Report on Web Design: Santa Rosa Site Attacked by Hackers
I never dreamed it would be happen with local web design… Santa Rosa area websites CAN and DO get targeted by hackers. The danger is real. Who would have thought? Is yours next? What can you do?
It all started when I got a somewhat puzzling email. As the administrator for one of my clients’ sites, I get notices when certain things occur with the WordPress websites I manage. Usually it’s just a spam comment trying to get approved for a blog post.
But this one made me scratch my head. The subject header read, “Snap! One more 404 on (client’s site name here).”
Here’s what the rest of the email looked like:
Bummer! You have one more 404
IP Address 113.186.233.203
404 Path /wp-login.php
User Agent Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705)
What this Email Revealed
In case you’re wondering, a 404 is an error code that gets triggered when someone tries to reach a web page that doesn’t exist or where there’s an error in the link. Google doesn’t like those, since they represent inconvenience to someone searching for something who couldn’t find it. Too many of them can result in Google penalizing a website in search results. So, it’s something a webmaster should pay attention to.
But when I did, I realized that the login path was not the correct one to log into the site in question. It was an isolated incident, so I shrugged it off.
A few minutes later, another email arrived. But this time the path was different: /404testpage4525d2fdc. This was a page that never existed on the client’s site, and the path made no sense. I also noticed that the IP address of the submitter was different from the prior one. The IP address refers to the unique set of numbers that identify a connected device using the Internet. Every device has one. It’s like a fingerprint.
I wasn’t sure what to think, but I didn’t have time to dwell on it. Within minutes I was receiving hundreds of emails with various error paths on my client’s domain and many of them originated from different IP addresses. Quick research revealed that the IP addresses came from countries like Poland, Spain, Belarus, Viet Nam and others.
Holy Cow! What the Heck was Going on?
I began researching and soon turned up an answer. My client’s website was under attack!
Techopedia defined it as follows:
“A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data. Brute force attacks may be used by criminals to crack encrypted data, or by security analysts to test an organization’s network security.”
Why would someone want to gain access to a small Santa Rosa business website? The answer is that hackers can do various dastardly things to sites like yours for their gain. Examples include:
- Replacing the content of your site with content that makes them money
- Demanding ransom to restore your site
- Getting usernames/passwords that can be used elsewhere for gain
- Uploading malware onto your site that can be transferred to unsuspecting site visitors’ computers
Most likely, the attacking devices’ owners weren’t even aware that their computers had been infected and were now part of an attack network.
What You Can Do to Ward Off Attacks
I called my hosting account support center, and they confirmed my suspicions. Upon their advice, I took some immediate steps to improve the security of the website. Here are those steps, and you can take them to protect your own website:
- Change the password. In particular, use a long and complicated string of letters, numbers and symbols.
- Install Sitelock, which helps find, fix and prevent site vulnerabilities. In my case, this is a product sold by the hosting account provider. Just ask yours to add it.
- Install WordPress plugins that limit login attempts. These are free and easily available.
- Require a CAPTCHA for the login process. This requires a live human to read a somewhat cryptic image and enter it into the login screen.
- Back up the site—just in case. If you’re not using a host account that offers back-ups, get one that does or ask if your provider offers this service. If not, you can use a plugin like Backup Buddy or WP Clone.
The measures held, and the site remained intact. But it changed my paradigm about web design. Santa Rosa business websites—or anywhere, for that matter—are not safe from hacking. It’s something to take seriously because it can happen to you.
I am sure people with cyber security backgrounds will have additional thoughts and suggestions, so those comments are welcome.
[…] Unlike older sites, WordPress sites come with a login. This means hackers may try to gain access to the site and do dastardly things like upload malware or, at the least, replace your site with something […]
Tim
Thank you for this information. I am always interested in what you have to share.