Website hackers caught in the act Website hackers caught in the act

Website hackers caught in the act

Apr 20, 2021 Tech blog

‘It won't happen to me’ … ‘I haven’t got time to think about IT security’ … ‘My business is too small to be noticed by cyber criminals'. These are common reasons why small businesses often don’t get up to planning their IT business continuity protection, but the truth is you don't need to be a big player to be attacked; in fact, smaller businesses without the protection of large IT budgets, and with owners already working 24/7 running the business, are often much easier targets. There are robotic systems out there that scan the internet looking for websites showing signs of vulnerability. You don't see it, but it's ever-present.

Below is an excerpt of logs from an IT Basecamp-hosted website last month showing a cybercriminal hitting the WordPress login page with a login attempt.

------------------------------------

[27/Mar/2021:18:57:44 +1100] "GET /wp-login.php HTTP/1.1" 200
[27/Mar/2021:18:57:45 +1100] "POST /wp-login.php?wpe-login=true HTTP/1.1" 302
[27/Mar/2021:18:57:49 +1100] "GET /wp-admin/plugin-install.php HTTP/1.1" 200
[27/Mar/2021:18:57:53 +1100] "POST /wp-admin/update.php?action=upload-plugin HTTP/1.1" 200
[27/Mar/2021:18:58:09 +1100] "POST /wp-content/plugins/wp-core-k5O4dUBc674BmTe9-module/wp-core.php HTTP/1.1" 200

------------------------------------

This login attempt succeeds and the WordPress plugin-installer is then used to upload malware. From here, if the site had been unmonitored and the attack went undetected, the attacker could have proceeded with any number of illegal and/or undesirable actions - for example, generating spam email via the client’s site, accessing customer information from the client’s database, injecting unwanted content into the website’s pages. In this instance, a script was uploaded that could reset user’s passwords in the client’s database!

Luckily for this client, they are an IT Basecamp contract client who subscribes to a website hosting package that includes 24/7 monitoring. This attack was detected, alerted and dealt with before any damage was done.

Avoid this happening to your business’s website

Be proactive in the upkeep and maintenance of your website. Consider things like:

  • using complex passwords for administrative accounts,
  • changing the website’s standard login URL so the site is less susceptible to robotic scanning,
  • apply login challenges like captcha or 2-Factor authentication,
  • regularly keep the core code and plugins of the website up to date with latest versions
  • make sure full, regular backups of your website and data are available. Rolling back to an undamaged backup can often be the fastest way to restore data and in some cases, like encryption in a ransomware attack, may be the only way.

If you don’t have the skills or time to enact the above points yourself, consider a hosting package that includes these features like IT Basecamp’s Ultimate Hosting Package.

What if my site does get hacked?

Once a site is hacked the cleanup can be a time-consuming and costly process.

The techs need to firstly find and clear the malware, then work out how access was gained and stop it from happening again. Depending on the turnover of the business and the type of data that is compromised there can be legal ramifications.

Prevention is a much better plan. On our Ultimate Hosting package IT Basecamp takes responsibility for this from you - in-depth technical knowledge coupled with applying best-of-breed tools to continuously monitor and scan your website means your business is no longer an ‘easy target’. It’s impossible to guarantee that your site will never get hacked, but in the event that it does, rest assured we'll sort it out (fee-free!) with the goal being that the first you hear about it is after any issues are completely sorted.

For an analysis of your business’s overall IT security vulnerability, book now for a free security audit.

Book a free security audit