Hosting your website security with a professional web design company does not only protect your Company from cyber criminals, it also help prevent your website from being used to attack others.

In 2013, 30,000 websites were being hacked a day.
[source Sophos Labs]

In the 1990's, virus would spread via emails, floppy disks and word documents. Today the cyber criminals mostly use websites to distribute malicious code. The majority of these 30,000 sites are legitimate small businesses that are unwittingly distributing malicious code for the cyber criminals.

A common misconception is that you won't be a target, that your business is too small...

Organic KnightAhh - wrong! Regardless of the size of your business, everyone gets attacked.

From Suri Blog (and we found the same)...

"... it takes about 30 – 45 days for a new website, with no content or audience, to be identified and added to a bot crawler. Once added, the attacks commence immediately without any real rhyme or reason. It can be any type of website, the only commonality is that it is connected to the web."

Cyber criminals today now use "Bots" to do their work. These Bots are automated scanning tools that scouring the web looking for websites to attack. They will attack blogs, forms, small websites, or anything they can find. Its a numbers game.

If your website is not being regularly patched with security updates - it will eventually fall victim.

Why do they do it?

As there are many people in the world, there too, are many motivations. Some we have determined from past attacks have been...

  • To find credit card information
  • Using your website to forward spam to your customers
  • Using your website to bypass spam filters and blacklists (and in doing so puts your server on the blacklist).

  • Using your website to attack other businesses in a DOS attack.
  • Using your website to boost the ranking of other websites (often to the eventual demise of your own ranking).
  • To hold your business randsome. The hackers can DOS attack your website, bringing it down, and will only stop if ransomed demands are met.
  • To win competitions within the Hacking communities. This is a non-profit activity mostly done by kids. They will deface your website and then take a screen shot of your defaced website to add as a trophy and Hacker's tally. At the end of the year, a winning Hacker gets nominated Hacker of the year.
  • To find emails and personal details (to a lesser extent today).

What do we do about it?

At OrganicWebs we have real experience fighting off Bots over the years. As a result of each attack, we study and learn their new technics and tighten our defences. Here are some of the preventative measures we apply daily to the server and individual websites:

  • Applying all CMS core updates. Joomla, WordPress, and Drupal are fantatsic platforms for website owners to edit their won websites - but these platforms need patching monthly. An exposed vulnerability in the platforms leaves millions of website owners at risk.
  • Monitoring versions of all applications installed on all websites and applying patches as soon as they are released.
  • Monitoring the server for unusual activity such as a high CPU load, or a large number of outgoing emails.
  • Where possible, we write our own code and avoid using 3rd party applications. Vulnerabilities in 3rd party applications are the most common way to hack a website.

  • Not releasing our in-house code to the Public. We want to contribute to the Open Source community, but unfortunately by sharing code makes it easier for criminals to attack our clients. (We instead support the Open Source community in other ways).
  • Encrypting all private information
  • Operating backup servers with roll back features
  • We do not store sensitive credit card information on our Servers. Credit Card information is delivered securely and in real time to the banking gateway.

Is OrganicWebs Impenetrable?

As hard as we try, nobody is 100% impenetrable all the time.

However, because we build and install our servers, plus write our own website templates and code, we can get down to the grass roots of what hackers have been up to when they launch at our sites. Internet security is an evolving landscape that takes time and experience to stay secure.

References: