The evolution of technology has maximised to the degree in which our cyber-culture relies on it. Daily, we use the computer-generated network for communications, entertainment and business needs. We ‘trust’ the internet to look after our bank accounts and personal information securely. Therefore, at Beach Marketing, we take online protection very seriously.
We recently became aware of an attempted attack on a site we manage. On entering the URL I was presented with a page that displayed statements such as ‘We are back once again knocking snicks and snitches doors cause your crimes is something we don’t forgive’. The hackers tag was gracefully called Fallag Kill3r. The main aim was to share their message as many people as possible, regardless of belief or religion.
Hacking is executed for a variety of reason, sometimes it’s executed by vigilante groups who are trying to raise awareness about a political issue and sometimes an individual just to cause disruption. At it’s worst it’s in the form of international threats such as foreign governments or militaries aiming to undermine their enemies.
As a digital minded person, this interested me in how the hack was carried out, on looking behind the website I could see files that were placed in the root folder, filenames that stood out as unusual. Somehow the hacker had created a gateway, a back-door entrance to the website.
Looking the hacker in the eye
I wanted to get inside a hacker’s mind set to determine and understand the procedures and knowledge of how the programmer can find avenues to contaminate and destroy online platforms.
After researching on the internet, I started to have some understanding, there are thousands of videos on YouTube that discuss hacking, even ‘how to’ tutorials in all the scenarios you can think of. For instance, if you wanted to hack into a Facebook profile you are inundated with videos that teach a step by step process to accomplish this. I wasn’t about to waste time trying them out so whether they work is another matter.
I started to focus on WordPress hacking, it seems there are hundreds, even thousands of after dark computer nerds from the ages of 9 to 60 years old sitting down in front of a laptop trying to find the next WordPress loop hole. It was clear that one of the main threats to WordPress sites are out of date plugins.
It’s a simple process to index the internet searching for weak or out of date plugins, written commands are executed to send parasite files which embed themselves to re-configure the site and allow unauthorised access. I couldn’t believe Firefox has an add-on which can auto process 100 passwords a second. You can easily download a file that contains hundreds of the most common passwords, the add-on then sifts through and auto fills the password field until a match is found.
If your password is weak I would recommend changing it to something obscure or hard to guess. But it’s not just the password, in a lot of cases I have seen WordPress admins leave the user name as ‘admin’ which is 50% of the hacking process.At Beach we felt it was vital to come together and focus on securing our digital services for our clients. Creating peace of mind knowing whilst under our management all files and information are safe and protected, particularly in light of the GDPR.
Defence is key
Our security service works by mirroring the website and all the contents therefore making it impossible for the site to be infected. It also uses an intelligent IP address recognition where any admin user must be whitelisted to access the sites core files. Backups of the site are scheduled daily so data is always stored safely to encompass previous online purchases and any changes to content. One vital add-on is a Domain Name System (DNS) reporter which detects when data is changed without authorisation.
Whatever is threats are lurking, be sure that Beach has you protected.
Our top 5 tips to keep yourself protected online:
- Choose strong passwords.
- Control access to your machine.
- Use secure connections.
- Use desktop firewalls.
- Most importantly, stay informed of the latest online safety news.
To find out more please call us on 01604 239837 or email firstname.lastname@example.org.
Look out for my article on the deep web coming soon.