Contact us
Contact Us

Explore Our Digital Marketing Resources & Guides

Your Website Was Attacked 1,000 Times Today (And You Didn’t Even Know)

Attempted Login Failed.

I was alerted to find this notification in my Web Alerts inbox not 1, 2, 3, or even 100 times, but +1,000 times in a single day.

This is not an uncommon thing to discover if you have security monitoring in place. Automated credential attacks and bot traffic remain consistently high.

One key change that is putting more businesses at risk is the widely available information on potential users for a site.

It is very easy to pull employee info and email addresses, which gives hackers a leg up on potential login usernames.

The truly nefarious thing about some web hacks is that they aren’t after your site, necessarily; they’re trying to access your SMTP.

From there, the options are endless. They can send massive volumes of spam, phishing emails, and malware while leveraging the reputation of a trusted, legitimate domain to bypass security filters. They can also commit email spoofing to impersonate authority figures, perform data theft, or launch Denial-of-Service (DoS) attacks.

In otherwords, no beuno.

This client has an older contract (7+ years old website) so they don’t have the benefit of our piles of revised security parameters that we build into every new site. However, they do have the benefit of my literal eyeballs just watching that security board. 👀

One simple change we’ve implemented for most sites to reduce brute force attempts is so simple that it’s almost silly – we just change the login URL.

Changing the login URL dramatically reduces automated traffic, which lowers exposure and server strain It’s not foolproof by any means (and doesn’t prevent more targeted attacks), but anecdotally, it has really worked to reduce bot noise.

We also limit login attempts and enforce 2FA which are two elements this older site didn’t have in place but will soon.

Now let’s play this scenario out a different way:
Let’s say that no one was watching the site for brute force attempts.
Say that they were able to pull an email or contact name that gave them the right info to start with half the credentials in place.
Say the user wasn’t using a secure password and the hacker made their way through.
It could have been weeks (or maybe months) before this client realized that their site was being used for malware or phishing.

The damage could be major, painful, time-consuming, and reputation-ruining.

And a good question to ask is….when was the last time someone had eyes on your site’s security? Like actual eyes on it?

Latest Stories

Sign up to our newsletter

Sign up to our newsletter

Schedule a quick chat with us

Schedule a call

Categories

Ready to Stop Guessing and Start Winning?

Our team is ready to help your business get SWOL. Don’t just sit around waiting for change to happen. 

Make it happen.

Chat With Us Now!

Latest Stories​

First Call Digital Agency

First Call Digital Agency provides comprehensive marketing solutions that include presence audits, web builds, targeted advertising, social media management, and complete branding and campaign strategies.

Schedule a quick chat with us

Solutions

Get A Quote
Get A Quote