Transcription of Podcast
Remember these transcripts are rough and to help give you an idea on what was said in the podcast. Sometimes Otter has issues transcribing the voice.
Everybody rock Rob Cairns CEO and Chief creator of Amazing Ideas at StunningDigitalMarketing.com, the leader in digital marketing to help your business sore. How’s everybody doing today? Today’s special guest and he’s been on the SDM Interview show with people first my good friend Mr. Jeff Brown.
Jeff is the founder and CEO of Alpha Social Media Inc.
He’s a WordPress education trainer that specializes in training offers WordPress
and more. And Jeff is really in the know. And what we talked about today is Jeff’s experiences with how his site was attack, what he went through and how it was prevented. So sit back, relax, enjoy the ride this I talked to my good friend, Mr. Jeff Brown.
All right, here we go here with Jeff Brown today and talk about a little situation that happened kind of a website situation just had the unfortunate
reality of having this website attack this week. So I thought I’d share this as a case study. I know on a number of Facebook groups we’ve talked about D das attacks we’ve talked about
plugin attacks. So Jeff what kind of happened and started take us through it a little bit. I started to notice some email notifications about hosts being locked out of the site. And so it started I’ve got a site there and I started noticing around March the
brand March the eighth that I started to get a little bit more activity than it literally but 153, lockouts and then on the 13th 250
and then on the 18th 2015
which is kind of hot which is kind of high for the average person I mean you get one or two a day is pretty norm and then you know, now, what software we’re using to I themes security Pro, and I’m using walked I’ll talk about what I was using as we go through the
On the weekend, the sites, the attacks really picked up. I started getting notifications probably every 15 to 11 minutes. At the height of it, I was getting notifications every five seconds about somebody being locked owed of the sake of trying to log in. So literally the at the peak of it. We’re talking brute force attacks,
that the peak was 1750 for that day.
Now, emails in terms of those brute force attacks, was there any typical IP address around? The strange thing is that they were rotating, there was quite a few IP addresses that so you just couldn’t simply block one. At the end of the day, there was 549 band users
and I would bet you most IP addresses were probably
Coming out of
either China or Russia or, or where they kind of all over the place, they were all over the place. And with VPN, it’s kind of hard now to say really truly where they’re coming from. It’s just
I just looked at the IP addresses where they’re coming from and it just it was happening so fast. When you think there is a lack of every five seconds, you’re just hoping that you set the site up correctly, you’ve got all the proper solutions in place so that the damn doesn’t bust and it holds. It was kind of scary. Now with because what I find is with hack attempts, even though most of them come out of developing countries, China and kind of what causes that there’s a lot of
machines aren’t up to date so they get used the farmers, co four spot farms and things like that right and what I find it
Most people watch those attacks are either in mainland Europe or believer not North America even though they’re using machines overseas. So the IP addresses and always reflective of where the culprit is now. Let’s take us through the process. What did you do next once all this started, I turned the notifications off because you just too many of them I began to watch the site dashboard itself. Now the things that I done ahead of time, which made all the difference in the world.
I like to hide the back end but they still found me.
I have a strong password not even change the password in the middle of the process. I also had two step verification and I also have login alerts. So in other words, if someone log was able to get past all those defenses, I could say that that login if they eventually got here, like it say, Yes, it’s me or No, it’s not. Yeah. And it was
Just well on throughout the whole
evening morning and the rest of day, it was just the site was just getting hammered. Yeah. So I mean, that’s the key is you can do all the preventative stuff. And of course, if I recall, right, you’re using backup buddy to do backup. So you don’t just rely on your host backups. Absolutely. Which is actually a very smart move. I mean, backup buddies. What is it now if you want this backup buddies heart and $50 us for a year? I know I’m an Updraft Plus sky, I have to premium version of Updraft Plus. The key is to take those backups also and send them somewhere so don’t just leave them on the site. Send them a drop box One Drive Google Drive account because we know what the files get hacked. The backups can get hacked. Yeah, I use a 123 system for my backups were one the computer to in the cloud and 300 external drive that never sees the light of the inner
It whatsoever. Yep. Yeah. And I’m actually I know you and I’ve talked about it, I’m actually going to a model where I’m going to start backups on this technology NAS this. I’m working at it in the corner as we speak, because it’s out of the box. And I’m going to that approach. I’ve actually got tools and ology, so I’m going to have one off site for that exact reason. And it just simplifies the process. By the way, that’s not a solution for the people don’t have any finances, but do it 123 strategies, no fee, you have to have something else training and one of the guys in the course there is computer blew up on them. And either way, though, your course not in the middle, of course, but just before coming to the course. So we ended up coming with the Chromebook that he forgot to have the power plug on. But at the end of the day, he did have backups. But it was scary for the first little while for him. Yeah, yeah, I’ve been there.
Like I I did a couple years ago about I guess 10 years ago is in the hospital I came on like computer hadn’t been on those using the desktop but time I turn the computer on and all I heard was the words clunk clunk
which which for those who don’t know is what it’s called the spinning hard drive dying and and they need to say I was able to go and get new hard drive and do a restore and I was good to go but that’s the key What are your in your case and you’re pretty in the know your plugins for up today that issue plugins always up to date that’s one thing that I always keep
attention of and even when I train people in WordPress and use WordPress courses that I do I tell them update your plugins that some may want to wait just a few days just to make sure everything goes smooth. But these things are not to be left on updated because
you and I’ve had conversations about plugins. It’s hard
Even with legitimate plugins nowadays to
stay on top of it, but yeah, absolutely have to do your due diligence an update when when they become available. Look at what the update is for see what’s in it a lot of times is security. But these things are not to a site, you just don’t come back months later and do all the updates. You kind of stay on top. Yeah, the things that keeps the wolf or the head hurts. Yeah, I was reading. Before we got on this call you and I were talking offline. I was reading him one of the WordPress agency forums or developer forums and there was a lady saying my site just got hacked. I’ve got to do a rebuild. And it’s because of a plugin that wasn’t up to date. Like, you know, I, it happens I mean, and even if you keep them up to date, like for example, we all know about the mess in the WordPress community with social warfare two weeks ago. We all remember the mess last November with GDPR plugin. And by the way that one took out
Eight sites, including my own business site. So the only time I’ve ever had to do a restore to do a hack was because the GDPR plugin, and that was a plugin with over a million installs, and I jumped on it within hours within two hours. And normally, the way I do plugin updates is I do them on a weekly basis for clients, unless there’s something really glaring that says I need this now that was really glaring that GDPR plugin and I jumped on that and even my host and shout out to say ground because I’m a site ground fan and everybody knows that and I make no bones about that. They blocked it at their firewall almost right away and they still got here so you know it happened. So whereas last one site, I was able to
get it back and 14 minutes just between deleting and restoring 14 minutes. That’s pretty damn good. That is good happened. So easy. All the other sites I
Get them updated this that one, it was just too late and I launched it. And it does happen. So where did you go after you looked at all your logs you monitor decide what would you do next, I then approach the I submitted a ticket to my web host. And I would like to know that condition of a server if they were noticing anything, those kind of things.
Still waiting on that ticket. So I went on to the chat system. And the first chat I gone with the individual recommended that
I go to cloud force.
And I was more concerned about home base in all actuality, and cloud force might be a great solution, but it doesn’t take care of you know where the files are the original home base. And so I was kind of put off a bit by their suggestion that I go elsewhere. And then I got hold of another
person and they suggested going into the ht access file and putting in some line of code making it so that I could only login from what IP address now that was a good solution. But unfortunately, I move a lot as a trainer and I access my sites from different IP addresses. Yeah, and I and I get, I get in even more where if I get tired of working, I work from my home office waking do and make money on the internet. And I know I’ll go work at Starbucks if I need a break or the library. And I can guarantee you I find there I’m running a VPN software, I’d rather deal with my VPN, my ISP provider and say and by end so that type of solution just doesn’t work for me. I mean, one IP address I die, right so yeah, so in your case was safe ground up. What if you were me, what are some things that you would have expected your host to jump up and provide for you?
Last time I had a problem with an IP hammering me
I jumped on the site ground and it was only one IP and they actually had Taryn block that IP on the firewall. So they did that for me. What I will say is I don’t like chat support at the best of times. And the one chat sport I rave about every time it’s like rats are based out of Bulgaria. Their team is very good at answering, they get back to me with concise answers. It doesn’t take forever.
They’re very helpful.
And they do chats for very well. I have never in the four years of them was like round, I’ve never called them. I just there Chad. It’s that good. And it lets me multitask while I’m talking to them. I can do other things and they
are good. And then they say to me, and no make suggestions and say, by the way, did you check this knowledge article and usually I tell them beforehand, I’ve read the knowledge base articles, and they’re smarter.
Now, I think they actually fight their users. So they know which ones are their
business type users. And which ones are their developer type users so they I don’t have the shipping talk down to I don’t have the issue. But I don’t think send thing there’s somebody go to another service to solve your problem is doing it.
I’m not going to call your host out, because I’m going to show little restraint. I’ve been known to co host out here and there. What I will say is it wasn’t good at in wasn’t me. It wasn’t No, no, honestly, though, they have been Proudfoot. Yeah. But lately, I’ve noticed that,
that their support is slipping. And that’s going to be one thing that
any web developers going to need access to, they have to have good support because sooner or later, you’re going to need help. Regardless of how good you are. You’re going to need someone that’s much smarter.
than you are to fix a problem, because there’s a lot of smart people out there, and some of them are actually trying to get into your website and into your server, you need a really good team behind you, and your web host this part of your solution. What I’ll tell you is from experience for those of you who don’t believe in during CES a problem or claim money, one of the things that darn sites to do is they own a product called site locker. And so what they’ll do is they’ll say, Oh, we can help you great call by site locker, by the way, 20 250
bucks us here, or whatever the current prices. So instead of breaking down in helping it, the first thing they do is say not our problem, not our crappy firewall problem. I know with GoDaddy, it all depends on what type of server you end up on. So if it’s an older server, the odds are it’s gonna have problems if it’s a newer server. It depends at the end the day who set it up. So yeah, so let’s take it through from there. The web host was kind
That not much of a help from what happened. That’s essentially I ended up, continue to monitor the site and eventually come.
Highest was on March the 29th, at 1750. And then it went on the on the
30th. It was down to 390. And then come March 31. Two is down to 16. And it’s it really has dissipated. So keeping an eye on it, watching, you know, what they’re using for login usernames and just keep an eye on it. And eventually I wrote out the storm. It was just good.
Preliminary set up having the right tools to handle this because it was fast and furious, and I turned my lockup notifications back on again, and, and so far, it’s been pretty tame at the moment. Yeah. Now what I’ll say to people is if you don’t want to necessarily
Via I think security, they do offer a free version of I think security, it’s available on wordpress.org I teams actually didn’t develop that product themselves. They bought a company if I believe it was bulletproof security they bought a number of years ago and then they kind of rebranded it.
What I’ll tell people is the free version. I tend to run the pro version of it but the free version will do 90% of what you need. So go help yourself. Another product I really liked and it seems to run well in conjunction with IT security, frankly, is work fence which kind of you know tells you a little bit about what plugins are routed day what what offense even go so far as to tell you if something is out of date in the repository and maybe should find a replacement now. I absolutely love their newsletters, the if you will
Do it just one thing I would subscribe the word fence for their newsletters because they a lot of times we’ll break they’ll be the breaking news to help you prepare for what’s coming they see for some reason they see things ahead of many others and that’s valuable for keeping your site safe. Yeah and and I’m not really a big fan of the GoDaddy ecosystem but I still like what security does they fortunately have left it on its own but you know from a from a cleaning standpoint, it’s really good.
But word fences newsletters good and by the way, for those who don’t know what fence does have a podcast I think they’re on episode five or six and they kind of highlight lately different highlighting too much because there’s been the cross site scripting problems there’s been the last three weeks in a WordPress ecosystem has been kind of a minefield and
This just this things that a lot of ways we didn’t see coming. The
company there that actually were the
social warfare that that that fiasco, right there was, I mean, we expect that people will try to take advantage of plugins and try to get in that way. We don’t expect owners of plugins to potentially go rogue. And that’s a hard thing to defend against. Yeah, one. One thing that should teach everybody, by the way, is if you have an employee, and he’s got access to your social media website, you terminate them or they leave, you need to change passwords, like pretty quick and remove access. I mean, I’ve got a client right now who’s in the middle of a retail change of a part timer does does some of the social media and I can guarantee you as a Friday night, as of Saturday Night and five o’clock, I’ll be changing passwords.
form because I don’t want issues of somebody
getting upset, shall we say after the fact that night I mean that’s just a day we live in.
was talking about the work fence podcast, the latest one they did what it’s called
think like a hacker. So you know if you want to learn a little bit, you need to get that on your podcast player. It’s on mine. That’s kind of one of my must listen to junkies. They talked about the whole pick a controversy another one that happened last week you and I’ve talked about offline. That was after the social warfare after to work.
I mean, I check out but it’s been it’s not been a fun couple weeks hasn’t know it. It has been extremely challenging to keep your site safe and
Running, because at the end of the day, a lot of us
the websites are important, but a lot of our business is something else. And for the average business, it’s a real challenge to keep up with all the things that are happening. It’s a moving target, if I could say that.
I would agree so, you know, I wanted the events as I, I maintain, maintain a website for is the Ontario police memorial and not celebration or remember, it’s more like it is coming up the first weekend and may shout out to our mutual friend Scott mills and all this effort working with the Memorial Foundation to help make that a great event. And I sit and I watch on the tablet, the attempts on that website that happen every year during the memorial, and I can almost guarantee you by the end of the two hours ceremony
So that’s reading other names for the hour and this ceremony. I will go over 30,000 D das attempts. I mean I and to retrospective even more I maintain a site for the Canadian police memorial and a number of years ago there were
free for three or four police officers that died that month. And if you remember, I remember that day of the funeral. I stood there and had the funeral on TV and my laptop on my lap watching the website you say why did they do that? Because all the police haters come out and I was going to keep that site up. And fortunately, both hosted on site ground boats on a dedicated box. And I went through that one I went to over 100,000 attempts in three hours during the service. That’s a lot. That’s a lot. So we’ve all been there and the key is just to do the right things and have a backup
Because your best way to least resistance is if you do get hacked this to delete and restore. Absolutely, because you won’t. Most of us don’t have the time or the energy to go through it line by line and try to figure out where the line of code has been injected or the in the scripts for instance. So it’s we can be up and running with restore probably 14 minutes my fastest yet while I was just puttering around at it. I know, quick. I know with my clients.
If I have to do a security fix to a site you’re probably looking at about, I don’t know $3,000. And and I offer care plans for $1,000. Not that I’m trying to do is sell but the point is, sometimes you’re better off the pay up front and just deal with it. Then deal with the back end and get the cost of doing business. You’re exactly right. Jeff, thanks for sharing your thoughts. If somebody wants to get ahold
Do you’re an amazing trainer and one of the best trainers I know to be honest with him and you know, I know you do a lot of WordPress education training how they get ahold of which they can get ahold of me. My email is info at alpha computer. That’s not enough computer but alpha social media inc.com just thinking of the old copy for I incorporated so that’s info at alpha social media Inc. com or on the phone at 902956 2600.
And by the way, for your for Jeff will take a DDOS attack or two just
he seems to relish this stuff. I’m just kidding. I don’t want any either. So have a great day. Bye bye for now and and thanks for listening and just be safe and take the time and protect your website and you’d be better off for it. Thank you for listening to the esteem interview show. This Podcast is a production of stunning digital
Marketing com, the agency that can help you with your web design, or press security and digital marketing needs. Please subscribe to this podcast. This podcast can be found on Stitcher, radio, Spotify, Google podcasts, Apple podcasts and more. Please don’t miss the next edition.
This podcast comes out every Thursday for your listening enjoyment.
Until next time, please keep your feet on the ground and keep reaching for the stars. And we’ll talk to y’all soon. Have a great week everybody. Bye for now.
Transcribed by https://otter.ai