfect targets.


Of all the attempts our sites experience, about 90 percent are targeting open source websites like WordPress, Joomla, and Drupal, because these have so many security flaws. Unfortunately, since many companies do have WordPress websites, they never know that these attempts are happening. And, because there isn't anything in place to detect them, they are not blocked from further access, as is the case with our WebUpdate sites.

The first thing to understand is that, in hackers' eyes, local business sites that are not being monitored or updated regularly are perfect targets. Just like a burglar trying to get into a house in a remote area, hackers have free rein to keep trying until they get in. They can then work undiscovered, potentially for a long time.

What do hackers do?
If you're lucky, they may just deface your site, as with the posting 'This site has been hacked by the Tonga Hackers Society.' It's annoying, but not the end of the world.

If you're less lucky, they may use your site to send out mass spam e-mails. This can result in your IP address being blocked, and prevent you from being able to send e-mails.

If you're really unlucky, they may upload fake bank website-looking files to your site in an attempt to hijack people's credit card information or steal identities. If that happens, you could be looking at Federal involvement.

So what can you do?
If you have a WordPress or similar type website, you must make sure that your web designer regularly monitors and immediately applies security fixes to your site, and any plug-ins they used.  They must regularly check the site's security and access logs to look for possible hacking attempts. They should also monitor all of the site's files and folders to make sure nothing malicious has been uploaded.

If you have concerns with your web security, now is the time to look into our WebUpdate system sites.  Not open source, they take advantage of advanced security, SEO, social, and responsive features to give your business the best competitive edge online.




Terry Young is the founder and CEO of Internet Marketing and Design, the award winning web and multimedia design agency in Chesapeake.