E186 – Site Hack Stories and Prevention Tips

In the past 6-12 months it seems that hacked sites and similar type things have been on the rise or maybe Dave has just had the "luck" to come across more stories and instances. Some of the recent news stories you may want to catch up on include these:

Hackers exploit websites to give them excellent SEO before deploying malwareWordPress Easy WP SMTP Plugin VulnerabilityGoogle’s John Mueller on Cleaning Up Hacked Pages“Gootloader” expands its payload delivery options

Types of Hacks

The guys go through some common types of site hacks (Link Injection, WordPress Plugins, Root Access and more) while Mat gives some examples of social engineering, emails and text messages that are trying to get you to login or download malware/trojans through links.

Hack Prevention

During the episode Dave gives a number of ideas and things to do to help prevent or quickly find hacks and issues. While they are all not listed here we give you some (listen or read the full transcript for all of the things mentioned):

Audit or crawl your site on a regular basisLook at source code as often it bad links are hidden in the footer and navigation but not visible on a page.Pay attention to Google and Bing Webmaster toolsLook at what search queries and pages are driving impressions and clicksWatch and look in your analytics on a regular basisSet up times monthly/weekly/quarterly to do these things so you don't forget in the future.Audit and vet all plugins you use with ANY CMS - WordPress, Shopify, Drupal, etc.Look at ways to lockdown who can login, what IP addresses can login, and use various plugins, tools and best practices to just lock things down more than "out of the box".Limit login attempts and don't use usernames like admin, root, and other obvious usernames.Test plugins and code on a staging or internal development site.

For more ideas on how better to secure and lock down your site and data here are some of our past episodes that may help.

WordPress Plugin Performance & SecurityCompany Data Security Guide

Full Transcript

Matt Siltala: [00:00:00] Welcome to another exciting episode of the business of digital podcast, featuring your host, Matt  and Dave roar. Hey guys, thanks for joining us on another one of these businesses, digital podcast episodes as always. We have my trusty co-host over there, Dave. How's it going today?

Dave Rohrer: [00:00:19] Okay, it's going, going, going all week long.

Matt Siltala: [00:00:24] Well going is better than not going and things getting normal is better than things. Not getting normal, I guess, you know? Well today guys, we're just going to jump right into it like we do. Cause that's our emo. And so just to give you guys a, a little bit of an idea, um, Dave wanted to chat about this topic and this is a fun one.

Well, it can be, it can be fun, but it can't be fun. If you're on the receiving end of it, but, uh, we're going to chat either. No, no, no, not at all, but, uh, we're going to talk about hacking and for those that have had issues with, uh, being [00:01:00] hacked and, and we're just going to take all the different levels and, and hopefully give you guys some information about what to look out for, what to watch for what, uh, just, just be per beat a little bit more prepared.

And so with that said, my friend, uh, why don't you kick us off with, uh, where you wanted to go with this?

Dave Rohrer: [00:01:18] I want to throw my computer and it's loud running fan into the car freak. That's what I want to

Matt Siltala: [00:01:23] do. I wanted to

Dave Rohrer: [00:01:25] do that because trying to edit this out. If you can or cannot hear it. I hope, I hope it can't, but I was on a call with someone recently and they were like, what is that noise?

Like? There's like, is there a big truck going? No, it's the fan of my stupid computer.

Matt Siltala: [00:01:41] I could hear construction way back in the day, but I can't hear anything in your background, but