Jun 10

Internet Security lessons learnt from our website being hacked

So at the beginning of May 2014, our digital platform blegscope [dot] com was hacked into… Precisely speaking, it was hacked on the 4th of May 2014.

Before last month, I alwayimages4444s thought ‘hackers’ were just some misfit computer nerds who enjoyed playing mean tricks on the rest of us!!! You can say what you want about it, but if your levels of internet-security revolve mainly around having your password as your son’s name and his sister’s birthday mashed up together, believe it or not but hacking is a sophisticated and very modern enterprise. The implementers have in-depth knowledge of operating system software, browser vulnerabilities and programming. Their hack-attacks are most likely automated to where things called internet bots crawl through the World Wide Web searching for a chink in someone’s website armour…

And that is where we were caught napping..

At first we thought it was a blindness issue as we were being issued with this http:// blegscope dot com slash cgi-sys slash suspendedpage dot cgi on all our sites including the email server, the blog as well as the main site.

Initially, we were shocked, but because we are not actual techies, we could not have seen the signs. In hindsight though, we can now see and hence share the way we now have changed the way we think about security and above all internet security.

So here we share a few important lessons about internet ~> [email, blog and website] security and how dealing with it is paramount.

ONE:
imagesIf you ever receive an email from your own email address that you are so sure you did not send, be afraid that a hacker has indeed joined your company unofficially as a hacker.

 TWO:

Be very cordial and gracious with your web hosting/ developer in explaining to them what you think is the problem. Why I say this is that many web hosting companies are not so good at customer support and erstwhile customer service…

But that does not mean that they are not proficient with your web security issues. Our provider is Nodesix (s/o to Jason, Krabz* & Zulu) and I believe them to be the premier web-hosting company in the country as evidenced by their dedication to sorting our problem out. It suffices to say we are just one of their 500+ website clients who are hosted by them

THREE:

images333If you are a regular blogger like we are and your site is built on a WordPress platform, MAKE SURE that you UPDATE whatever plug-ins are installed when the site advises you too. As mentioned earlier, those bots that trawl the www can leave a malicious worm in your back-end and allow the hacker to receive your password as easy as Sunday morning…

Keeping your website updated will keep hackers from find any vulnerabilities to gain access to your blog.

We talked to Nodesix Administrator Joel aka Nevender about plug-ins and he told us…

As much as WordPress is versatile and customizable. There are so many really interesting and enticing plugins, but they can be just as bad for you. Take time to always keep them up-to-date and if not being used, clear the data out before deleting it. If not done, they will always be a security risk.

FOUR:

Make sure that your web-hosting firm has somebody who understands WordPress. As a leading global blogging platform, be sure that it must be attacked a lot. When our hacker (yes, he is ours) left a malicious link on both our website and blog, we could not click beyond the first page. The WordPress guru (Nevender) at Nodesix cleared this up for us.

FIVE:

Probably the most important, if there is anything that you must do, it is BACKING UP your information.

Writing out an article/ blog-post is something that you do with a different thought process and if you simply write and post with no back-ups and your site is hacked, you can lose more than 98% of your information. DO NOT RELY on your hosting company alone for back-ups. Heck, back-up your back-ups… Have the back-up automated so you do not have to think about it. After our hacker infiltrated our system, we now back up every week to four (4) separate places including two email addresses, a drop-box account and a hard drive.

Having backups does not only apply to your site and blog. Protect your client work as well. Viruses can damage your machines and destroy your hard work.

You can store the backups also on Google drive. It is free for up to 15GB worth of data space…You can learn

To wrap it up, here are the key pointers again…

Make sure you have a reputable web host with 24-hour support.

Find someone who understands WordPress and English (or your own language).

Have a cordial relationship with your web developer.

Know and keep a record of your own passwords! [This includes your admin password/ Your FTP password/ Your PHP password]

Backup your data!!!

Keep your WordPress theme up-to-date.

Use WordPress approved Plugins. [Keep your plugins up-to-date. Out-of-date plugins can break your site. They are a security risk. Minimize plugins]

As non-techies, we may not give you the complete run-down with the specific security lingo as we were explained to, but if you do have a company website and/ or blog take the time to check through our issues above and thereafter insist and make the call to your current web-hosting company to assess the risk status of the site and immediately prepare before you get hacked like we did.

But as you can see, we are back online.

Please note that no website is fireproof to all hackers. They have different phases and most see hacking as a mental challenge.

These lessons we have shared are simply the beginning of effective internet & website security – not the end. Like any form of security, it is an ongoing process that must involve awareness of new threats combined with specific details about your own install environment.

Edmund KamugishaEdmund is the Engagement Director at BLEGSCOPE®, and has over 9 years of management consultancy experience notably in MSMEs, FMCG companies and in the service industry. You can follow him on twitter: @edmokmg

Leave a Reply

Your email address will not be published.