In the early 1970s, Cher had a hit with a song, Gypsies, Tramps, and Thieves, in which she bemoaned the hypocrisy of townsfolk who would publicly distance themselves from “outcasts” but privately would enjoy the elicit pleasures on offer as the travellers did what they could to survive.
Fast forward to 2025, and that lyric needs an upgrade and the meaning of the song tipped onto its head because the hackers, bots, and thieves are actually pernicious and doing great harm to honest, small business folk who are drawing on their wit, their will, and their resources to earn a living.
I have never been pushy about our Website Maintenance Plan because I have always tried to embrace and honest frugality and prudence on behalf of my clients but that is less relevant in this bleak phase of online marketing and ecommerce.
We Shift Down, then kick hard into warp nine. Yeah, come back fighting!
I’ve been building and monitoring websites since 1998, and thought I’d seen everything. Then, in the past few weeks I have seen floods of spam orders hit unsuspecting ecommerce sites, spam subscriptions hit a simple podcast website, and a bot attack hit a tourism booking website that resulted in the site’s security system fighting back so voraciously it pushed the web server to the limits, rendering the site “off the air” for a short time.
Unlike targeted attacks because of the standing of a particular person or company, these were random, methodical attacks, providing a wake up call to all and sundry that the days of innocence are well and truly over.
It’s like people in a quiet country town finally having to lock doors for the first time in living memory.
The “why” behind all this is greed and power.
In particular, the spam orders on the ecommerce website is known to be a process in which crooks find a website that allows guest checkout, and they work through lists of stolen credit card and user information to see if they can achieve a token sale.
If the sale goes through, the crooks know they have a good set of stolen information and the original owner of those credentials will be in for a raft of illicit charges against their name across the internet. If the sale fails, they know they can dispose of those details.
In the meantime, the unsuspecting trader is having their website and web hosting (and human time), tied up in stemming the flow.
Use the Force, Luke
We are not entirely hopeless. Despite not having the deep pockets of national and multinational companies to keep data safe like, for example, Optus. okay, not the best example, small businesses need to work out what is at stake if they lose functionality of their website and put aside some budget for defence.
One measure I recommend to all our clients is to connect a free “captcha” service made available by CloudFlare called Turnstile. This is a powerful weapon that puts a forcefield around any forms on your website. David and I are both dab hands in configuring that these days and we recommend you get us or your web person to get it into place as soon as possible.
Then, in the world of ecommerce and WooCommerce, there is a suite of Anti Spam Order tools emerging that are very good at assessing risk profiles of incoming orders and blocking them. You can change the sensitivity levels.
And alongside all that, having an on call support team in place so you can call them any time, is a small but important investment in knowing you can call upon reinforcements when the hackers, bots, and thieves have worked out a new method to get through defences, powered by AI.
And all of this is separate from your grown up approach to password (and passkey) management and 1oo% distrust of any email asking for payment or confirmation of login details. Period. One hundred per cent. Because the best systems in the world cannot do much if you have been “phished” and handed over your credentials to someone else.
If you haven’t listened to this podcast episode yet, Cybersecurity And Your Business – Be Alert Not Alarmed, please make time this week.
On that note, let’s go back to simpler times and relive Cher’s calling out of hypocrisy. Perhaps today, she’d write the following lyrics:
Hackers, bots, and thieves
We’d hear it from the website guy
He’d call them hackers, bots, and theives
But I would never listen to the things he warned
And woke to money gone this morn