Who is Hacking and What are They After?
- April 01, 2020
- Bradley Taylor
You may hear about all the hacking attempts that take place and think “wow, there are a lot of people with nothing to do but try to break into these mundane websites?” This is actually not the case. Almost every hacking attempt is done automatically by bots. They scour the entire internet looking for a vulnerability in a website. It takes just a few seconds for the to scan the site and on to the next one they go. There are many thousand of these bots doing this.
Where are They?
Most hacking operations are illegal in the land from which they originate. But some are not because the government there has never addressed the issue. In some places the government and its laws change all the time and there is no real enforcement of cyber-crimes. Some governments will tend to look the other way if the action is being done against a country they consider to be adversarial. Then there is state sponsored hacking.
State sponsored hacking is when the government of a country itself is paying for or conducting hacking activities. Every government does this to a degree but usually just to gain information. Some of it is done in the name of creating havoc for the citizens of a country. One of the more infamous state sponsored hacks was when North Korea hacked Sony back in 2014.
What are They After?
In general, your automatic bot is just trying to get into the back end of the website. From there, the bot initiator has one of these goals:
- Inject your site with malware that will a) redirect traffic to another website. b) bury links in the site to juice up a site they are promoting or c) mine concurrency on your server, making them money and slowing your site way down.
- Take over your site and demand a ransom to turn it back on. This is more common for a profitable website that takes large numbers of sales online.
- Shut down your website just to cause mayhem.
How Do They get In?
Bots try all different ways to get into your site but the most common ways they get in are:
- faulty or insecure script
- guessing weak passwords
- sideways, from another hacked site on your server.
How to Stop Them
The number one way I have found to reduce the attacks is simply blocking entire countries at the server or IP level. If you are a local business that serves local clients only, what would a visitor from Russia or China have to offer by visiting your site? What would you gain? The answer is NOTHING. Shut them all out. Use a Geo-Blocker to block every country but your very own. If you do have international clients, then just block the countries that pose the highest threat ie., attempt the most hacks: China, Russia, Eastern Europe, Iran, Iraq, North Korea, Nigeria and Brazil.
If you want to see a cool live map of the threats in action check out https://threatmap.fortiguard.com/
It looks like a modern version of that old movie “War Games”. Really cool.
One of the best plug-ins you can get is Wordfence. It is a free security plug-in that does a really good job of handling the threats that do arise. They have a paid version that is even more intricate. If you have a large and /or valuable website it may be worth looking into the upgrade.
What to Do if You Get Hacked
Contact someone that is good at assessing the situation and removing the problem. The more serious the hack, the more talented the programmer must be to eliminate it. Most times, a simple WordPress hack can be fixed by your hosting company or your webmaster for a fee. Sometimes, you have to hire the big guns. They basically go into your site and clean it file by file. It is very time consuming and therefore expensive.
Keep your site protected. Use strong passwords and change them often. Keep your plug-ins up to date and don’t use any that are not highly rated or that have been abandoned.
Install a log-in-limiting plug-in. This will ban an IP if there are too many incorrect password guesses. Usually the default number is five guesses and the person is locked out for 24 hours. You can change this setting to 3 guesses and they are locked out for good. Don’t worry about locking yourself out. You can go into the server admin area and reset your information.
Install IP-Geo Block and limit access to our site. You know where your customers are coming from. Block everyone else.
Have your very own server or a VPS. It may be more expensive but hackers getting into your site from a side door won’t happen.
Use Wordfence or other strong firewalls and protection plug-ins. An ounce of prevention is worth a pound of cure.