We received a website contact from a client in nearby Chicago Illinois. They currently had a basic five-page brochure website and wanted to completely re-brand their corporate image. They wanted someone close enough but not someone from Chicago due to the Chicago pricing. We thought that was more than reasonable. We covered what they were thinking and went through all of our initial questions. To this point they had avoided giving us their web address as it wasn't what they considered a good site. While talking we tried to find the site on any of the search engines and couldn't – and we soon found out why.
Our initial impression was like "uh oh". We were immediately stopped by Malwarebytes Anti-Malware as the site appeared to have malicious content on it. This immediately raised a red flag and they were confused as it loaded fine for them. Their website was an older site. There was no modern day content management system (CMS) like WordPress, Joomla, or any. They had to update it through FTP (file transfer protocol). They logged into their website and showed us the code through Skype screen sharing. We did inquire what the password was as we saw it only had four asterisks in the saved password box. The password was 1234 which was a very generic password (problem 1). As we they showed us what they last modified nothing out of the ordinary was there. It looked like decent HTML content.
We then started looking at some JavaScript files that were in the header and footer of the site. They stated they didn’t know what they were and figured someone else put them there (from the company). As they talked they learned none of them did. As the JavaScript files were loaded we immediately noticed there was some special code set of codes to infect the internal computers of their internal network. These commands were well found on the search engines to take advantage and give remote users access to the computers (problem 2). As we inquired about any recent employees being let go we learned that they let go both of their old website administrators. We inquired if their access had been removed and learned it wasn’t (problem 3). We also learned that there computers were acting slow, files mysteriously disappearing, etc. (problem 4).
As we continued our Skype call we had even more red flags coming out of the woodwork. The system was targeting every computer and was set to delete files from their Desktop (this is where the owners always saved their files). The company team members were getting angry at the two people let go (problem 5). As we talked we told them they couldn’t get mad or accuse those two as (1) passwords were never changed, (2) they hadn’t changed the password in 11 years (yes that long), and (3) there was no logging kept to determine who did what within their system.
We did multiple things on this initial call for them.
Whether you are from a growing town in Northwest Indiana or in a big city like Chicago security should always be paramount in your mind when it comes to your website and your business. Whether it is a simple site like the one above or a complex one that needs continual updating like a modern day content management system (CMS). Your website is the first line many of your customers will see. You want to always present your best foot forward and always have good and accurate information. Your website is your online employee. Treat it with as much respect as that of any other employee working for you.
If you would like to talk about how to upgrade your website, create a new website, change or enhance your company brand JM2 Webdesigners of Valparaiso (Valpo) Indiana is here to help you with our in-house team of designers, content writers, and software developers. We can be reached at @BUSINESSPHONETOLLFREE@, email at @BUSINESSEMAILADDRESS@, or through our online contact form here.