A few days ago, one of my customers called me that her website is not working and ask me to check if there is anything wrong. She also sends me a copy of an email from hosting provider. In that email, there is an excessive CPU process usage report. For my customer, she has a shared account, so the web hosting company asks her to upgrade forcefully. She had to pay $900/year for the VPS hosting. Otherwise, the hosting company will suspend her account.
As I investigate her case, I fund that her e-commerce website has been hacked. I found two unknown users in Admin panel of her e-commerce site. Also, I notice that some particular IP address was numerously visited at this web address. Her e-commerce program is Magento, but it is four years old module, the site was never upgraded or updated ever since the first web designer build this site. This similar case is a typical problem of all small business owner who has the website or e-commerce site for their business. Simply they don’t have time to update or no budget to keep up to upgrade the latest module by their web developers.
In my customer’s case, her e-commerce site keeps the credit card number of the buyers if they paid in credit card directly without using PayPal or PayPal Express payment. I assume that the hacker already took all the credit card numbers and customers address and phone numbers, and their email addresses. The hacker can break into the website database system to get the valuable information. Some of the hackers embedded the email sending program to send the thousands of email through the victim’s account, but unfortunately, victims are not aware of this criminal act for a months or years until they caught by hosting company security program. Usually, the hacker is not easily detected by the security program that monitors the particular spike of CPU usage or excessive traffic on the sites.)
How to avoid hacking on my business website
For website security & firewall installation, please contact me, Daniel Chun, 510-684-7207.