Has Your Website Been Hacked or Compromised?

Meet our newest Guest Blogger.  Laura Wheeler, and her husband Kevin, own Firelight Web Studio, located in Medicine Bow, Wyoming.  I’ll be featuring Laura in a later post as one of our featured Creative Entreprenurs and she will be contributing to this blog periodically as a Guest Blogger.  Meanwhile, here is must-know information if you own a website.  Read Laura’s article and learn.  You’ll be glad you did!

Site Hacking

By Laura Wheeler

No, I’m not teaching you how to do it… I’m teaching you what to do if it happens to you, and how to avoid it. This is a longer article than normal, but it is not a simple subject.

First off, let’s be clear about one thing…. The correct term isn’t actually “hacked”, it is “cracked”, or “exploited”, or “abused”. But not everyone knows what those mean, so I’ll use the word “hacked”, because everyone knows that is BAD NEWS.

You might think that if your site is hacked, you would know immediately. This isn’t true. They are sneaky… They bury themselves in sites in an inconspicuous manner. They hope to go undiscovered to do their dirty work for as long as possible before they are caught.

So what, exactly, do they do?

1. They abuse your forms. They use your online forms to SEND bulk email to spam lists instead of contacting you.

2. They bury a folder deep in your site, and install a phishing site – an exact duplicate of a PayPal, AOL, Google, eBay, or other site, to collect personal info for identity theft or account abuse.

3. They embed a virus into your site files, where it perpetuates across the net, installing malware onto computers.

4. They embed other malicious code into your site, where it perpetuates and harms other people.

5. They may steal sensitive data from your site. This is rare on small business sites, tends to be targeted at big companies, but can happen from random attacks.

6. They also spam your site if they can. This isn’t exactly hacking, but it IS abuse.

So Who is at risk?

Everyone. You may think that you are small potatoes, and nobody would want to hack you… WRONG.

This is the second most common misconception about site abuse.



You see, 99.9% of hack attempts are AUTOMATED. A hacker creates a script that is designed to look for common exploit opportunities on a site – it will try common usernames and passwords, it will look for vulnerabilities in your site, and try different things. If it strikes out, it moves on. If it succeeds, it does it’s dirty work, and either flags your site for repeat dirty work, or moves on. More often than not, your site is marked as an easy target, so even if you clean it up, if you don’t go far enough, they’ll come back.

How do they find you?

1. They use the Whois domain database to scrape domains, and then they proceed through the lists.

2. They use search engines – See, if you have a dynamic site, each site type leaves a “footprint”. They go searching for that footprint, and then work their way through the hits.

So What do you Do About It?

By this time you may be in a state of panic… don’t be. Getting hacked is actually a reasonably remote possiblity, and you can eliminate 99% of the risk just by taking sensible precautions:

1. Do not use HTML forms in your site, unless they are processed by a third party company (like MyContactForm.com), or they are written securely and well supported (the built in form in Joomla is ok).

2. If you have a dynamic site (like Joomla, CRELoaded, White Label Cart, WordPress, CMSMadeSimple, etc), make sure it stays updated with the current version. This will ensure that known problems are repaired. If you are on a retainer with us, we will do this for you.

3. Use “unguessable” passwords. That means combine numbers and letters, upper and lower case, and symbols where allowed.

4. Don’t share your passwords unless necessary, and only if you absolutely trust the person you are sharing them with. When possible, set up a separate login, which can be deleted if needed.

5. NEVER EVER install “Resale Rights” software onto your hosting! This software is ALWAYS carelessly written, and often has intentional exploits left in by the programmers.

6. Use well supported software with a large user community, and an active developer community. Avoid lesser known stuff that is not regularly updated.

7. Protect sensitive data using common and reasonable strategies, such as SSL, encrypted passwords, place sensitive site areas into an unpublished sub-domain, etc. Ask if you need to increase security on a sensitive site area.

8. Keep regular backups. If you are on monthly maintenance with us, we’ll do monthly backups, and backup additional times on request, but we can also teach you how to do manual backups yourself.

What do to IF I get Hacked?

Usually you will discover you have been hacked in one of three ways:

1. Someone informs you that something is odd with your site – a suspicious link, they received a phishing email, or something else. Be careful, because scammers also do this. Check it out immediately though, because you may have some lead time to solve the problem BEFORE one of the next two things happens!

2. Your hosting company shuts you down without notice.

3. Google flags your site as a malicious site – this is BAD, because it notifies the world that your site is distributing malware.

Once you discover this, it is important that you act fast .

1. Get a pro on the job as quickly as possible. If you cannot afford a pro, get on the line with your hosting company. They can often help you – there may be a charge, or not.

2. Shut down the site, put up a maintenance notice until you work everything out. SERIOUSLY… it is better to have a sitedown notice than to have the search engines discover the breach.

3. Move the hosting account – you can stay with the same web host, just open a new account to put the restored site into. DO NOT use the same passwords for the new account as for the old one!

4. Restore the site from backups from before the breach occurred. You may have to do some rebuilding – you also need to change all admin passwords and usernames.

5. Make sure the software on the site is running the latest versions – this is critical, because if the hacking happened because of a known security hole, you MUST patch it or it will happen again .

6. Direct your domain to the new site, close out the old hosting account.

7. Report the exploit to the FBI. Ask us, and we’ll point you to the website where you report this. Doing so may help them form a complete picture to close in on the perpetrators.

Having your site hacked is not a pleasant experience, and there are NO guarantees that it won’t happen. By doing the smart stuff, you reduce the risks, but cannot completely eliminate them. There is no point in being paranoid, it happens, but it is fairly rare. We’ve had to deal with about 4 different site hack variations in the last 9 years – with a clientele of hundreds, those are not bad odds, and we’ve learned how to reduce the risks with each episode.

If it happens to you, we WILL help you. There may be some costs involved, or not, depending on the terms of your previous agreements with us. But we can help you get your site back up and running in the least amount of time.

For more information, check out this blog post by Laura.

Shoestring Marketing

Advertising is something that most small businesses can’t afford to do very often.  But it doesn’t have to be.  You just need to think of advertising differently.

It’s true that buying an ad in a newspaper or magazine can be expensive and running an ad once isn’t very effective.  But there are other ways to achieve effective results without the hefty price tags.

Your Advertising Mindset

You need to think of advertising as “any way that you can think of to let people know about your business.”  To begin with, don’t jump around from one message to another.  Use one message consistently anywhere that you advertise.  And it’s preferable if this message is a benefit rather than a product.  Remember to use strong action words.  Think of a thought provoking header that will make your readers curious.  You want them to pick up the phone, visit your website, or stop by your business.  Curiosity is an excellent motivating power to make them do just that.

If you’re spending money for the ad, test how effective it is by including a coupon or code.  Testing is essential or you may be wasting your marketing dollars.

Think of simple, affordable but effective ways to get the word out.  To get you started, here are a few:

  • Advertise on your invoices or receipts.  Offer a deal that is too good for them to pass up.
  • Advertise on other company’s blogs that offer complementary products or services.  They’ve already attracted the customers for you.
  • Print up some advertising postcards and place them on other store’s counters in exchange for advertising at your store or web site.
  • Give away free samples.  Many times that is cheaper than advertising.  Mrs Fields started her cookie company by standing on the corner in her town and handing out samples.
  • Every time you attend a mixer, take a basket of inexpensive products (packaged candy, mints, or think outside the box) with your business card or a “special offer” card attached.  Hand them out to everyone you meet.
  • Think of a unique marketing idea and write a press release about it.

These are just a few ideas to get you started.  Put on that “thinking cap” that we talked about in a former post and start marketing on a shoestring.

What Did You Do To Market Yourself Today?

Many of us think of ourselves as Creative, as Designers, as Artistic.  And yet we fail to apply these traits to our marketing process.  We tend to play it safe–practicing the tried and true “me too” marketing strategies that others have used.  Fearing to tread where others have not.  But extraordinary marketing results are rarely achieved by playing it safe. 

If you look at the front-runners in any industry, you’ll see that their marketing ideas are definitely not ordinary.  All of their individual marketing ideas may not be as successful as they had hoped, but long-term, their brand is created and they thrive.  Look at Coke as an example.  They’ve been creative with all kinds of new slogans, new products, and new campaigns.  Many have fizzled.  But their market share in their industry remains strong.

Like this sunset, which I photographed last fall, extraordinary marketing isn’t an everyday occurance.  It is rare, but when it occurs, it can be dynamic.

The Keyword is Strategy!

There are several ingredients to an effective extraordinary marketing strategy.  And the keyword is strategy.  A revamped website or logo or even a great new tagline may be very original but you have to create a plan to make your customers or website visitors sit up and take notice.  Effective marketing doesn’t have to have a huge budget. Guerrilla marketing can be creative and use unconventional methods of promotion.  As a small business, you can be more agile than the bigger companies and you have a greater ability to create personal relationships with your customers.

But the core of  that strategy must be a promise to deliver a specific benefit to your customers.  A benefit that can’t be claimed by your competitors.  It takes time and effort to understand what your customers want and need most from your business and to then exceed those expectations.  But a successful marketing strategy depends on it.

The company that jumps into the field with a unique new product may blossom and bloom for awhile but with nothing more than a product, the bloom gradually fades and disappears.  Remember the hula hoop?  The pet rock?  And all the other unique new products?

Improvisation is essential.  Those who excel at marketing focus on their core benefits while finding new ways to sell what their customers want to buy.  They frequently offer several layers of products which will meet the changing needs of their customers.  As an example, in today’s market, many are looking for ways to say “I’m thinking of you” on a budget.  The marketer, who is on top of his/her customer’s needs, will add a layer of less expensive products to the larger more elaborate gift baskets that sold easily during the boom years.

Know Your Marketplace

The marketplace is constantly changing.  In the 17 years that I’ve been in this industry, I’ve seen many, many businesses begin with a shout and then die with barely a whisper.  There are always new competitiors entering the fray with unique, compelling products and benefits.  Once again, successful marketers know what to change, when to change, and what to hang on to and continue to develop.  Basically what I am saying is that it’s essential to develop and stick with a core message or benefit while improvising to meet the changing needs of your customers, the economy, and the general marketplace. 

Long-term loyalty comes from shared values and your ability to create a marketing process that reflects those values.  Customers want change but not in what you stand for.  They want to see you and your company as one that they can depend on to be there when they need you and to provide the benefits that you promise.

Marketing is a continuous process.  There is no start nor no end.  A failure to keep your business in front of your customers on a regular basis usually means that they forget all about you.  A good question to ask yourself at the end of each day is “What did you do to market yourself today?”

Do You Need a Gift Company Doctor?

We, as gift basket companies, are not the only ones struggling to survive in today’s recession.  I’ve seen the size of newspapers and most of my trade magazines — from promotional products to website information to general business among others– diminish as vendors are finding it difficult to come up with the funds to advertise.  I’ve even seen some of our vendors and gift basket companies disappear.

The financial publications, as well as the business news broadcasts, have been preaching gloom and doom for months with good reason.  And during the holiday season, much of the retail community jumped onto the Wal-Mart Express, cutting prices to the bone as they tried to attract customers. They will most likely be doing the same, as well as offering free shipping, this coming season.

What do you do about all this?  Fold up your business and go home?  Of course not.  There’s business out there to be had and many of us are finding it.

snowstormIf your business is having problems, think of it as a long trek through a snowstorm.  Everything is white around you and you feel all alone.  It’s hard to see where you’ve been and it’s even harder to see, through the blinding snow, where you are headed.  It’s time to go into SURVIVAL MODE.

Even though it may seem like it, you are not alone.  There are others around you, going through the same storm.  Some are moving ahead with little problems while others are barely making it.  Some are stumbling with each step, ready to fall into the snow, and simply go to sleep.

Gift Company Doctor At Work
Gift Company Doctor At Work

But wait!  You can survive!  What you need right now is the Gift Company Doctor!  There are several good Gift Company Doctors out there, and like the medical profession, there are also some quacks.  The good ones are ready and willing to offer you advice, provide survival gear, and get you moving through the storm–stronger and better prepared to survive it.

Reputation and proven ability is about the only thing you have to go on when determining which Gift Company Doctors to put your trust in.  This industry has been around long enough that there are a number of those who have contributed their time, their energy, and their money towards helping the weaker ones to stand.  You’ll remember hearing these Gift Company Doctors speak at a Convention you’ve attended or reading their regular long-time contributions to the gift basket themed bulletin boards or articles in our trade magazines throughout the years.

I could name a lot of them for you but each of you have had your own experiences.  Like any medical doctor, each Gift Company Doctor has his or her own bedside manner and degree of willingness to share.   If you’ve been in the industry very long, you know of several.  Just like choosing a medical doctor, you need to choose one that you feel comfortable with.  If you’re fairly new to the business, and haven’t been participating in the Conventions, reading the trade magazines, or the active boards, I suggest that you ask someone who has.

Like most medical doctors, I don’t often advertise my own services.  Most of you already know me as one of the available Gift Company Doctors.  I’ve been consulting small businesses as a “Small Business Doctor” for a number of years–first as a counselor for SCORE (Service Corps of Retired Executives) and now as a business counselor for Coconino County Business Empowerment Program.   If you need general business advice, these programs, along with the SBDC (Small Business Development Center) are excellent resources.

But if you have specific Gift or Gift Basket company concerns, using the suggestions that I mentioned earlier in this post, find a reliable Gift Company Doctor and take advantage of their help.   I invite you to consider this blog as part of this Gift Company Doctor’s  prescription for survival.  If you haven’t gone back and read all the posts from the very beginning, you’ve missed some important prescriptions.  If you have survival concerns or questions that you would like to see covered in a future post, just ask.  And if you know of another company that could benefit from it, tell them about it.

I also invite you to join the many other companies in the industry–both big and small–who are taking advantage of another prescription for increasing traffic to their website businesses and that is GiftBasketNetwork.com.  There are other directories that have been around for enough years to provide traffic as well.  But GiftBasketNetwork  is much more than a directory.  It is an actual network of members helping other members.  The sister websites GiftRetailersConnection.com and GiftRetailersConnection.ning.com provide a free community bulletin board (forum) where advice and information is shared as well as an excellent must-have magazine for the industry.

“But I can’t afford it,” you may say.  And my answer is “Can you afford not to?”  Some of the bigger companies, such as Wine Country among others, have decided that they needed the service.  These companies are your competition.  Can you afford NOT to receive the same kind of traffic that they value.  You can choose a specialist or a general practitioner.  The price is different.  But so is the knowledge available and the benefits received.

The survival gear, that your Gift Company Doctor helps you choose, should fit well and have adequate protection from the storm.  We don’t know how long this storm will last or how soon we will be able to see the path more clearly but the choices you make now for your business can make all the difference.

If you’re feeling weak and fear that you’re stumbling, it’s time to go into survival mode!  And this Gift Basket Doctor, as well as many others who have been in the business long enough to survive multiple recessions,  is here to help you on your way.

It is embarrassing…

A recent editorial in Specialty Food Magazine reminded us:
“During this recession, many of us are finding it challenging just trying to make the right decisions about our finances and our businesses.  But it is more important than ever to think of the increasingly large number of Americans who are being forced to decide whether or not they can afford to eat today.

In a society that supports a $60 billion trade catering to consumers who have the means to select and buy superior food products, it is embarrassing that there are so many people going hungry.”

Most of our communities have food banks.  My local food banks, as I’m sure many of yours are, have experienced increasing pressure to provide food to more and more people.  According to Feeding America, food banks nationwide saw a 20% rise in demand for food last spring alone.  And they are reporting that much of this new demand is coming from working middle class families who are having problems making ends meet. 

What can we as gift company owners do to help?  Many of you are struggling as well.  But donations of money and food are always appreciated.  If you have food products that still have shelf life but will expire soon, you might want to donate them to your local food bank.  If you have a retail store, offer a discount on a purchase when someone brings in food to be donated to the food bank.  If you are a website business only, you could offer to donate a certain percentage of each sale to a food bank.

I’m sure there are many other ways to help those less fortunate than us.  Put on that thinking cap that I mentioned a number of posts ago and see what you can come up with.  Feel free to share those thoughts in our comments area.