It’s been an interesting month. I’ve built four websites (three have launched), un-hacked a clients account, avoided a disaster by minutes and thought about changing careers…Paper or plastic?
Hacking and ghosts are out of control. It’s more than an annoyance now, it has become heavy lifting. Every month my clients who have opted for the maintenance plan (bless them) receive a traffic report from me. It has a lot of useful information in it. How many visitors, where they came from, where they went etc. And every month I add new security to keep the ghosts out and their traffic numbers at least close to accurate. I’ve tried filters, access code, plug-ins and deflectors. I am now at the point that I’m not even sure which, if any of these is working. What I do know is that every month I rid my reports of one and two new ones show up. Rabbits? Try rats.
In other security news…About a month ago a client (who is not on the maintenance plan) received an email that read if he didn’t pay $1000 to them, he would lose his domain and website forever. He called and I assured him that all was well. His hosting and domain name were safe and this was just someone phishing. About a month later, his site disappeared. Literally – A blank white page. After about two hours on the phone with GoDaddy and $90 a year for sitelock, we managed to find a way back into the site. I found the hack, removed the files and managed to get things back to normal about three hours later. It turned out that the breach happened about a week before the email. We didn’t pay the ransom and they killed the hostage. CyperTerrorists. Fun!
I had a long conversation with GoDaddy techs and my client about why someone would do this, and the answer is money, as it usually is. If these emails go to someone who built their site themselves, doesn’t have a working relationship with their web master or just plain panics, it’s payday for the scammer. Remember there are people who really do believe the IRS will only take pre-paid gift cards over the phone. I must admit, being the cynic I am, it crossed my mind that GoDaddy was behind this whole thing. $90 for Sitelock is a lot cheaper then $1000.
Whether or not you are on a monthly maintenance plan, my advice is this…get Sitelock. While being on a monthly plan increases the chance of finding a breach sooner, you are still vulnerable. If you are not on a monthly plan, I am now unable to do site restoration at no charge. It’s hard to put this cost on the client because it’s not their fault, but it isn’t mine either. I done everything I can to make sure the site is secure and up to date when I finish. But they do require maintenance. Remember…visit your own site. Make sure it’s looking and operating properly. A cobweb site can often become an open door.
What can you do? Change your passwords! Regularly. For everything, including Facebook, Instagram, Twitter, your site, your email and Paypal accounts. If you use the same password for everything, you’ve made it easier by half for the bad guys. Now they only need your log in. And that, for a lot of places is your email address. How many people have your email address? And please, be creative! Stay away from things that mean something to you. Dates, initials, kids names, business name etc. 1234 is not a secure password. Swap out at least one letter for a number. E can be 3, S can be 5, or use 1 for i or l. I know it’s a hassle, I know it’s hard to have 3 or 4 different passwords, but it’s important.