Speaking of distractions…Your eMail is the perfect place to get you while your guard is down. A surefire way to infect your computer is to click on the wrong link. What better way to get you to click than to pretend you are FedEX and tell somebody that their address is incorrect or their package is delayed. There have been a number of Phishing campaigns using the brand names you use everyday as a means of getting specific information from you or to infect your computer or device for other purposes. Our number one rule is DON’T CLICK on anything. Unless you know who and what you are expecting to receive like “a PDF from Sue in dispatch”, assume that someone may be trying to fake you out. There have been a number of these emails that include a document that will hopefully be caught by your virus software and quarantined.
It is better to slow down and use email cautiously that to compromise yourself or your employer’s computer systems.
The maintenance of a website in 2015 must include protections from dubious users who seek to gain access to your site. Hacking and cracking are real and the perpetrators are usually better equipped and more tech savvy than the average business owner in the U.S. Hackers and crackers have varying motivations and objectives when trying to get into your framework and few are as blatant as to reveal their presence, unless that is their objective.
Since Edward Snowden revealed that the U.S. has been and continues to hack objectives in the world, the world is hacking back. And never forget, that our children are the ones that like to do it just for kicks. So what are the motivations of a hacker? Sometimes they are trying to take over your website to visibly say something. This is rare, because the user will notice it and take action to remove the hacker from the system. I have only seen one instance of this, and it was an Iranian, who published a message on the site’s homepage.
More likely the hacker wants to gain access to your system. They may just be whetting their chops trying to hack you in preparation for a bigger hack on a bigger system. Sometimes this includes their testing of their automated cracking software on your gateway.
And many times there is a serious objective. They want to link farm off of your backend and make your site serve links that you would never approve of. Or even worse, they use your servers to send out SPAM and get your domain shut down for serving it. Typically a hack is never as bad as your last clean backup. So taking measures is important to the standard practices your should incorporate as a website owner.
Hackers will continue to find vulnerabilities in web programming, it’s pretty much what they live to do. You just have to be aware and ahead of the game. Keeping your website up to date, backed up and monitored is nothing short of what you would do to protect your home or your business property. It’s becoming an important part of basic website maintenance.
WordPress 4.3 update
Last week WordPress posted a major security release and update to their systems and their vendors were encouraged to immediately update their programming.
The Internet has exploded with hacker activity, and you’d be amazed if you knew how often your site is being probed or attacked. Most sites may receive this kind of activity, but if a failure happens to you. There are a few step you can take to recover.
Set up a back-up system, or insure that your host is doing it for you. If you are using dynamic database system that utilizes PHP or a Content Management like WordPress or Drupal, make sure you have security measures in place. You want to institute higher security measures on dynamic sites, because there are more susceptible to code injection and take over. Typically, with a proper back-up, once the invaders have been flushed out and passwords changed, you can have your site back in a day (fingers crossed.)
If you have been hacked, the first thing you need to do is contact your host and inform them, then contact your web-services provider if they are separate. Key information (LIKE PASSWORDS) needs to be reset on your website and hosting immediately.
*May require an expert
- *FTP accounts – scrub these with new passwords delete any unfamiliar accounts
- WordPress/Drupal/Joomla/etc logins need to be reset, especially those with admin clearances, look for unfamiliar accounts
- *Email logins should also be updated
If you would like more on this topic, read here