5955 W Peoria Ave
Unit 6538, Glendale, AZ 85312
+1 623-930-1533
Customer Support
Mon-Fri: 8:00a - 5:00p
Other times, by appointment
Unit 6538, Glendale, AZ 85312
Customer Support
Other times, by appointment
Your first reaction when you get hacked is usually some variation of ‘Oh, HACK Me!’ but why would anyone want MY site?
Short Answer: They don’t. And that’s actually worse.
People assume hackers are targeting them specifically. This couldn’t be further from the truth. You are not a target, you are a resource. In actuality, the bad actors on the internet have no clue who you are, where you are, or even what you do day-to-day.
They don’t — not manually anyway. They use automated tools that scan millions of websites simultaneously looking for common vulnerabilities: weak passwords, outdated software, unpatched plugins, or simply a door that was accidentally left unlocked. Your site just happened to answer when they knocked.
Your website offers them Free Hosting. Your email gives them access to hundreds, maybe even thousands, of potential new victims to take advantage of. Your social media becomes their megaphone to constantly abuse. And, sadly, it’s all on your dime.
If something goes wrong, it’s your clients, friends, and family that complain to YOU about the garbage they’re receiving. Worse yet, if someone illegally exploits your products, accounts, and brands, YOU are the one that will be getting a visit from law enforcement. YOU are the one that risks getting your account taken down, blocked, or banned. This can damage your personal, as well as professional, reputation.That sucks!
Last week, I had a client whose email was hacked. Within minutes, they had sent out hundreds of emails that looked official, tricking people into clicking a link to view a secure document. In reality, it immediately downloaded an executable program — a virus. Yikes!
First and foremost, don’t panic when this happens. That’s when mistakes are made. Keep the process simple. In the case of the email or social media hack, simply access the account and change the password. We recommend a password that is at least 22 characters long. For tips on creating a strong, memorable password, check out our guide at https://mrwright.com/strong-password-tips/.
In our client’s case, that simple first step bought us the time we needed to dig deeper.
Next, contact your IT person or company. They can advise you on the next steps. In our case, we were able to correct the malicious changes to their account. We also identified the offending website and had it shut down in a matter of minutes – thirty to be exact.
Virtually every morning, I review the firewall logs of my website, as well as those that I manage. In my case, I identify up to a hundred unique IP addresses that attempted illegal access. This doesn’t mean that 100 hackers were trying to get into my site — typically two or three hackers used multiple addresses to attack my site. These attacks may have originated from Google, Amazon, Microsoft, or, sadly, regular old users and their home computers.
I report these “Hit & Run” attacks to their respective ISPs (Internet Service Providers) so they can identify, and hopefully, terminate their accounts and end the tyranny. Most ISPs are grateful for the reports and the opportunity to stop the threats. Why? Simple, if attackers use their business infrastructure to target others, it makes them look bad in the community and they lose business.
After actively reporting these attacks, I noticed that many attackers shifted away from big providers toward smaller, more vulnerable ones. The good news, there are days that I look at my logs and see zero malicious attempts. Woot woot!
These guys are not after you, they’re after your real estate. You put up a fence around your actual real estate, why wouldn’t you put one on your website, social media, etc.?
Think your digital fence needs some reinforcing? Let’s talk.