Note: This transcript was auto generated. As our team is small, we have done our best to correct any errors. If you spot any issues, we’d sure appreciate it if you let us know and we can resolve! Thank you for being a part of the community.
Verbatim text
Lee:: Welcome to the Agency Trailblazer Podcast. This is your host, Lee. And on today’s show we are talking with Oliver slid all about security. So get your notepad and pen out, sit back, relax and enjoy the ride. Welcome to a conversation with me, Mr. Lee Jackson. And today we’ve flown in because the budgets are exceedingly massive nowadays for the podcast. We’ve flown in all the way from Estonia, Mr. Oliver slid from Web ARX security. Mate, how are you doing?
Oliver:: I’m great. How are you?
Lee:: Oh, thanks for flying over, bro.
Oliver:: Yeah, sure.
Lee:: Yeah, yeah, I like how you pretended that. We really did then.
Oliver:: Yeah, well, long flight, long, long, long flight. Long flight
Lee:: Across the Baltic Sea and the North Sea.
Oliver:: Yeah. That’s three Hours.
Lee:: Oh, mate, I’m just impressed. And you’re not jet lagged or anything.
Oliver:: No, no. It’s just. Yeah. You know, today we have such a technology, you know?
Lee:: Yeah, I folks. Me and Oliver were just chatting before the show. You know, if you had been fooled. April fool. Even though April was a long time ago, he’s actually not here in the UK. But we were just having a conversation about the presidency and the technology of Estonia and how cool that company. Sorry. How cool that company, how cool that country is. Because we were looking as a business to register over there as well for a residency so that we could potentially continue to work with EU countries because we have no idea what’s happening with Brexit. So I’m exceedingly jealous that you’re based out there, mate. And when I went to Google Maps, it shows me this gorgeous picture of what looks like a Disney castle just looks phenomenal.
Oliver:: So I think I think it’s the picture with snow and stuff over the over the old city of Tallinn or something? Yeah, it all looks absolutely.
Lee:: It’s everything like that in Estonia.
Oliver:: Uh, not really like you have that disappointed forest. Well, it.
Lee:: Still sounds nice.
Oliver:: Yeah.
Lee:: I was like, if it’s like a big Disney World, I’d be very happy to just come and visit.
Oliver:: I think you should come visit. I think there’s a lot of a lot to see, but most of it is forest, though. But it’s still magical.
Lee:: Yeah, that sounds gorgeous, folks. If you don’t know who Oliver is, he is the founder of Web ARX Security, and that’s spelt ARX. And you can find out more information on webarxsecurity.com. Oliver, What I would really appreciate is if you could just tell folks a little bit about yourself. Favorite color? Maybe your favorite drink or food, your local restaurant, whatever you want to do, and maybe something that people don’t know about you as well. And then we’ll jump in the time machine.
Oliver:: All right. I really like cinnamon and I really like chili, so wow. You know, living on the edge kind of. mate. Yeah. Based in Estonia, I’m currently actually 25 years old. I’ve started to get into kind of tech and computers and everything. Like when I was like 14, I would say my father was a teacher in school teaching like computers and stuff. And so from there, really I got like this kind of fires for, you know, digging into computers, building my own Greeks, starting to build my own small kind of software thing in like when I was, I think like 16 or something. I actually remember making my own business. I made my first website where you could basically send an SMS, and then you got like a reply to your phone with a joke about Chuck Norris and stuff. Nice. So I was printing out the phone numbers and putting it on the wall on my school. You know, on the place where you can put all the posters and stuff.
Lee:: So that’s a little bit technological. I mean, come on. In the UK we sold tuck shop stuff, so we would sell sweets at our school if we were going to be entrepreneurial. That’s what this is like the more high tech version. Yeah.
Oliver:: Yeah. So but it was it was pretty cool. I mean, these are the first things. And uh, when I like, really cut into the security side, I was, you know, a lot of people from security say that when they first get started, it all happens from video games. Right? So. Well, it’s the same for me. So I was playing a video game called Dark Eden. I think it’s like it’s a very old game. I think it’s from like 1980 or something like that.
Lee:: Yeah. That’s that’s fairly old. Yeah. Well, let’s just say fairly because we have some older listeners, they might get a bit offended. Yeah. So.
Oliver:: So but it’s, it’s like a RPG where there’s like vampires and I don’t know, humans and everything. So it’s like a massively like multi multiplayer online game. But the game was actually abandoned by the, by the original developers. So what happened is that a lot of people, I don’t know where they got the source code of the game. But what happened is that there were like, I don’t know, like 10 or 20 different private servers that people were like putting up and then fighting over the players. So I was also a player in one of those until I was kind of promoted to a like a player moderator. And then there was this thing that on the forums and on the, on the website and on the server itself, other servers or other private servers were constantly like dosing and attacking the servers to actually get, you know, your server down. So the players would come to their server. It was like really funny, but it was kind of I was still like, I don’t know, 16 or something, so. Or even 15 maybe. So it was really like kind of like a Wild West kind of thing because you could do anything kind of since, you know, as they ran the private servers, it wasn’t kind of legal anyways so..
Lee:: Yeah Fair enough.
Oliver:: So it was really. Yeah. That’s that’s kind of the first place where I got into, you know, how to secure like Linux servers, how to put them up, how to, you know, protect them. And also the other side, you know, how attacks look like, you know, all this, all this side as well.
Lee:: That is really cool. And a proper geeky start as well.
Oliver:: Yeah. Yeah. It was it was cool times. I mean it was really cool.
Lee:: And mate, I mean you keep talking about it like it’s years ago, but how old are you? 25.
Oliver:: Yeah, I’m 25.
Lee:: Yeah. Like literally it was five minutes ago for me.
Oliver:: Yeah.
Lee:: It’s like oh back in the day, all those days just a few years ago.
Oliver:: Yeah. That’s true.
Lee:: We would get a lump of coal and we’re stuck in them. We were happy.
Oliver:: It’s all about the perspective right?
Lee:: It is, isn’t it? Time is relative mate. So I’m sure it was a long time for you.
Oliver:: Yeah
Lee:: I’ve Got a 12 year old child. It’s depressing. Oh, I’ve got a 19 year old child as well. Holy moly. No, that’s a really cool story. And I love the fact that it was actually through your hobby that you started to build up a love for, i.e. protecting the server that you wanted to play on. So you’re getting DDOS and you’ve got to work out how to protect that. So I think a lot of us have such similar stories. I got into web building because I had an old Amstrad PC that I absolutely loved. It was my first computer that I bought with my own pocket money. Any other computer that if I had had been given to me or whatever. So I’d bought this outright with my pocket money, and I pulled the whole thing apart to work out how it was built. And I built an entire website back in GeoCities time. I don’t know if you remember that. If you look in the history books, we had GeoCities and I built the I built this old website, took pictures of it. I actually had to take pictures of it, send the pictures off to get processed, then scan the pictures in at college and then upload the pictures to the website. And it took ages because I think the college had really slow internet, and I built this entire website talking about the Amstrad PC and the Z80 processor, and I started to teach myself assembly language and all sorts of stuff like that, just because I got so into it. And then obviously from building that website, I was like, oh, this is way good fun. So I love how we how we all get into our businesses. It’s really cool. Now, can we jump in that time machine a bit further along then? And at what point did you start to really develop and hone your craft in web security, to the point where you wanted to launch web UX?
Oliver:: So, um, actually, I think when I got around 18 or something like that, I was starting Computer network, uh, here in Estonia. So, uh, over the time, I think after the first year together with my classmate, we started to there was a thing that we weren’t really interested in, all of the subjects since we were already, you know, kind of exposed to computers for such a long time. And the first year was a headache to just go over the basics. So, uh, what we started to do together was we built a website. It was pretty simple, like a website. He did front end. I did the back end like PHP and stuff. And basically the point was that all the people from previous, previous years who were on the same curriculum, they could upload all their homework and all their kind of assignments to this portal. And then everyone else who joined the same, like the computer networking curriculum, they would basically just go to our website, look at all the different subjects, and then they could download all the different kind of homeworks and everything. So it was like the place where we really got into development side and then pretty much like it soon got to the teachers that, oh, there’s like this kind of website we even put there’s some like chat chat functionalities and like people were actually using it for, you know, downloading homework, uploading homework. It really made life easier for students. But then together with the guy who we did this together, we decided that, hey, why not start building this stuff for other people as well? So this was the point actually, when we started our own kind of web agency, I think at the peak we did like 60 projects per year with the e-commerce sites, with the oh, we did, we did a lot of different things. At one point, we also even did like, uh, you know, designs and all these kind of things. But at the at the same time, since I already had all these, you know, knowledge with from the security side, we all we, we kind of presented the company as like a secure web development. So in this case, the whole goal was that we would use the same. We actually started, I think, with Joomla as the first CMS. Yeah. And then we always presented that while we develop websites on this, uh, on these frameworks, we always make sure that security is part of it. So at this point we basically manually hardened, uh, hardened the host like hosting of environment. The application itself manually changed the default settings like, you know, admin panel access or like many admin panel locations. And you know, all this and this was all this was like I think in 2013 or something.
Lee:: Yeah.
Oliver:: So but you are positioning yourself with your USP as we are a web agency with a high specialism in security as well. So that was your unique selling point.
Lee:: Yeah. Yeah. So we were always because one thing we did additionally was that we, we were looking this came a bit later though, but we were scanning for IOCs on the web. So we took like a domain like UK for example. And then we basically scanned over the domains and search for any indications if a site is being infected or hacked. And then we basically notified the website owners or the companies whose sites were hacked. So what we did was we offered we offered either the remediation service. So we helped them to clean up the the host, and we also offered them web development. At this point, if the site was really from ages, that’s.
Oliver:: A good way of generating lead. And for anyone who doesn’t know what that IOC is, it’s an indicator of compromise, right. So basically you’re scanning, if you see an issue, you can then connect with the people and say, hey, do you know you’ve got some malware on your website? We can fix it.
Lee:: There was a lot of there was a lot of situations, and there still is where a lot of, uh, uh, kind of NGOs and schools and, you know, places like that have their websites infected with pharma scams. So they’re selling Viagra to kids and stuff. So even if and there’s, you know, cloaking is being used. So even if you tell them that, hey, your website is like selling Viagra, then if they go to their website, they see nothing. They think that we just, you know, try to bullshit them and, you know, sell them something.
Oliver:: So I remember finding it on my own web server years and years and years ago, a copy of the PayPal website. So, you know, so someone was using my server for. Yeah, for phishing and and because I was trying to work out why I was getting so much traffic to the site, I was like, Holy moly, I finally made it. And then I realized. And then at the same time, I had this notification from my, the server company that they were going to shut my server down for illegal activity. I was like, no.
Lee:: What am I done? Yeah, yeah.
Oliver:: So if to jump ahead a bit more like the. So as we were doing all that as an agency. So we pretty quickly realized that, you know, this is not just our problem, you know, it’s just not our issue to secure the sites and, you know, keeping them secure and all that. We actually over the years, we started to develop in-house a tool to kind of understand what is happening on our portfolio sites. So, you know, not all customers are aware why maintenance is required. So some customers didn’t take any maintenance kind of subscription Description because they thought that. Yeah, well, you built the site. I don’t want to pay you, like a monthly fee for anything, you know, but for us, it was still an issue because we know if you don’t, you know, maintain the site or, you know, keep the software updated, all that issue is going to be around the corner. So we started to develop something in-house so we could monitor what the components were used in our developments. The sites are up if they’re blacklisted, constantly monitor all these kind of the same IOCs like, you know, defacement and all these things. Yeah, yeah. And yeah, I think in 2015 or in the end of 2015, we kind of realized that, hey, this issue is far more bigger than us. And like, the whole thing is kind of blowing up in the past years. So we decided that why not start kind of building an actual tool or a platform around all the things that we already do manually, which we could then offer to digital agencies who could basically, you know, do the same thing. And yeah, in 2015 we went to Czech Republic. You know, in Czech Republic there’s like a lot of antivirus companies like Avast. And there was like Avg.
Lee:: I’m going to pretend that I knew that. Oh yes, of course. Yeah, no I didn’t, but yeah. So but but I’ll pretend and then I’ll edit that bit out or I’ll leave it in.
Oliver:: Anyways, we went to Czech Republic and then there was like some sort of, uh, like a like startup competition or something. At this point, actually, we had no idea what startup is or like, what does it even mean, you know? Yeah. So, uh, we went to the competition. There was, uh, people from avg. There was people from Microsoft, there was people from different tech companies who actually helped us to kind of understand how to or like, kind of map the whole thing, which we have done previously and how to productize it if I don’t know if I say it correctly, but yeah, like how to make it an actual product. So yeah. So at this point we didn’t have name or anything for that. And actually the name web marks came really randomly because there was like, we couldn’t find a good name. So Webb was like obvious side of the name, but are actually means Citadel in Latin. So yeah, we kind of made like a brainstorm for the name. And, uh, this was like one day before the before the competition itself, like pitching competition, and we managed to get third place out of it. So then we got a lot of yeah, we got a lot of exposure back then. And, and in 2016 we actually started to build the product. So or like we kind of decided to switch completely from the agency side to building the product like single handedly. So this meant that we finished all the previous kind of customer relationships with as an agency. And then we, uh, yeah, started working on the on the, on web arks itself full time.
Lee:: I love the.
Oliver:: Fact that you picked the word Citadel in Latin, because that just goes back to your gaming roots, doesn’t it?
Lee:: Yeah. Yeah.
Oliver:: I imagine you kind of like medieval history now as well, am I right or am I wrong?
Lee:: I don’t know.
Oliver:: I think like the The Citadel kind of is very good. What’s the what’s the word like a metaphor? I would say yeah. Yeah. Because, you know, it’s not a castle, it’s a citadel. Because if you take WebEx itself as well, it’s kind of, you know, citadels were used to kind of control the security around the whole castle. Yeah. So it was like the core of the castle itself. So if you take a website and if you put web arcs inside, it’s the place where you control the whole security of your website. So it all kind of makes perfect sense.
Lee:: That is beautiful, mate. That’s proper well thought through. It’s a shame that most of us don’t speak Latin.
Oliver:: Yeah, true. Yeah.
Lee:: Otherwise we’d all be like, oh, I see what you did there. Very good.
Oliver:: Well, you’re not, you’re now, you know no secret.
Lee:: I now know the secret, as do a few thousand people around the world. So we’ll keep that secret for you. That’s awesome. So you you mentioned that you were shifting then with the product. So you’ve developed a product internally to help you guys serve your clients. You then realize that, hey, this is much bigger than just us managing this. How about we switch this out and offer what we’re doing as an agency and provide the tools to other agencies to do this for themselves? And obviously you go over to the competition, get loads of exposure, etc.. You mentioned, therefore, that you were handing off to your old clients and saying goodbye and then building up essentially a brand new business with a new client base. How did that process, how was that process? Did you have to get funding so that you could keep going? Or or how did you manage to start to sell the new product and still retain a business that pay salaries, etc.?
Oliver:: So obviously at first we started to sell the product also to our previous customers. So the kind of transition time was up to a year actually.
Lee:: Yeah.
Oliver:: So it took really it really took time because as soon as we said that, hey, we are switching to business and we are moving to other other kind of industry, then most of the people said, hey, but that’s the last thing I would need that, you know. So, you know, you could you always had to kind of do like the final push to, uh, you know, serve them for the last time kind of thing. But yeah, we most of, the most of our customers, when we told them that we are switching to this new business, they kind of took WebEx licenses anyway. So it was very good understanding for us because we knew that they really value the security that we already offered them, but they valued it also in the way that as we plan to make it automatic and so forth. But yeah, I would say 2016 was the the most difficult year because of all the transition time, I think for the whole 25th or the whole 2016 or the middle Actually half of 2016. I was alone completely.
Lee:: Yeah.
Oliver:: So I was like, because the guy, we built the agency together since he wanted to continue with frontend design and all that. So he went to work in a different agency, which made perfectly sense. So we decided together that, okay, this is this is the deal right here. So I should continue on what I feel in my heart. That is the right thing to do. And I will go to the security side. And he would go to the to the frontend side. So yeah. 2016 I was alone 2017 beginning I started to contact a new team and actually the new team when I started to build it together, I think for almost a year we all work voluntarily on the project.
Lee:: Yeah.
Oliver:: So there was really no salaries or anything. So people were just working one year without anything. Wow. Just to, you know, put it live and or finish the prototype and then, you know, kind of validate it and so forth.
Lee:: That’s phenomenal.
Oliver:: That’s a good set of people you got there.
Lee:: Yeah. Yeah, definitely. I mean, we are building a distributed company because first of all, in Estonia it’s very fairly hard to find developers nowadays. We are the we have the most startups per capita in Europe. So, uh, basically if there’s a guy who can, I don’t know, code anything, they will be hired by some startups. So I decided that. And also from the security perspective, I mean, everyone knows that by, you know, the next two years, probably it’s going to be a massive issue to find any security expert at all who is not employed yet. So I decided to go a bit different way and start building a distributed company. So I was kind of interviewing, I think, 40 people in a single month to just, you know, find the find people all over the world. So that’s how I conducted the actual the team that we have today as well, actually.
Oliver:: So cool. Now, I saw an article just the other day. You guys had, uh, had a big injection of funding. Can you tell us a little bit about that? What happened?
Lee:: So, uh, the main goal was like we did launch in 2000. Actually, in 2017, we were in London for three months in Ceylon in an accelerator where we got our first funding.
Oliver:: Yeah.
Lee:: So the first funding was basically to just fund product development a bit more until we could do launch. So we did the launch in 2018 to July. We did it via Appsumo and some marketing campaigns around that as well, which went really well. And then, uh, yeah, over the time, from, from the launch to, to the point now we have developed product like in a pretty rapid way and not just like on the, on the outside, but from the deeper level as well, like how the firewall engine works. I would, I would be confident. I’m confident to say that probably our RAF engine is one of the most advanced ones on WordPress, which runs on WordPress framework right now. Yeah. And, uh, we have some pretty cool things in our sleeves as we are planning to release another product and, uh, for, for the research and for the development purposes. We, uh, raised another funding round, closed it actually in February. We just announced it. And it includes one Spanish cybersecurity company, if you know, Pipedrive. So there’s founders of Pipedrive involved.
Oliver:: Oh, yeah.
Lee:: Co-Founder of Pipedrive personally invested into us.
Oliver:: That’s awesome.
Lee:: So there’s, uh, yeah, there’s two different, uh, tech companies and also some additional angel investors in this round. So this is for kind of funding additional and deeper research on the on the web application security and on the component side of security as well, and also to to Work and validate a bit more on the new product that we are planning to release.
Oliver:: That’s phenomenal. And it’s an amazing journey, really, from somebody who’s putting phone numbers up on the college wall ten years ago to to running an agency with around an average of 60 builds a year to now running an online software as a service business with angel investors from around the world. It’s it’s quite, quite a journey. And your 25, which is awesome. So if anyone who is young listening, you’re never too young to get started. And equally, if you’re ancient, you’re never too old to get started either. Let’s let’s have some fun on this planet. Now, you mentioned WordPress a few minutes ago, and I would just love to get some free advice from you on WordPress if your if your game.
Lee:: Yeah, so we’re with WordPress and with every other like CMS and actually with every other framework nowadays as well, is to think that just take a look at the components that they’re using, like the plugins, the themes and all the versions. Just like you would be totally fine if you would just take time to harden the site and then figure out a way how you don’t have to worry about automatic updates if you could, you know, basically set automated automatic updates on all the plugins and, you know, keep the level plugins low, you would be pretty okay. Yeah, of course there are like zero day attacks that just happened a few months ago where kind of intentionally the vulnerability was released to public without the developers knowing first. So there was no update available for this vulnerability. So for these kind of reasons, you didn’t you didn’t. You do need a web application firewall that runs before your site. Yeah. But yeah, with WordPress and with all those CMS’s or these build your own website platforms, except the ones that are self-hosted like Wix and you know, but you know, they also you can’t use them for the things that people use WordPress for you should. The main thing is always keep kind of you know the plugin. It’s I guess it’s like everyone says that, but it’s still so hard to kind of follow it. Yeah, because of all the customizations and custom custom themes, custom plugins, hey, compatibility issues and you know.
Oliver:: So top tip number one is review the sources that you’re getting your plugins from, keep your plugins to a minimum and keep them updated. And you should be okay. But obviously that’s there is still risk to anything. Now one thing I’ve very often seen is a web agency will say, yep, this website is secure because they’ve installed one of those free security plugins. What’s the error in that?
Lee:: The issue with a lot of security plugins, which we see constantly, is that they offer you the peace of mind.
Oliver:: It’s like it’s.
Lee:: Like security is a process. It’s not something that you pay five bucks and then, you know, it’s done. Yeah. And also, you know, it’s not something that you install for free and it’s done.
Oliver:: So yeah.
Lee:: The issue is that with a lot of those plugins that tell you that, you know, as soon as you install this, your, your secure your website will never be hacked again. All that kind of bullshit. It’s making the problem even worse. Because what happens is that it will take away the attention from security from the website owner, because they think that everything is under control and it doesn’t only affect the actual website itself, but it would affect also their future kind of attitude against the security. So they would start thinking that, you know, with my WordPress site, I install this free WordPress plugin, which takes care of my security so I don’t have to, you know, think about security ever again. And then they would think the same thing with other other things Uh, on, you know, for example, antivirus software on their computer or, or, you know, different kind of security things. So they all they start kind of forgetting the actual core issue, which is in most cases that, you know, keep your software updated. So instead, it’s very easy for them to fall into scams. And, you know, their personal cybersecurity kind of hygiene is going to suffer a lot. So this is why I, I really yeah, I don’t I don’t really like the way how a lot of security companies I understand it from the marketing perspective that you kind of need to do it, especially when you try to sell your services to the website owners. But it’s so kind of it’s like a it’s like a sword with two, you know, blades.
Oliver:: So I get what you mean.
Lee:: I mean, often people will install the plug in, they’ll tickle the security boxes on set free plug in thinking, okay, that’s me secure. And then I think what you’re alluding to is then people very often agency owners as well. I mean, I’ve been guilty of this a few years ago as well. I installed a security plugin, and it would lessen my drive to go ahead and run all the updates. I would think, oh, I don’t need to do that today. Security plugin active.
Oliver:: Exactly.
Lee:: I’ve got everything turned off that needs to be turned off. Uh, you know, my RSS feed is disabled. There’s no cross-site scripting that can happen, so I should be okay. I can do it next week because, you know, I’ve just activated something and then thought that’s that’s it now. Whereas I think what you’ve said is, you know, security is not a tool. It is a process. It’s a process of there are tools involved. So, you know, there’s web application firewalls. There are there are security plugins, there are settings that you can do, etc. but equally there are things like updates as well and scanning your website etc..
Oliver:: Yeah, these are all these are all tools which you can use to kind of, you know, at least try to automate some amount of monitoring, for example. Or, Yeah, or for example, when it comes to WebEx, we basically report to you or notify send you slack notification, email notification, and any of the plugins that are installed on your WordPress site is actually vulnerable to known exploits. So in this case, we don’t say that, hey, you’re now 100% secure and you know you don’t need to do anything after you install webhooks. But we constantly kind of annoy you with the information that, hey, there is a vulnerability. You have to, you know, take care of it until if you don’t do it, you know, you will see all these red boxes on web panel that you need to take care of it.
Lee:: Yeah.
Oliver:: And that’s that’s a good thing as well. I think that really helps people because we don’t all have time to just research and be aware. I mean, I was only made aware a few days ago that there is a plugin and theme developer who has loaded code into their own systems. I won’t mention who they are. I’m sure people can google them, but they I think they had like a kill switch for websites and all sorts of things going on.
Lee:: They said that they did it because they had an issue where they’re I think they’re like a plugin or product licenses were sold or something.
Oliver:: Yeah, something like that.
Lee:: So their argument was that because like people had the licenses who who shouldn’t have them, they built the killswitch so they could delete the licenses.
Oliver:: Yeah.
Lee:: But the killswitch was like drop table. So you can actually.
Oliver:: Delete the.
Lee:: Website. Very fine. Yeah.
Oliver:: No, exactly. It’s insane. Wood fence, the founder of Wood Fence, actually posted a detailed article as well, if I remember. We will pop a link in the show notes because they actually came back on the other founders thoughts. You know, their, their their answers to why they did everything. And then word fence put a counterargument.
Lee:: It’s a good article, I think I read the one. Yeah.
Oliver:: It’s really quite, quite fascinating as well. But certainly something that, you know, as web agencies, we don’t always have the time to keep on top of these things. So if I had one, you know, if I had a specific plugin installed. It’s good to have these sources of information. Now I’ve seen, I’ve seen there’s been a few tools online that tell me that you can remove malware from your website, and this sounds very tempting. Now, I know that if I’ve ever had to clean something out of WordPress, it’s a long and laborious process and I need to check all of my files. I need to maybe restore original, you know, the original WordPress install code files over the top of existing. There’s all sorts of stuff that I need to do, so I’m already dubious when it comes to these one click removal tools or services, but can you just share with us some of the the downsides of these, these sorts of services?
Lee:: Have you seen the the guide I wrote about the malware removal in our blog?
Oliver:: Uh, no. Tell us about that. Yeah.
Lee:: So I wrote like, I think there’s a lot of people who have kind of on different podcast. I have, uh, noticed that people are kind of pointing to that as one of the most, you know, detailed malware removal guide on the internet at the moment. All right. The the the reason why I did it was because there was a lot of people who came to us with the request for a malware removal.
Oliver:: Yeah.
Lee:: So at one point we didn’t really, you know, like when it comes to our product, like there’s only a few cases where the sites are being actually hacked after a web address is being used. But the main reasons are often where sites on like for example, with when when it comes to shared hosting, there’s a lot of lateral movements. So if you have one website at the second website, and the third website and web is installed only on the first website, and the second website is is hacked and the malware can move laterally to all of three websites, for example. And there’s a lot of cases where in our case, not so many cases, but in general, there’s a lot of cases where people just use admin, admin password and the sites are being brute force and so forth. So there’s a lot of ways still that how people can get infected. And that’s also one of the reasons why I think just installing plugins is not, or even just installing firewall is not something that, you know, take the whole should take the whole attention from security away from you. But then, uh, this article for the malware removal, I started to write it because I was kind of tired of doing the malware removal since because I’ve been doing the remediation since 2014 or 2013 now. Yeah. So yeah, I decided to write down the whole process of how I usually manually remove the malware from sites that can’t be restored and the ones that you can just rebuild because of, you know, X reasons. So if you look at this, you understand that there’s so many places where the malware can be the reason why I’m very skeptical about all those one click malware removal and automated malware removal tools is the reason that how malware is built is in a way that it’s meant to be not detected.
Oliver:: So yeah.
Lee:: Everyone who built or like who develops malware, they like one of the biggest task for the for, you know, building the malware or, you know, developing it is actually making sure that it’s food or like, you know, it will basically evade the antivirus or it’s, you know, not not being detected by antivirus tools. So, so heuristic scans is more closer to higher hit rate. Yeah. But and again, if you still use scanner and you only rely on scanner there’s pretty high chance. And and also that’s what I’ve heard from people who have used these services is the fact that they’re very happy for the product because it does the malware removal successfully every month. You know, you know what it means. Basically, it means that it couldn’t actually remove the malware in the first place. So it does it over and over again. And for the customer, it feels like, oh, it’s doing it really well. Yeah. So yeah, I don’t I personally don’t trust in the, in the like the automated scanning malware. Uh, if there isn’t like very, very advanced heuristic ways how to kind of do it. Especially like for example, how do you how do you heuristically, uh, remove malware from infected custom plugin, for example, because you don’t know the code anyways, which is there because I know a lot of a lot of those malware removal tools, they basically take the the hash of the files and then check, uh, for the original repository, and then see if the files on your website for the specific plugin or the WordPress version and all that is, uh, if the hashes are the same to the ones that are on the original repository. So you know that the files are not being modified, but you can’t really do it for custom plugins, and you can’t.
Oliver:: Have custom plugins or premium plugins as well, because they’re not all available unless you can somehow, you know, connect into the GitHub repository. Because, I mean, we have private GitHub repositories and we do internal hash scans, etc. of our files. But yeah, that’s something you’ve got to got to have set up as well. I found the article that you mentioned as well. So folks I’m going to put two links in the show notes. There’s going to be one for the WordPress security. So how to secure WordPress. But then there’s another article that deep dives into malware removal. So if you want if you suspect you have a problem with your website, then there is a step by step, really, really in-depth guide. Um, here on the Web Ark’s website with 15.5 steps to, uh, to cleaning out, uh, the, the issues on your website. So if you have any issues, etc., or you just want to just have a look around your website and make sure that you’re doing your due diligence, then take a look through. This is a really, really detailed article that all of us put together. So that’s fantastic mate. Well, this has been a wonderful experience. Just learning how you got into tech, loving the fact that you got into security through gaming with your servers, and everyone was all competitive, trying to bring each other’s servers down. So you learnt security. You launched your agency with with a partner. You grew to 60 projects a year, which is phenomenal. But then you both went in your different channels, one wanting to pursue a front end development, and then you wanted to pursue security. You used the tools that you were developing in your agency, that you’re looking after your clients to be something that you could pass on to other agencies, that other agencies could use and have that benefit. And since then, you’ve grown your business first of all, through amazing, amazing team of volunteers. And now to a business that has got Angel and Angel investment as well. And you are making a noise all around the world, as well as coming on the Agency Trailblazer podcast to tell your story. So you’ve achieved an awful lot. And thank you as well for some of the fantastic security advice you’ve given us, as well as those links that you’ve you’ve talked about as well for WordPress security and malware removal. You are a gentleman, sir, and I thank you very much for it.
Lee:: Thanks.
Oliver:: So folks, don’t forget check out the website. It’s web security.com. Check out the show notes over on Agency Trailblazer, and you will be able to find a link to both of those blog articles that were mentioned in today’s show. How can people connect with you, Oliver? And then we will say goodbye.
Lee:: We have a Facebook group actually called The Web ARX Community, where I personally try to answer for everyone and, you know, talk to everyone personally and I. Yeah. So basically, if you want, you can join this one or just go to web security.com, open up the chat box and say, hey, I want to talk to Oliver and I will be assigned to you shortly.
Oliver:: Nice one. Yep. So folks, I’ll put that in there as well. But if you just put in facebook.com/group’s/webarxcommunity, that’s a r x community. You’ll find the group there and you can answer the questions. And I’ll also put a link in the show notes. Oliver, thanks again for your time. Have a wonderful day, mate.
Lee:: You too. Thanks.
Oliver:: Cheerio.
Lee:: And that wraps up today’s show. If you are feeling paranoid, just take a moment, press pause and go and check your websites. All right. And then check out agency trailblazer.com/group, where you’ll be redirected to our gorgeously beautiful free Facebook group. And if you want to be part of our premium group, where we have weekly calls together, tons of workshops and great advice, and a cool slack channel full of real, honest and raw Emotion and help. Obviously. Then you can check all of that out over on agency trailblazer.com. If we don’t see you in any of the communities, that’s cool because we’re going to see you in the next episode.
