Would You Know If Your Website Had Malware? (Probably Not!)

This month, RWS Consulting has decided to give you a glimpse into the underworld of computer hacking. Not to scare you, no. Hacking is going to happen—it’s as inevitable as death and taxes, and if the largest and most secure companies in the world can get hacked, then certainly any network or website can—but to inform you and prepare you, in the rare event that you’re targeted.

But the first thing you should know is that it is not you personally who is being attacked. Hackers have no idea who you are—and if your website management company is doing its job, it’ll stay that way! Rather, cyberattacks are automated processes conducted by specialized computer programs that are sent out to every possible internet domain they can find. It’s as random as it is widespread.

One thing these specialized computers do is “ping” (send out a test signal) to as many computers as they can reach to see if the signal gets a response. If it does (meaning there is likely a live site there), these computers will then keep attacking the site with basic, usually dumb login names, like “admin.” (“Admin” is such an easily guessed login that WordPress doesn’t even allow it.)

Happily, most logins are more complex, so the hackers’ pings fail time and time again. So why do they keep trying if they almost NEVER succeed? Well, when a hacker sends a login attempt, there’s hidden code included in hopes of finding a weak spot (or what’s often called a “backdoor”). One way this can happen is if your “plugin” program modules aren’t current. Plugins are continually updated, whether to add new features or because the manufacturer found a weak spot (i.e., a potential backdoor) during testing updates.

So, again, what’s the point of hacking in the first place? If hackers can find a backdoor, the goal is often to copy and plant malicious software (usually malware) on the computer in question that they can then control when they need or want to. If your computer has been invaded by malware, you almost never know it and it rarely affects your website.

Okay, so maybe you’re really confused at this point. Hang on—we’re almost there! Something malware can do is send out repeated signals to another computer in what’s called a “DDOS (Distributed Denial of Service) attack.” Now, this isn’t just ANY computer. Targeted computers are usually at, say, a bank, a large business (maybe some small ones too), financial institutions, and such. What happens next is that the business is flooded with attempts on their systems. We’re talking upwards of thousands of computers ALL trying to access a target computer at the same time.

Picture you’re a small mom-and-pop shop, something like a quick mart, with about seven or eight customers at any given time. Now picture a thousand or more people showing up at your door all the same time wanting service. Could you handle it? Probably not. You’d probably lock the doors and hide behind the counter. Not too good for business, huh? But then along comes a nice fella telling you he can fix your problem and get you back to business pronto. We’re betting your only response is going to be: “Okay. I’m in. What’s this going to cost me?”

We’ve got lots more expertise like this for the asking. Contact RWS Consulting today to protect you from hacking malware that can wreak havoc on your business: 202-409-8113 or