Blog Header Banner

Archive for the ‘web site security’ tag

It’s 2016 – Is Your Office Server or Web Site Being Held Hostage?   no comments

Posted at May 5, 2016 @ 6:07am cloud security

ransomwareThe latest wave of computer security news may sound like the headline of a new Bruce Willis movie – but Ransomware is now part of the daily conversation between not only security experts, but unfortunately by office managers and PC users across the globe having to deal with the ramifications.

This year malware infections, more specifically ransomware, have seen an exponential growth. They are also becoming more sophisticated, using newer methods that are not only harder to detect, but also require less user interaction.

Security researchers report attackers are not only upgrading their malware to make it more unbreakable, they are also using unique methods of distribution. In some cases, these methods require no user interaction at all.

In the past, most ransomware infections occurred via phishing attacks, which required a user to click on a malicious website or email link. But these newer attacks are less dependent on user interaction and more dependent on unpatched vulnerabilities or poor security practices.

These new breeds of ransomware are utilizing more advanced methods to attack computers and encrypt their files, before you even realize what’s happened. You are then forced to either pay the ransom or hope you have a backup recent enough to prevent any lost data.

To protect yourself you need to follow best practices, such as

  1. backup your servers and PC’s
  2. backup your servers and PC’s
  3. see item (1) and (2) above (seriously!)
  4. keep your software and systems patched and up-to-date
  5. Have a corporate gateway firewall with advanced threat protection
  6. Have / Install / Update local AntiVirus and Malware Software protection
  7. Always avoid opening un-expected emails or attachments
  8. Avoid clicking to web sites you don’t recognize (especially if sent in email)
  9. if you aren’t backing up your servers and PC’s already – stop reading and visit https://turnkeyvault.com/

It’s pretty simple – the same things that protect your office data and servers from most threats apply here, but the damage of ransomware encrypting and disabling all your corporate data within seconds or minutes is real and has lead to some high profile cases including hospitals being locked out of all their data due to ransomware!  Don’t let your business fall victim to the bad-named villain of a Bruce Willis movie – ransomware is among the most costly cyber threats actively attacking businesses right this very second.

Make no mistake – backing up your data is a must have in any security policy, and utilizing a secure remote cloud based backup solution such as  TurnKey Vault is ideal.  Make sure whatever backup solution you deploy offers data encryption, supports both desktop PC’s and Macs, as well as Linux and Windows based servers.  A backup solution like TurnKey Vault offers live cloud replication which will get you back on your feet in minutes in case of a true disaster by creating a live cloud-based copy of any PC workstation or Server accessible from anywhere over the Internet to get you access to your data and applications quickly.  If ransomware takes over your office network you can spin up a backup live copy of your servers and PC’s with TurnKey Vault from a time before the ransomware took over your office – and will have you saying “Yippee Ki-Yay” just like Bruce Willis as the ransomeware data hostage takers wont ever see a dime, and you will have all your data safe and secure.

 

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

The Cyber Monday Blues : Don’t Let Your IT or Web Site Let You Down   no comments

Posted at Dec 1, 2015 @ 3:11pm cloud

target_crash_cyber_monday_2015Black Friday is in the rear view mirror, and Cyber Monday is quickly passing by – did your web site survive the storm?  Both Target.com and Paypal.com experienced major outages for Cyber Monday this year.

Being prepared for large spikes in traffic is one thing, loosing sales and upsetting customers can have long term ramifications that can’t be easily fixed.  One of our own employees happened to be participating in this years land rush to Cyber Monday during his lunch break, placed an order online Target successfully only to get emailed hours later that the order had been cancelled due to availability sold out (After having accepted the order).  He was luckier than most, the site took his order online – but the end result the same as other angry Target.com shoppers yesterday – he was left out in the cold this winter shopping season.

 

Target’s response online twitter confirmed the issues, multiple site delays and crashes and mentioned this year’s traffic exceeding double the previous year’s as a cause (though online traffic reporting and analytics company’s Alexa.com and Netcraft.com could not confirm a double in volume or remotely close to that regarding Target.com).

It brings up a good lesson for any business to keep in mind.  Just what impact is there on your business if your web site or customer data, inventory, or ordering systems are inaccessible or worse, crash and loose data.  Do you have a business continuity plan and what is the financial loss (time, sales, and loss of good will for the future) mean to your business?

Just a couple of years ago around Black Friday and Cyber Monday shopping season Target announced falling victim to millions of account’s being compromised including credit card information – among the worst hacking scandals of the last decade in the news.  Yet Target has survived and continues, but not all business are so lucky to survive major mis-steps like these and being un prepared or blind sided when their IT infrastructure is not adequately prepared.

Being prepared for the best (big volume spikes for the holiday shopping season) also means being prepared for the worst (outages, data loss, data corruption, and more).   Having your web site or IT infrastructure hosted in the cloud using a seasoned IT firm like TurnKey Internet can offer a safety net utilizing hardened technologies to provide the scallability and redundancy crucial for your business.

Also, consider having your corporate data, servers, and web sites mirrored into the Cloud with a service like TurnKey Vault – regardless if you are a Billion dollar retail chain, or a small business office – we all need continuous reliable access to our data to keep the lights on.

Proper planning can mean the difference of going out of business versus surviving in an unexpected crisis – not every business gets multiple strikes against them and lives to tell about it.    Don’t wait until next holiday season to evaluate your cloud-based infrastructure.

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

Is your wordpress web site under attack? Over 90,000 hacker bots may be knocking on your door!   no comments

Posted at Sep 12, 2014 @ 9:50am Web hosting

wordpress-site-attackHowdie do Turnkey Lovers,

 

I have a quick question for you, have you ever heard of wordpress? My guess is since you’re reading this blog, you’ve heard of wordpress any may even be using on your own website, but for those who are first time readers, I will give a brief overview. Here is a quick overview from WordPress.org:

 

WordPress is web software you can use to create a beautiful website or blog. We like to say that WordPress is both free and priceless at the same time. The core software is built by hundreds of community volunteers, and when you’re ready for more there are thousands of plugins and themes available to transform your site into almost anything you can imagine. Over 60 million people have chosen WordPress to power the place on the web they call “home” — we’d love you to join the family.

 

WordPress is one of the most popular site building pieces of software currently on the internet. Sure, you have Joomla which is almost the same as wordpress, but has slight differences with its configuration. For this article, however, we will be focusing purely on wordpress. As you can see in the overview above, over 60 million people have chosen to use wordpress  which is quite a large pool of users on the internet. Now, what if someone decided to launch an attack on wordpress based sites? They would have a pretty large base of users to attack and could affect hundreds or possibly, thousands of websites. Well, this attack has already happened and still running at this very instance.

 

On an off for the last few months, A botnet of over 90,000 machines, has been attempting to globally brute force and hack into wp-login.php which is the file that WordPress users use to login to WordPress. The attack is sending thousands of requests at one time to attempt to login to your WordPress installation via wp-login.php in an attempt to gain access to make it part of the growing botnet. To shed some light on what a bonet is, directly from Wikipedia:

 

botnet is a collection of Internet-connected programs communicating with other similar programs in order to perform tasks. This can be as mundane as keeping control of an Internet Relay Chat (IRC) channel, or it could be used to send spam email or participate in distributed denial-of-service attacks. The word botnet is a combination of the words robot and network. The term is usually used with a negative or malicious connotation.

 

Well, you may be wondering, if I have a site on a server with Turnkey Internet, how are my sites being protected?  Since day 1 of the wide scale attacks,  we’ve enabled a server wide ACL that blocks all access to wp-login.php unless the IP is whitelisted. This ACL or access control list, keeps the attack at bay. Due to the fact that the botnet is targeting wp-login.php directly, we can deney all access to users we specifically allow. When the attack runs, our servers return a 403 page and the attack moves on. You may be saying, “Sure, that works, but is there anything that I can do as a client on my end to help relieve the attack?’

 

Listed below is the recommended code that you add to your sites .htaccess file in your public_html folder to add an extra layer of security (you’ll need to edit ‘example.com’ to be the domain you are setting it up on):

 

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteCond %{REQUEST_METHOD} POST

RewriteCond %{REQUEST_URI} .(wp-comments-post|wp-login)\.php*

RewriteCond %{HTTP_REFERER} !.*example.com.* [OR]

RewriteCond %{HTTP_USER_AGENT} ^$

RewriteRule (.*) http://%{REMOTE_ADDR}/$ [R=301,L]

</ifModule>

 

This in conjunction with our ACL will prevent the attack from affecting your site(s).

 

Additional recommendations:

-Changing your default admin username for wp-admin to a different username as the attack is specifically targeting the admin username.

 

-Placing a browser-based password on wp-login.php

 

The link immediately below will explain how to do this:

http://codex.wordpress.org/Brute_Force_Attacks#Password_Protect_wp-login.php

 

Additional information about the attack can be found here:

http://blog.skunkworks.ca/brute-force-attack-targeting-sites-running-wordpress/

http://www.inmotionhosting.com/support/news/general/wp-login-brute-force-attack

 

Using the tips we’ve provided above, this will help to keep the attack from affecting your site. It will also increase the security of your wordpress based site as well. We hope this will help all clients and not just those at Turnkey Internet, but any client globally who may be having issues with the wordpress attack on their sites.

 

Until next time

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

Written by Jeremy on September 12th, 2014

Tagged with , , , , ,