You’re plugging along, growing the online portion of your business. It’s not going as fast as you’d like – but then whose business is? Then one day it happens – a spike in traffic. And it continues for days – lots more traffic, but the same amount of conversions. Actually, you notice they’re dipping a tiny bit too.
So you do your due diligence; pull up a report on what keywords and phrases you’re generating high results for on Google (and maybe Bing). It gets even stranger because the top pages aren’t even ones you or your webmaster built for your website.
The page names consist of phrases that you would not normally associate with your widget business. Or any business that isn’t advertising on adult video sites. Silicon enhancement, erectile dysfunction, testosterone booster… and several others you’d be embarrassed for your parents to see. Let alone your clients!
You’ve. Been. Hacked.
Recently, our friends over at WordFence reported that a vulnerability in the File Manager plugin on WordPress had opened the door for nearly 2-million sites to be attacked. That they know about. And even after a fix was pushed out, almost a third of the sites hadn’t been updated.
We often still cling to the picture of a Hacker from the movies – some black-hat guy, trying to break into the bank or government facility – sometimes even FOR a government facility. But the truth is far more dynamic and often invisible. Rather than using people, much of the hacking itself is now automated.
Millions of bots troll the interwebs constantly, looking for vulnerabilities. And, when they find them, exploiting them. Not to gain backdoor access to the CIA or NSA or Wells-Fargo – but to reproduce and plant traffic-stealing pages on your site…using your bandwidth, often without your knowledge, to generate income.
Every day, we here at Grow the Dream get numerous reports from WordFence about repeated, consistent attacks on the various servers and sites we own and manage. In fact, we connected with WordFence after our own dedicated server was attacked. An attack that resulted in nearly half of our highest ranking pages being, well, not ours.
Pages that promoted male and female enhancement, sex pills, how to manage your Creatine intake if you want to, well, end your date on a high note. Even p***** donation options. And those are the tamest of the group. Believe me, I wish I was just making this up.
It took quite a bit of time, and repeated, systemic deletions of spammable pages before we got it under control. And even now, it looks like business is dropping because those weird pages ranked so high.
Signs of the Crimes
Attackers – especially the bots – work hard to disguise their presence on your server or network. I even read about one particular attack that redirected a business site to a pornographic site – but only if the person clicked through from Google. Not only did the company not see it for some time, they paid a not insignificant amount of money for pay-per-clicks that never even got to their site.
Thankfully, even if you don’t have a staff member or third party monitoring your site, there are some signs of a problem. If your system starts to exhibit unusual patterns of behavior, you’ll want to pay attention. Things like:
- excessive bandwidth use
- strange patterns of network connections
- higher resource use than usual
- strange or inconsistent logins
- new or excessive user accounts
- new plugins you don’t recall installing
- unusual command prompts in the log (watch for wget or curl particularly)
- high network usage by processes – especially those that don’t typically use network bandwidth
- LISTEN for ESTABLISHED connections for various processes – even tame looking ones
- getting blacklisted by Google, MailChimp, AWeber or others
By the way, when was the last time you backed everything up? Don’t neglect this basic maintenance task, or you may have a herculean cleanup to undertake when the time comes.
And don’t make the silly mistake that you always see in movies and TV – trying to out hack the hacker – just unplug your system from the Internet, server, and yes, even power source if you need to.
Have you heard about #StrategyStream? Every Wednesday, we lay out timeless, proven strategic principles for strategic marketing and growing your business. They’re free to join and streamed live from our YouTube channel. Check them out!