The initial contact
We received a website contact from a client in nearby Chicago Illinois. They currently had a basic five-page brochure website and wanted to completely re-brand their corporate image. They wanted someone close enough but not someone from Chicago due to the Chicago pricing. We thought that was more than reasonable. We covered what they were thinking and went through all of our initial questions. To this point they had avoided giving us their web address as it wasn't what they considered a good site. While talking we tried to find the site on any of the search engines and couldn't – and we soon found out why.
The website
Our initial impression was like "uh oh". We were immediately stopped by Malwarebytes Anti-Malware as the site appeared to have malicious content on it. This immediately raised a red flag and they were confused as it loaded fine for them. Their website was an older site. There was no modern day content management system (CMS) like WordPress, Joomla, or any. They had to update it through FTP (file transfer protocol). They logged into their website and showed us the code through Skype screen sharing. We did inquire what the password was as we saw it only had four asterisks in the saved password box. The password was 1234 which was a very generic password (problem 1). As we they showed us what they last modified nothing out of the ordinary was there. It looked like decent HTML content.
We then started looking at some JavaScript files that were in the header and footer of the site. They stated they didn’t know what they were and figured someone else put them there (from the company). As they talked they learned none of them did. As the JavaScript files were loaded we immediately noticed there was some special code set of codes to infect the internal computers of their internal network. These commands were well found on the search engines to take advantage and give remote users access to the computers (problem 2). As we inquired about any recent employees being let go we learned that they let go both of their old website administrators. We inquired if their access had been removed and learned it wasn’t (problem 3). We also learned that there computers were acting slow, files mysteriously disappearing, etc. (problem 4).
Digging Deeper
As we continued our Skype call we had even more red flags coming out of the woodwork. The system was targeting every computer and was set to delete files from their Desktop (this is where the owners always saved their files). The company team members were getting angry at the two people let go (problem 5). As we talked we told them they couldn’t get mad or accuse those two as (1) passwords were never changed, (2) they hadn’t changed the password in 11 years (yes that long), and (3) there was no logging kept to determine who did what within their system.
The Fix
We did multiple things on this initial call for them.
- The fix was easy as we removed the JavaScript files as their site used no JavaScript.
- We checked all the images that nothing was malicious was store in them, and uploaded the changes.
- We encouraged them to know that they may want to contact their legal team and let them know what happened and see about putting a notice on their site (Update: The legal team didn’t see a reason at this time to disclose the breach).
- All of the passwords were changed to more complex passwords and all 12 characters or more and completely random using our free password system.
- We have started the process of informing the search engines, Malwarebytes, and other malware sources that the errors of the past have been corrected. This will not happen overnight and they know this has hurt their online reputation. Maybe not to individual people but to the search engines that send people their way.
- They asked us for a recommendation for an IT company as we don't do IT work. We provided them one of our recommended IT companies we know that works out there and was familiar with their particular industry. Being we were talking to them early in the day the IT company was out at their location in a matter of four hours and has cleaned up their computers, put in-place a starting computer policy, and are continuing to develop an overall company plan.
Conclusio
Whether you are from a growing town in Northwest Indiana or in a big city like Chicago security should always be paramount in your mind when it comes to your website and your business. Whether it is a simple site like the one above or a complex one that needs continual updating like a modern day content management system (CMS). Your website is the first line many of your customers will see. You want to always present your best foot forward and always have good and accurate information. Your website is your online employee. Treat it with as much respect as that of any other employee working for you.
If you would like to talk about how to upgrade your website, create a new website, change or enhance your company brand JM2 Webdesigners of Valparaiso (Valpo) Indiana is here to help you with our in-house team of designers, content writers, and software developers. We can be reached at 219-229-1633, email at sales@FawkesDM.com, or through our online contact form here.
{{BLOGDETAILVIDEO}}