What do an outdated image re-sizer, US Bank, and computer hacking have in common? In 2012, this well-known bank fell victim to computer hackers due to an old WordPress plug-in.
Hacking is a problem affecting millions of webmasters per year. 648,000,000 websites fall prey to hackers, due to some common neglect and vulnerabilities, that include:
Using cheap hosting companies.
Hosting outdated plug-ins.
Maintaining poor or weak passwords.
Leveraging out-of-date platforms, extensions, and third-party services.
A number of weaknesses allow hackers access to your website’s operations and content, potentially halting or ruining present business affairs.
Joomla and WordPress are among hacker-favorited sites, with almost half of the web’s top 100 blogs using WordPress for content management. Heinous actions, such as using script injections and site redirects, are used by hackers who are privy to particular ‘security holes’ related to Joomla and WordPress.
In March of last year, over 30,000 Joomla and WordPress sites were injected with malicious software. In the years 2010-2012, potential for incoming malware and similar threats increased 140%.
While a number of high-profile brands have experienced unsuspected hacks, negligence and lack of awareness are top causes for falling victim of a hacker attack.
Be aware, taking note of available solutions and safeguards:
Verify existing websites using Google Webmaster Tools.
Internet usage and web security go hand in hand. With the exponential growth of Internet traffic over the last decade, online security threats have grown by leaps and bounds too, and the recent flurry of WordPress attacks is a testament to it.
The number of online accounts that get compromised on a daily basis clearly indicate that a great majority of website owners isn’t particularly cautious about their website’s security.
Web Hosting provider HeartInternet recently conducted a research among small business website owners and home PC users to determine whether people take their website security as seriously as their PC security.
Predictably, the answer is no! The survey reveals that only 65% small business website owners have anti-virus software installed on their computers; a stark contrast to 96% of home PC users who have proper security set-ups in place.
The statistics are equally embarrassing when it comes to use of secure passwords, revealing that only half of small business websites protect their sensitive data with strong passwords, compared to 75% of the home users.
Now you don’t like to go through boring statistics, do you? Presented in this good old 90s gaming theme inspired infographic are other key findings of the said security research, wrapped up with helpful tips to help you protect yourself against hacking and online fraud.
If there’s one major invention that can serve as a hallmark of technological innovation in the 21st century, it has to be the Internet. An absolute necessity, it’s a major part of day-to- day life of more than 73% of the adults today. And why not? It makes their life easier and more fluid. Working, shopping,banking, pursuing personal interests, healthcare, guidance, entertainment- you name it, any and everything can be done online today.
But, as the number of ways in which internet makes life easier are increasing day by day, so are online scams and frauds . There are various malicious individuals, who go through great pains for snooping your website to find weak areas or ‘loop holes’ which they can use to gain access to it. Once they gain access to your website, it’s not only you who is affected; your website users/visitors who have their personal information like contacts, bank details, passwords stored with you also become an unwilling victim of this cyber-crime.
And here’s the thing, customers these days are tech-savvy and they’re well aware of the potential security risks of visiting a website that doesn’t look safe. To share their data with you, or to do business with you, they need assurance that you’ve all proper security systems in place to ensure the safety of their data. So if you haven’t taken proper steps till now to put forth your website as reliable and trustworthy, now is the time to change your game plan.
Your website, if not protected could be vulnerable to some serious threats like-
Mal-ware attack: – Mal-ware attacks include attacks from several viruses (Trojan horses, root kits & worms). Once your website gets attacked by a malware, it gets blacklisted. A user, thus, on visiting your website will get a warning from his/her website that your website isn’t the best place to hang around and just like that, you’ve lost a potential customer.
Phishing of websites: – In phishing, you may receive an e-mail or message that looks safe because it is in the name of the an established company or service provider. But when you click on it, you lose all your sensitive data such as credit card details, social security numbers, contact details, passwords and so on.
Virus attacks: – In addition to securing your website from cyber-crimes, you should also secure your website against virus attacks by installing proper antivirus in your system. Sources of virus could be e-mails, other websites or your device (PC/laptop).
Spying or sniffing of the data: – Sniffing can be defined as an act of tracking the network traffic for data such as configuration information and passwords.
Hijacking of session: – With the development of new plug-ins like “Fire-sheep”, hijacking of a session has become ridiculously easy. Fire-sheep finds unsecured Wi-Fi connections over the network and steals unsecured cookies. As soon as anyone visits an insecure website, they become visible to the Fire-sheep and their accounts are hijacked.
A nicely designed website with desired and multiple payment options is thus not enough for an e-commerce business. According to an estimation, 54% of people avoid visiting sites which are not properly secured. So in this day and age when even a slightest hint of unsafety can put users off your website, how do you tell them that your website is secure and reliable, and they can share their information with you without any safety concerns?
Installing an SSL certificate can be a good start, because what’s better than the user’s browser himself telling that this website has been thoroughly tested and authenticated by a trusted security provider and your online transactions, emails and passwords, will be safe here?
SSL Certificates and Online Security
Secure Socket Layer, widely known as SSL is a security protocol similar to that of HTTPS. It acts as a digital passport, and checks whether transmission of data over a network is secure or not by verifying the identity of both, the client as well as the server. After the said check, an SSL certificate provides your website a particular site seal, which shows that the visitors that your it is secured and it is safe to do business with you.
In order to secure your website with SSL protocol, you need to purchase proper SSL certificate products. SSL certificates are digital certificates that are accredited by CA. Certificate authority (CA) is the main authorized center that issues SSL and other digital certificates.
Please note that it is very important that you choose the right SSL certificate for your business, as there are hundreds of options available, and every business has its own unique requirement. Consult your technical staff or website hosting providers or authorized SSL certificate providers like Cheap SSL Shop – www.cheapsslshop.com, who can suggest you an SSL certificate that is perfect for your business and provide it at a nominal and highly-discounted price.
An unusually powerful online attack, using more than 90,000 IP addresses , is currently ongoing against WordPress blogs with weak admin credentials. Targeted at vulnerable WordPress users who still use the default “admin” username, this brute force dictionary-based password-guessing attack is trying thousands of passwords to crack their administrative credentials .
Now password-guessing attacks of this sort happen all the time, right? What’s all the fuss about? Analysts are speculating that this attempt is just a warm up for a much wider and larger attack that is to come. How? The avalanche effect.
Sites which are broken into (and thousands have been), will be seeded with a backdoor which will give access to the attackers to control the site remotely. These sites will then be used just like 90,000 IP addresses mentioned above and conscripted into the attacking server botnet, thus forced to launch password-guessing attacks against other sites running WordPress.
So the attacker who as of now seems to be using a weak botnet/network of home PCs, which are connected to the Internet with a mere 10 megabit or 20 megabit line, will soon have a much larger botnet of huge servers having essentially unlimited Internet bandwidth and large network connections , thereby capable of generating a huge amount of traffic on an unprecedented scale that might affect the entire internet infrastructure and slow it down on a global level. Scary, right?
If you haven’t locked down your website properly, now is the time to spur to action because chances are it could be hijacked by cybercriminals for their own purposes, without you even knowing.
Maintain strong passwords: Let’s kick off the list with the easiest step you can implement immediately. Use strong passwords including upper/lower keys, numbers and symbols.
Rename the administrative account: Create a new user with administrator rights and delete “admin”-the default administrator of WordPress powered sites.
Install a login limiter for WordPress: A login limiter can essentially block the IP address which tries and fails to send login requests above a threshold rate. For example, three consecutive failed login attempts can be backed up with a penalty timeout of 1 hour and an e-mail notification to the website owner about the same. Two WordPress plugins which let you enforce a login limiter are Limit Login Attempts and Better WP Security.
Enable Two factor Authentication: Two Step Authentication for WordPress.com accounts was released just a week back and we strongly recommend that you deploy it.
Keep up to date with the latest version of WordPress: WordPress team creates patches to help fix security holes at frequent intervals. Keep a tab on them and also new versions of plugins and themes.
DAILYHOSTNEWS, January 17, 2012 – SiteLock LLC, a global leader in website security solutions for online businesses, announced yesterday a new partnership with GreenGeeks, a leading provider of green energy web hosting. GreenGeeks leads the hosting world in providing energy efficient infrastructure for website hosting by being 300% wind powered as well as carbon neutral friendly. As a result of their alliance with SiteLock, they are also now able to extend the most complete website security technology and services to their end customers – online businesses.
SiteLock’s website security services include patent-pending Deep 360-Degree website security scanning, instant threat alerts, reputation management and expert engineering and support services. Unlike many website security companies that identify problems and provide threat and malware notification, SiteLock sees the issue through to resolution by assigning skilled website developers and security experts to solve the problem for partner hosted websites. GreenGeeks places the highest standards for their customer websites’ security, in addition to the environmentally-friendly hosting infrastructure they provide.
These services have never been more critical for GreenGeeks’ customers, as the frequency and intensity of website hacking, malicious software, and web application vulnerabilities accelerate the risks to online businesses worldwide.
“Business owners and online marketers and writers rely increasingly on open source applications for managing and enhancing their websites. This provides them with great flexibility, however due to constantly changing code and plugins that go untested, the chances of their websites being hacked or at risk for other threats has never been greater,” says Trey Gardner, CEO of GreenGeeks. “That’s why we’re excited to be working with SiteLock. Not only does their website security service protect our clients’ websites from defacement or data theft by identifying vulnerabilities, it also instills confidence in their visitors that they’ve taken steps to ensure that their site is safe to use, thus increasing their business. GreenGeeks will offer SiteLock website security through greengeeks.com and greengeeks.ca.”
Established in 2008, SiteLock has helped small businesses protect their website and reputation through website security services and malware scanning. SiteLock offers the most affordable and complete website security solution available on the market, protecting against malware, spam, viruses and other vulnerabilities. For more information, visit http://www.SiteLock.com
About GreenGeeks GreenGeeks provides shared, reseller and dedicated server web hosting as well as domain name registration and domain management. GreenGeeks has offices in Toronto, Chicago and Los Angeles and they service customers in over 40 countries worldwide
For more information, visit www.greengeeks.com or www.greengeeks.ca
GlobalSign (www.globalsign.com), GlobalSign (www.globalsign.com), Certification Authorities (CA), announced successfully achieving the WebTrust Seal of Assurance for Certification Authorities for the tenth consecutive year by its auditors Ernst & Young. The WebTrust Seal was awarded to GlobalSign after stringent auditing of its business and identity vetting practices employed when issuing Digital Certificates. This achievement demonstrates GlobalSign’s commitment to providing the digital world with a decade’s worth of confidence in highly trusted Digital Certificates; giving GlobalSign one of the longest WebTrust compliance records throughout the SSL and CA industry.
Created by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA), the universally recognized WebTrust Program for CAs standardizes the management of Digital Certificates and the policies and practices of CAs. Every major CA is now required to undergo the WebTrust audit, which rigorously examines practices such as customer authentication procedures, physical, network and logical security surrounding the Certificate issuance infrastructure, handling of customer data, business continuity planning as well as a thorough appraisal of warranty plans, an area in which GlobalSign leads the industry. It is imperative that Certificate Authorities be held to the highest standards.
In 2002, GlobalSign became one of the first CAs worldwide to attain the original WebTrust compliancy accreditation. Back then the Internet was home to less than 40 million websites, of which 180,000 were secured with SSL. Fast forward ten years and the Internet has grown to 400 million sites with almost 1.8m active SSL Certificates (source: Netcraft). Despite the advent of new threats like phishing and identity theft, GlobalSign has continued to meet the standards outlined by the WebTrust auditors.
“We are proud to have achieved one of the longest periods in WebTrust compliance in the industry,” said Steve Roylance, WW Business Development Director for GlobalSign. “The past ten years have seen a remarkable evolution in e-commerce and digital security and we are proud of our ability to adapt to a constantly changing market. This award speaks to our integrity and commitment to maintaining the highest possible standards.”