Hackers spike Turn On love drink site

A HACKER attack on a website can be ruinous for a small business, as David Robinson, who has the Australasian licence to distribute Turn On love drink, found out recently.

On the Tuesday after the Australia Day long weekend Robinson went to log into his website only to find a message telling him hackers had hijacked the site and he needed to wire $5000 to a Western Union account for the site to be re- instated.

There has been plenty of publicity about the product, which is yet to hit shelves here, and Robinson has been doing the rounds of hotels, convenience stores and pharmacies to sign distribution deals. He's relied on the site as a place where potential suppliers and distributors can go to get information.

The site's inbuilt Facebook functionality has also allowed him to develop an online community of people interested in being able to get hold of the product as soon as it's available.

"It was panic stations when I saw the message. We'd sent more than 1000 presentations to distributors who were all going to the site to know more. [After the attack] there was nothing there for them. It was a disaster for us," Robinson said.

The site was being managed in the US and built on the Ning platform. As soon as the attack happened Robinson got in touch with the US tech support team.

"They took it very seriously and thought everything would be OK because it was backed up," he said.

Tech support took about six hours to get back to Robinson with the news that the problem was worse than they first thought. It took them a week to get the site back up and running.

"We obviously didn't pay the ransom. But [when the site was down] we were incommunicado with customers, potential customers and followers," Robinson said.

"Luckily, we could use social media to keep in touch with people. But it's hard to track what this has cost us in potential sales," he said, adding that lost sales would be "in the high tens of thousands."

Robinson is now working through a plan to get back in touch with suppliers and customers.

"But it's looking like we're going to have to start from scratch. We're going to have to go back to basics to start driving traffic to the site again. We're back to square one," he said.

Internet strategist Nigel Burke, from web developers AVS Networks, said having a great relationship with your web developer was the first step in being able to recover from an online attack.

"Make sure you have their contact details on hand and that they are familiar with your site," Burke said.

"The webmaster should preferably be the person who made the original site. But if not, make sure the webmaster is familiar with the platform the site is built on and has the username and password to reduce the recovery time."

He said it was essential to have a plan in place in case of attack and to make sure staff knew what that plan was in case the business owner wasn't around if the site went down.

There are also lots of tools that reduce the impact of an attack. Burke said Google's Webmaster Tools messaged the site administrator if a virus was found on the site.

SiteLock is another tool that can notify a site manager if an external party makes changes to their site.

"Businesses also have to keep backing up their site, especially if it's an e-commerce site, which should be backed up on the same day. If you lose a week's worth of business as a result of an attack you might lose 700 orders, which would be critical to the business."

Having a pre-written email that can be sent to customers in the event of attack to let them know what's happening, as well as putting up an interim website, are other ways to let the world know the business hasn't disappeared.

"Ninety-nine per cent of attacks are untargeted. Web crawlers look for vulnerable sites and when they find a site they break into it automatically. Hackers aren't trying to bring you down - they don't care who they get."