We initially like any startup; the most important focus is the product. And keep adding more features. We had all kinds of security best practices, like MFA and the least privileges. But they never got prioritized our development cycle.
Because the business was always, I need this feature, why is this not there? We need more customers. So, we are always focused on that.
But generally, we made sure that the passwords were correct. The general basics of security are there.
And one day, we got a mail from a customer saying, we cannot open your website. And we tried to open it on our end, and it worked fine.
Then we started getting mails from multiple customers. We were not able to figure it out. And suddenly, while browsing, we realized that we had been blacklisted. This is entirely new to us.
You think about DDoS attacks and SQL injection. You’ve never thought about getting blacklisted.
What happened was that we had a marketing page hosted on Draup.com. It is an external marketing-facing website. And it had a WordPress login.
The default WordPress login was just left open. Someone logged in and hosted malware on one of our blogs.
Google and Nord VPN companies found that malware and blacklisted us.
Then we realized, “It’s crucial to focus on security to ensure the website is always safe and secure.”