To All Web Clients:
We’re installing a firewall to afford a higher level of protection against the increasing malware attacks to our clients’ websites. We need access to your domain account to set this up, but DO NOT REPLY VIA EMAIL until you’ve read this entire email.
If you’re in a hurry, use this link to send us in a word doc:
https://sandismithleyva.sharefile.com/r-r7cccf8b8b884e60b
- your name,
- website domain address,
- domain account (like GoDaddy),
- username and
- password.
If you have 2-factor authentication, please be by your phone or email to get us the code.
Secure upload link:
https://sandismithleyva.sharefile.com/r-r7cccf8b8b884e60b
If your site went live in the last few months and you haven’t changed your password, we might not need your information. Your firewall has already been installed if we could get into your account.
Background
We have been playing Whack-a-Mole with hackers on about 10 of our sites for about a week now and, after 20 years of being able to easily handle these things internally, I guess those days are gone like so many other things in 2020.
I have hired a security company at my (great) expense and this wonderful benefit will be an ongoing feature of your package at no extra charge to you. They are on the job now and will clean up the hacker damage over the next few days.
Once it’s clean, they will submit the sites that were marked with Google warnings to Google through Search Console. I am told it will take about 3 days for Google to review the site and remove the warning.
I apologize for the downtime but this is the best way forward.
If you use Google email, you may be at risk for further blocks. If your website URL is in your signature file and you email another Google GSuite user, I believe this is where the blocking occurs. I use Google GSuite, so don’t email me unless you understand the risk. This is Google’s security response and completely out of our hands.
Details
About 10 of our sites mostly on our West coast servers have been hit with code infusion malware via WordPress. These are phishing attacks. Please be cautious when accessing your site. Do not attempt to access your site unless you have anti-virus AND browsing protection.
These hacks can come in via vulnerabilities in forms, plugins, and themes. We will have a new way for you to access cpanel and I suspect we will require IP address whitelisting going forward. We are also in the process of turning off blog comments on all of your sites.
You may not be able to tell if your site has been hit. Some sites have been flagged by Google Chrome and you will see a red screen in this case. Edge and Firefox will present fewer warnings.
I’ve been through several hacks and handled them personally. They happen about once every 5 years. After the fire is out I will attempt to find out what caused this and let you know, although most of the time we never find out.
Please know we take many precautions to avoid this type of issue – strong passwords, up-to-date systems software, and tight security within our own company staff and procedures. But we cannot control many, many other variables that can lead to the weak link.
Going forward, as mentioned in the opening paragraph, we have real-time monitoring (already working) and a firewall specific to malware prevention, even though it’s not part of the current package.
Please know we’re on top of it and please be patient with us.
If you need to call me urgently, feel free, but please know that time on the phone will hold up the installation of all of the firewalls. So if it can wait, I and your fellow clients will appreciate it.
