Feasibility Of Security Measures
By LawrenceAnother day of hard work with some experts on wordpress security. After analyzing many days of access logs of the website, I’ve learned quite a number of tricks the bots are using. There are actually quite a number of different bots out there ready to exploit any websites and surprisingly not that many site owners are aware of the vulnerabilities of their websites.
Before the latest round of attacks last week, I was a believer that we’ve done a good job protecting it.
I was correct that daytradingbias.com is secure from those bots that are designed to hack the site for client information. Our design has taken into account good security measures thus there was never a problem in this area.
I was also correct that our site is secure from hijack attempts. We’ve done a good job making it very difficult to gain control of the website. Many of these bots do not really care about stealing things. They wanted to control the servers so that they can use them as drones to attack other websites, important websites.
In other words, website owners who are not prepared would cause the servers hosting their websites to be hijacked for malicious purposes.
After patting my back, let’s talk about the part that I was dead wrong. What we failed to address, was the security measures in limiting the content stealing bots. I thought we have done enough but the reality hits me hard. It was these bots that brought down our site from time to time. It is an eye opener learning how they function with all these ways to scan and steal contents from websites.
Not just my website but also the ones belonging to many major companies are being attacked by these bots everyday. I was shown how they work and the fact that they work efficiently on these brick and mortar websites tells me there exists an industry of content stealing. Remember, majority of these looting bots do not even know what they are looting. They just do it in mass scale so that, once in a while, they would hit someone useful or valuable.
For the big companies, many of them have put lots of resources behind their websites. Thus it is not likely their websites will be affect significantly. For websites like daytradingbias.com that are not prepared for heavy traffic, it is a different story. The brute force attack to loot the content can overload the servers quickly.
These bots are not very patient too. They scan for weaknesses, loot at high speed, and then target the next victim.
I make it sounds like real life robberies, isn’t it?
At this point, we’ve added many security measures to safe guard against these attacks. I cannot talk about the security measures taken because they are trade secrets that the security experts prefer to keep under the radar so that the techniques can stay effective.
I feel better, at least for now, after this ordeal.
