 Welcome to the journey. Today we're talking about how to know when your website is hacked and what to do about it. All right, so I'm joined here with my special guest, Alicia from Sokuri. She is the security expert today on the show. And we're just going to dive in. Can you tell us a little bit about what is malware? Malware can be anything that infects a computer system, or in this case, your website server. That can include things like ransomware, where your files are encrypted on your website and the force of Bitcoin ransom or something like that. SEO spam, which infects your website with spam keywords and pages, not a good look. And then there's also things like crypto miners, adware, that kind of stuff. And nobody wants that on their website. Nobody wants that, right? So it's not just something that infects computers. It infects websites, too. Yes, websites are definitely at risk. And you want to make sure that you're taking steps to monitor your environment and protect it. And having a plan for response is also very important. How big of an issue really is this? Well, there's a stat out there that says that there's a 75% chance that a business is going to be attacked. And right now, they say that there's about 40% of traffic to your website is actually bots. And about half of that is malicious bots. Oh, that is gross. It's not good. No, so how do we go about identifying if our site is infected with malware? Well, what you can do is you can run a scan on your website. We have a tool called security site check. You can also just monitor your activity logs. If you have somebody who can do that, maybe a developer. You also want to make sure that you're practicing good password management, making sure that your users are set with the permissions that they should have. So obviously, the least privileged principle, you want to make sure that they only have admin for as long as they need it. And then you put them back down to the role level that they need. Right on. So the site check is great. Are there anything that's super obvious that we should be checking? Is it like on Google or is there on our website? What does that look like? Yeah, definitely. Well, one of the biggest things is to make sure that you've updated your site. A lot of the problems that we see are because of websites that are out of date and have security vulnerabilities. Updates don't always mean new features. Sometimes they mean that you're actually patching a security flaw that would let a hacker get in and then do whatever they want with your website. Right. So I was actually talking to, when I was just a customer service rep at GoDaddy, I had a customer on the line. She basically had an interactive book site for little children. And she was using WordPress. She hasn't really touched in a while. And little kids go on there to read books with their parents. She was unfortunately hacked. And the thing that they did was redirecting to a not so great site for little kids. So little Timmy was seeing some very, very adult things. So super scary. Is there anything else? There's something about Google you said, like the SEO. What is that? Yeah, SEO spam is another really bad one where they inject pages and keywords into your site. It can show up in your Google search and people are looking for your brand. And you'll see pharmaceuticals, gambling stuff, like discount fashion spam. It's pretty nasty. The malicious redirects that you're talking about are so terrible because they're taking your traffic and sending them to another website that's maybe unsavory. And that's not a good look for your brand. It causes a loss of trust. So it's definitely not ideal. Having a website firewall in place is a really great step to mitigate that. It forces all traffic to go through the firewall first before the visitors hit your website. And it also has the benefit of speeding it up by caching and using our CDN network. So the firewall is kind of like digging a moat around your house, keeping all the bad neighbors out, the in-laws, anyone that you don't want to come in, right? That's one way to look at it. All right, Lisa. So website is hacked. I'm running around. I'm screening. The world is on fire to me, right? How do I get this out of here? Yeah, that's a really important point. And not a lot of people have a response plan in place. Obviously, if you have somebody you can trust who can remove the malware and has those technical skills, that's a great way to go. There are some tools that can remove things automatically, but that doesn't always catch a lot of the hidden backdoors. An attacker will always try to leave some way to get back in if you just go in and clean up the spam pages and keywords. The next day, they're back in and your site's reinfected. And a lot of that is automated on the hacker's part. So if you want to take steps, there are some guides out there. We have one on Securi.net on how to clean your hacked website, scan for malicious files in the database, and then you can just remove the pieces of malware manually. But generally, you probably want to contact a professional and have them help you out. It's usually going to be a bit faster. And like I said, they'll make sure those backdoors are gone and that you've been removed from any blacklists as well. It's another really important point is you don't want to get blacklisted by Google. Nobody likes that. Then your rankings are gone. And an important thing to remember is these hackers, they don't care who you are. They don't care what your site is about. They just care about hacking your site and making money off of you. So it's not personal. They just send out their bots to anything that they can find. They get in, they're in. Automation is super scary. They'll just write a little script, go get a coffee, and come back. And they'll have a list of thousands of WordPress websites that they might want to attack. It's not ideal. And then they can further automate the attacks from there. And again, small websites are fine because they can use your server resources. They can use it for SEO spam to try to get other sites to rank that they want. They're just using your resources. They can even use your site to attack bigger sites. How? What does that look like? So let's say you are a hacker and you have a botnet of 1,000 infected websites. You can use the power of all of those servers to launch attacks on a larger company. So a DDoS attack, right? Yeah, a DDoS attack. So essentially with that, you can think of it as a highway and there's cars getting into your website and the hacker is flooding that highway with a bunch of fake cars and now no real people can actually get into your website. And that's so good. And then all that traffic's down and it looks like you're doing it. Yeah, nobody wants to come to a website and see that blank white loading page. Most visitors will leave a website after like three seconds of waiting for it to load and it can cause a lot of disruption for conversion rates and that kind of stuff. So not ideal for your business. No, and think about a hack site, right? If your website ever gets hacked, like if you have a visitor that comes there, they're likely never coming back. They've lost the trust with your business because if you can't protect your own site, how can you protect their information? Totally, it's doubly important if you're an e-commerce site. Even if you have gateways for payment that are not hosted on your site, like through PayPal or authorized.net or anything, you still have to be PCI compliant and make sure that you're protecting the details of the people on your site. Now with the website and security should, we've talked about like the malware removal and things like that, should our customers and our audience really have an SSL on the site too? Is that important? Yes, absolutely. SSL is awesome. And a lot of people equate SSL with security. What SSL does is it makes sure that any communication between the visitor's browser and your website is encrypted. So it's data and transit that's being protected. SSL doesn't actually help your website from not getting attacked by a hacker, but SSL is still very important. It's a ranking signal for Google so it can help your website get to the top of Google if you have SSL. And it's just rapidly becoming kind of de facto that you have to have SSL on your website as a way to establish trust with your visitors. I love it. And that trusting is important because if you don't have an SSL on your site, the top left of the browser says not secure. To an everyday person, they see not secure, they're out. So after we clean up the malware, what should we do going forward to make sure that this doesn't happen again or that we're just protected? For sure. Yeah, you don't want to deal with reinfections. Those really suck. So number one, most important thing is to change all your passwords. So passwords for your server, your FTP, your hosting account, any of your user accounts because any of those could have been compromised during the attack. And don't use password one exclamation. Yes, make sure you're using good, long, complex, unique passwords for everything because they get one password and you're reusing it everywhere. That's just... Then you're in your Facebook account, now they're a bank account, now they're everywhere and it's hard to get them off. Totally, password managers make it a lot easier. I can't recommend them enough. I think that's probably one of the top security tips that we hear at Sikuri. What's a password manager? A password manager is a tool in your browser that will allow you to store and even generate really good passwords. So when you go to a site, as long as you're logged into your password manager with your one master password that by the way has to be super strong because it stores all of your passwords. One password to rule them all. Yeah, which is awesome. As long as you're logged into your password manager, it'll even auto fill the passwords for you so it makes your life a little easier and it takes the guesswork out of having to create a password that you're gonna remember but that's also very strong and difficult to hack. Awesome, what else should we look at to really prevent this from happening again or just protecting ourselves? There's a lot of different post-hack actions and we could go into security forever. It's a never ending kind of thing. There's no such thing as zero risk. There's always some element of risk but obviously making sure that you're changing default settings, like don't use the username admin. You can do a lot of things through plugins and that kind of thing if you're using a CMS but there's also a lot of steps to take on the server, like changing file permissions and things like that. Definitely recommend looking for some guides out there for website security. We have a couple on security.net that are freely available but yeah, definitely taking just extra steps to make sure that you're thinking about security and setting those options. Awesome, now backups, I hear this all the time. Backups, backups, backups. What's your emergency plan? How often are you making backups and what does that look like? Well, it really depends on your site. If you're updating your site very frequently, it's very important for you to be able to restore all of that recent content then you wanna be making daily or even more frequent backups. For some sites that are only updated weekly or monthly maybe those are how frequent you want them. One important thing to think about with getting hacked and using a backup is sometimes attackers will attack your site and wait for months to actually launch the attack so they'll get in and they'll sit there for a while and then your backups are actually infected. So if you restore a backup that still has a backdoor in it that could be troublesome but still, nonetheless it's great to have that safety net especially if you have custom files on your site those get overwritten by a hacker and you don't have any way to restore the custom files not like you can just pull down the WordPress plugin files or the core files. You wanna make sure for sure that those are backed up. All right, thank you so much for coming on the show today and helping us out with how to find malware and what to do with it, it's been a pleasure. Thank you so much for having me. And hey, make sure you like this video and comment below on something that you learned that you're gonna do with your website to make sure you're secure. But while you're there, subscribe to this channel and ring that bell so you know when these episodes are coming out. First, this is The Journey, we'll see you next time.