You never get a second chance to make a good first impression — and most internet-savvy users will never return to a website if it looks like this:
It was just one week until the Arizona Hang Gliding and Paragliding Association’s (AZHPA) largest fly-in event of the year, and preparations were well under way. Pilots’ reservations were streaming in, campsites were booking up, and many pilots had already begun planning their routes to the top of the mountain. But due to a hacked website at AZHPA.org, this year’s fly-in event almost didn’t happen!
However, with assistance from the GoDaddy Website Security team, the malware was quickly removed from AZHPA’s hacked website and the club was up and soaring in no time. This is a firsthand account of how crippling malware brought the organization’s daily operations to a screeching halt, and how GoDaddy’s quick intervention helped restore and protect the AZHPA website with the help of malware removal and other tools within the GoDaddy Website Security product suite.
Whether you’re a small business owner, an entrepreneur or even a nonprofit organization, there is nothing worse than finding that your website is down — especially because it’s being hacked. If you have ever managed or built a website, then you’re probably well aware of the countless hours it takes to maintain and update a website regularly.
Thwarting website security threats can be overwhelming, costly and very time consuming. From loss of data to a tarnished reputation and even loss of revenue, website owners often do not consider the damage caused by such an attack until it’s too late.
The AZHPA website hack — what happened?
As with many websites, AZHPA.org serves as a crucial resource for local club members and visiting pilots, but with a hacked website, many pilots couldn’t find the resources they needed to get off the ground. Initially, the club members were unable to access portions of the website:
In the darkest hours of the cyber attack, website visitors were redirected to a completely different and malicious website, which attempted to collect payment and other sensitive information from the unsuspecting users.
Volunteer website administrators — who are also pilots and AZHPA club members — jumped into action. They spent countless hours restoring the website and attempting to patch the problem, only to find it had all been undone the very next day — nothing seemed to work.
The association’s event planning and daily operations came to a halt as all efforts focused on repairing and restoring the website. Days passed and the website was still down. Concerned club members and website visitors reached out to AZHPA board members every day with screenshots, indicating the website was compromised:
The volunteer website administrators were left wondering, “How is this hacker able to continue to infiltrate the website?” In today’s modern age, hackers have discovered the power of malware and automation, enabling a hacker’s malicious efforts to work for them 24/7.
Malware is designed to infect and harm any website it can infiltrate, often without any human behind the controls.
Unfortunately, the issues had not been worked out and the situation became much more serious for AZHPA — the website was hacked, malware had already been injected into the site, and a “backdoor” allowed the hacker to continue to cause damage.
Using GoDaddy Website Security to fix the AZHPA’s hacked website
The volunteer website administrators were stumped, and after exhausting all efforts to repair the website, the club reached out to GoDaddy. Once GoDaddy had been alerted that the AZHPA website was compromised, our security experts quickly intervened and assessed the damage.
GoDaddy Website Security setup
With extremely powerful protection against the world’s worst website threats, GoDaddy Website Security Deluxe was the clear solution. In addition to unlimited malware removal, this GoDaddy Website Security plan includes a Web Application Firewall for round-the-clock scanning and monitoring protection.
Website vulnerability scan
Once GoDaddy Website Security Deluxe was set up for AZHPA.org, a scan was immediately and automatically initiated. The security scan identified a large number of infected website files and other vulnerabilities, too. Even the database had been compromised.
Additionally, an “unauthorized user” had been created by the malware, allowing a “backdoor” to remain open for repeated attacks.
Meanwhile, our security experts hastily began removing all suspicious and infected files.
Education and prevention
The website was restored the same day, and the GoDaddy security team provided the customer with a detailed report. Additional instructions and advice were given to help AZHPA protect its website and to help deter future cybersecurity threats.
GoDaddy recommends all website owners safeguard their website and data with daily backups. Luckily, AZHPA.org was previously built using WordPress with daily website backups.
Additionally, the the organization’s website administrators had already taken steps in the right direction by installing an SSL certificate on the website.
Thwarting future website hacks
AZHPA.org endured a debilitating attack, but because the website administrators had taken some preventative steps to thwart cyber security threats, restoring and fixing the website with GoDaddy Website Security was relatively painless. The website was quickly restored and continues to receive daily security scans to help identify, deter and prevent any additional hacking attempts.
It’s important to note that not all websites are built the same, and protecting a site from hackers and malware can be downright daunting. Regardless of how your website was built, there are a few basic steps you should take to help protect your online presence:
- Choose a reputable hosting company.
- Prevent and thwart attacks with GoDaddy Website Security.
- Set up an SSL certificate for your website.
- Using WordPress? Keep it updated.
- Perform regular backups of your website.
- Ensure you have a strong FTP password and change it regularly.
Protecting your online presence and ensuring your patrons have a safe and secure experience during their visit are of the utmost importance for any website owner. For AZHPA, the malware injected into their website could have meant the end of their club altogether, but thanks to GoDaddy Website Security, club members now have more enjoyable things to be concerned with— FLYING!
Special thanks to everyone over at AZHPA — club members, volunteer web admins and everyone else who helped in this fight against malware. The website would have been destroyed without your efforts. And we applaud you for sharing the story of your hacked website in an effort to help other organizations prevent cyberattacks.
Image by: AZHPA Member/Pilot Jeff Seals, 2018