Scarier than Hallowe’en
It’s Hallowe’en as I write this and what better time to talk about one of the scariest things I guarantee you won’t have thought much about as you relax in the paradise island of Zanzibar.
Everyone now knows the insidious effects of a ‘virus’! The 2020 Covid-19 pandemic has been a global phenomenon. But did you know that right now there is an equivalent IT worldwide pandemic?
You probably already know about the danger of viruses on your PC, or malicious ‘ransom-ware’ on your office desktop or malware that gradually slows your browser down. All these are annoying, but these pale into insignificance when we turn our attention to websites.
There are over 2 billion websites all around the world. Maybe you own or have a business that has a website, or you sell products or services online using an ecommerce website. Brace yourself…
People spend a lot of money on getting a professional and well-designed glossy website to promote themselves, their interests or their business. But very few people – especially in Zanzibar, Tanzania or East Africa consider the risk of owning a website with no security. And I am not referring to that ‘thing’ you were persuaded to pay your website host a few dollars a month, that has the word ‘security’ in the title… its usually not really up to much!
Sit down! Pour yourself a stiff black coffee and read this next sentence slowly three times…
The average website has 44 hacking attacks every single day? Yes, that’s right 44 hacking attempts… and over 18 million websites are currently affected with malware (malicious code).
SecurityWeek.com Tweet
Increased Hacking attempts in Zanzibar 2020-21
In 2018 there are more than 1.86 billion websites on the internet. Around 1% of these — something like 18,500,000 — were infected with malware at a given time each week; while the average website is attacked 44 times every day. It’s not getting any better either!
Sitelock published its Q4 2017 Website Security Insider analysis of malware and websites based on statistics from 6 million of its 12 million customers. All these customers use at least one of Sitelock’s malware scanners, while a smaller subset also use the firm’s cloud-based web application firewall (WAF). The WAF provides insight into DDoS attacks against websites, while the sca≈nners provide insight to the state of malware in websites.
At Simply IT we have nearly 50 client related websites hosted all around the world. Most of our clients are in Zanzibar, Tanzania or East Africa. In the last 18 months we have noticed a distinct increase in both human and bot-hack attempts on client websites. There has been a big increase in 2021 with attempts from Eastern Europe, China and Indonesia.
As an experiment we setup a dozen new websites hosted on our shared server. We monitored them but intentionally did not install anything to protect them – however, we DID pay a leading hosting company each month to ‘protect’ the websites. Within three months 98% of the websites were infected. Some very badly. Speed and reliability deteriorated gradually, as did storage space on the server. Thousands of files were infected and an email account was used for spam mail. We used only well-known WordPress and industry standard plugins. But almost without exception each website was compromised in a variety of ways.
What does that mean for you?
Let me pause here and ask you something: Do you know for sure if your website developer bought a legitimate theme for your website? Hacked or nulled themes are available free (saving hundreds of dollars for developers), but they come with a deadly payload… themes and cheap plugins can be pre-infected with ‘back-door’ code that allows hackers to inject malware into your website and gain access to the back-end of the site, your files, passwords, emails and even the server that it is hosted on.
Beware! You may be paying for a website that is wide open and ready to be used and abused by hackers… not just for you or your business.
We would advise you to always ask your web developers about security and not just fancy graphics and videos on your website! Insist that your website is maintained carefully with security in mind, plugins are kept up-to-date, your website is monitored for speed and reliability and that your developer installs a reputable firewall, and virus scanner and backup process. WordPress has plugins that are all free or at most $99 annual subscription – so it won’t break the bank. You can pay a starting cost of $499 to have an expert remove the malware that has brought your website to its knees.
Here at Simply IT Zanzibar we provide all these security features, and more to our clients, as part of our website monthly maintenance contract.
If you have customer names, addresses passwords or even take payment or even hold financial information – all these will be compromised if your web developer ‘just’ gives you a fancy website. And in most countries you are legally bound to inform all your customers if there is a breach of their data stored on your website or email system.
Scary right? And it doesn’t even need to be YOUR website that is infected… Most websites are hosted on ‘shared servers’ – which means other websites share the same server that your website is on… they are not ‘socially distanced’!
But it gets scarier when you start to learn exactly what malicious ‘malware’ code potentially does to a website… maybe now is the time to go hide behind the sofa as you read on…
WHAT IS MALWARE?
Malware is a general term for malicious software used to leverage a site’s weaknesses for various harmful activities. In the context of WordPress websites, malware in WordPress can affect a website’s performance on every level, from the web server to the user experience, and even the site’s SEO performance. So, if you are not paying attention to what is happening to your website now, it could be too late to save your site by the time you do.
For that reason, keeping tabs on your website’s performance and identifying changes as they happen is the first step towards building a secure WordPress site.
We have noticed a very sharp increase in hacking attacks and malware ‘injected’ into local websites in the tourist industry in Tanzania in 2020 and 2021. From what we have seen in Zanzibar, the ripple effects of a malware attack on your site take the following forms:
1. Overuse of server resources
When your server is hacked or compromised, it means someone else (in this case a hacker) is partially or entirely using your server resources to their advantage. They could be using it to pull off a number of misdeeds like:
Attacking other websites
Using a single machine to attack websites is risky because it can be easily detected and blacklisted. But detection of a large number of machines is difficult, which is why hackers are constantly fishing for new hosts. Hackers are even known to use popular websites to attack targeted sites so that it won’t raise alarm immediately.
A vast majority of the time, malware attacks go undetected because the purpose of such attacks is to use your server resources without drawing your attention. You can, however, detect if your website is being exploited by noting if your site’s performance is lagging. You will notice that your site has slowed down suddenly.
Perhaps you’ll see that your web server is unavailable for the visitors of your site because a majority of your server is being used to execute unwanted activities. We have come to notice that there are a number of other ways hacking affects your site’s performance. We suggest, keeping an eye out for any sort of sudden changes in your website and acting immediately.
Sending out spam emails
Mail spam is unavoidable. Millions of spam reports are sent every day which accounts for 59.56% of traffic on the internet (as of September 2017).
Hackers use compromised websites to send hundreds and thousands of spam emails for a number of purposes. Email servers around the world use different methods to deal with spam. They track the IPs of the servers sending out spam emails and blacklist them. Therefore, hackers are always on the lookout for IP addresses that have a clean record, meaning that the IPs are not blocked by popular email providers.
In several cases, we have come across instances where a website’s owners are completely unaware of what is happening until the host identifies something’s fishy and alerts them about it. By this time, it may be too late and domains are already blacklisted by spam watchdog services like Spamhaus.
If your site is hacked and thousands of spam emails are being sent out using your server, your web host may also suspend your account until you clean it and remove all malware, which is one of the worst things that can happen to any website.
Usage of large amount of disk space
Hackers can have various purposes in mind when they are accessing your site. Some hackers may have hacked your site to store millions of files. These files take up a large amount of your disk space. The burden of those unknown files tends to bog down your website.
For those who don’t know, unlimited hosting plans do have a limit. This can lead to situations where you are unable to add any content. Moreover, maintaining your site will become a challenge with a lot of unwanted files littered about the site. Also, your web server can suspend or ban your account due to malicious activities on your site.
Slows down site
When your visitors make a request to load a page from your site, hackers may fetch files from other servers and load it along with your page. This can damage your site’s performance because the whole process is time-consuming. Visitors to your website may not hang around the extra 5 seconds your homepage takes to load. You lose traffic and potential customers.
2. Deterioration of user experience/browser performance
Malware in WordPress can affect how visitors see your website. The user experience of a website is important for the success of the site (or business). If your users are not happy with your site’s performance, then they might not return to your site (or use your service – if you are offering one).
In May 2020 Google announced that user experience was one of the growing factors they use to rank websites on their Google Search Engine. Malware will seriously affect your website’s visibility.
Websites become slow
Studies show that the average attention span for human beings has shrunk from twelve seconds in 2000 to eight seconds in this digital era. Therefore, slow websites are bad for business.
We discussed earlier how overuse of server resources slows down your site. If your website takes too long to open, people are likely to hit the back button within a few seconds. That way, you will lose visitors before you get any. Also, it can have disastrous effects on online business like e-commerce sites. Amazon, the world’s largest retailer site can lose up to $1.6 billion in sales due to a second’s delay. In 2013, the giant retailer lost $66,240 per minute during a thirty minutes downtime.
Load external Javascript/iFrame resources
You might have come across websites with shady pop-ups, usually on the top of the page asking you to go to a different site or make a purchase, etc.
It’s a little confusing because the pop up seems completely unrelated to what the site is about. The reality is that someone has hacked into that site and has inserted malicious Javascript/iFrame. So, every time someone tries to open the page, the malware gets loaded too, therefore increasing the time it takes to fully render a page. This makes the site slower. Furthermore, the visitors of the site are getting duped into making purchases and doing other unwanted things while riding on the site’s credibility.
Mining cryptocurrency
You have probably heard of Bitcoin – the most popular cryptocurrency. It’s generated through a process called ‘mining.’ Over the last couple of years, cryptocurrencies have been quietly gaining popularity and more and more people are buying and selling them.
Because Bitcoin has shot up in price, it’s popular among hackers who want to get rich quick.
Hackers infect websites with malware and install cryptocurrency miners. They use your visitors’ browsers to mine cryptocurrency every time they open your site. Your website could be one of these ill-fated sites. If you are experiencing a sudden change in your website’s performance, then it’s possible that hackers are harnessing the power of your machine’s processor for the purpose of mining cryptocurrency.
3. Degradation of SEO performance
Search Engine Optimisation is one of the primary reasons websites get hacked. Google has clearly recognized SEO being a motivational factor in hacking so that your visitor is redirected to a malicious site. So the more visible your website is, the more of a target it becomes.
SEO spamming (known as the pharma hack)
Pharma hacking is a very common phenomenon. On the web, there are restrictions on advertising illegal drugs like Viagra, Cialis, etc. Therefore, pharmaceutical sales websites resort to SEO spamming to get people to visit their site or make purchases. They often insert spammy keywords into posts and pages and cloak them from regular visitors.
The SEO spam is only visible to web crawlers like Google-bots. Besides this, there are a few who are able to identify pharma hacks even in their hidden form.#
It’s well noted that modifying a site’s SEO structure will have a tremendous effect on your website. You will lose a chunk of your visitors along with your reputation and credibility. Your website too will experience a fall in ranking and there will be a major drop in the speed of your site
Google blacklisting
Google is the biggest search engine on the web and aims to provide its users with the best user experience. Thousands of websites are blacklisted by the search engine giant on a daily basis. Many of these sites are legitimate businesses (like yours). Your website may seem like it’s adhering to Google guidelines and yet you are suddenly blacklisted.
The blacklisting occurs often a result of malicious code being injected into the website without your permission. Once your WordPress site is blacklisted, your visitors won’t be able to access your site. Google will prevent users from visiting a compromised site in order to protect their machine from getting infected.
As a result of being blacklisted by Google, your website will be unreachable for days. It will negatively impact your SEO and you will end up losing search ranking, resulting in a fall in organic traffic. It will, unfortunately, also damage the reputation you had worked so hard to build
OVER TO YOU - NEED HELP OR ADVICE?
Have you been noticing a difference in your site’s performance lately? Did you try finding out the cause?
Please do contact us at Simply IT Zanzibar, if you need any help – even if you are only needing advice on how to protect your website. If you want a website health audit, or believe your website may be infected with malware and want it cleared, or just want peace of mind, please get in touch.