We are just now starting to recover from an attack that has left me stunned... This was an attack not only on real estate blog sites, but also on reputations, livelihoods and peace of mind. | – | San Diego Real Estate Blog |
One might morph the popular real estate adage for applicability to marketing websites: Security, security, security. A recent posting by Roberta Murphy describes how her WordPress-based San Diego Real Estate blog was viciously attacked by unknown entities who tried to delete everything ever written at San Diego Previews, Luxury Homes Digest, and 18 or so other real estate blog sites. Roberta is understandably angry about the incident which took her site down, leaving some wondering if she was still in the San Diego real estate business. But more deeply, she was left wondering, Why someone would bother to hack her site since it did not contain credit card numbers or other sensitive data? Having been responsible for the security side of the MyST Blogsite infrastructure almost five years now, I certainly sympathize with Roberta. And while I also wonder why some people are driven to such such abusive acts, I have absolutely no doubt that there are lots of such people in the world. Whether its so-called "script kiddies" doing the Internet equivalent of the joy riding, sophisticated criminals executing well-planned schemes, or well-intended (but not so skilled) programmers trying to address legitimate integration requirements, the Internet is teeming with nefarious activity. Here's a simple rule of thumb: If your site has any significant visibility at all, it will be attacked at some point. As I described in my FAS Talk blog, last month I discovered that a federation of hacked WordPress servers—over a thousand servers to date—were (and still are) being used to try to hack into our company web site. At the time I first noticed slower-than-normal server response times, that site was receiving over 50,000 requests per day attempting to gain authoring access. Thankfully, our company web site, like every other advertorial marketing site powered by MyST Blogsite, is protected by multiple security layers and was never actually hacked.  MyST SlimeGate™ is one of the security layers that protect all commercial sites powered by MyST Blogsite. (There are others; see, for example, Fighting Back Against Big, Hungry, Orange Alligators.) This layer serves as a blogsite's immune system by killing nefarious requests before they ever reach the blogsite itself and by restricting subsequent access by offending machines through dynamic firewall technology. Once this immune system layer "learned" to recognize requests from compromised WordPress servers, the 50,000 number quickly dropped to about 20 and response times returned to normal.
Do you have a security related story or question? Post a comment below. |
