Website hacking. So how do you know if your website has been hacked, while sometimes you don't? Sometimes the hacker is using the resources of your website server or your hosting service, where your website is held to send spam emails and do other kind of nasty things.
NOTE: Complete transcript available at the bottom of the page.
Screw The Commute Podcast Show Notes Episode 433
How To Automate Your Business – https://screwthecommute.com/automatefree/
Internet Marketing Training Center – https://imtcva.org/
Higher Education Webinar – https://screwthecommute.com/webinars
See Tom's Stuff – https://linktr.ee/antionandassociates[03:30] Tom's introduction to How Websites Get Hacked [05:13] Google Search Console [07:17] Ransomware, malicious redirects, and spam of all kinds [09:55] Have multiple backups and make sure those backups are good [12:53] Strong passwords [14:55] Change your login page and ensure you have a valid SSL certificate [16:17] Control the users to your site and make sure it's up to date [17:50] Super cheap hosting can be VERY expensive [18:26] Use two factor authentication (2FA) when available [19:09] Protect your own computer [20:34] Beware of custom code [21:19] Who's gonna hack me? [23:05] Have a website firewall installed
Higher Education Webinar – https://screwthecommute.com/webinars
Screw The Commute – https://screwthecommute.com/
Screw The Commute Podcast App – https://screwthecommute.com/app/
College Ripoff Quiz – https://imtcva.org/quiz
Know a young person for our Youth Episode Series? Send an email to Tom! – firstname.lastname@example.org
Have a Roku box? Find Tom's Public Speaking Channel there! – https://channelstore.roku.com/details/267358/the-public-speaking-channel
How To Automate Your Business – https://screwthecommute.com/automatefree/
Internet Marketing Retreat and Joint Venture Program – https://greatinternetmarketingtraining.com/
Google Search Console training – https://youtu.be/oPsOZI8x5VM
Brute Force Attacks – https://www.varonis.com/blog/brute-force-attack/
Wordfence Firewall – https://youtu.be/hbSgHT_aoVY
Internet Marketing Training Center – https://imtcva.org/
Dr. Ty Belknap – https://screwthecommute.com/432/
I discovered a great new headline / subject line / subheading generator that will actually analyze which headlines and subject lines are best for your market. I negotiated a deal with the developer of this revolutionary and inexpensive software. Oh, and it's good on Mac and PC. Go here: http://jvz1.com/c/41743/183906
The WordPress Ecourse. Learn how to Make World Class Websites for $20 or less. https://screwthecommute.com/wordpressecourse/
Join our Private Facebook Group! One week trial for only a buck and then $37 a month, or save a ton with one payment of $297 for a year. Click the image to see all the details and sign up or go to https://www.greatinternetmarketing.com/screwthecommute/
After you sign up, check your email for instructions on getting in the group.
Want The Transcript for this episode?
Episode 433 – Website Hacking
[00:00:08] Welcome to Screw the Commute. The entrepreneurial podcast dedicated to getting you out of the car and into the money, with your host, lifelong entrepreneur and multimillionaire, Tom Antion.
[00:00:23] Hey everybody it's Tom here with episode four hundred and thirty three of Screw the Commute podcast. Today, we're going to talk about website hacking, who we probably get 10 to 20 calls a year with reports that someone that knows me got their website hacked and they somehow think I know how to fix it. Right. I don't know how to fix it, but my tech guys do. And they they also have good advice on what to do to prevent it in the first place. And that's what this episode is about. But don't worry, this is not a technical discussion. I hope you didn't miss Episode 432. That was Ty Belknap. He was a homeless teenager and ended up with multiple, multiple degrees, I can't even say it, and a doctorate. And he's got a very interesting method on how to recruit and use remote workers that he told us all about. So make sure you grab that episode 432 in case you missed it. And if you're wondering how to get to back episodes, you go to screwthecommute.com, slash and then the episode number. His was 432. This is 433. Well, how would you like to hear your own voice here on Screw the Commute? Well if the show's helped you out at all in your business or giving you ideas to help you start a business, we want to hear about it. Visit screwthecommute.com and look for a little blue sidebar that says send voicemail, click on it, talk into your phone or computer and tell me how the shows helped you. And they also put your website in there so you can get a big shout out in your own voice on a future episode of Screw the Commute. Now pick up a copy of our Automation eBook. It's allows me to handle enormous numbers of customers and subscribers without pulling my hair out and just really knocks my workload way, way down and allows me to reach more people and make more money. So grab that at screwthecommute.com/automatefree. And also we have a podcast app. screwthecommute.com/app You can put it on your tablet or on your cell phone. And you can take us with you on the road and we and we show you how to use it. A lot of times apps, they just throw them at you and expect you to figure it out. Well, we have screenshots and videos to show you how to use it. So you have a lot of fun taking this with you on the road. All right. Check out my school. It's the only licensed, dedicated Internet marketing school and digital marketing school in the country, probably the world. It's license to operate by SCHEV, the State Council on Higher Education in Virginia. But you don't have to live in Virginia. You can also wow, you can give it as a gift or a scholarship to a young person in your life and really give them a career with skills that are in high demand everywhere instead of putting them in deep debt, some college somewhere, and then they're competing for jobs at Starbucks. So check it out at IMTCVA.org and a little later I'll tell you how you can get a full scholarship if you happen to be in my mentor program.
[00:03:32] All right, let's get to the main event. Website hacking. So how do you know if your website has been hacked, while sometimes you don't? Sometimes the hacker is using the resources of your website server or your hosting service, where your website is held to send spam emails and do other kind of nasty things. I'll tell you about that in a minute and look how sneaky this is. They use a thing called cloaking, and that's when a hacker makes the website look just fine to you. But it shows all their other craziness, spam links and malicious code to the search engines in hopes someone else will see you in the search results and all the dangerous links and downloads will be available on your site to hurt them. And you have no clue that it even happened.
[00:04:29] And. Sometimes it's more obvious, I mean, your website might look crazy, it won't load, it doesn't work, right. So sometimes that's more obvious. Now, here's one thing to note. You can do everything right and still get hacked. So what I'm trying to do here is to enormously reduce the chances that you do get hacked. There's no 1000 percent money back guarantee, all right, because these spammers are insidious and are these hackers and. You might think the chances are slim, so and I'll tell you why, even if you have a site that's not that big, why you can get hacked and why they would want to hack you. I know one of the first lines of defense against this kind of activity is you should register your site at Google search console when you do this. Part of what Google does is issue you a security report and notices if they detect something wrong. Now, you can either do this yourself or demand that anyone working on your website runs a report at bare minimum both times per day. Okay. Depending on the amount of traffic you have now. Anything that happens in between your reports will be reported to you via email from Google. But if you miss the email, all the warnings are in your Google search console with recommendations on how to fix it. And I don't know how to fix this stuff, but I got people that do.
[00:06:07] But Google will tell you and they're watching your site all the time for you. So that's a totally free service that you'd be crazy not to take advantage of. Now, I'm going to include a link in the show notes to a six minute video telling you all about the Google search console and what hackers may be doing with your site and suggestions on how to fix them. So so check out the show notes for the link to that Google video. And I got to tell you, after all these years of working online, I can't fix any of these problems. That's what competent tech people are for. However, it is your responsibility and my responsibility to make sure these checks are done, because it's your Web site and you're the bottom line if it's being used maliciously and you don't do anything about it. Plus, if Google detects something wrong and you don't do anything about it, it will report your site as unsafe to potential visitors, which will pretty much kill your traffic. Done. And if it continues, you'll get blacklisted from the search engines and you'll never show up again. So what are some of the things that can happen to your website? Well, one is called ransomware. This is where some kind of malicious code locks up your computer and you have to pay a fortune to the hacker to get your computer unlocked. And, you know, once they get your money, they probably just forget about you.
[00:07:37] They just say, screw you and go find somebody else, the hack, and not even bother unlocking your computer. You just got ripped off. In other words, echo spam or search engine optimization. Spam is where your website is infected with spam keywords to get some fake pages to show up in Google that do any number of bad things to people. Like maybe maybe they make a page on your website. You don't even know it exists. That looks like Bank of America to get people to put in their banking information for identity theft and so just robbed their money. Yeah, it can be that bad. Another thing is adware, which they just deliver spam ads to visitors to your website or uses your website resources to show these ads to anybody. The other thing is malicious redirects. This is where they take your traffic and send it somewhere else to some other actual site. The first one was where they're just making fake pages on your site. Malicious redirect means that they're the traffic hits your site and automatically redirected the porn or pharmaceuticals or any kind of bad stuff. You can be sure it's not going to be good for your visitors. I'll put it that way. They can also use your site as a resource to send spam email. Behind the scenes, you never know what hit you. I mean, some studies show that up to 40 percent of your website traffic are bots and half of those are malicious bots.
[00:09:14] That's a lot of bad stuff that potentially going on. And these hackers are relentless and they're always looking for ways to penetrate Web sites, so you have to keep up with this or rely on services and software to do it for you. Another thing is a brute force attack where a really fast computer they can crack is an eight character password in about two hours. I also included a link about brute force attacks so that you can read more about them and what what they do with these attacks once they once they crack your code. Now, let's talk about backup's now I've been harping on this for 100 years, but one thing you must do, and not just for hackers, but for equipment failure is to have a regular schedule of backups. If your server goes down, you have immediate access to your files so you can get them back up fast. But but let me tell you what to watch out for. So this happened to me long ago, I learned my lesson, so I'm passing it on to you. So a lot of these Web hosts say, hey, we have, you know, 10 days of back up for you and and all this stuff. Well. That sounds good, but I'll tell you what happened to me, so Antion.com or the hosting service at the time went down. And everybody's freaking out and they say, don't worry, we have backups for everybody.
[00:10:50] Yeah, it took 10 days for them to get the site back up because they had millions and millions and millions of Web sites to restore. So I think it's just ludicrous to think one hosting service, doing the backups for you, that's just crazy, because if they get hacked, maybe a lot of the stuff they have gets hacked. Even if they're using a cloud service somewhere else, you just can't trust it. So you always have multiple backups in different places, even locally, so you can restore your stuff. If something gets hacked within a day, usually you can get your back up and running. Now, backups are also important if you get hacked because you have a backup before you got hacked, that can be used to restore your website after the threat has been neutralized on your server. But guess what? That's not even 100 percent effective. Why? Because a hacker might get in and plant code in your Web site and then wait months to use it. So your backup is infected to. Now, it's still important to have backups, but whoever is doing the restore of your files should absolutely check if the restore is infected and then they have to fix it, too, or you just clopping you're just ruining all their work to clean up your website and then putting a backup on that's already infected. That's just crazy. So you have to know about these things.
[00:12:25] Like I said, you don't have to know how to do them. You it's your responsibility as the website owner to know about them, to make sure that it doesn't happen. And I've got to tell you, I've had tech people come and go over twenty five years and they claim to be tech people, but a lot of them don't know this stuff. So you have to make sure that they know what you're talking about and they do this on a regular basis and report to you. It's your responsibility. Now, another protection that people tend to ignore is strong passwords that are changed regularly. I mean, nine year olds can run programs on your site that can easily crack passwords that are simple for you to remember, but no problem for a hacker to crack. And you must change. Listen to this. All your passwords and all your user ID passwords, user passwords and your FTP password, because you don't know for sure which one could have been the one compromised. And then here's another thing, don't use the username admin that sort of every hacker with a union card is going to use the attack, right. And the longer the password, the better. Now, I use a password manager, highly encrypted military grade encryption. Called Roboform, there's other ones. So 1password is another very popular one, roboform's a little bit easier. And it holds all my passwords that will generate really hard to crack passwords, so you don't have to remember them.
[00:14:06] You just have to remember one really good password to get into roboform, and it remembers the rest of them and it backs it up encrypted into the cloud for you. So that's a must I tell all of my new students that they got to get that? Because I can't tell you how many times people have, you know, pay me a lot of money to get on the phone with me. And then 20 minutes later, they still can't show me what they want to because they can't find the password. All right. So so get get your passwords under control and then you can have really tough to crack passwords, see, and they can crack the password. But it's just how long will it take if it takes six years to crack the password? Well, that's much better than one. They can crack in six minutes, OK, because they'll get sick of you and they'll leave. So. So get a password manager. And then change your standard login page, like for your WordPress site, the standard is like your site dot com slash wp-admin. Well, that can be changed to anything you want. Like log in here, you doofuses. I don't know. But anything we have a lot of different ones and and it's hard just all of these things add up to make it harder to crack your system. Now, here's another thing, it's a little bit off off topic here, but it's a current SSL certificate is massively important.
[00:15:33] I mean, this shows the little lock on your browser. Now, this doesn't really have anything to do with your site getting hacked, but it has a lot to do with being trusted by your visitor and by search engines. And your Web hosts can easily provide this for you, either paid or free, the free ones are a little more pain in the neck because you have to renew them more frequently. And I bring this up because not only do you have to start worrying about being hacked and thinking about security, your visitors worry if your site is secure or not. So start thinking security from both your end and your visitors in. So get an SSL certificate if you don't have it. Now, make sure you control the users of your site and only highly trusted and competent people should have admin access. Now, if someone had the, let's say, work on your site, remove their access after they're done working, don't leave a whole bunch of users laying out there just ripe to be hacked. Another thing you can do is always update your site. And I know most people use WordPress and we do here also. I also know it's a pain to update it. All right. But what you may not realize is that updates aren't always about some cool feature you're not going to use.
[00:16:58] Updates are frequently security fixes where you never see a difference in the site, but they are designed to close security loopholes which always exist. And like I said, hackers are relentless, looking for ways to compromise your site. Another thing, plug ins and themes, make sure your plugins and themes are from a reputable company and have many users and great comments, we use thrive themes here and we only use plugins that are highly reputable. And we run into this all the time, people, you know, we're reviewing a site and they have 40 or 50 plug ins that aren't updated or activated and just clogging up their Web site and pretty much waving a big flag to the hackers. Hey, come on, get me. I'm right here. I'm waiting for here. Now, another thing is hosting, if you get super cheap hosting a lot of times, you know, you're just on your own. So before you pick hosting, you might want to ask them, do you fix the generic term would be malware issues for you if something happens. And some will. Some won't. Some will. Some will sell you a big package to do it if you need it. Some will call it managed hosting, you know, so you have to look in deeper. I mean, we have I think we have a whole episode on hosting one of these episodes. Now, whenever possible, you want to add what's called Two-Factor authentication, this sometimes the thing called the cPanel, if you have one of those for your website to make it, makes it easier for non techie people to do stuff on your Web site.
[00:18:44] I think it was invented by techies who got sick of fielding calls for easy stuff. But anyway, whenever you can, can you use Two-Factor authentication? And what that means is somebody even had your user ID and password. They still couldn't get into your site unless they had access to your telephone number and your smartphone. You can't log in without it. So that's an extra layer of security and also protect your own darn computer. And you think, well, what's that got to do with my website? Well, it has a lot to do with your website, because if you don't have antivirus software up to date and effective firewall, then some of the viruses are intended to steal your login details and send them to somebody else or just grab them and use them themselves. And then they have a thing called a keylogger. Now, we actually use this when I have a lot of employees, I use a keylogger to make sure they're doing their work. And I tell them, don't do anything personal on this computer that I gave you because the everything, user IDs, passwords, everything are going to get sent to me. So that kind of keeps employees a little bit. It doesn't really anymore because they can just go on their cell phone, but it makes sure that you can see that they're actually working if they're remote.
[00:20:07] But also bad people use this stuff. In fact, if somebody had access to your computer at work, it wouldn't take I don't know. 15 seconds to attack a physical keylogger in the wiring to your computer, and now they're grabbing everything that you got and recording it, and then they they come in a day later or a couple of days later, take the thing off out of the wires and then, boom, they got all your stuff. So. So these are things you want to protect your computer to. Now, if you happen to have any custom code, and I got to tell you, I can't think of one instance in the 27 years I've been online that I've had custom code written by anyway, custom code. You know, if you say, oh, I'm going to get some some by website to do something cool and I'll get this this somebody from some foreign country to write the code for me. Well, they might put it, they might you just might be paying for them to to sneak into your computer and you probably can't evaluate the code yourself. So if you do get custom code for some reason, make sure you send it through a security company or something and ask them to check it for you before you install it or let it be installed because you're just asking for trouble.
[00:21:21] Now, a lot of people say, well, gee, who's going to hack me, I just got a, you know, informational site up there, whatever. Well, even if your site is small, you're not safe. I mean, you would think no one would want to bother hacking, but as the late comedian John Ponet used to say, oh, nay, nay, I say so. So let's say a hacker has a list of a thousand sites his malicious bot has identified as being unsecure. He snuck into a thousand sites. He could use those thousand sites to do what's called a distributed denial of service attack. That's DDOS on a larger site. And this is where you flood the larger site with traffic, which essentially crashes it. So it's like flooding too many people into one room. You just overflow. Nobody can get anything done. So it keeps out the good people because all these fake people are in there so that they're using your site is just one of the many to screw over some big site. I remember one time I heard of a hacker that sent the equivalent of all the text in the Bible a million times to crash some big site. You know, these people don't care about you. That's nasty business. They might get paid by a competitor to do it. I mean, send in the Bible. I don't think that's a very Christian thing to do to do that, so. There's other things like injection attacks where they put some kind of code that that grabs your WordPress database and runs your Web site and, you know, and those things happen because, you know, you didn't pay attention to all these other things.
[00:23:06] Now, you might want to have a word. You definitely want to have a website firewall. It's called Wordfence, one of the best known. And I put a video in here telling you about the word fence. And also, if you totally get screwed and you're hacked like crazy and your host won't help you, there's a company called Sucuri. I think that's how you pronounce it's sucuri.net who specialize in this and can fix up, you know, whatever you got going. But, you know, if you've screwed yourself over with no backups and just everything blown up, it's just cost you more and you'll be down longer. So we're also happy to help you with this. We make this a point to tell our students and some of them, like I said, do everything right and still get hacked. So you have to you have to know that's a possibility. Keep good backups, do the password thing. All the things we talked about in this episode. And like you said, we'll help you if you're in our mentor program, which is the I promise to tell you about this, where you could get a scholarship to our school, which is one of the benefits of the greatInternetmarketingtraining.com mentor program that I've been running for 23 years and seventeen hundred students.
[00:24:22] And it's extremely unique in that we have a financial model where we don't get our big money unless you make big money and you have an immersion weekend. Of course, when the pandemic's over at the retreat center in Virginia Beach and we have a TV studio, we shoot videos for you, all kinds of perks. You have unlimited access to me and my entire staff for a year one on one. Just amazing program. It's the longest running ever and most successful and most unique. And I triple dog dare people to put theirs up against mine so nobody will do it. But anyway, check it out at greatInternetmarketingtraining.com. Like I said, you also get a scholarship that you can either use yourself or gift to someone else in your life. And it would be one of the best gifts you could ever give somebody because they'll have skills that will keep them employed or having their own business or both for a long time, a long time. And they won't be they coming home and living with you because they'll have their own money.
[00:25:24] All right. So go out and protect your website, check out all these things and don't get hacked if you can avoid it. All right. We'll catch you on the next episode. See ya later.
Join my distance learning school: https://www.IMTCVA.org
Or join the mentor program PLUS get a FREE Scholarship to the School: https://www.GreatInternetMarketingTraining.com