Website Security – A Tale of Woe

  • Post category:General

GroupSupport was approached by a valued client in 2022 to assist with making some changes to their website – normally managed in-house by the client.

While scoping the work, the GroupSupport team discovered over 750 published, live but unauthorized posts – created by a black hat using credentials harvested from a hack on a separate business.  These pages were causing the Google ranking of the site to plummet – but the client didn’t know why.

We confirmed that these posts and pages had been injected using the valid login credentials – pages containing all manner of horrible content including pornography, links to gambling sites, spam and phishing sites and advertisements for medications to name a few.

But because the authorization was used, the pages avoided being detected by the automatic scanning / security firewall the client had installed. 

The GroupSupport team removed the foreign pages and other material from the website, upgraded the authentication requirements and put the site on our maintenance plan.  Our Work also included assistance to the client changing the same credentials used on other platforms.

This scenario is a perfect example of why regular maintenance of your website is needed, by experienced operators outside your business – work that should include more than just a check on credential security.  

GroupSupport work collaboratively with several industry professionals on websites with our role being to ensure security of the hosting side of the equation. If you are unsure when your website was last checked for security it has been too long.

Contact one of the team at GroupSupport who will be happy to discuss your situation in detail.