Plesk partner Sucuri saves Val from hacking ordeal #WCSEA - Plesk

Plesk partner Sucuri saves Val from hacking ordeal #WCSEA

Valentin Vesa is part of the great Sucuri team, the widely-used website security provider, and our Plesk partner. They offer SaaS cloud-based solutions  to system admins to ensure integrity and availability of their websites. However, Val’s first contact with Sucuri came well before his employment. See how Sucuri saved him from hackers. His story from WordCamp Seattle – #WCSEA.

Well, it all started with ShoeBox

Plesk partner Sucuri saved Val from being hacked again - ShoeBox - Plesk at WordCamp Seattle

Val started the ShoeBox project in his family during Christmas 2007. He tried to teach his boy to share toys and clothes with other poor children from the building. They then used to go around locally and “advertise” the campaign through Yahoo messenger statuses and email groups.

In 2009, the charity project got too big for Yahoo messenger, so it was time to create a website. Val decided to “Get online in 5 minutes” with WordPress and got a free theme since it was a non-profit project. Soon enough, it grew into a multinational charity and all was going well. Until the website experienced a hacking attack.

ShoeBox gets hacked on Dec 22, 2014

Plesk partner Sucuri saved Val from being hacked again - ShoeBox Hacked 1 - Plesk at WordCamp Seattle

And there were major direct impacts:

  • Spam mails generated from the website
  • Their hosting provider warned they would suspend the website
  • The email server was down
  • No online presence mid-project because the website was down
  • The website got blacklisted and visitors would see a warning, which demolished credibility.
  • Visitors were being redirected to pornographic content from this children’s charity website.

The self-mitigation attempt

Val conducted a few self-checks to discover what had gone wrong.

  • Were there any .htaccess edits done?
  • Any unauthorised FTP access?
  • Recent additions to the WordPress user list?
  • See any unusual content in MySQL/phpMyAdmin?

He even changed the passwords for FTP and cPanel and scanned the access computer for keyloggers and malware. This worked and the website was now clean and back online. But only for two days. Because on December 24, there was a new attack!

Plesk partner Sucuri saved Val from being hacked again - ShoeBox Hacked 2 - Plesk at WordCamp Seattle

Val realized that it was about time to ask for help. And a quick Google search led him to Sucuri, a globally recognized cybersecurity company for websites and web applications. Using their live chat, he got the professional help he needed. And Sucuri fixed and secured Val’s website in no time.

Creating a new secured online presence

Only after being hacked did Val understand that when it came to websites, “Security is not a do-it-yourself project”. You need professional software and protection, whether you’re there or not.

Looking at the big picture, when compared to other CMS platforms, WordPress remains the most at risk. Year on year, other platforms get less attacks, while WordPress accounts for 83% of attacks, even more than the 74% from the previous year.

You can check the 2017 Sucuri Hacked Website Report for full details.

Plesk partner Sucuri saved Val from being hacked again - Val Vesa - Plesk at WordCamp Seattle

Later, convinced by the quick help Sucuri provided in 2014, Val started forwarding positive feedback on social media to Sucuri. And he even gave advice on how to improve their website content and social media presence.

Sucuri appreciated Val’s help and shortly thereafter, created a social media specialist position within the company. Val applied and landed his dream job within the Sucuri team. Now, not only is he passionate about his work, but his remote shifts allow him to spend more time with his family too. Ever passionate about social media, Val’s slogan remains “If you want to do social media, you have to love people.”

The five best anti-hacking practices

Here’s what we can take away from Val’s story.

  1. Learn about security
    Stay up to date on firewalls, access control and platform vulnerabilities. Employ a web application firewall, like Sucuri. And check your website whenever new vulnerabilities are announced.
  2. Craft great passwords
    Use a password manager! Make sure your password has a complex structure- a mix of upper and lowercase, special characters and numbers. Longer than 10 characters. And don’t reuse passwords.
  3. Manage your updates
    Make sure you update your CMS, plugins, and server as frequently as possible.
  4. Have backups
    These should be on a schedule, and as often as you’ve content added. And you should also test frequently.
  5. Use professionals
    Join communities, groups about security in forums and on social media. Ask for recommendations instead of trusting any random ad.

About Sucuri Security Scanner

Plesk partner Sucuri saved Val from being hacked again - Sucuri Security Scanner - Plesk at WordCamp Seattle

This is how you can remotely detect website malware infections and security issues. You can get blacklist warnings, and see malware in the source code, with custom scans and alerts to notify you of warnings. Find out why we have partnered with one of the most used security providers in the industry.

About

Carole is a WordPress Community Junkie and a passionate WordCamp organizer. She's been the WordPress Community Manager for Plesk since August 2017.

Leave a Comment

Start typing and press Enter to search