– Welcome to The Journey! Today we’re talking how to know
when your website is hacked, and what to do about it. All right, so I’m joined here
with my special guest, Alycia from Sucuri. She is the security
expert today on the show, and we’re just going to dive in. Can you tell us a little
bit about what is malware? – Malware can be anything that
infects a computer system. Or in this case, your website server. That can include things like ransomware, where your files are encrypted
on your website and force a bitcoin ransom or something like that. SEO spam, which infects your
website with spam keywords and pages, not a good look. And then there’s also things
like Crypto-Miners, adware, that kind of stuff. Nobody
wants that on their website. – Nobody want’s that right? – No! – So it’s not just something
that affects computers? It affects websites, too? – Yes, websites are definitely
at risk and you want to make sure that you are taking steps
to monitor your environment, and protect it and having
a plan for response is also very important. – How big of an issue really is this? – Well, there’s a stat out
there that says there’s about 75% chance that a business
is going to be attacked. And right now they say there
is about 40% of traffic to your website is actually
bots, and about half of that is malicious bots. – Ugh, that is gross. – Yeah, it’s not good. – No, so how do we go about
identifying if our site is infected with malware? – Well what you can do
is you can run a scan on your website. We have a tool called Sucuri site check. You can also just monitor
your activity logs, if you have somebody who can do that. Maybe a developer. You also wanna make sure
that you’re practicing good password management, making sure that you’re users are set with the permissions
that they should have. So, obviously the least
privileged principle, you wanna make sure that
they only have admin for as long as they need it.
And then you put them back down to the role level that they need. – Right on. So, that site check is great. Are there anything that,
like, super obvious that we should be checking?
Is it like on Google? Is there on our website?
What does that look like? – Yeah, definitely. Well,
one of the biggest things is to make sure you’ve updated your site. A lot of the problems
that we see are because of websites that are out of date and have security vulnerabilities. Updates don’t always mean new features. Sometimes they mean that
you’re actually, you know, patching a security flaw that
would let a hacker get in and then do whatever they
want with your website. – Right. So, I was actually
talking to – when I was just a customer service rep at
GoDaddy – I had a customer on the line. She basically had an interactive book site for little children. And she was using WordPress,
she hasn’t really touched in a while. And little kids go on there to read books with their parents. She was, unfortunately, hacked. And, the thing that they did was redirect them to a not so great site for little kids. So, little Timmy was seeing
some very, very, adult things. So, super scary! Is there anything else? There was something
about Google, you said? Like, the SCO? What is that? – Yeah, SCO spam is another
really bad one where they inject pages and
keywords into your site. It can show up in your
Google search when people are looking for your brand and you’ll see pharmaceuticals, gambling stuff,
like, discount fashion spam it’s pretty nasty. The malicious redirects
that you’re talking about are also terrible cause
they’re taking your traffic and sending them to like, another website that’s maybe unsavory. And, you know, that’s not
a good look for your brand. It causes a loss of trust. So it’s definitely not ideal. Having a website firewall in
place is a really great step to mitigate that. It forces
all traffic to go through the firewall first. Before
the visitors hit your website, and it also has the
benefit of speeding it up by cashing and using our CDN network. – So, the firewall is kinda
like digging a moat around your house and keeping
all the bad neighbors out? The in-laws? Anyone that you
don’t want to come in? Right? – Yeah, there you go. That’s
one way to look at it. (laughs) – All right, Alycia.
So, website is hacked. I’m running around, I’m
screaming that the world is on fire to me, right? How do I get this out of here? – Yeah, that’s a really
important point and not a lot of people have a
response plan in place. Obviously, if you have
somebody you can trust who can remove the malware
and has those technical skills that’s a great way to go. There are some tools that can
remove things automatically, but that doesn’t always catch a lot of the hidden back doors. An attacker will always
try to leave some way to get back in. If you just,
you know, go in and clean up the spam pages and keywords, the next day they’re back in
and your sites reinfected, and a lot of that is
automated on the hackers part. So, if you wanna take steps
there are some guides out there. We have one on sucuri.net on how to clean your hacked website, scan for malicious files in the database, and then you can just remove
the pieces of malware manually. But, generally, you probably
want to contact a professional and have them help you
out. It’s usually gonna be a bit faster, and like
I said, they’ll make sure those back doors are gone, and that you’ve been removed
from any blacklists as well. That’s another really important
point is you don’t want to get blacklisted by Google. Nobody likes that. – Then you’re rankings are gone. And an important thing to
remember is these hackers: they don’t care who you
are. They don’t care what your site is about. They just care about hacking
your site and making money off of you. So it’s not
personal. They just send out their bots to anything that they can find. They get in? They’re in. – Automation is super scary.
They’ll just write a little script, go get a coffee, and
come back and they’ll have a list of like, thousands of
WordPress websites that they might wanna attack. It’s not ideal, and then
they can further automate the attacks from there. And again, small websites
are fine because they can use your server resources. They
can use it for SEO spam to try to get other sites
to rank that they want. They’ll just use your
resources. They can even use your site to attack bigger sites. – Wow. Like, what does that look like? – So, like, let’s say you
are a hacker and you have a bot net of, like, a
thousand infected websites. You can use the power of all
those servers to launch attacks on, like, a larger company. – So, a DDos attack, right? – Yeah! A DDos attack.
So, essentially with that, you can think of it as like, a highway. And there’s, you know, cars
getting into your website and the hacker is flooding
that highway with a bunch of fake cars, and now no
real people can actually get into your website. – And, that’s no good. And
then all that traffic’s down and it looks like you’re doing it. (laughs) – Yeah, yeah, nobody
wants to come to a website and see that blank, white,
loading page like, you know most visitors will leave a
website after like, three seconds of waiting for it
to load and it can cause, you know, a lot of of
disruption for conversion rates, and that kind of stuff. So,
not ideal for your business. – No, and I mean if you think
about a hacked site, right. If your website ever gets
hacked, like if you have a visitor that comes there, they’re likely never coming back. They’ve lost the trust with your business. Because if you can’t
protect your own site, how can you protect their information? – Totally. It’s doubly important if you’re an eCommerce site. Even if you have gateways for
payment that are not hosted on your site. Like through
PayPal or Authorize.net or anything. You still have to be PCI
compliant and make sure that you’re protecting the details
of the people on your site. – Now with the website and
security, we’ve talked about like, the malware removal
and things like that. Should our customers and
our audience really have an SSL on the site too? Is that important? – Yes, absolutely. SSL is
awesome and a lot of people equate SSL with security. What SSL does is it makes
sure that any communication between the visitors
browser and your website is encrypted. So it’s data in transit that’s being protected. SSL doesn’t actually help
your website from not getting attacked by a hacker. But,
SSL is still very important. It’s a ranking signal for
Google. So it can help your website get to the top
of Google, if you have SSL. And, it’s just rapidly
becoming kind of defacto that you have to have SSL
on your website as a way to establish trust with your visitors. – I love it. And that
trust thing is important. Cause if you don’t have
an SSL on your site, top left of the browser says “Not Secure”. To an everyday person, they
see “Not Secure”, they’re out. So after we’ve cleaned up the malware, what should we do going
forward to make sure that this doesn’t happen again?
Or that we’re just protected? – For sure, yeah. You don’t
wanna deal with reinfections. Those really suck. So, number
one, most important thing is to change all of your passwords. So passwords for your server, your FTP, your hosting account, any of
your user accounts because any of those could have been
compromised during the attack. – And don’t use password1!. – Yes! Make sure you’re
using good, long, complex, unique passwords for everything
because if they get one password and you’re reusing
it everywhere that’s just – – They’re in your Facebook
account, now your bank account, now they’re everywhere and
it’s hard to get them out. – Password managers make it a
lot easier. I can’t recommend them enough. I think that’s
probably one of the top security tips that we hear at Sucuri. – What’s a password manager? – A password manager is a
tool in your browser that will allow you to store –
and even generate – really good passwords. So, when
you go to a site, as long as you’re logged into your
password manager with your one master password that, by the
way, has to be super strong cause it stores all of your passwords. – One password to rule them all! – Yeah! Which is awesome. As
long as you’re logged into your password manager it’ll
even auto fill the passwords for you. So it makes your
life a little easier. And, it takes the guess
work of it out of having to create a password that
you’re gonna remember but that’s also very strong
and difficult to hack. – Awesome. What else should
we look at to really prevent this from happening again?
Or just protecting ourselves? – There’s a lot of different
post-hack actions and we could go into security forever. It’s
a never ending kind of thing. There’s no such thing as
zero risk. You’re always some element of risk. But obviously, you know, making sure that you’re
changing default settings. Like, don’t use the username admin. You know, you can do a lot
of things through plug-ins and that kind of thing
if you’re using a CMS. But, there’s also a lot of
steps to take on the server. Like changing file permissions
and things like that. Definitely recommend looking
for some guides out there for website security. We
have a couple on sucuri.net that are freely available.
But, yeah. Definitely taking just extra steps to
make sure that you’re thinking about security and setting those options. – Awesome. Now, backups.
I hear this all the time. Backups, backups, backups.
What’s your emergency plan? How often should should
we be making backups and what does that look like? – Well, it really depends on your site. If you’re updating your site
very frequently, you know it’s very important for
you to be able to restore all of that recent content,
then you wanna be making, you know, daily or even
more frequent backups. You know for some sites
that are only updated weekly or monthly, maybe those are
how frequent you want them. One important thing to think
about with getting hacked and using a backup is,
sometimes, the attackers will attack your site and wait
for months to actually launch the attacks. So
they’ll get in, and they’ll sit there for a while,
and then your backups are actually infected. – That’s scary. – So, if you restore a
backup that’s still has a backdoor in it, that
could be troublesome. But still, nonetheless, it’s
great to have that safety net. Especially if you have
custom files on your site. If those get overwritten
by a hacker and you don’t have any way to restore the
custom files, it’s not like you can just pull down
the WordPress plugin files or the core files. You wanna make sure for sure
that those are backed up. – All right, thank you so much
for coming on the show today and helping us out with
how to find malware and what to do with it.
It’s been a pleasure. – Thank you, so much, for having me. – And hey, make sure you like
this video and comment below on something that you
learned that you’re gonna do with your website to
make sure you’re secure. While you’re there,
subscribe to this channel. Ring that bell so you
know when these episodes are coming out first. This is “The Journey”.
We’ll see you next time.