Website Security – Why It Matters And What We’re Doing.

Written by Paul Andrews
Category: Our Blog Created: Wednesday, 01 April 2015 11:28
Hits: 2442

Website Security – Why It Matters And What We’re Doing.

You see it almost every day in the news: “{Insert Site Here} Hacked And Data Exploited.” Or you go to visit one of your favourite websites to suddenly find it gone and replaced by a page proudly claiming to have hacked the site. You often get the email informing you that your bank account has been accessed and to click a link to enter your bank details to reset your security. All of this and much more is the work of cyber criminals – of as they are often known – hackers.

Most people assume their website is immune from such attacks because they’re just a little business or club and that hackers only go after major targets like Facebook or Google or other massive websites. Sorry to be the one to break it to you, but nothing could be further from the truth – all websites are pretty much under threat – always. When I design a website in my Dunsborough office, I have to think globally about the threats it will come under once it it out in the wild.

Click On this link watch real time hacker/bot activity as it takes place – frightening!

What you will see is attacks directed mostly towards the major datacentres and networks in the USA and their point of origin. These are the websites you visit every day under attack. Plus, if you have a website, they are attacks on your website. Websites I host get hit all the time by hacking bots and I am often forced to stop whatever it is I am doing and put evasive measures in place - somethign that jsut does not happen with cheap hosting.

Every day I get a heap of notifications like this:

IP Address:
Attempts: 3
Attack Started: 2015-03-31 02:02:55
Last Attempt: 2015-03-31 11:15:38

That’s little snippet is a notification I get when an unauthorised attempt is made to login to the administrator area of one of my client’s websites is made. The IP address resolves to a computer or server in China. So the question needs to be asked, why would someone in China want to access the control panel of a dunsborough website I am hosting? I don’t employ any Chinese programmers, I don’t have any Chinese clients and I’m sure the client has no idea someone from China is trying to access his site. 

And another:

IP Address:
Attempts: 3
Attack Started: 2015-03-31 03:18:25
Last Attempt: 2015-03-31 14:51:44

Once again from China. These both came in while I was writing this blog. Day and night they come and as far as bot activity is concerned, the websites I design are no different to any of hte other Dunsborough or Busselton web designers or those in Perth or anywhere around the world for that matter.

Fortunately I run a number of systems at both webserver level and website level to keep unwanted hackers out of my clients’ websites. I won’t name then because while I doubt they are following my blog, a gentleman never tells.

People ask me what they have to gain. There are many answers, often it is just the same as a kid who smashes a window – they just get a kick out of vandalism and in the world of cyber security, generally these are the good guys, their hacks are easy (if not sometimes costly) to repair. They just want to feel they’ve achieved one up on the website owner or host and been better than the security or management of that site. But often it is far more sinister than this.

Most websites, especially Content Management System websites that I and most other website designers build are very powerful web platforms and in the wrong hands are akin to giving a nuclear weapon to a psychopath. Software can be inserted to spread viruses, send spam emails, set up phishing sites like mock online bank websites where the unsuspecting are encouraged to enter their bank details – only for these details to be whisked away via a complex network to some offshore haven where all the money is quickly drained from the unsuspecting person’s bank account. In other cases a payload is inserted and then along with other hacked sites (often millions) the power of your website and the others is turned into a cyberattack on a target website like the CIA or US government or Facebook in an attempt to bring that site down.

What Do We Do To Reduce The Changes Of Being Hacked.

First of all, the staff at the Datacentre in Dallas are on hand 24 hours a day to actively monitor for suspicious traffic patterns, sudden spikes and activity coming from known IP addresses with a poor reputation. However, when these attacks come from hacked home computers, hacked websites and IP addresses that have never been used before, this means like the real world police, they are sometimes playing catch up. That’s where what I do on the websites I design and host that comes in.

Software Updates: It is vitally important that your website is kept up to date with the latest version of the software it uses. All of my hosted clients get this service from me as part of the managed hosting deal. If a security flaw is discovered in any software a patch is released and as soon as I get this patch, I install it on all the sites I host. If you are hosted on go it alone hosting, this service is not performed and it only takes one of the millions of bots constantly searching the webs for out of date sites to find yours and bang - you're hacked.

Passwords: All passwords required to make your site work are 100% level secure which means they are not password1 – they are a series of seemingly random numbers letters and capitals that mean something to me, but to no-one else.

Security Software: As I alerted to previously, each website I build and host has installed in it two pieces of security software which actively hide the administrator panel from all but authorised users. Once an attack is detected that IP address is blacklisted. This can be a pain if you gt locked out, but a quick phone call or email to me and I'll sort that out.  Add to this a third piece which alerts me to software needing updates or any changes that happen on your website and I’m pretty happy that you’re as secure as can be realistically expected.

But What If The Worst Happens And My Site Gets Hacked?

You can never say never. I make every effort to ensure a hacker never gets in, and to this day, a site has never gone down, secure data has never been accessed and viruses have never been inserted, but admittedly there have been close calls. My webserver backs up twice a day so we can always roll back to an earlier version if we cannot recover (the first option) plus all websites have a great piece of software in them called Akeeba Backup that allows my clients at any time to make a full backup of their site and download it to their home or office computer in a zipped up format that takes under 30 minutes to have reinstalled and running again.

Ultimately websites are not just about a fancy design or great sales hook - to you they are - but to me there is a forever ongoing war between myself and hackers and I'm determined to ensure my clients win every battle.

Contact Paul Andrews - Dunsborough Website Designer today to discuss your website project

And now for some culture:

Cold Chisel - Forever Now