A Hack Cost Me $10,000
It was a Great Idea… I would get a dedicated web hosting server and sell space to my current and new web clients for $15 a month (and get all my websites hosted for free). It was going GREAT! I was making $6000 to $9000 a year until… Trying to be a Good Samaritan, I gave a FREE web hosting account to my church. They had a volunteer to build them a free website in Joomla. He never updated the system software after the initial install (he didn't know you had to do that). What could possibly go wrong with that?
I was on a golf trip with friends in Arizona when I got an ominous phone call right before I was to tee off one morning. “Your server has been hacked and if you don't shut down the church website RIGHT NOW, we will shut down your entire server (you and all your clients).” I did it but it was just the beginning. From that hack they infected the entire server. I tried moving my clients to new servers twice (the one who were not bailing like lifeboats on the Titanic), but the problems followed to the new servers. This was WAY OVER MY HEAD!
I finally found a hosting company that understood my problem. The majority of my time was spent fielding VERY NASTY phone calls from clients who were PO'd that they could not get email and their websites was down. Threats of lawsuits and doing almost nothing but damage control nearly took me out mentally and financially.
I finally found a hacking expert who could find and really fix the deep rooted issues. That was not before I lost over $10,000 in lost time, revenue, and cost in fixing the problems. What a nightmare!
I had a baptism by fire as to what hackers do, why they do it, and why your little one person (or bigger) company website matters to them.
Your Website Is Under Attack
Whether you know it or not, your website is under attack. We all ask ourselves why? What could hackers, spammers and scammers possibly want with a small one person company in Nowheresville, USA? Well there is a ton of things that they can do to take your, or your customers money. Here are the top three that I see ALL THE TIME:
- EMAIL THIS – If you or your web host are not careful, you could be a relay for spammer and scammer emails. They thrive on hacking email accounts to send viruses. These little programs get into your operating system to do two things:1) Scan for financial data like your credit card transactions or bank accounts, or 2) Scan your email list to broadcast their virus to infect and get the data from your friends and contacts. There is big money in credit card and bank fraud. I was breached last week from a vendor's website and within minutes, there were thousands of dollars of small $1-$10 hits to my credit card. Luckily I had a responsive credit card company that saw that, called me and killed the card and reversed the charges. Still a nightmare.
- YOU ARE NOT #1 ON GOOGLE – I monitor a bunch of my clients contact forms. On any given day I can see dozens of emails that are well crafted and letting the owner know that “I see that you have an great website, but I have done research and you are not ranking well on Google. My research shows me a couple of small things you can do to raise your rankings.” Sounds enticing and legit, until you see the same email come into 20 to 60 WordPress contact forms. The other telltale sign is each of these come from a GMail email account. A legitimate SEO company would have an email address like Stud@KillerSEOCompany.com (well maybe not that exact email address). Here is the bottom line… if the company is not #1 in Google (or the person sending you the email), then how can they POSSIBLY claim to make you #1 on Google? Put your checkbook or credit card away!
- GREAT BLOG POST… – Although not as harmful as the other two, it can be. If you have a blog, robots or programs can post comments to your posts (especially older ones). Generally, they contain links to cheap Viagra, fake Coach purses, and other scams. These have two purposes. They want to build reciprocal links to build authority to their crap with Google. When these are not deleted, they can be found and can trigger hackers to attack this website because it's not maintained and being updated… Making you a prime source for spreading viruses and rogue emails. Make sure your website is emailing you comments and manage and approve or delete them everyday!
So here is what I have learned.
- Find a hosting company with awesome support that backs your website up daily and can restore it for you when you need it. They are becoming fewer and farther between because hackers are eating them up like they did me.
- Don't fall for false profits. If you can't talk to someone and they can't show you how they are number one on anything, then don't pay them to try to make you something they can't do for themselves.
- Manage your website. If you don't have time to do it then pay someone to do it for you. You may save some money now, but in the long run it could cost you big time (please don't make a similar $10,000 mistake).
Ultimately, you may feel like people have your back, but it is your duty and responsibility to make sure that you are protected, backed up, and that your website and email are serving your customers and keeping you in business.
Do you have any stories or feedback that you'd like to share? Comment away!