‘It won't happen to me’ … ‘I haven’t got time to think about IT security’ … ‘My business is too small to be noticed by cyber criminals'. These are common reasons why small businesses often don’t get up to planning their IT business continuity protection, but the truth is you don't need to be a big player to be attacked; in fact, smaller businesses without the protection of large IT budgets, and with owners already working 24/7 running the business, are often much easier targets. There are robotic systems out there that scan the internet looking for websites showing signs of vulnerability. You don't see it, but it's ever-present.
Below is an excerpt of logs from an IT Basecamp-hosted website last month showing a cybercriminal hitting the WordPress login page with a login attempt.
[27/Mar/2021:18:57:44 +1100] "GET /wp-login.php HTTP/1.1" 200
[27/Mar/2021:18:57:45 +1100] "POST /wp-login.php?wpe-login=true HTTP/1.1" 302
[27/Mar/2021:18:57:49 +1100] "GET /wp-admin/plugin-install.php HTTP/1.1" 200
[27/Mar/2021:18:57:53 +1100] "POST /wp-admin/update.php?action=upload-plugin HTTP/1.1" 200
[27/Mar/2021:18:58:09 +1100] "POST /wp-content/plugins/wp-core-k5O4dUBc674BmTe9-module/wp-core.php HTTP/1.1" 200
This login attempt succeeds and the WordPress plugin-installer is then used to upload malware. From here, if the site had been unmonitored and the attack went undetected, the attacker could have proceeded with any number of illegal and/or undesirable actions - for example, generating spam email via the client’s site, accessing customer information from the client’s database, injecting unwanted content into the website’s pages. In this instance, a script was uploaded that could reset user’s passwords in the client’s database!
Luckily for this client, they are an IT Basecamp contract client who subscribes to a website hosting package that includes 24/7 monitoring. This attack was detected, alerted and dealt with before any damage was done.
Be proactive in the upkeep and maintenance of your website. Consider things like:
If you don’t have the skills or time to enact the above points yourself, consider a hosting package that includes these features like IT Basecamp’s Ultimate Hosting Package.
Once a site is hacked the cleanup can be a time-consuming and costly process.
The techs need to firstly find and clear the malware, then work out how access was gained and stop it from happening again. Depending on the turnover of the business and the type of data that is compromised there can be legal ramifications.
Prevention is a much better plan. On our Ultimate Hosting package IT Basecamp takes responsibility for this from you - in-depth technical knowledge coupled with applying best-of-breed tools to continuously monitor and scan your website means your business is no longer an ‘easy target’. It’s impossible to guarantee that your site will never get hacked, but in the event that it does, rest assured we'll sort it out (fee-free!) with the goal being that the first you hear about it is after any issues are completely sorted.
For an analysis of your business’s overall IT security vulnerability, check out our cyber security concierge service Cyber Heroes.