The 4/3/19 Well Dressed Walrus Website Server Attack

By Andy Dentone and Jeffrey Long

What Happened?

On April 3rd, 2019 at about 8:30 AM PT we started noticing the beginning of a **DDoS attack.

It seemed just a little odd at first – with a few websites running slow and some backups we were doing at the time seemed to stall.

Then we noticed our monitoring software’s alerts, and within a few minutes, the first support ticket came through.

By 9:00 AM PT, we had stopped working on building & backup up websites and started focusing only on fixing whatever was causing the major slow-down.

By 10:00 AM PT, we had received more support tickets than we usually see in several months.

While the attack was in progress, we did our best to answer the phone every time a concerned customer called in while we did everything we could to add a layer of protection for each and every hosting account.

How long did it last?

This attack made any website on one of our web hosting servers inaccessible from any public web traffic for about 22 hours.  Since the end of this attack (just after 6:00 AM PT April 4th, 2019) we have been running without issue.

Did the “hackers get anything”?

No. It looks like tens of thousands of malware-infected computers were directed to attack one of our main hosting servers. Our other servers were unaffected by this issue. Other servers on the same network were also unaffected. The attack caused frustrating and costly downtime, but that is all.

What did we learn?

We have learned many things from this attack.

Keeping ahead of hackers

We have been actively and routinely updating our server hardware and software technology since we started hosting websites in 2010. This is one important way we keep ahead of hackers. In fact, we updated our best-practices in late 2018 and we’ve been anticipating the need for an upgrade to the servers, including the one that got attacked.  The attack happened on a server where the new protections had not yet been widely implemented.

More Separation

There are advancements in operating systems and server software technology that allows for better separation between each hosting account’s available resources. It isolates each customer into a separate Virtualized Environment which partitions, allocates, and limits server resources.

Set Acceptable Limits

All of our new servers have defined limits set on each account to prevent one website or a combination of websites using too many resources that it could take the whole server down.

Note: These limits should not affect most of our clients unless there is a large spike in traffic that we did not anticipate. If you are anticipating a large spike in traffic (I.E. new product or news release) let us know so we can adjust the limits for your account.

We also keep track of server resources and monitor them so that we don’t “oversell” hosting packages. This makes sure each account has plenty of resources to perform at its maximum.

Inspired Growth

We have learned that we need to continue with our upgrade the server to more powerful one with more controls and monitoring.  We’ve started planning a new hosting server (rolling out June 2019) with new protections and security added.

Better Domain Routing Security (+ improved load times)

As part of our recommended setup, we now leverage CloudFlare’s DNS for nearly all websites. If an attack happens, CloudFlare steps in and saves the day with a local copy of your website. This brings an extra level of security and peace of mind. As a bonus, it also provides a free Content Delivery Network (CDN) for our clients which makes your website load faster for your visitors.

We are working to expand our offerings from CloudFlare in the near future.

Can it happen again?

Yes. It could happen again. There is no 100% guarantee on website hosting unfortunately.   The Internet is a wild and crazy place.  Fear not though – we have your back!!

We’re doing our best to prevent another complete outage. We are working on a plan to have more protections in place to prevent another attack like this by the end of Summer 2019.

 

**DDoS Attack Explained:

https://www.netscout.com/what-is-ddos

 

6 Updates You Need to Make to Your Website in 2017

A new year typically means new resolve to focus on your health, relationships, and business. And while many small-business owners choose to focus efforts on marketing, social media, creating new products and services, or hiring new employees, lots of owners neglect to update their websites.

According to a Local Consumer Review Survey taken in 2012, 85% of users have used the internet to look up a local business. I do this all of the time, and you probably do, too. Potential customers Google to find out about the business they’re considering supporting, and an outdated website could be just as detrimental as no website at all.

If you have an existing website and it’s out of date it can give the impression that you’re not a reputable business, that your business can’t keep up with new technology, or that you don’t care about web users.

If you don’t have a website:

You’ve resolved to work on your business this year so you need to make some changes to your web presence. If you don’t have a website at all, get one! We help small businesses finance a one-page website for $195 a month. Reach out to us if you want to learn more.

If you do have a website:

If you do have a website it’s a good idea to review it closely and plan to make some changes. It can be difficult to know where to start so I’ve made a list of 6 changes you should make to your website in 2017.

6 updates you need to make to your website this year:

Make sure your website is mobile-friendly (responsive).

If your site was built a few years ago there’s a good chance it’s not a mobile friendly (responsive) website. This is killing your online presence! 75% of U.S. internet users access the internet through mobile devices (source), and they don’t have the patience to deal with an unresponsive site.

Tip: To find out if your website is responsive, drag your browser window to a smaller size. If your website doesn’t adjust to fit all of the content in the window (i.e. you have to scroll left or right to view the full page) then your site isn’t responsive.

Blog regularly or not at all.

You’ve probably heard somewhere that a blog is great for your website. That’s true, but only if you blog regularly. Blog content is a great way to organically improve your SEO rank but it looks unprofessional if you don’t maintain a consistent presence.

You don’t have to publish a blog daily or even weekly, but you should create a schedule and stick to it. If you can’t commit to consistently posting it’s better to remove the blog from the site altogether.

Only link to active social networks.

Similar to the point on blogging, you don’t want to send customers to a Facebook page that hasn’t had an update since 2015. It’s a good idea to reserve a username for each of the major social networks, but if you can’t commit to being consistent it’s better to leave the information blank.

Placing social links on your website is a good way to help your customers connect with you across the web, but you should only give them links to the networks you use regularly. I recommend choosing 1 or 2 big networks to focus your attention on. You can add other networks as necessary but don’t overwhelm yourself at the start.

Install Google Analytics on your site.

If you’re not monitoring your analytics you’re taking a big gamble with your business. Analytics will tell you who is visiting your site, what pages they’re most interested in, and where the traffic is coming from. All of the information you gather from analytics will help you tailor your online presence to fit the needs of your customers.

Clean up your content and site organization.

If your site has dozens of pages with long chunks of block text it’s going to be a nightmare for your customers to navigate. Think about repeated questions you get from your customers… do they say things like, “I couldn’t find ____ on the site” or “I can’t remember where I saw it but your website says you do _____.” Statements like these are a good indication that your site is disorganized and too wordy.

See if you can combine pages, cut pages, reduce text, or clarify difficult topics. It’ll be a big undertaking but it’s an essential step to cleaning up your site and making sure your message is clear.

Add a call-to-action (CTA).

Chances are you want your viewers to do more than look at your site. Do you want them to call you? Download something? Fill out a form? Think of the action you most want them to take and then make that a focal point on each page. A good CTA tells your viewers what to do. I wrote an article about how to write a good one here, so check that out if you want help writing a killer CTA.

Conclusion

Your outdated website isn’t doing your business any favors. I’ve outlined 6 steps you can take to improve your website in 2017. If you want help with creating an action plan, reach out to me. I’d love to point you in the right direction.

If you’re a small-business owner and have tips to share with other business owners, leave them in the comments. How else can small businesses improve their websites this year?