AZHPA case study: Hacker-injected malware and a website spiraling out of control

Time to soar after fixing a hacked website

You never get a second chance to make a good first impression — and most internet-savvy users will never return to a website if it looks like this:

Hacked Website Malware Warning
It was just one week until the Arizona Hang Gliding and Paragliding Association’s (AZHPA) largest fly-in event of the year, and preparations were well under way. Pilots’ reservations were streaming in, campsites were booking up, and many pilots had already begun planning their routes to the top of the mountain. But due to a hacked website at AZHPA.org, this year’s fly-in event almost didn’t happen!

Hacked Website AZHPA Gliders
Nick Stabek, 2018

However, with assistance from the GoDaddy Website Security team, the malware was quickly removed from AZHPA’s hacked website and the club was up and soaring in no time. This is a firsthand account of how crippling malware brought the organization’s daily operations to a screeching halt, and how GoDaddy’s quick intervention helped restore and protect the AZHPA website with the help of malware removal and other tools within the GoDaddy Website Security product suite.

Related: 5 steps for protection against hackers and removing malware using GoDaddy’s Sucuri Website Security tools 

Do you have a hacked website? Fix it fast.

Whether you’re a small business owner, an entrepreneur or even a nonprofit organization, there is nothing worse than finding that your website is down — especially because it’s being hacked. If you have ever managed or built a website, then you’re probably well aware of the countless hours it takes to maintain and update a website regularly.

The last thing you need is a hacker injecting malicious code into your website.

 

Thwarting website security threats can be overwhelming, costly and very time consuming. From loss of data to a tarnished reputation and even loss of revenue, website owners often do not consider the damage caused by such an attack until it’s too late.

Related: GoDaddy small business website security report 

The AZHPA website hack — what happened?

Hacked Website AZHPA Site

As with many websites, AZHPA.org serves as a crucial resource for local club members and visiting pilots, but with a hacked website, many pilots couldn’t find the resources they needed to get off the ground. Initially, the club members were unable to access portions of the website:

Hacked Website AZHPA 404 Error

In the darkest hours of the cyber attack, website visitors were redirected to a completely different and malicious website, which attempted to collect payment and other sensitive information from the unsuspecting users.

Volunteer website administrators — who are also pilots and AZHPA club members — jumped into action. They spent countless hours restoring the website and attempting to patch the problem, only to find it had all been undone the very next day — nothing seemed to work.

The association’s event planning and daily operations came to a halt as all efforts focused on repairing and restoring the website. Days passed and the website was still down. Concerned club members and website visitors reached out to AZHPA board members every day with screenshots, indicating the website was compromised:

Hacked Website AZHPA Safari

Hacked Website AZHPA Server Not Found

The volunteer website administrators were left wondering, “How is this hacker able to continue to infiltrate the website?” In today’s modern age, hackers have discovered the power of malware and automation, enabling a hacker’s malicious efforts to work for them 24/7.

Malware is designed to infect and harm any website it can infiltrate, often without any human behind the controls.

The attack that took down AZHPA.org was caused by automated-malware specifically designed to target WordPress-built websites with certain vulnerabilities.

Unfortunately, the issues had not been worked out and the situation became much more serious for AZHPA — the website was hacked, malware had already been injected into the site, and a “backdoor” allowed the hacker to continue to cause damage.

Hacked Website User Feedback

Related: Understanding Online Security Threats 

Using GoDaddy Website Security to fix the AZHPA’s hacked website

Hacked Website GoDaddy Security Team
Kudos to the security experts at GoDaddy — you saved the day!
Photo: Nick Stabek, 2018

Damage assessment

The volunteer website administrators were stumped, and after exhausting all efforts to repair the website, the club reached out to GoDaddy. Once GoDaddy had been alerted that the AZHPA website was compromised, our security experts quickly intervened and assessed the damage.

GoDaddy Website Security setup

With extremely powerful protection against the world’s worst website threats, GoDaddy Website Security Deluxe was the clear solution. In addition to unlimited malware removal, this GoDaddy Website Security plan includes a Web Application Firewall for round-the-clock scanning and monitoring protection.

Related: What is malware and how can you protect your WordPress website? 

Website vulnerability scan

Once GoDaddy Website Security Deluxe was set up for AZHPA.org, a scan was immediately and automatically initiated. The security scan identified a large number of infected website files and other vulnerabilities, too. Even the database had been compromised.

Additionally, an “unauthorized user” had been created by the malware, allowing a “backdoor” to remain open for repeated attacks.

Malware removal

Meanwhile, our security experts hastily began removing all suspicious and infected files.

Education and prevention

The website was restored the same day, and the GoDaddy security team provided the customer with a detailed report. Additional instructions and advice were given to help AZHPA protect its website and to help deter future cybersecurity threats.

Restoring a hacked website can be nearly impossible without a copy of the website files.

 

GoDaddy recommends all website owners safeguard their website and data with daily backups. Luckily, AZHPA.org was previously built using WordPress with daily website backups.

Additionally, the the organization’s website administrators had already taken steps in the right direction by installing an SSL certificate on the website.

Related: Why you need a secure website right now 

Thwarting future website hacks

AZHPA.org endured a debilitating attack, but because the website administrators had taken some preventative steps to thwart cyber security threats, restoring and fixing the website with GoDaddy Website Security was relatively painless. The website was quickly restored and continues to receive daily security scans to help identify, deter and prevent any additional hacking attempts.

It’s important to note that not all websites are built the same, and protecting a site from hackers and malware can be downright daunting. Regardless of how your website was built, there are a few basic steps you should take to help protect your online presence:

Protecting your online presence and ensuring your patrons have a safe and secure experience during their visit are of the utmost importance for any website owner. For AZHPA, the malware injected into their website could have meant the end of their club altogether, but thanks to GoDaddy Website Security, club members now have more enjoyable things to be concerned with— FLYING!

Hacked Website AZHPA Sunset
Photo: Scott and Carey Braddock of AZHPA, 2018

Special thanks to everyone over at AZHPA — club members, volunteer web admins and everyone else who helped in this fight against malware. The website would have been destroyed without your efforts. And we applaud you for sharing the story of your hacked website in an effort to help other organizations prevent cyberattacks.

Image by: AZHPA Member/Pilot Jeff Seals, 2018

Nick Stabek
With over a decade of experience at GoDaddy and in the IT Industry, Nick Stabek’s knowledge covers many topics, but his specialty and hobby-like-interest is in IT security. To help you avoid website downtime and to help you thwart threats, Nick focuses on proactive and preventative measures. When he’s not at his computer, you can count on Nick to be kayaking one of Arizona’s famous lakes or rivers.