Chopped! An interview series with online entrepreneurs /// Today: Maria and the Botnetwork

Im Jahr 2016 wurden über 70% aller Wordpress basierten Webseiten mit Schadcode infiziert. Maria ist eine davon.

In 2016 over 70% of all WordPress-based websites were infected with malicious code. All web site operators were thus threatened and quite a few had witnessed their business existence being destroyed. We want to use this series of interviews to tell their stories and to raise the awareness of web site operators on the topic of security and backup copying.

MisterBackup: Hello Maria, thank you for taking the time to tell us a little bit about your project. In order to protect your business from your competitors, we have changed your name and, as far as possible, will not go into the details of your project or the domain name. Tell us, since when you have been doing business on the Internet and what subject areas you are dealing with?

Maria: Gladly! We had our first Internet access as early as 1998. As a family, this new technology was of great interest at an early stage. Back then, my husband worked as a real estate broker and drove to appointments all over Germany, while I took care of the coordination of new customer accounts, the bookkeeping and I also took over the communication with the customers. 10 years later, I think it was around the year 2007, we took the first steps towards online presence. The customer should have the opportunity to find us easier and to be able to view the most important information in advance.

MisterBackup: Have you then already been working with WordPress?

Maria: No, WordPress was completely unknown to us. I was then, still working with Adobe GoLive Cs and later used „Typo“ as a content management system.

MisterBackup: How did it go from there?

Maria: We experienced a number of setbacks, especially due to changes in legislation and it became increasingly difficult for us to earn a stable income. There had to be a solution. Together with my husband, I thought about how to develop a second mainstay. After some time, we decided to design an information portal for pets and thus generate advertising revenues. That was, if I remember correctly, around the year 2008.

Mister Backup: No easy task…

Maria: No, absolutely not. This was also completely uncharted territory for us. And in addition, we needed someone to technically supervise our project. Which of course caused additional costs. But, that’s just how it is. I’ve often been in libraries and archives during these years, and I began to write. It was a lot of fun, but it was also very tiring. Five years later, our website hat about 1500 pure information pages.

MisterBackup: 1500 pages? And did you collect this information all by yourself?

Maria: Yes, I was really busy day and night. However, a little later, I had help from a good friend, who supported me very much, I am grateful to her to this day. We then managed to become one of the largest information pages for pets in Germany within five years.

MisterBackup: Can you give us some numbers?

Maria: Our peakpoint was at the end of 2014 with 50,000 visitors and more than 100,000 page views per month. But then we were increasingly attacked, we had built a forum for the visitors, but our safety precautions were bad. To be honest, this also exceeded my imagination and I naturally depended on the competence of our administrator. The spam took over and at some point our site was classified as dangerous by Google. Soon after, we received a letter from our hosting provider, who threatened to take our entire server off the web, should we not get the problem under control within 30 days. The server had become part of a bot network and sent spam. The whole site was ruined, we were hacked. I was devastated, I had worked on this project for many years and all my work seemed destroyed.

MisterBackup: That sounds awful, but you surely had backup copies that you could go back to?

Maria: Well, I thought of that too. However, in a conversation with the administrator, it turned out that there was none. Instead, he gave us a cryptic package consisting of loud code that was 1.2GB in size and was not really usable for the layman. He wanted to have 350.00 € for it. What choice did we have, we paid the price and got the package sent by him.

MisterBackup: Let me summarize that for a moment! You had such a successful project, without any real security measures and you had no working backups?

Maria: Yes, it is incredible. But apart from all the work I had, I could not take care of that too, because I fully relied on the competence of our administrator. Today, I can only advise everyone to check exactly with whom you are working with. Many people out there do not take their jobs seriously or overestimate their own competences.

MisterBackup: But your site has been online for a long time, how did you manage to do that?

Maria: (laughs) Now comes the advertising part for you, but I will happily tell. Thanks to a tip we heard of MisterBackup, who were still working under a different name. The team listened closely and helped us save the whole project. A new server was ordered, the old data was parsed with the help of a programmer into readable format using Python, the domain was cleaned up, a WordPress was set up and everything was thought of. I was and still am very happy. There are now daily backup copies of our website, regular security checks take place and I can now sleep peacefully.

MisterBackup: Have there been any incidents since then?

Maria: A smaller one, yes. As a MisterBackup administrator tried to explain, there was a lack of information policy on the part of WordPress’s developers when WordPress 4.7.2 was updated.  There were seemingly security holes, the developers concealed and countless WordPress installations were attacked worldwide at this time. The hackers probably never had full access to the site, but could put text and image messages in blog contributions. We immediately reported it to MisterBackup and the problem was resolved within three hours.

MisterBackup: Yes, our team checked when the attack took place and put the last clean backup on the website. The security gaps were closed and the passwords had been changed for the sake of security. This can happen! If you are well prepared and follow all safety precautions, it will not lead to major problems.

Maria: So it seems. Within three hours, the page was clean again, which I could see from our customer report that had reached me by mail.

MisterBackup: So it should be! Well, thank you very much Maria, for telling us your story and we wish you all the best for your projects. We are looking forward to hearing from you in the support chat.

Maria: Gladly, see you soon!