 Guten Morgen, everyone. It's nice to be in Nürnberg this morning. Ich kann euch ein bisschen in Deutsch auch grüßen. Und wenn ich das gut gemacht hatte, whatever, you can let me know. Did I do good in German? I used to live in Stuttgart for about two years, every other year, like in the summertime. So I caught some German. Didn't speak it since, I don't know, 98. So if you want to help me practice in the breaks, I'll be very grateful to you. Don't forget the hashtag. I told you if you have your phones with you, I will be very happy if you don't look at me and you look in your phones because you're tweeting about the event and not watching anything else. So if you're tweeting about the event with the official hashtag, then you're excused and I will not be very mad. Okay, so who am I? You've heard my name is Valentin Vessa. I'm a father of two, husband of course. I started working when I was 14 years old. I was back in 1994, for those of you doing the math. And I was selling candles. I had a friend who was living in the United States of America. So he was sending candles back home in Kluge in Romania. And me and a friend of mine, we were selling them to girls in high school. And we said, you know, his mom said that we cannot give him for free because she needs money to raise money for the kids. So that's why we can't give it a free candle, but we want to sell it. So we make a lot of money in candles, you know, time fraction of money. I love photography. I love social projects. I used to live in these countries for, you know, months or years. Romania, Germany, I told you about Italy, Austria. Some part in the USA. And now I'm back in the Dracula country of Transylvania in Romania. I live in the city of Kluge-Napoca. That's right, a little bit northwest in Romania. For the past 18 years or something, I was doing a lot of social media marketing online. And for Sukuri, I work as a social media specialist. And I go to events like this one. I don't eat pork. Who else? Anybody else donates? Yeah, there you go. But I also don't eat seafood or fish. I started eating tuna fish a year back. So I'm kind of a turning. And I love Coca-Cola when I have to clean my bathroom. And my first WordPress install was back in 2009. Did anybody else in the room install WordPress for the first time in 2009? Just so I don't feel alone. There you go, one. Okay, give him a clap for him. 2009, so I don't feel like the only one in the room. And I was doing the Schubos Project and WordPress. And this is why I started looking into finding a CMS for my first website. Me and my wife, we started this project. I will show you a small video. We don't have audio badly, but I will give you the link maybe at the end. You can watch it on YouTube. It's not such important audio as what you see. And it will just describe very briefly what the project is about. Hopefully it will start. Or just imagine the music, okay? So mom buys a new pair of shoes for her son. He's wearing them, putting some suites in the same shoebox, wraps it nicely and goes to a collection center to be given to a poor child. And the project is called Shoebox. That's the website. We do have an English page if you want to check it out. And the text there says make a child happy every Christmas. So what the project is doing is in 2006 our son was three and a half years old. And we wanted to teach him how to give because he was having toys, clothes, sweets. And I thought me and my wife that it's important for him to know, even as a young age, that he needs to share from everything that he has with somebody that maybe doesn't have the same. And we went to a poor family and we put some things in a shoebox. We wrapped it nicely. It was just before Christmas in 2006. And we wanted to see his feeling. We wanted to see what he would understand from it. And he went to kindergarten and he explained to all his colleagues. This is what we did. We go to these children. I told him, don't say it to nobody. When you do a good deed, you don't go and hey, I did something good. Just keep it for yourself. But he didn't, of course. Because he was three and a half years old. How could I expect him to listen? And this thing grew from there because the parents heard about it. They come and ask us, hey, what are you doing? What project are you doing? There was no project. It was just a family thing for Christmas. And this was in 2006. In 2015, so last year, for Christmas, we gathered more than 100,000 Boxes in 19 Countries, 203 Cities, and 416 Collection Centers. All run by volunteers. There's no organization behind it. There's no structural ONG or NGO, something like that. Everybody who has time, they come in. Some people stay for a year, two, three, and they go back. Or they just stay with us. I call them the prisoners. They are still with us. So, we had this project in 2006. And then by 2009, I thought, you know what, we need a website because we need to send people somewhere. We didn't have a Facebook page until 2011, I think. I didn't think about Facebook, although I should have. Because it's working very good. So, what do you do when you want to go online? You search for the lowest possible price because you're a charity, you don't have money. So you first get a domain name. If it's possible for free, that's great. If not, as in my case, you have to pay for it. So you have to not eat for a few days as a freelancer. You have been there, right? I know, I see you. And then you buy the cheapest hosting, like I said. And luckily, your host has C-Panel installed. And inside C-Panel, I found Sceptaculus, or whatever you pronounce it. And, sounds familiar? And in there, I found WordPress. That's the first time I've ever heard of the name WordPress. Initially, when you hear WordPress for somebody that is outside of the system, you think it's about journalists, some press, what is this? But I read there the five minutes install. You know, go back, go online in five minutes. So I said, I don't have much more time than five minutes, so I will go with this one. And this is what I... So this is the first... Sorry, so this is how the website was looking in December 11, 2009. Well, this is because the way back machine doesn't import CSS. So we did have some colors. It wasn't that bad. But yeah, so this is something that I could do with the whatever theme was default back in 2009. And then, if anybody knows VladStudio.com, maybe in Russia, used to be a famous theme author. It kind of doesn't do it anymore. But he gave me his premium theme for free. So that was like a freemium model back then. And he said, as long as you put a link back in the future, going to me, I was like a link, what is that? So he explained. So then everything became much clearer. And from 2009 to 2014, when the story that I want to tell you about happened, we continue to do improvements. So this is part... I think this is a screenshot from 2014 in the beginning, already having some custom background. Now we know stuff, right? So we add things, we have a logo and all that. And as I was learning more about WordPress, I started to also help other NGOs or friends or somebody that wanted to go online. If somebody, I've heard the keyword, I want to go online. I'm like, I know, five minutes, I know how to do it. So I was like, okay, this is of course auto installer. I didn't have the pretension to do it on FTP and all that. It's just next, next, next. So I admit. But then something happened that I wasn't prepared for. And now, ladies and gentlemen, please hold your eyes, because this will not be a nice site. This happened. December 22nd, 2014, 4 am. I will never forget this moment. I wake up because the next day I had to send the newsletter out to all the volunteers. And I was looking in my inbox and I saw emails coming back saying rejected email, rejected email, rejected email, rejected email. Hundreds. So I was thinking, I did not send an email. So how can I get a reject email from somebody because I didn't send anything. Of course, PHP files, I'm here on the server, sending out spam. So the website was hacked, obviously, as you can see, by Giri Riederheitsch or whatever. And pretty soon it became blacklisted by Google, which happens. And then I got an email from my host, who said, we are about to suspend your site because it's sending out spam in thousands. And if you've ever been there, raise your hand. Nobody has that? Okay. Normal people here, too. So what I tried, of course, what everyone tries in the beginning is do it yourself, right? I need to fix this. I know how to do it. It's not going to be a problem. I'm going to check some HT Access, maybe look into my scale database, maybe see what WP admins are new there that have a crazy name. But two days later, this happened. So whatever efforts I did, trying to fix it myself for two days, ended up being hacked by another team of hackers. I have no idea even now if I was targeted or if it was just a random thought or if it was just, I don't know. But anyways, this is how it looked like on Christmas Day. This is my website. Merry Christmas. So what do we do? When you know that you can't do nothing by yourself or you tried everything you could, then you go to Google, right? And you go like, how can I clean my website? Who can clean my website? Is there anybody that can help me do that? And yes, it was. This is my actual wallpaper in my laptop, because they helped, now you know who they are. So what did I do? I found them and I go, I had a chat with a support team at Sukuri, saying, hey, I'm desperate. I know stuff about technical, but this is really way beyond my ears and eyes, and I don't know how to fix it. Hillary is still with us. We still have fun about this chat all the time. And I explained my problem, and she said, relax, everything is fine. We got this. We know it's very, very nice. Sir, just calm down. It'll be fine. So two hours later, the website was clean. It was online. Now, the good part about, on January 2015, as I was putting together the report for the shoebox 2014, the initial year, I began looking into Sukuri, my savior, and I found out that they have a social media job. I was doing social media. I love Sukuri already. They saved my ass. So I was like, I'll apply. And one email and three interviews later, this happens. Meaning, I got the job. Well, that photo is not this shirt. So we have enough shirts. We give out to everybody. This is in the presentation for a lot of times. Just so everybody knows. And we do switch them. When they really wore out, we switch them. So I left my corporate job, nine to five. That was a good story actually, because when my daughter went to the, you have zero grade here in Germany, like, before school, they go to preschool. Okay. So when she went to preschool, the teacher asked, no, no, after kindergarten. In between. Anyways. So they asked her, what are your parents working? What are their jobs? Because my wife is a paramedic, she said, my mom saves lives. She was the hero of the house. I was just the guy there. She said, my dad comes home, takes a shower and sleeps. True story. So imagine yourself being a dad. Anybody here a dad? Okay. So just imagine your daughter or your son going to school and telling the teacher that you just come home and take a shower. Well, at least I took a shower. And you sleep. So that was the moment when I realized why going to job and you officially have an hour from what nine to five or six where you go home like 10, 11 p.m. because we have this release and I was doing testing, social media and all that. And it's just a moment in life when you decide you want to do something else. I just wanted to spend more time with my kids, with my wife. I wanted to see places, travel to cities for example. And not necessarily speak in a conference, but why not? So it all started with that year behind being hacked. Not a very true, not a very good story but a true story. And then this started. So I got a job as a brand evangelist with Sikuri, full time. I'm working from home. I don't go into an office. I have my own hours. I get to travel the world. The one in the left low corner is from here. Maybe you saw it on Twitter. And also that one, the third one. I don't know the name of the castle but I'm sure you've seen it in Nuremberg. So I travel, I do events. I meet people, I network with everybody. If I didn't speak to anybody in this room, come find me outside. I love to talk to people. I'm not so much into the technical aspects but I can talk. We can discuss anything you want. And if I don't know the answers I'm always sending an e-mail back to the team saying I have a question and I don't know how to answer it. And they're like, we have an answer for you. I don't know where the Jumla audio guy is but he send me a question and I already have an answer for him. So, we are hiring if anybody wants to get on the board and let's go to why being hacked was a good thing. Now when I propose this title I've seen some tweets from people like you are from a security company and you talk about why it's good to be hacked. Yes, it is good to be hacked because you realize the position, the knowledge or lack of it that you have. So, first of all, it made me like it really really forced me to do research. Hey, what did just happen to me? What is this? Why me? Why do I see this or whatever I see on my website? What did I wrong? Did I do something wrong? Is my website in danger of having anything worse happening to it? It gave me the opportunity to do some research and of course, terms like security shortlist, root access, Web shell. I've never heard of these things before. Like, what is that? Plugins and themes, vulnerabilities where you mean my site is vulnerable just because it's on WordPress or just because it's this theme of those 27 plugins that I don't use, but I keep it on. You never update. Anybody has plugins that they don't update? Keep your hands down. I don't want to see you. So what's the motivation behind? Why do they do that? Why do hackers hack? We have a saying in Romania. When you ask the horse, do you like to eat? Of course. They always will hack. Sometimes it's because of the money they can make, revenue. They can use any resource on your site just to make money. Maybe you have an online shop and you sell stuff. So if you don't properly secure the credit cards of your customers or something, that's an opportunity for them. Maybe you don't have credit cards. Maybe you have personal information. They sign up for your newsletter and that's also important like it happened in my case with that file on my server. Of course they can go after your audience. If they can do nothing on your website, they will think okay, so you're a very visited website. Also that means a lot of people come to your site. So there's a big, big chance that not everybody coming to your website will be very secure. Maybe they don't have antivirus. Maybe they don't have a firewall. Maybe they have some shady software but they have a patch from the Torrents and all those patches usually are backdoor to your system. They will have the ability to take advantage of the trust that the people already reading you will have because I will always go to my favorite blogs and read them without thinking that I could be infected. Hey, I know this guy. I read his blog for five years. I'm not going to be hacked. Maybe not. Or they could get for your resources. You are in a dedicated server. You have unlimited bandwidth. We know what unlimited means. But let's say you have unlimited bandwidth. You have a good CPU time. So he's going to use those resources to attack other websites or other servers from your server. All the time happens. We call it the redirect attack. So you get a phone call from somebody. You're attacking my site. Your IP is attacking my site. Well, my IP just got live. And they can also integrate your site through the resources you have into larger networks like Botnets and DDoS attacks. All those armies attacking one website for whatever reasons. And another reason or motivation they have is why not? If your website is so poorly secured, why shouldn't I go in? My IP admin username and password are ILoveMarry and admin 105, whatever. If it's really easy to guess, they will go in. Even if it's harder to guess, they will go in. And maybe it's not about making money. It just allows me access. It's just a badge of honor. I go and brag to my friends. Hey, you know what I did last night? And it's going to go, yeah, I went. I had some beers, I danced. And I went to bed at what? Okay. Some people, you know, have a good thing about that. And oh, that's a good question here. Who here has a backup solution right now for their websites? Wow. I never had so many hands up. Good, Jeremy. Very good. So if something happens, at least you know you have a backup, right? Which I didn't have for shoebox. Or maybe I had some sort of shady plugin that was saving everything in the HTML folder, which got deleted, you know, by the hacker, because why not? Like I said, why not? And okay, they get access. Let's say they got in. Like it happened to me. What do they do once they get in? What exactly are the hackers doing on your website once they gain access? Now understanding the tactics that they employ, pretty much makes you understand how can you protect yourself. And of course, let's not forget that what we see at the surface is just like an iceberg. You never know what's behind. You never know how deep they go. And in the case of an infection or hack, things are always more than they seem. Sometimes you don't even see nothing on your website. Like the website looks and behaves normally. There's nothing going on. Like there's no image change. There's no Viagra, Cialis, or whatever, nothing. There's no direction to port and sign. There's nothing new. But in the background, somewhere you have a file, you have a new admin that you didn't add yourself. And you have some things going on. So we need to pay attention to connection to anything else from the website. And we have some, I don't know how good you can see this. I hope. So some infection types. We found seven. Fischenglures, Spam-E-Mails, De-Facement. DDoS-Bots, das ist wirklich schlecht, wenn das passiert. Und Ransomware. Du hörst es immer. Es geht um Computer, aber es geht um Websites. So, does anybody here doesn't know what any of those terms mean? You don't know. Which one? Ransomware. Die go into your computer, lock your files, and you have just one image saying if you want your computer back, pay whatever bitcoins. And you can get it back. Never happened to you. You either don't use Internet or you're very safe about it. I don't know which one. But congratulations. It's a really awful situation. My dad had it happen to him. And from the computer, wie die Geschichte mit dem Google-Guy, buyen Google.com für 24 Stunden. Ein großer Glitch. Er kam aus der Randsome. Er war fair, aber er kam auf Google und sagte, Google forgot to renew Google.com, und es war der Tag vor, und er war in. Er war nur auf Google. Er wurde registriert, und für ein paar Stunden war er der Owner. Er war in einer großen Infektion. Wenn jemand, ich kann in private sprechen, wenn du mehr willst, dann wissen du. Was sind die Fähigkeiten? Sie haben einen solchen Teil. Die Fähigkeiten, die Sie haben, sind die bothen. Business und Technik. Wenn du nicht Business machen willst, und du sagst, ich war eine Charité, ich habe nicht Business gemacht, ich habe nicht Technik, ich habe keine Technik, die passiert. Wir haben die Business-Side, wir haben die Brand, wir haben die Economics, wir haben die Emotional-Distressen. Wir gehen in die Details. Und für die Technik, du hast deine Website blacklisted. Wie gesagt, das nächste Schritt, wenn du infektiv warst, wenn du für 2-3 Tage infektiv warst, du wirst blacklisted. SEO-Impact. Visitor-Kompromiss. Wir gehen in die Details. Brand-Reputation. Ich muss dir nicht sagen, was das ist. Du bist verhackt, jemand kommt auf deine Website, und es ist eine große Red-Screen, die sagt, das Website attackst du, oder so was. Ich weiß, ich habe diesen Blog immer, aber das erste, was du machst, ist, dass du dein URL checkst. Wurde ich eine Liste geben? Wurde ich eine HTPS oder nicht? Denn manchmal gehen sie direkt. Wurde sie die WWW.infront oder nicht? Denn sogar dort gibt es ein paar Infekte. Und die Website spielt ein kritischer Rolle in deinem Brand. Es ist alles über dich. Die User wissen deine Produkte, deine Farben. Wenn du dein Logo changes, sie wissen es sofort. Das ist etwas wie Millimeter. Es gibt Leute, die auf Google geändert haben. Ich habe die beiden mitgebracht und die zwei Migranten auf Google geändert haben. Ein bisschen zu den Seiten. Wie kann man das machen? Wie kann man das auf Google geändert haben? Ich weiß nicht, wie viele Leute das finden. Aber es ist ein Lass des Vertrages. Das ist das erste, was dein Business, dein Projekt, das ist das erste. Ich traf deine Website, ich komme zu dir jeden Tag, und dann einen Morgen. Es ist nicht nur ein Freund, es ist Google. Google sagt mir, das Website ist schlecht für dich. Du kommst nicht mehr hier. Okay, das ist natürlich ekonomisch. In der Forschung, die wir machen in Sakurde, wir finden, dass 99% des Vertrages geht. Wenn es mehr Ruhe gibt, dann geht es auf, wenn du blacklisted bist. Wenn du blacklisted bist, dann kommt niemand auf die Seite. Sie starten zu e-mail, wenn sie dein Phone haben, dann starten sie zu telefonieren. Dein Website ist schlecht. Dein Website generiert Geld direkt oder indirekt. Du zählst auf die Website. Du machst Geld direkt aus der Website, vielleicht hast du eine Banner-Ad. Vielleicht hast du eine andere Company eine Banner auf deiner Seite, weil du eine gute Traffik hast und du dir mehr Visibilität gibst. Das indirektes Geld, das du auf der Website kannst, ist aus, weil die Website schon hekt. Nichts ist visibel anymore. Und natürlich, wenn du zählst, um die Real-Life zu bekommen, es kostet dir Geld und Zeit, um jemand aus deinem Stoff zu sagen, was ein Stoff ist, was die Passwörter machen. Du musst dir das Geld educieren. Du musst dir sagen, hey, du musst nicht dieses Passwort nutzen. Ich liebe dich, Mary, es ist nicht gut, ein Passwort für die Rout-Axis zu machen. Das ist mein Sohn's Geburtstag. Ja, aber es ist nicht so, dass es ein unerwartetes Ding ist, wie Atomic Passwords. Emotional Stress. Ich lese dir eine Liste. Was passiert mit jemandem, der es hekt? Anxiety. Warum gehen sie nicht schneller? Ich sende sie ein E-Mail 30 Minuten ago. Warum ist meine Website noch hekt? Warum ist meine Website noch suspendet? Welches Host ist das? Du hast nur 1 Euro per Monat. Welches Host-Service hast du für 1 Euro per Monat? Du willst protected, saved und rescued, also Konfusion. Was ist passiert? Wie geht es dir? Du fragst deine Host, sie wissen nicht. Weil sie sagen, wir geben nur die Network. Wir haben keine Ahnung. Was du auf der Website machst, ist deine Sache. Wenn etwas falsch geht, wir suspendieren es. Sie haben keine Ahnung. Aber Sie haben keine Ahnung, dass, wenn du das Sign-Up für diesen neuen Offer machst, wenn du das Sign-Up für diesen neuen Offer machst, wenn du das Sign-Up fährst, das ist deine Sache. Wir geben nur die Konnektivität zu der Maschine. Anger. Wir wissen das nicht. Wenn ich das Hacker fahre, ich will nur durch die Welt und physisch hängen. Wir müssen civilisieren. Dann kommt Sadness. Ein Gefühl, es ist nichts, was ich tun kann. Es ist wirklich schlecht. Ich habe mein Geschäft verloren. Ich habe mein Geld verloren. Ich weiß nicht, was ich tun kann. Und dann ist das eine Belastung. Denn jemand, der das Hacker fahre und war in einer Situation, in der sie fast verloren sind, nicht nur die Website, sondern auch das Geschäft haben. Wir haben eine Perpetuelle Belastung von Technologien, von allem Internet, von Leuten. Ich werde nie accessen und niemand geht auf die Website. Ich werde es tun. Das ist ein Boss, der kommt neben dich und er insertiert den Passwort. Dann kann er arbeiten. Er steht da. Er ist da. Dann ist er fertig. Dann geht er aus. Aber manchmal ist es besser, so zu sein. Website, Blacklisting. Wir beginnen mit Technologien. Wir haben die Businesses gesehen. Blacklisting ist das Wichtigste. Die Leute wissen nicht mehr, wie wir das gesagt haben. Wenn du Blacklistig bist mit Google, Bing oder den großen Search-Engines, dann geht es besser, als nur die Search-Engines. Jetzt haben Antiviruses die Scanning, die sie machen auf den Websites, wie AVG, Trust-Level, Avast, Malware-Bytes, und so weiter. Dann geht es weiter. Dann gibt es Websites, die global blacklisted sind, wie Cisco, WebSense. Das ist sehr schlecht. Sehr schlecht. Ist jemand dabei? Was haben Sie blacklisted? Ich kann die Gesamtheit sehen. In deinen Augen. SEO Impact. So, das Hacker hat die Möglichkeit, um das Search-Engines-Basen zu kontrollieren. Result pages, people see on your website, S-E-R-P, SERPs, right? So people looking for Viagra, porn, Gucci bags, whatever people fantasize about, they could go on your website because you have an SEO attack. SEO attack means that they insert keywords in your site, maybe doing white text on white background, you don't see them, there's nothing there, but they just keep popping in, popping in, popping in. And anybody looking for Sialis or Viagra or stuff like that will go to your website. Maybe your website, like we had one case, is a church website and it's Sunday morning and people go to it to see the stream of the service because they're sick, they're at home, they have children, whatever. So when they try to go online, I'm not going to show you a screenshot, but you can imagine what they saw, they didn't see a church website. Okay, so Injection of keywords is always very used by the hackers. Also, they redirect your site, depending on the keywords people look for, to their sites. So this is a very interesting one because they target browser version, they target, like if it's on a mobile, they target smartphone type, like brand and browser version. And they say, okay, if this is an Android of this version of this browser, when they search for Viagra, just redirect them directly to me because your domain authority is higher than theirs. So they will use your existing SEO authority to move traffic to their site. Is anybody clear with that? Not really. Visitor compromise. Exactly like I said in the first one, if people come to your site, they get infected. That's easy. Like if something is there, they will carry on to their computer. Websites can be used to attack browser plugins, like Java, Flash. I think Flash is going to be discontinued or that's the news, but yeah, it still happens. And compromise always include distribution of ransomware. We talked about it. So they have a summary in the background. You don't know, it could be activated later, much later, like not there when you're on the website. You can even shut down your computer and one week later you'll see the pop-up. Hello, you want your computer back? You must pay. So, since being hacked allowed me to be in the position I am now to have a new job and change everything about my life, so I try to pay it forward as much as I can. Being to this event is one example, trying to talk to everybody and say that I put here in caps about website security, everything is serious. There's no fun, there's no jokes. I could use some jokes in the speech or when I talk to you and I try to be funny too, but it's not funny. So never funny, because you lose money, you lose credibility, you lose audience and ultimately you could lose your business. It's not something to be laughing about. And security is never, never a state. It's always a continuous process. Always you have to be careful of something else. You're protected for this version of WordPress, you're protected for this plugin, but what if they try something else? What if there's a new thing coming out? So be careful, always have to be on the lookout, because technology will never replace your responsibility as a website owner. I talked to somebody yesterday about this and I told them it's not so much of a visitor's responsibility to be protected, although it should, as it is your responsibility as a website owner to make sure that nothing happens to your website, not just because of your sake, but because of your visitor's sake. Because if they get infected, they will carry on the infection further to others, whatever, if they use USB sticks, if they visit other sites, through the cookies, so many other mechanisms, but the original source was your site. And it's your responsibility as a site owner. And when you think about security, it's always three things. It's always about people, process, technology, but always together. It's never just one. You cannot educate your people so good that they always take care. And it's never that if they don't follow the processes, even if you have them, they'll do nothing. And if you have the best technology in the world, how many people just buy a firewall and they go with what? Default settings. It should be fine. No, it's not fine. Your server, your site, your environment has very specific things that they need to be addressed, not with a default setting. A default setting is usually mild, just good enough, but good enough is not good enough for your website. You have to call somebody and hey, help me do this. I bought it. I'm just looking at it. Why do I do it? Security, like I said, is not a do-it-yourself project. This is what our Tony Professor, our CEO says, but it's a very real thing, because some people think that. I'll just do it myself. I'll just go buy next, next, next, and it's done. In the end, you see that it doesn't work. It slows your site, something happened, and you don't know how to fix it. Because not everything in this world online works as I'm doing it myself. I like it to do it alone. There are people who don't like security. There are people who like it, who make a living out of it, and we should trust them. There are so many companies that do security, and you should trust the ones that actually do that every day. I mean, if I'm sick and I go to my grandmother, or my dad, or my mom, or somebody, and I ask like, what should I take? What pills should I take? And I go to a doctor and ask the same question. Well, who should I trust? The doctor, or my mom, or my dad, or my grandmother. They will say, oh, just take an aspirin. It'll be fine. And maybe I'll go to the doctor and he'll have a very different opinion. Always trust the professionals. This is how you can find me. Oh, what an email I wrote there. See? That's what editing at 4 a.m. does to you. And if you have any questions, I'll be happy to hear them. If not, then we can talk at our booth or whatever. Oh, that's a question. Oh, you were running this morning, right? And you said you have a question. Okay. Yeah, he was first, and then you can go next. So the question is if I know how they logged in to Shubox. Well, I saw some traces. Like, they added a new WP Admin username. The username was Burrito. I don't know why. And they added some... So the HT Access was modified to show that photo. Always. Like, doesn't matter what link you came to, even if you're on a homepage or any other link, you always saw that. And there was an mp3 uploaded with, oh, oh, oh. You know, something. And that was it. And somehow, yes. I don't know if it's because of the command that I used for the FTP that could have been hacked. Anyway, I formatted my laptop, so everything was... I really went, you know, all the lines. But it never happened before, again. So, you know. So how do we protect sites for pingback attacks? You're talking about XLMPC? XLMPRC? What are you talking about in WordPress? Pingback attacks. Yes? That usually gets shut down at the firewall level. Repping it. Yep. Usually, this is stopped in the firewall level. So, you know, the firewall we employ is in the cloud because you switch your DNS to the firewall settings and all the traffic goes into the firewall and then all the valid one goes to the site. I think this is proprietary information. I understand the question. I really can't really answer everything. But we can talk and I'll see what sort of information I can give you. Not really everything. Thank you. Anybody else have a question? Oh, yes. We appreciate the competition. That's what I think about other plugins. Yes? Everybody's so polite this morning. Hugo, Hugo. I'm not technically anyway, so perfect. My site. Okay. So, I understand. We can talk more about this, but I'll share briefly. So, there's two parts to it. We have a firewall solution that, like I said to that gentleman, you change your DNS to our settings. All the traffic goes to our DNS. All the good traffic. You understand whatever you want through good traffic, right? Like any weird attacks, anything goes back. All the good traffic goes to the site. And then there's a site on the site scanner. You feed in your FTP credentials and it scans every file all the time. Like every two, three hours, eight hours, whatever you want. Sending you information of what's wrong, if there's a problem, you know, you see it. And then in the plan, there's included you can do unlimited cleanups. Like a year, if something happens in the site, we clean for you. Like we have people going in. There's no tools employed, it's always secured. This is a generic description. It's more in private if you want. Please. You're going to ask me about ransomware now. Okay. So, our scanner runs all the time. But when the scanner finds something, you will also get a notification. Oh. Yeah, we also have a scanner, of course. And then anything that looks suspicious, it's always manually checked. Always. You cannot manually check 5 billion files. Like only Superman. Yeah, well, you can't check a lot of files manually. In years of experience, you can do a lot of them. But still, you have to use some tools. But the actual disinfection, the actual looking inside a code, is done by professionals, never by the tools. You can't trust tools that much. They have a lot of false friends, and they can just like delete real files. Just because a crazy developer added some crazy code doesn't mean it's infected. It's just because it's a really shitty code. So, you know. Thank you. Thank you. Anybody else? Oh, you're just having fun, not having a question. Okay. Well, thank you then. Thank you. Thank you. There's one more thing, though.