Outdated WordPress Software

Panama Papers Breach Attributed to Outdated Sites

Security-BreachJust like the software on your PC, your Content Management Software (CMS) (or for most, your WordPress Software) for your website also needs to be kept up-to-date.

Failing to keep the software up-to-date means that your website has the potential to be exploited. This could result in your data being stolen (or your customer’s data), your website being blacklisted as a security threat or even all of your website being deleted. While Conetix is responisble for the security of the network and the server itself, the security of your website (and all software updates) is the responsibility of the client.

Warning: Failure to keep your site up-to-date may result in your website being defaced or if it’s used for malicious activities it will be suspended.

Tips to keep your CMS software up-to-date:

  • Use a platform which is easy to update (eg WordPress)
  • Login frequently to your admin area in order to check for updates
  • Don’t forget to update all plugins and themes as well.
  • Contact us to organise for use to do this on a weekly or monthly basis for you

A recent write up explains how the sites owned by the Panama Papers Breach were  left vulnerable.
See write up.

So imagine your site being hacked? Imagine your site having your content stolen from.

Do something about it today. Call us to discuss your options.

Ransomware Strikes Websites

Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back. Some ransomware encrypts files (called Cryptolocker).

Ransomware infections were first seen in 2013 and have been on the increase since then. Today it is one of the most pervasive online threats that Internet users and businesses face. Traditionally, ransomware has only affected personal computers and the malware is often distributed through hacked websites.

Every Week we hear of someone who computer has been infected. Just recently  ( Jan 2016) there is a new email coming out disguised as Australia Post. Telling you that a parcel could not be delivered and to click here for more info.

Over the last few months there has been a new development with ransomware attacks: They’ve started to infect websites themselves. Yes so if you are reading this and you have a website, BEWARE!!!

These attacks infect and encrypt the website files and then demand payment. The files on the server are inaccessible and the homepage is defaced with a warning that the website has been held hostage.

 

Have you seen this? You dont want too.

Ransom

 

 

 

 

 

 

 

 

 

 

 

Unsurprisingly, vulnerabilities in outdated software seem to be the main method of distribution. Remember web admins: Update, update update!

Ransomware Is Now Targeting Websites

Usually websites are used to spread PC-based ransomware; visiting the infected website will launch the virus onto your machine, encrypting its contents. Before it was also commonly distributed through tech support scams and bogus e-mails, but now we see website admins fall victim as well. Magento e-commerce sites seem to be a big target of this new website ransomware, but it is by no means limited to them. ALL websites are now at risk.

Once the attackers have access to your server, (where your website is hostedthey encrypt all your site files and have the extension of .encrypted added to the file name rendering them useless:

There was a flaw in the way the files were encrypted, and it was possible to return then to a state or good health, however the attackers caught wind of their design flaw and now it is even hard to rectify. So without a clean backup, you might find yourself having to rebuild your entire website (unless you want to take the risk of paying the ransom fee which there is no guarantee you will ever get the key to fix the files).

Whats even worse, is this malware can spread to other websites in the same hosting environment making a bad situation much worse. So if you have more than one website

Just like your computer backups, website backups are Critical

If you are unfortunate enough to have your website infected with this ( or any) malware, your only option is to revert to a recent backup, change all login detailss and update all software. If you dont do backups, then when you get hit, you will understand why we impress on our customers to backup Backup BackUP!!!!. If you don’t already do backups, then we can take some steps for you to ensure you have a backup handy.

If you find yourself having to get your website rebuilt after such an infection, then you will be kicking yourself, and wondering why you never got us to do a backup for you. Once it has happened, it is too late.

The very least you should do for your site is to put your site behind a website firewall to help prevent attacks before they even reach your site. We can recommend a hosting company that bends over backwards to prevent this sort of thing happening..

If you would like to talk to us then please call or head over to our contact page and get in touch.

We have various packages available, however we can do special one off deals depending on your needs. Speak to us today to see what we can do for you

Testimonials Are They Worth It?

Website design brisbane

We have it on very good authority that client testimonials increase your visitor’s trust.  Whose authority I hear you say?  Yoast, one of the most renowned Search Engine Optimisation  (SEO) businesses.  Yoast consults to some of the biggest brands on the planet, including Facebook, eBay, and the Guardian.

 

Why do Testimonials work?:

  1. It is proof that someone else has used or tested the product and it worked well enough for them to say so.
  2. Testimonials not only say how good your product is but how and or why it worked for them.
  3. The benefit of the product is clearer and it is easier for the potential client to decide to purchase it too.

What should you ask clients to write about?:

  1. If you are offering a service they could write about what the issue is that they needed to be addressed and how your service or product accomplished that.
  2. If you are selling a product item (eg clothes) they could write about the quality of the product, delivery time and the ease that they experienced when dealing with you.

Placement of the Testimonial.:

  1. Testimonials are no good if people have to go searching through your site to find them, so display them prominently on your landing pages.  The two most common pages that people visit are your “home page’ and the “about us page”.
  2. They should also be placed close to call-to-action buttons – make sure you have them somewhere else on your site and not just on the testimonials page.

Click here for the full story from Yoast about Testimonials.

 

 

Email Scams Targeting Websites

Email scam alertCAUTION WEBSITE OWNERS

We are often contacted by clients after they have received emails from random individuals or businesses claiming to have the expertise to improve the website’s “digital performance”, or improve the site’s ranking by providing a “website audit” or wanting to write “posts” and link to the site.

Be very wary when approached in this manner. Before you agree to let someone have access to your site or pay any money to them, thoroughly check their credentials. It is more than likely that they are email scams.

HOW CAN YOU TELL??

If you look at the Signature blocks for all 3 of these examples below they are all very similar.

Michael | Strategy & Technology Manager

AU IT SOLUTIONS
Headquarters: 41 Bridge Rd Glebe, NSW 2037, Australia
Other Offices: Hong Kong & China | USA | New Zealand | UAE | Singapore

PAGE PORT Pty Ltd
Address: Level 13, 460 La Trobe St Melbourne VIC 3000
Global Offices: NZ | China | USA | Singapore | UAE

SMM Pty Ltd
Headquarters: 36 Surry Hills Sydney NSW 2010 Australia
Other Offices: Hong Kong & China | USA | New Zealand | UAE | Singapore

Google their names, visit their websites.
Looking at our examples on the internet, each of these companies have different addresses to what is listed on the Signature block. Also when we looked at “Page Port” there are warnings on the net about this being a SEO Scam from India.

So please before you think about contacting any of these people because they sound good and say they can help you out, check with us. As the end result could be that you spend money and get nothing or get infected with spam etc on your site. No doubt they would ask for money up front or access to your site..

Your website Will be hacked

It is not IF you will be hacked, but When it will be hacked.H
Yes your website is vulnerable to being hack and destroyed! Are you worried if it is? I would be.

WordPress security watchdogs, Sucuri, have revealed that “brute force” attacks are at an all time high.

A brute force attack occurs when an attacker runs a script that attempts to crack a website’s password. This occurs by attempting to log in to a site with automatically generated passwords at rate of thousands of times per minute.

Brute force attacks are not new — in fact, they’ve been around over 15 years, and data shows they’re still going strong.

There have been so many this year that Sucuri has created a new page dedicated to monitoring the current threat level of brute force attacks.

On this page you’ll see that the amount of brute force attacks has grown from around 5 million per day at the beginning of the year, to 35 million per day in the second week of September.

Sucuri’s data also shows the majority of brute force attacks originate from the United States. Attacks tend to occur most frequently between 12pm to 2pm EST, but a site can be vulnerable to a brute force attack at any time.

One of the best way’s to protect yourself from a brute force attack is to have a strong password that’s difficult to crack. It’s also a good idea to have some kind of monitoring system in place so you’ll be notified if your website is the target of a brute force attack.

Another easy way for attackers to gain control of your WordPress site is through flaws found in older versions. It’s important to stay on top of WordPress update because they often contain important security fixes.

That being said, there are always updates being put out for WordPress. Use them!!. If you dont know how and want to keep your site safe against known vulnerabilities, then contact us today to see if your site is more at risk than it should be. We will have a look at your site for free and tell you what is missing and how we can assist you in making your site safer.

While there are numerous ways in which a WordPress site is vulnerable to attack, the following four weak spots are most commonly at fault when a WordPress site is hacked. Dont think these are the only ways, but just 4 of the most common.

  1. Easy to hack or weak usernames/passwords
  2. Theme or plugin that have bugs in them.
  3. If you don’t update the WordPress core files and themes/plugins in a timely manner.
  4. Nice (NOT) people who hack WordPress sites

Weak Usernames/Passwords: As of WordPress 3.8, the standard “password strength detector” forces you to create something extremely strong. This is undoubtedly part of the WordPress Foundation’s efforts to help reverse this particular statistic. So, never use the “admin” username and go as difficult as possible with your password (mixing letters, numbers and letter-case throughout). If you find you want to keep it simple for you to remember then your also making it simple to get your site hacked. Write it down (if you have to) and most importantly, keep it private. If you want to  learn more about how weak usernames/passwords to reduce chances of a hacked site, contact us and we can have a chat to you.

Theme and/or Plugin: Now and then, even the most extremely popular premium themes/plugins will have an some sort of security flaw.  However, you can avoid them by simply reading up on the plugins you’re installing, before you install them. But then most of the time you wont know as they dont know themselves. Stay away from free themes/plugins when they are not from the official WordPress Directories. Also, try to stick to themes/plugins with four and five star ratings. And to be on the safe side, just Google this: “[insert plugin name] security” and see if anything shows up.

Not Updating WordPress Core and Themes/Plugins: It’s understandable that if your site is highly dependent on the functionality of a few plugins, that you’re going to want to wait until they’re compatible with the newest version of WordPress before you update your core. However, when it comes to high quality and reliable plugins, they will almost always have an update within hours or days of the WordPress core release–if it’s needed at all. As a rule of thumb: if you see that an update is available, backup your site and run it.

On ‘Nice” People Who Hack WordPress Sites: It’s important to remember that there are ‘Nice” people out there (as well as misguided wannabe’s with malicious scripts) just waiting for you to slip up. So stay vigilant, follow the guidelines below, and you should be ok.