On a ‘Mining’ Mission to Destroy: What You Need to Know

The Hack Heard ‘Round The Net

“I’m fairly knowledgeable in blockchain and have a lot of exposure in the space,” says Michael Fauscette, the chief research officer at G2 Crowd, a platform and community where people connect and share experiences about business software.

Having spent over ten years as an executive and senior analyst at tech market research firm IDC, Fauscette, like countless others around the world, is no stranger to the dangers of brute force attacks and crypto-mining hacking attempts. But with Fauscette, he endured an automated bot brute force attack over a period of five days.

Michael Fauscette, Chief Research Officer at G2 Crowd

Michael’s Story

I operated two blogs that were hosted on the WordPress platform. The platform provided medium-level security—basic firewalls and free anti-virus software.

My administrator’s console was structured in [such a way] that if anyone logged into it or attempted to, it would send an email alert to the administrative email account—I was the only one with that administrative password.

Attack #1

Well, I went to bed one evening and I received a notification that someone logged in, which obviously wasn’t me. So, I immediately grabbed my laptop nearby and attempted to login—I wasn’t able to. I suspected that someone had already logged in and changed the password, preventing my entry.

However, I was able to gain access through the hosting company, which made it easier for administrative access. Once I was logged in, I was able to kick them out and change the password.

Attack #2

In the meantime, I received a similar alert from my other blog site, alerting me to the fact that someone else was logged in. So, I went through the same process as I had a few minutes before and went back to sleep. I ended up finding a bitcoin mining plugin and deleted it. It was apparent that someone wanted to use my servers for bitcoin mining.

Attack #3

You would’ve thought it was done, but alarmingly, I woke up to another alert around 5:30 AM that next morning, with the same sequence of events occurring—so I responded with the same measures I took the night before.

I started to realize that this wasn’t working, so I got out of bed and started researching security protocols…but it was too late. They had already come.

Attack #4

An hour later, they broke in again, this time much faster than [I could] figure out what new measures to implement and execute. So, all I could do was kick them out again. But, this time, they maliciously deleted both of my blogs, which [were] luckily backed up by my server’s hosting company.

I started increasing my antivirus security, enabling two-factor authentication on both blogs and across all pages. I needed to adopt new measures quickly.

But, I’m only human.

Attack #5

Five attacks within a two-and-a-half day period, and it’s not over. While working on my security updates, they broke in again—but this time, they locked me out, deleting my sites, along with all my backups.

Again, with what little luck I had, my hosting site contained backups, so I immediately began going through all the security protocols I knew how to. By this time, the front end of the server was fairly secure, which stopped the brute-force attacks.

But, the back end was vulnerable. In their last attack, after deleting everything, they managed to drop backdoors across the server, allowing them to come back in. Of course, I wasn’t receiving any multi-factor authentication notifications, because they weren’t going in through the admin console.

By the end of day five, every page had “https” security on it, and close to a thousand dollars later, my sites were finally secured.

What You Need To Learn From Michael’s Story

Lesson #1: Anything Connected to the Internet is Vulnerable

At the end of the day, you have to remember that all of these smart technologies and digital devices have a backdoor—the Internet. Given enough time, computing power, and resources, people can find ways into nearly anything. “If they don’t, they will keep trying until they do,” says Fauscette.

Lesson #2: Good Luck Finding Out Who’s Behind an Attack

While Fauscette was able to initially trace the brute-force bot attacks back to Indonesia, that still doesn’t mean much, because internet protocol (IP) addresses can be redirected from anywhere in the world.

During the first three days of the attack, Fauscette was able to see traffic and hits to his sites coming from Indonesia, Korea, Asia, and multiple Eastern European countries.

Lesson #3: Protect Your ‘House’

  • Get a strong firewall: don’t be cheap. Fauscette switched from a free firewall to a paid and effective system.
  • Use a password manager: utilizing password manager programs like OnePass and LastPass just might prevent someone from deleting your site or compromising your online accounts. These programs create randomly generated passwords and store them in a secure, encrypted database that only you have access to.
  • Keep researching: knowledge is power.
  • Platforms like WordPress are attacked frequently: If you utilize a platform like WordPress, download all the best practices. Do it right. A lot of them may seem simple, but many times, you don’t think of these situations until it’s too late.