It’s every website administrator’s nightmare. You log off for the evening only to wake up to pandemonium on your company website. Hackers have gotten ahold of key information, sending spam out from your once-trusted web address. Now it will take weeks to get things back the way they were - if you can even regain full access.
These types of spammer attacks have been a consistent issue on the web for decades, and the problem isn’t going away any time soon. Just last year, Drupalgeddon 2 threatened the hundreds of thousands of websites built on Drupal, including government sites like Whitehouse.gov.
The common image of hackers working alone in a dingy apartment isn’t totally off the mark, but more often than not, entire teams of organized criminals are now pursuing blackhat hacking with outsized budgets. Hacked websites and databases are then sold onto other criminals for illicit purposes, often with spam in mind.
The good news about the state of spam in 2019 is that there are solutions. The most secure websites utilize monitoring software to ensure the highest level of protection - but even minor changes can reap greater peace of mind.
If you’re looking to make your site more secure, the following tips are a great way to start:
- Update (And Rethink) Your Passwords
The username ‘administrator’ accounts for nearly 50 percent of websites studied in a recent overview of hackable websites, with the most common password (a single ‘x’) being used in over 5% of cases. The most common passwords - easy to guess and frequently used - are the first ones even an amateur hacker would guess during a brute force attack.
Even if your password is entirely unique, it probably isn’t nearly as safe as you think. Cutting-edge software can guess even a complex password easily, not to mention the number of discrete monitoring hackers engage in to listen in on password entry.
" A good password is unique, unpredictable, and random. Don’t reuse passwords across sites - if one database gets hacked, you’re at risk across the web. Modern password management software can help greatly in this regard."
2. Check Your SSL Certificate
An SSL certificate allows for a cryptographically-secure connection between website and user. Put simply, an SSL certificate ensures details entered on the site remain confidential.
While SSL certificates are all but essential for credit card info and other personal data, they’re widely expected on any reputable website. In fact, Google ranks secure web pages higher than their counterparts, even though just 1.9% of websites currently have SSL certificates.
Expect this number to rise in the near future, as more and more companies realize the importance of fully secure data. You can get ahead of the curve by making sure your website is fully secure today, before an attack happens.
3. Make Server-side Scanners Mandatory
The May 2019 ransomware attacks in Baltimore left the city’s cyberinfrastructure offline for months. Hospitals, police stations, and other essential services were hampered by EternalBlue, a Windows exploit first discovered by the NSA - five years ago.
Ransomware and crypto-jacking attacks are a rising threat. For Wordpress users, a new ransomware variant called EV ransomware specifically targets vulnerabilities in WP websites. This attack probes for weaknesses and uploads the virus once it has successfully compromised a WP website. It encrypts all existing files and replaces the home page with instructions for paying the ransom.
A means to decrypt files encrypted by the attack does not yet exist, meaning victims must pay if they want their files restored and do not have a backup. The fact that these kinds of exploits still exist makes server-side scanners essential. Any suspicious activity or unauthorized change will be quarantined immediately, keeping your website and system working in perfect order while the issue is resolved.
4. Get All-In-One Monitoring
Algorithmically-generated passwords, up-to-date SSL certificates, antivirus software… it can all be a lot for a website owner to keep track of. That’s not even to mention the necessary firewalls and sanitized input forms smart admins need to cut down on spam.
We created WebTotem for this exact reason. Our software provides 24/7 monitoring, given that attacks can happen from anywhere at all hours. Our enterprise-grade firewall is included free of charge, and all of our service modules are intended to stop spam, deny hackers, and keep our users safe from whatever the dark web may throw at them.
Spam isn’t just a minor annoyance. If your resource is hacked and sends out spam mailings, you’ll end up with a blacklisted IP address. Ignore the problem and your entire website is at risk. Yet with a bit of pre-planning and a focus on the key issues, you’ll make sure you’re never left vulnerable on the web. Our software can make sure you have the highest level of protection.