We recently helped one of our US-based clients to recover from a huge malware injection into their data. They are an established firm in the branding & marketing world for more than 3 decades. With a good number of customers who trust them, they are supporting several businesses through their digital services.

Backstory

In addition to branding & marketing, the digital agency also serves their 60+ clients by maintaining the web hosting servers that include websites and admin portals. Some servers had been online and running for more than 10 years now and had been pretty much stable.

ColoredCow partnered with the digital agency in late-2018 aiming to provide them the technical support and give them a long-missing tech strength they can leverage to bring more business.

The Doomsday

One fine day, the digital agency team started reporting several sites going down one by one. It initially looked like a minor server error or scheduled maintenance. However, the reports kept coming in, and the increment in sites going down did not stop.

Upon deeper investigation, the ColoredCow team found malicious code on the websites. Hackers got access to all the data related to the agency’s business and their customers by breaching their server security. The malware manipulated the code to show explicit content to the users. It was a real doomsday considering the server contains several non-profits websites and kids’ education portals with high daily traffic.

Not only the digital agency but their customers’ reputations were at stake.

It was a big task to clean the data from 60+ infected sites and fix the security breach to avoid future damages. Apart from this we also helped them to get their business continuity to normal and also suggested a Master Plan to avoid this crisis in the future.

It was not just our clients who were impacted due to this. It was a global attack that affected around 320,000 sites. Based on our investigation, we found one of the primary reasons for this security breach was a serious vulnerabilities issue in a plugin called InfiniteWP that was being used in all the sites. Also, the server security wasn’t that strong to manage this attack and hence the data got manipulated.

Data surpassed oil in terms of the most valuable resource in the world. It’s a primary asset for any digital organization as it helps them to grow their business, make better decisions, and continuity in their business. As the value of data increases, it also increases its vulnerability. Whether it’s a small business or a giant company everyone wants to make sure that their data is safe and secured by the best measures.

Present Day

While removing all the malicious data from the server, we were also working on a plan on how to prepare ourselves for something like this in the future. As attackers are getting more advanced in their approach, we choose to strengthen the data security by migrating the sites into a more secure service.

We worked on a plan to migrate their 60+ clients’ sites to an upgraded, more secure, and cost-effective hosting provider.

We waded through all the trending hosting options present in the marketplace and narrowed it down to the most suitable one. Below are our research, recommendations, and a detailed plan for the hosting migration 

Commonly faced challenges

In our research, we first focused on the challenges we were facing with SiteGround, our current hosting provider. 

Below are the detailed limitations and challenges faced on the legacy server setup.

• Vulnerable and insecure servers
  Our main challenge was outdated technologies like PHP and MYSQL configured on this server as the server was set up a long time ago. This pulls us back on important areas like performance, support for the latest plugins, and best practices. It also makes the websites and it’s data insecure and vulnerable to security attacks.
  Hackers find it very easy to exploit websites running on outdated software.

• High cost
  We had an option to upgrade the outdated technologies but it was very expensive as compared to the other well known hosting providers. Other utilities like site backups were also chargeable. Whereas other services like AWS offer these things for free and without any intervention from the support team.
  Having an SSL certificate is also important for security and better SEO rank. SiteGround charges additional cost for this too.

• Longer response time during urgencies
  In case of a security issue, their turnaround time is long. This becomes a bottleneck especially in case of contingencies. We didn’t have full administrative control over the server.

Best suitable hosting

The parameters to decide the best suitable hosting:

1. Reliability and uptime
2. Security updates
3. Cost-effectiveness
4. Best available service
5. Our expertise to manage them

Comparison of various hosting services based on the above parameters

From the above comparisons, Amazon AWS is coming out to be the most suitable hosting service.

Following articles and blogs had been the basis of these comparisons:

1. Athemes – Siteground vs WP Engine vs Flywheel
2. SpinupWP – Digital Ocean vs AWS vs Google Cloud
3. WP Engine backed by AWS servers

AWS – Amazon Web Service

• Hosting servers – Amazon AWS Lightsail

1. 1. 1. State-of-the-art. Easy to scale.
      2. Cost-effective
      3. 99.99% uptime
      4. Minimum support needed
      5. High performance

• Website setup and management tool – SpinupWP

1. 1. Automatic security updates
   2. Automated backup mechanism
   3. Free backup recovery
   4. Free SSL certificates

• Backups & Storage – Amazon AWS S3

1. 1. Cost-effective storage system
   2. 24×7 accessibility

Detailed Plan for Site Migration.

The site migration plan determines how much time and effort it will take to migrate from outdated infrastructure to AWS.

To explain it further with an example, let’s say you have 20 clients having a marketing website for their business. So far you have been using an old infrastructure and want to migrate to AWS to provide a better service and security to their digital presence. We will explain the approach and costing for the migration process.

As all the sites were configured as per the old infrastructure for which it was good to migrate the sites one by one between these servers to avoid any major compatibility issue. We can prioritize the order based on the following factors:

Less critical sites first

The latest set up sites in which tools/plugins and framework versions are already up to date or have minor updates available. This will help to ensure the new hosting setup is running smoothly without putting anything at risk if there is any downtime. This will help us to prepare better for other migrations down the line.

Smaller sites first
Another parameter to determine priority can be to migrate smaller sites first so that we get a good grip on the migration and testing steps. This will help to strengthen the migration checklist for bigger websites.

Migration at the time of usually less traffic

The parameter to define the appropriate time for migrating a website is traffic. The target is to migrate the site during midnight, where traffic is usually less, and the time zone difference of 12hrs would come in handy for the migration during fewer traffic hours.

Assuming we target migrating 6-7 sites/month, we can finish the process in 4 months. Here’s a roadmap for the above-mentioned example.

Cost Comparison

After the detailed plan, let’s discuss the cost comparison(The cost is specific to the case we encountered with the current hosting and it may vary from case to case). 

The below graph represents the cost graph after and before the migration.

Infrastructure setup and site migration cost breakdown

Return on Investment after the hosting 

Determining the ROI model by comparing the cost of migration efforts and the gradual savings from reduced cost.

If you continue to charge the client at the current rate for hosting, this will be adding direct profit to your business.

Since the clients will also benefit from the new hosting, the cost of migration should be passed on to them too. For comparison purposes, the second graph shows, if all the clients pay half of the effort cost the recovery time will reduce by less than half.

In some cases, clients would be paying directly to the hosting service for their own hosting and with the new proposed infrastructure they will also be getting financial and service benefits.

Process for new site setup post-migration

With the new hosting setup in place, the steps to set up a new website should be straightforward.

1. Ensure domain settings are correct and pointing to the server IP address
2. Set up the source code for the website for automated deployment support. This is an additional benefit.
3. Create a new website through SpinupWP
4. Ensure SSL certificate is generated
5. Ensure the data backup is configured for the website
6. Enable advanced caching option (not needed for test-sites)

Conclusion 

From our experience with this data breach, we realized how risky it could get to rely on the old infrastructure for data security. Our Belief is that security should be the primary concern for any digital organization and we should utilize all the latest technologies to make ourselves a step from the data hackers.

Job Opportunity

If you’re interested in a career in DevOps, apply for a position here.