Contact and Social

When hacking and malware strike an online store

2014-09-29-22.50.26v2

It’s midday and we’ve been noticing some abnormal activity on a client website the past few hours.

The website is “running hot”, an internal reference we use, referring to the fact it’s being severely throttled because it’s continuously hitting the limits of the resources we’ve allocated to it.

It’s at this midday point the client makes contact and tells use their site is running slow. Not only that, earlier in the morning they noticed their website was redirecting to a variety of porn websites.

This is enough information for us, and we jump onto our anti-malware system and schedule a site scan. This client doesn’t have any anti-malware service running on their site so any action we take here is reactive rather than proactive.

With those clients already set up with anti-malware monitoring, we usually get advanced warning of what is going to happen and can respond before it becomes too much of a problem. Here, it’s been 3 hours before the clues definitively point to a malware/virus infection.* This means the site has been hacked. (*if your website is redirecting users to a porn site then that is more than enough evidence for us of hacking!)

Within the hour, the malware is detected and removed. The site will now be monitored around the clock, every day, and we’ll be notified if it happens again.

Monitoring the site over the next few hours, it isn’t running as “hot”, but we do schedule an upgrade of the software running the site – the ubiquitous WordPress – to the latest version.

Malware infection cleaned, no more threats, site is running fine, so you’d think everything would now be under control right? Well no, while the initial threat has been dealt to, the cause or source of the hacking which resulted in the malware infection is still out there running loose. We don’t know what caused it, so we need to find out.

It’s like having a house that’s heavily fortified – it’s wasted if you leave the back door open.

With client permission we now need to invest some time in finding the root cause of this.

One of the benefits of the advent in website tools like WordPress, is that not only can someone easily throw a website together for you, if not yourself, but there are also so many add ons out there that make it easy to add features and functionality to your site within minutes.

Many of these tools are free, and if not merely old and outdated, they may be littered with poor coding which means poor security which means a big gaping hole in your site inviting all sorts of nasties to come in and party.

It’s especially dangerous on an ecommerce site, where malware infections can easily monitor credit card details of your customers, and send this info offshore to bill their cards that they have entrusted to your website. Not a good look for your reputation.

It’s therefore the job of a web firm with experience in hacking to use the right tools and approach to get your website secured and running stably again as quickly as possible.

Sometimes that means “hardening” of some of your existing plugins, and sometimes that means removing and completely recreating some beloved plugins that are no longer being maintained by the author, or that are simply too poorly coded to instil any confidence in their ongoing use.

At any rate, dealing to these things promptly lessens the chance of damage to your reputation and earning capacity via your website – ecommerce or otherwise.