[Hidden-tech] Maybe some one can help - at least locally

Rob Laporte rob at 2disc.com
Mon Dec 21 12:41:14 UTC 2020 

Two to three years ago, I began prepping clients to expect increasing security risks and general tech complexity in websites and servers, via an advisory I copy below. While this was part of my firm's determination to extricate ourselves from website tech management to which search marketing firms are prone by mission creep, it was mostly to apprise them that

  1.  there is a big hidden cost on their balance sheets;
  2.  sooner or later that cost will hit their P&L;
  3.  they should start taking actions now to reduce that inevitable cost.

The recent web-wide WordPress hacks sadly confirmed my advisories. My first and repeated advisories on this trend provided some comfort that my firm continues its long history of anticipating crucial future changes. My firm now has comprehensive SEO-technical monitoring systems that identify website/server hacks immediately, thanks mostly to our tech & security partner, Nubbernaut Studios.

My point is that I believe that convincing businesses of the need for such an investment usually requires multiple messages over time, A few business leaders won't require this "Three-Hit Theory" of marketing messaging and will get it the first time.

Below is my original advisory from ~3 years ago, followed by an excellent, recent 7-minute video by my firm's CEO Jack Fox and Nubbernaut Studios, explaining the "7 layers" problem and solutions to one of our clients:


The 7 Layers of a Website

To understand why dedicated monthly website-tech management is vital, it helps to glimpse the connected layers beneath content managers’ typical interactions with a website. I’ll use WordPress (WP) as an example, but this synopsis applies variously to all website platforms.

  1.  The top layer is where you add content.

  2.  Beneath that is a layer of plugins or other third-party apps and connections. This and the above layer often break when crucial WP upgrades are rolled out a few times per year.

  3.  Lower still is the database holding not only visible content in pages and posts, but also user profiles and passwords, client or customer logins, and variously secure connections to layers above and below.

  4.  Supporting the above layers and connecting to the server foundation is a tech management layer often called cPanel. It is open source and often upgraded automatically, and such upgrades can damage other layers and break automatic back-up systems. This layer often has entrances left over from past webmasters’ work, via the likes of FTP. It also offers admin panels for most aspects of email management, domain name associations, and other vital functions of your website.

  5.  Some web hosts offer access to yet a deeper layer, often called WHM (Web Host Management). My recent spelunking there shows a byzantine array of settings often pre-set and sometimes changed willy-nilly by cheap hosting plans at the likes of GoDaddy. Options in this setup, like caching and CDN services, can have major impact on security, SEO, site speed, and other functions.

  6.  Finally, there’s the server itself, which is set-up by web hosts (or clients’ in-house IT people). I’ve never been inside there, and just peering over the misty edge into that abyss is terrifying.

  7.  Another layer that wraps around all of the above is the human layer. People working in and on the site often unwittingly do damage, and, given the compounding complexity of websites, even excellent tech pros can make mistakes that impair function and SEO performance.


Those layers change over time, and sometimes, like tectonic plates, they can rupture, causing lots of screaming and running for help. One among many consequences is declining site speed, and Google is constantly making speed more of a ranking factor, never mind the vital role of speed in conversion rate optimization (CRO).


Video: Jack and Kevin September Hack and Site Security Packages for THS<https://www.youtube.com/watch?v=Quwp7J8PqAo&feature=youtu.be>.


Take Care,


Rob Laporte

Chief Business Development Officer | Founder | Chairman

DISC - Making Websites Make Money

413-584-6500

rob at 2disc.com<mailto:rob at 2disc.com> | LinkedIn<https://www.linkedin.com/in/2disc/> | 2DISC.com<https://www.2disc.com>


NOTE: Emails can be blocked by spam filters throughout the web. If you don’t get a reply within an expected span of time, please call.


________________________________
From: Hidden-discuss <hidden-discuss-bounces at lists.hidden-tech.net> on behalf of Daniel Nachbar via Hidden-discuss <hidden-discuss at lists.hidden-tech.net>
Sent: Sunday, December 20, 2020 3:39 PM
To: HT-discuss <hidden-discuss at lists.hidden-tech.net>
Cc: Daniel Nachbar <daniel.nachbar at gmail.com>
Subject: Re: [Hidden-tech] Maybe some one can help - at least locally

I'm not a network security expert but I have discussed this topic with some.

Their consensus view is that there is essentially no way to effectively scrub the compromised networks/machines. These are very sophisticated attackers who had far too much access for far too long. Rebuilding from scratch is likely the only effective response.

However such drastic remediation is almost impossible to sell to upper management when there is no immediate evidence of compromise. Worse yet, making the pitch to rebuild requires one to explain to upper management how one totally screwed up in the first place.

So most victims will likely instead do some half-measure "security scans", which will of course find nothing (because these are extremely sophisticated attackers), and then just move on. Months or years from now previously unidentified dormant worms will activate and the whole compromise cycle will begin anew.

There is going to be a very, very long tail on this thing.

On Sun, Dec 20, 2020 at 12:39 PM Rich at tnr via Hidden-discuss <hidden-discuss at lists.hidden-tech.net<mailto:hidden-discuss at lists.hidden-tech.net>> wrote:

Should like a job for a super-techie -- any takers ??

It’s going to take months to kick elite hackers widely believed to be Russian out of the U.S. government networks they have been quietly rifling through since as far back as March in Washington’s worst cyberespionage failure on record.

... “We have a serious problem. We don’t know what networks they are in, how deep they are, what access they have, what tools they left,” said Bruce Schneier, a prominent security expert and Harvard fellow. ...

https://apnews.com/article/hacking-russia-bafff5557a8941aa1a5ef239d36c4e28?fbclid=IwAR1MvOIpHUL8GrS2IE-g_hd6BY336St-00rQ-C4FRsngagVEDg9zmh6trhM


--
Rich Roth
CEO TnR Global

Bio and personal blog: http://rizbang.com
Building the really big sites:      http://www.tnrglobal.com
Small/Soho business in the PV:        http://www.hidden-tech.net
Places to meet for business:        http://www.meetmewhere.com
And for Arts and relaxation:
http://TarotMuertos.com - Artistic Tarot Deck
   http://www.welovemuseums.com
   http://www.artonmytv.com/
Helping move the world:             http://www.earththrives.com

_______________________________________________
Hidden-discuss mailing list - home page: http://www.hidden-tech.net
Hidden-discuss at lists.hidden-tech.net<mailto:Hidden-discuss at lists.hidden-tech.net>

You are receiving this because you are on the Hidden-Tech Discussion list.
If you would like to change your list preferences, Go to the Members
page on the Hidden Tech Web site.
http://www.hidden-tech.net/members
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20201221/741b3cf2/attachment-0001.html>

Google
More information about the Hidden-discuss mailing list