By

Website security and the 5 million hacked Google accounts

Google-DocsYou’ve undoubtedly heard of this by now. But please read this as you’ll see how this could affect you. I’ll tie this in with the other report of hackers stealing over 1.2 billion login credentials recently and how it relates to website security.

Hackers have reportedly posted a list of approximately 5 million compromised Google accounts on a forum. If you’d like to check to see if your account is one of them you can go here:

https://isleaked.com/en

If you have a Google account, you should change your password immediately and while you’re at it, change your Google password. If you’re logged into your Gmail account, look in the upper right-hand corner for this icon:website security affected by hacked Google accounts

Hover your cursor over it and select “Settings”. Then select “Accounts and Import”. The first category is “Change password”. Click that, enter your current password (the one the hackers may already have) and then type a new password in twice.

With all the recent hacking news, you should be knowledgeable enough now to know not to re-use passwords. When you’re changing your Google password, please create something entirely new. Make it different from all your other passwords.

Why all of your passwords should be unique

Hackers will use your email address and your password on thousands of different sites to see if any of them work.

In recent news, this could have been the strategy behind various accounts being “hacked” at Namecheap.com. Here is some information on that: http://www.pcworld.com/article/2600940/namecheap-says-accounts-compromised-in-hacking-incident.html

If hackers crack into a website that contains usernames (email addresses usually) and passwords, they will try those same login credentials on a multitude of websites knowing that many people use the same password on most of their logins.

While you’re updating your Google password, switch on 2 factor authentication. It’s a great way to protect your online presence.

What does this have to do with website security?

Everything!

You have login credentials for your hosting account, your hosting account email addresses, your database, your WordPress, Joomla or other website software. Do you use the same password across those accounts? If so, be prepared for some work. You’re going to change all of them – now. Not when you have time this weekend – NOW!

Ever wonder how hackers “break” into websites? Often times, they don’t have to. They just login. There’s no hacking there. You can have the most expensive firewall in the world. If hackers have your username and password, there is no website security in the world that will prevent them from infecting your website.

How did the hackers get these login credentials?

We believe that they may have obtained many of them from phishing scams. Over the past 60 days, we’ve removed 7,218 Googledocs phishing setups on websites.

The scam usually begins with a fake email from someone who wants to “share” a document with you. It could be a business offer, secret photo’s or anything else that might make you curious enough to open it. The original email could even appear to be from someone you know.

Hackers frequently infect people’s computers with viruses. These viruses steal the victim’s email address books which are then used to send email to all the people in the address and it appears to be from the original person.

Let’s say one day you get an email from a friend. Maybe someone you correspond with frequently. The email states they want to share a personal document with you. Sounds legitimate doesn’t it?

You open it, enter your Google docs username and password, as your curiosity gets the best of you, only to discover there’s nothing there! Would you find that odd?

Maybe. Maybe not.

Well my friend, your Google login credentials have just been stolen in a phishing scam.

It all comes back to website security

You must be certain your website is not used in any phishing scam. These phishing files are often buried deep in the folder structure of a website. We’ve seen them 11 sub-folders deep and they can be anywhere on a website.

Next, you have to be wary of all emails. Yes, even those sent by what appears to be someone you know. We will be posting a new article about how to increase your spam filtering in cPanel accounts. We’ve tested it and it works well.

Some of our clients running VPS’s for their client’s websites, have expressed concerns over the amount of incoming spam. We conducted some in-depth research, created a strategy, implemented it for a few clients, tested and tweaked it and we now make it as part of our standard services. Contact us if you need help in filtering out more incoming spam.

Normally, you could hover your cursor over the link in an email and you could probably tell with some degree of certainty, whether or not a link was phishing or not. However, with some of the Googledocs phishing, the fake login page is frequently hosted on Google’s servers and uses SSL.

What the hackers have done is created a folder inside of a Google drive account. Then it’s configured to be public and then use the Preview feature to get a URL that publicly accessible. That URL is then pasted into their emails and blasted out to millions.

Need for more website security

In this scenario, the hackers will typically use an infected VPS or dedicated server to send out the spam messages. During the past 60 days, we have removed over 100 million spam messages from email queues. These were messages that were ready to be sent, but hadn’t been delivered yet. Many of these were being used in the Googledocs scam.

Keeping a close watch on your email queue is something that vitally important and something our VPS and dedicated software does.

Enough about us, all of this really needs to be addressed in your overall website strategy. Reputation means everything online and one careless step with your website security could drop you in the search engine rankings, get your VPS or dedicated server blacklisted with the spam blacklists, or you could get listed on a website for hosting phishing files.

None of which will be good for your website’s reputation.

Do you have a website security strategy in place?

If not, let’s talk. The discussion costs you nothing. Give us a call or send us an email. We’ll be glad to discuss what a good website security plan should include. You’ll be glad you did.

Thank you for reading this far.

By

revslider plugin vulnerability

website hackedBack in July the revslider WordPress plugin was discovered to have a vulnerability that allowed arbitrary files to be downloaded. This was specifically for version 4.1.4.

This vulnerability has been actively used to infect WordPress websites.

Normally, being able to download a file to your local computer isn’t a huge news flash. However, when you consider this allows people to download your wp-config.php, which contains all the login information for your database, it can be used in a variety of ways by cybercriminals.

I bring this up because we’ve been seeing a number of websites infected this way.

When the hackers download the wp-config.php file, they strip out the database login credentials and then try to login to the database remotely. If successful, they either add another user with administrative rights or change the password to one of the existing users with administrative rights.

Next, they login and either upload a malicious backdoor or use the theme-editor to inject malicious code in the theme files.

I would like to mention that some hosting providers, Bluehost, Hostmonster, JustHost and many others, don’t allow remote access to phpMyAdmin in the cPanel by default. You have to whitelist an IP address to enable remote access to phpMyAdmin.

That basically kills this specific attack in their environments. However, that’s only this specific attack. Other files could be downloaded that would provide the attackers enough information to be able to infect the website.

Also, some website owners use the same username and password as their cPanel. This could be disastrous. Never use the same password as your cPanel. Never.

As always, keep all your plugins and WordPress updated.

Always!

Thank you for reading. If you have this plugin contact me for a way to test your site (no charge).

Send me an email: traef@wewatchyourwebsite.com