Upper Deschutes Watershed Council's Site Hacked

Why Your Small Business Should Care About Hackers

You’re not worried about hackers. Why would you be? Your small website doesn’t have anything worth stealing. No big funds. No sensitive information. Sadly, this couldn’t be farther from the truth. Every website is a potential target for hackers – even your small business’s site with a few photos and basic information.

Case in Point: The Hacking of The Upper Deschutes Watershed Council’s Site

Inconvenient is an understatement. The Upper Deschutes Watershed Council’s (UDWC) was in the midst of their year-end fundraising campaign and directing as much traffic as possible to their website. Unfortunately, when all those visitors clicked newsletter and social media links, or typed in the web address after talking with a staff member, they were unable to find the website. UDWC’s website had been hacked precisely when they needed it most!

In addition to mucking up UDWC’s critical fundraising efforts, the hack bungled the organization’s day-to-day work. Staff members post reports to their website, frequently referring grant monitors and key partners to these online resources. Again, important work was stymied by a website that wouldn’t appear.

The Hacking Mess

When UDWC’s staff first realized something was amiss, they hoped to handle it in-house. Kelly, the agency’s resident Web Administrator had been routinely adding pages and content, backing up the site, and initiating updates.  

Kelly logged in to their WordPress Dashboard and found blank pages. Most of the content was just missing, but not all of it. She tried the few tricks she had up her sleeve, but soon realized she was in over her head.

Upper Deschuhtes Watershed Council's Online Reports

Plus, this self-proclaimed non-techy web admin had other responsibilities. Her primary role is UDWC’s Field Instructor – teaching children about art and nature. This whole hacking problem was taking a lot of her time – time that couldn’t be billed to specific grants or funding sources. (Any non-profit or client-billing-based business can see the problem with that.)  So, UDWC reached out to us for help.

Who? What? Why?

Looking behind the scenes, we realized that their website had been accessed from an IP address in Portland (Oregon). Someone was signing in as one of the staff members and altering or deleting content on the site. The hacker had been in the site several times, though we never determined what they were actually after.

The reality of hacking is that it is not always an attempt to steal data.  In fact, websites are often compromised in an attempt to use a server as an email relay for spam, or to setup a temporary web server for illegal files.

Avoiding the Headaches

In the end, we got UDWC’s up and running. We were able to revert the site to the condition it was in prior to the original access by the hacker. We were also able to install a clean version of the site, as if the hack never happened.
“We wished we had someone looking out for us, watching our site, and helping with more advanced tech support”
Calculating the costs of lost revenue from a down website and the redirection of staff time, this small business realized it would be less expensive to outsource expert IT support than it was to rely on staff members with other types of expertise. We immediately changed passwords, limited login attempts, installed a better firewall, monitored suspicious traffic, and started monitoring their website for critical updates and unusual activity.

It’s a relief to know that Litehouse is on the ball. They are always so fast to respond.

While there are still improvements that could be made to bolster security, UDWC’s website is now far less likely to be hacked. And with ongoing monitoring, any potential compromises are promptly averted.

Read These Additional Security Related Articles

WordPress Security Tips for Non-Techy Web Admins

Steps to Take Right Now to Protect Your WordPress Security

3 Essential Online Security Tips to Keep You Safe

 

Got Something To Say?

Your email address will not be published. Required fields are marked *