Taking over a website that's under attack
We've been managing websites for about 15 years now, and for the last 6 we've used Aegis Defender Pro to keep them from getting hacked. It's been a wild ride, and now we're selling it to the US Government. Which leads me to the reason for this post.
Smaller Government websites are just like yours or mine - they are made from WordPress, they have plugins and they are all under attack from Russian and Chinese hackers, all day long. Just like all of us. Yesterday, we finished building a new website for an agency with the word 'government' in the domain, and as soon as we activated Aegis Defender Pro, the attack reports came rolling in.
From the pattern and source of the attacks, it was clear that multiple hacking groups were targeting this website, using hundreds of Admin WordPress logins per hour and attempts to compromise vulnerable plugins. Since we don't use WordPress, these attacks have no effect on this site anymore. But in the last 18 hours, it has been attacked over 5,000 times. All blocked by Aegis Defender Pro.
I still find it amazing how many attacks are blocked per day by my system. I use a combination of website plugins and my own software to detect attacks, report them to my staff who trace them to the source and add them in our Master Blocklist if they meet the criteria. The blocklist is distributed every 15 minutes to all of our subscribers both for our Windows version and Linux. When just one of our clients are attacked, all are protected from that attacker (and in most cases their whole network) within minutes.
As I'm typing this, I'm watching our monitoring system lighting up like a Christmas tree today as blocked attacks are deflected like phaser hits on the Enterprise's shields. Russia is dialing up their attacks, and Command & Control Servers (C2s) are commanding larger and larger Zombie Armies of compromised web servers. One of my government clients is getting hammered, yet have none of this traffic is getting through Aegis Defender Pro.
It's both gratifying and scary to watch this in action. I love seeing my software working and protecting thousands of clients, working together to gather new attack IPs and add them to the community blocklist. At the same time, I'm thinking about all those websites and office servers that don't have Aegis Defender Pro, having to deal with all that bad traffic slowing them down, eating up memory and CPU or worse, getting through and loading up malware to extend their bot-net - using their own equipment to start stealing whatever they can.
There is an end-game to all this hacker activity, and it's not good. When they have enough compromised computers in their networks, they can launch attacks on critical infrastructure, nuclear power plants, the National Grid, all using our own website servers to achieve their goals. That's why I'm in this cybersecurity thing and I will never stop fighting.