by admin | Mar 30, 2024 | Blog News - English, Website Security
Introduction
Strong Passwords ensure the security and confidentiality of data that is stored on various devices, workstations and servers across the specific networks or internet. It is the user responsibility to make sure that all your account passwords are as difficult to guess as possible. Some operating system refuses or periodically keep refusing password that are audited and found with weak score.
Hackers uses robots or bots in short terms to hack computers, servers, websites or emails accounts. These bots uses dictionary mainly in English plus added popular names and phrases and number combinations from any language to crack into the device or computer
Simple, easy and commonly used passwords enable intruders to easily gain access and control of a computing device, server or the entire network.
Characteristics of a strong password
- A total of 8 and above characters without spaces
- Both characters, capital and small without repetition
- Both numbers and special characters
- Phrases or numbers must be difficult to guess, phrases from english words, known places, features etc are not recommended. Number like years, popular combinations like 247, 360 etc are also not recommended because it will be easy to guess using robots
Examples
Example of simple passwords
- UK247
- 1992
- fanta2012
- Paris8
Example of strong passwords
- U+K&24-7_X
- Gh3&3@sbfTl
by admin | Mar 30, 2024 | Web Security, Website Security
Mitigating the Site
Step #1: Make sure you always use a clean and protected computer to login to the server (malicious cookies, keylodgers, spayware and viruses can snick to the server and feed vital information to the attacker )
Step #2: Backup the database
Step #3: Regular cleaning and optimizing database
Step #4: Change the password to stronger passwords both for database, cpanel and CMS
Step #5: Update all extensions and templatesand deleted unwanted ones or the scripts with no updated over six months
Step #6: Secure and prevent editing of php script, web directories and important files like htaccess and configuration files
Step #7: Change login URLs, administrator usernames, database names and usernames to access database plus changing the table prefix to the harder ones
Restoring the site
Step #8: Deleted manually all foreign folders, files suspected for phishing, any useless scripts plus old site backups as those may create loophole to attack the website
Step #9: Remove core folders and related core files in root folder except folder for data configuration and htaccess files
Step #10: Upload fresh and current copy of the deleted CMS folder and files
Monitoring the Site
Step #11: Install security monitoring and notification systems
Step #12: Make sure your website is visited and scanned regularly for malware (at least once per week) using https://sitecheck.sucuri.net
by admin | Mar 13, 2024 | Blog News - English, Webmaster, Website Security, Websites Problems, Wordpress
12 Steps to follow in order to Mitigate, Restore and Monitor a WordPress Site Under Phishing or Hacking
What is phishing?
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
What is Hacking?
Simply hacking is a general terms explaining the website that is accessed by a none legitimate person and take control of it either physically or by remote means. Phishing can be the type of hacking. A hacker can do anything when he/she have control of your website.
How is phishing implemented?
Phishing is implemented in numerous ways or methods one of them is website content injections. Foreign contents with decisive WebPages that trick web visitors to leave their valuable information in exchange of bonuses or other reasons like pay fee for expiring online services etc. When a victim visit the URL and fill the information, the attacker will use those details to do the actual crime like entering to PayPal account and draw money from the victim account etc
What to do in Order to Mitigate, Restore and Monitor a WordPress Site Under Phishing or Hacked?
Mitigating the Site
Step #1: Make sure you always use a clean and protected computer to login to the server (malicious cookies, keylodgers, spayware and viruses can snick to the server and feed vital information to the attacker )
Step #2: Backup the database
Step #3: Regular cleaning and optimizing wordpress database, use cpanel or install WP-Optimize By David Anderson, Ruhani Rabin, Team Updraft
Step #4: Change the password to stronger passwords both for database, cpanel and CMS
Step #5: Update all plugins and theme and deleted unwanted ones or the scripts with no updated over six months
Step #6: Secure and prevent editing of php script, web directories and important files like htaccess and wp-config.php files
Step #7: Change login URLs, administrator usernames, database names and usernames to access database plus changing the table prefix to the harder ones
Restoring the site
Step #8: Deleted manually all foreign folders, files suspected for phishing, any useless scripts plus old site backups as those may create loophole to attack the website
Step #9: Remove wp-admin and wp-includes core folders and related wordpress core files in root folder except wp-config.php and htaccess
Step #10: Upload fresh and current copy of the deleted wordpress folder and files wp-admin and wp-includes core folders and wp-config.php and htaccess
Monitoring the Site
Step #11: Install security monitoring and notification systems for file change within your server – recommended plugin for this is Wordfence Security – Firewall & Malware Scan by wordfence, there are other very effective script for wordpress to use. Google Search console (formerly known as Webmaster Tools) is another wonderful tool for security and Google blacklist removal
Step #12: Make sure your website is visited and scanned regularly for malware (at least once per week) using https://sitecheck.sucuri.net and other effective systems like wordfence, sucuri
Conclusion and Recommendations
CMS are the most affected by cyber attack because of the backend and database where attacker can deploy the security hole found in poorly coded scripts and those which are outdated but still in use by issuing malicious command to the server.
On the other hand, CMS offer robust and professional features, look and feel of the website that match the current market and user demands. The only way to benefit from these advantages is to secure and monitor closely your website.
The website owners are strongly advised to use the experience professional in terms of cyber security and the related phenomena in order to ensure that the issue is correctly mitigated and monitored. Leaving the website to the hands of the inexperienced and novice webmasters may lead to more problems and costs instead of alleviating them.
We at InfoCom Center Limited posses enough experience of more than 10 years dealing with cyber security on CMS websites specifically securing and optimizing WordPress sites. The tips in the article above is the result of such experience and expertise.
We highly urge you to entrust us your website for maintenance and security day to day duties. When the website is on our hand, you will stay victoriously at peace channeling your valuable time and skills to other profitable strategies and activities instead worrying about website of and on everyday. Leave all the hassle work of maintaining and restoring hacked websites to us.
Visit SEO and Website Maintenance Page to learn more about our website maintenance packages
by admin | Mar 12, 2024 | Blog News - English, Website Security
How do you know you are spamming emails?
- Returned (bounced) emails flooding to your inbox
- Your Hosting provider will be shutting down your site
Common Causes: allowing a Spammer to use your outgoing mail server:
- Compromised Passwords (using weak passwords)
- Compromised Programs on your server space (normally through email sending programs)
Scripts that are commonly compromised:
- Tell a Friend
- Newsletter Mailouts
- Bulk Email Programs
Why your Hosting Provider will shut you down:
To offer competitive pricing on hosting, a shared server is used. The Hosting Server runs off one IP address. Spam emanating from an account on this server is identified by its IP address.
DNS Blacklist servers have lists of IP addresses of known spammers. If your Hosting Server gets its IP blacklisted because of spamming, it effects all of the accounts on that server. The result is legitimate emails will be bounced because of the poor reputation of that IP. A server Administrator has no option but to shut the offending account down until the spamming problem is rectified.
BULK EMAIL : is allowed is 100 per hour or 1,000 per day
DEFAULT EMAIL ADDRESSES – cPanel – Default email account is normally used for spamming
Catch All default email addresses are wonderful collectors of spam. This is because they let any email through with the address (anything)@yourdomain.com.
An easy and effective way to cut down spam is to specify forwarders or mailboxes.
This means that an email that is correctly addressed, specifically for you, is either forwarded to you ISP email address or held in your Mail Box on your server space.
All other emails that are incorrectly addressed to your domain can be then discarded.
The directions below apply to those servers that operate cPanel.
www.(yourdomain).com.au/cpanel
Login :
UserName: yourusername
PassWord: youruserpassword
Click on Mail
In Mail Manager Main Menu,
Ensure that you have a mail forwarder for each of your exact email addresses.
or
set up a POP3 Mailbox for each of your exact email addresses.
Click on Set default address
Enter ‘:Fail: no such address here’ to discard all mail that is not correctly addressed
This means that all incorrectly addresses emails (they constitute the bulk of spam) will be deleted whilst the correctly addressed emails will get through to you.
PREVENTATIVE
Change to email addresses that are not on the internet.
Do not use a common prefix like admin, support, info etc.
New websites should not have plain text email addresses displayed either on the page or in the coding of the page. There are various java scripts and php scripts available to encode your email address.
If you have a spambot filling in your forms, you may need an image verification to prove that a human is trying to send information to you.
by admin | Mar 5, 2024 | Blog News - English, Webmaster, Website Security
Dear all website owner webmasters and web designer
The recent Google algorithm required that websites should run in a secured mode in order to rank higher in Google search results. A secure mode is the website running using https:// protocol
SSL certificate limit in a greater percentages the possibility for website hacking and illegal access to the sensitive administrative areas. These areas include website control panel and in cms backend areas.
The latest cyber security survey shows that at least 90 websites out of 100 suffer some sort of cyber attack including hacking and phishing.
To address the cyber insecurity, the latest cPanel update (58) support and provide the option for you to use a free SSL certificates in your website.
The SSL certificate is issued by:
Common name: cPanel, Inc. Certification Authority
Organization: cPanel, Inc.
And the CA is being signed by Comodo one of the leading brands when it comes to SSL certificates and overal Cyber security:
Common name: COMODO RSA Certification Authority
Organization: COMODO CA Limited
The SSL certificates are being issued with a 90 days lifespan and will be renewed and reinstalled automatically one week before expiration. No actions are required by you.
While the SSL certificates are being installed absolutely automatically without any need of your interaction, website owner webmasters and or web designer will need to force an HTTPS:// connection over HTTP://
The easiest way to implement this is by editing or creating a .htaccess file into the root domain folder normally “public_html”. Please see the htaccess.txt file for the contents of the .htaccess file you will need to input.
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
A website url running in a secure mode appear when an https:// protocol preceded the domain with or without www. A website running in an insecure mode will always exclude an https:// protocol
A website url running in a secure mode appear when an https:// protocol preceded the domain with or without www.
Do you feel you cannot implement this requirement, please use your inhouse webmaster or web designer/developer or you can contact us and we will be glad to save you.
Save
Save
by admin | Mar 5, 2024 | Blog News - English, Website Monitoring, Website Security, Website Suspension
Unsettled Bills
A website can be suspended due to unsettled bills related to that domain or website. It can be web hosting annual fee, domain registration fee, the website design charges not paid or other critical reasons
Violation of server terms and conditions
The website can also be suspended if it violates server terms and conditions. These terms vary according to the host but common ones are:
- Email spamming
- Server resource over usage eg. Over CPU usage, physical memory over use, Virtual memory over use, too many processes normally over ten (10) processes etc
- It can also can be suspended if it is under attack or hacked. The hacking can originate from admin or backend access, database injection or cross platform scripting.
How is the website attacked?
Backend or Administrator access
The access through the backend are normally caused by using either weak password, common words, and easy to guess usernames.
SQL Injection
SQL injection is a code insertion method, used to attack database-driven web applications, in which evil SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
Cross-site scripting -XSS
Cross–site scripting (XSS) is a kind of computer security hole typically found in web applications. XSS allows assailant to insert client-side scripts into web pages viewed by other users. This is normally used for phishing, stealing users important information like passwords and credit card numbers
Bugs
A scrip bug is an error, flaw, failure or fault in a web application that causes it to allow attacker insert harmful codes/commands to that applications
Poor coded scripts
Poorly coded scripts in many cases originate from students who are still learning or from developers with insufficient coding skills and experiences. The poor coded scripts can also originate from pre release software or beta
Cross-Site Request Forgery (CSRF)
Cross-site request forgery is abbreviated as CSRF is a type of harmful exploit of a website where unlawful commands are sent from a user that the web application trusts.
DDoS Attack
A distributed denial-of-service(DDoS) attack takes place when multiple systems flood the bandwidth or resources of a targeted server, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic.
Server security misconfiguration
Security Misconfiguration arises when Security settings are defined, implemented, and maintained as defaults. Good security requires a secure configuration defined and deployed for the application, web server, database server, and platform.
Email spamming
There are two types of email spamming
- Bulk emails are sent to your email server from unanimous senders
- Bulk email are sent to third parties in bulk via your email server by spoofing means
How to protect your website from Attacks
Backend or administrator access
Always use difficult to guess usernames and strong passwords. Password from 8 and above characters that contains at least 4 character types from Capital, small letters, numbers and special characters can reduce the risk.
Parallel to this deploy to your website login attempt limiters and firewalls. This can reject all dictionary or related bots that guess your username and passwords.
Implement also webmaster reporting mechanism if something changes from your website. You may go far by limit logins from know IP addresses or countries. If you don’t have any deal to specific country, then block your website from appearing from those vulnerable countries. If at all you don’t need public presence then block search engine bots and any other bots from visiting your website
SQL Injection
You may need to use difficult to guess usernames and password for your database. Password from 8 and above characters that contains at least 4 character types from Capital, small letters, numbers and special characters can reduce the risk. Implement webmaster reporting mechanism if something changes from your database. You may go far by limit logins from know IP addresses or countries. If you don’t have any deal to specific country, then block your website from appearing from those vulnerable countries. If at all you don’t need public presence then block search engine bots and any other bots from visiting your website
Cross-site scripting -XSS, Bugs,
Buy scripts from reputable and known providers. Avoid cheap scripts. Also deploy backend security mechanism as described above. For script with bugs that are from known genuine vendors or developers, pl;ease make sure you immediately update all outdated scripts or uninstall if the vendor did not release the update patch on time
Poor coded scripts
Buy scripts from reputable and known providers. Avoid cheap scripts. Also deploy backend security mechanism as described above
Cross-Site Request Forgery (CSRF)
Always deploy security monitors, scanners and blockers for unauthorized outbound and inbound communications
Server security misconfiguration
Check your server configuration regularly and if any misconfiguration detected correct it and or communicate to the server admin/ tech personnel for correct configuration. In many cases let the web server have the optimal security setting
DDoS Attack
- The best way to stop DDoS Attack is tto use the web application Firewall
- Monitor the DDoS Attack continuously in order to device the better option of preventing the attack
Email spamming
There are two types of email spamming
- Bulk emails are sent to your email server from unanimous senders
- Bulk email are sent to third parties in bulk via your email server by spoofing means
Protect bulk emails spamming from unanimous senders
For the first case you can use mails assassin
To enable SpamAssassin in cPanel, follow these steps:
- In the Mail section of the cPanel home screen, click Spam Assassin™.
- Click Enable Spam Assassin.
- To enable auto-deletion of spam messages, select a score level under Filters, and then click Auto-Delete Spam.
Protect bulk emails spamming via you email server
For the second case you can use SPF or disabling PHP Mail function in cpanel
Using SPF to control email spoofing and phishing
Adding an SPF record to your DNS zone file is the best way to stop spammers from spoofing your domain. In addition, an SPF Record will reduce the number of legitimate e-mail messages that are flagged as spam or bounced back by your recipients’ mail servers.
This is an easy way to control phishing and email spoofing.
Disabling PHP Mail function in cpanel
- While in Cpanel go to Software section
- Select PHP Version
- Switch to PHP Options
- in send mail path select /bin/true
- Then click apply and save the PHP setting
How to avoid website suspension?
Pay bills ontime
Always pay your bills ontime. In order not to miss when you are required to pay your bills do the following:
- Give your web host the emails that you commonly use and are active. If the emails is not in use immediate report to the web host for emails replacement and it is recommended to always provide extra email and phone
- You may need premium notification services like those that uses sms notification if you do not frequently use you email
- Request the web host to notify the next bill at least 60 or 30 days before
- Set your phone, tablet or computers to notify you before the deadline. You can even use email functions like calendar from your emails or third party websites
- If your website is an important asset to you or your business, plan always to pay longer payment plans
Monitor your website security
After you have secured your website, it is not the end, monitor the security of your website within your website or from third party services. The third party services common one is www.CloudFlare.com, www.websitedefender.com, www.wix.com, www.verisign.co.uk, www.uptimerobot.com etc For more websecurity info go to http://seo.co.tz/website-security-management-for-seo/
