4 MIN READ

Surprise! - The Sequel

September 17, 2019
https://cdn2.hubspot.net/hubfs/3424889/Article%20PDFs/Surprise!%20-%20The%20Sequel.pdf

 

Several weeks ago, I wrote an article titled Surprise! in which I listed some nasty results visited upon business owners who acted on bad or no advice. The week after I wrote the article, a client of mine received the following email:

 

From: Google Ads <ads-noreply@google.com>

Date: Wed, Sep 4, 2019 at 10:57 PM

Subject: AdWords Express Ad Disapproval Notice

To: <xxxxxxxxxx>

 

Hello,

 

Your ad isn't running right now because it's disapproved for violating Google's advertising policies. If you address the policy violations below, we'll take a look and see if it can start running again.

 

=====================

   Policy violations

=====================

 - Misleading content: We don't want users to feel misled by ads that we deliver. For this reason, please remove any promotional content that does any of the following:

  - Makes false statements about your identity or qualifications

  - Uses false claims or claims that entice the user with an improbable 

result (even if this result is possible) as the likely outcome that a user 

can expect

  - Falsely implies affiliation with, or endorsement by, another individual, organization, product, or service

 

That wasn’t all. Anyone who visited their website through most browsers was greeted with a red banner and a “Dangerous site” warning. Google Chrome wouldn’t even include their site in search results. My client  had been hacked. Surprise!

client  had been hacked

 

This wasn’t just an annoying surprise. My client had invested tens of thousands of dollars developing his digital marketing presence on the internet, and it was paying off big time. They were selling hundreds of thousands of dollars worth of work and product through the site each month, but now it was down. 

 

My clients are regular people like you and me. They knew about hacking, but always as something that happened to other people. Not this time. What should they do? What would you do? 

 

This is a Surprise! article, but with a different ending. My client had acted on good advice to host with a reputable company even though the cost was fifteen times higher than that of the best known hosting provider. That’s right, fifteen times as much -- $30 per month versus $1.98 per month! A whopping $28 per month to protect $100,000 per month in sales.


best known hosting provider

 

The inexpensive host’s response to such problems is: “We didn’t do it. Not our problem. We’re taking your site down. Let us know when you fix it.” 

 

Fix it? How the hell do you “fix it?” Where do you even start? Instead of scrambling around in a panic, my client made one call to Lance Dockins*, owner of the hosting company WordKeeper.com.

 

“I’m on it,” was all he said. 

 

In less than a day, (note the date and time between the two emails) my client received the following email:

 

From: Support <support@wordkeeper.com>

Date: Thu, Sep 5, 2019 at 3:27 PM

Subject: Re: Website security issues

To:<xxxxxxxxx.com>



Hi ------,

 

I've been working on the security issue on your site since you informed Lance about it, and the site is all cleaned up now. During my investigation I found that a hacker had compromised one of the Wordpress admin user accounts back in May. During the initial phase of the attack they only uploaded some backdoors to keep their access going.

 

Then last month they started doing their real work which included adding some phishing sites and some spammy posts to your blog.

 

That delay between the time of the initial hack and content changes is a very common tactic used by hackers. They do that because once they get found out most people's initial response is to restore a backup. If we had followed that common practice, the site would be right back where it was in a matter of hours or days because their original back doors would have been restored too.

 

Instead of doing that I investigated the issue fully and cleaned up all issues they have caused. I've also reset the password for the admin user who was compromised. 

 

After fully cleaning the site, I found that it had been blacklisted by several blacklist maintainers. I've already requested that they review and delist your site which usually takes several days. Although one has already responded to say they have removed it.

 

I'll keep monitoring the blacklist status and I'll also run a follow-up security check in 1 week to ensure that no more malicious activity is taking place. I'll update you again then, but if you have any questions or see anything suspicious let us know.

 

Cheers,

Brad Patton

WordKeeper (formerly VRAZER, LLC)

Server Administrator

 

There is an enormous spread between the business owners in my previous article who lost tens of thousands of dollars because of bad advice, and the business owner in this article who preserved hundreds of thousand of dollars in sales by acting on good advice. 

What about you? Whose advice are you accepting?

 

What about you? Whose advice are you accepting? What are the consequences of bad advice? What are the benefits of good advice? Is the spread between the two more than the cost of good advice? Then do it. 

 

*Full disclosure notice: I am proud to disclose that Lance Dockins, owner of WordKeeper.com, is a client of mine. If your website is important to your business (if it’s not, then why do you have it?) find out what would happen if you get hacked. Better yet, just contact Lance.