Increased attack rates continue

We’ve gotten reports from the security software from yet more sites we manage of “increased attack rates” over the past few weeks. Unfortunately, this is something which happens regularly several times a year – when schools let out in May, when school starts in the fall, and around the end of the year. These all seem to be the times of year that “script kiddies” are most active.

Fortunately they’re attempting to hit old, well known exploits which are not a problem for up to date WordPress software. We’ll of course be keeping you up to date and will be keeping an eye out for any problems these attacks might cause.

Google? Firefox? Brave? Safari?

Here’s a good update on the continuing browser wars:

https://www.washingtonpost.com/technology/2019/06/21/google-chrome-has-become-surveillance-software-its-time-switch/

TL;DR:

Browsers are tracking your every move.

The bottom line: Switch to Firefox. Not perfect, but less tracking. Safari is also a decent choice. Or consider newcomer Brave Browser. The article gives details on why and how to switch.

(I have not yet explored Brave – in fact, this article is the first I’ve heard of it. But trying it out is now joining my to-do list!)

Like any software, keep your browsers up to date. Most have an auto-update feature, and though it can be a pain having to wait for the update to finish every time you open the darn thing, it’s a better choice than getting hacked. (see: https://www.bleepingcomputer.com/news/security/mozilla-firefox-6703-patches-actively-exploited-zero-day/. Note that Chrome is not immune, having issued a release in March to take care of its own zero-day exploit as mentioned in the article.)

Update: There have been recent reports (Jan 2020) that the most recent version of Brave is prone to crashing on Mac OS. In my experience it occurs when both a) sites which are constantly updating content (ads, news) are open, and b) lots of tabs are open. Minimizing the number of open tabs and closing sites such as Facebook and CNN reduces the frequency of problems.

Scam threatens to ruin your website’s reputation

Similar to the sextortion scam I wrote about back in December 2018 (see https://protectyourwp.com/scammer-email-with-commentary/), there’s currently a scam going about that often comes to you through your website’s contact form, threatening to destroy your site’s online reputation (using your domain name to send spam, posting angry and negative reviews, getting your domain listed as a spam source, etc).

In general, it’s probably safe to ignore these emails. Should these or other scammers actually start attacking you (which is doubtful – they’re just looking to make quick cash by instilling fear, without having to go through the effort of actually ruining your reputation) there are ways to clear your reputation, so best to treat them like the annoying mosquitos that they are.

https://www.bleepingcomputer.com/news/security/new-extortion-scam-threatens-to-ruin-a-websites-reputation/

Increased attack rates

We’ve gotten reports from the security software from around 10% of the sites we manage of “increased attack rates” over the past few weeks. Unfortunately, this is something which happens regularly several times a year – when schools let out in May, when school starts in the fall, and around the end of the year. These all seem to be the times of year that “script kiddies” are most active.

Fortunately they’re attempting to hit old, well known exploits which are not a problem for up to date WordPress software. We’ll of course be keeping you up to date and will be keeping an eye out for any problems these attacks might cause

WordPress Updates – New PHP Requirements

WordPress released two upgrades this month. Both of them require that your server is using PHP 5.6 or later. If you don’t see upgrades to WordPress 5.2 or 5.2.1 in the lists below, it’s possible you are still on an earlier version of PHP. If that’s the case, we have you on our radar and will be contacting you or your webhost about upgrading the PHP on your site in the near future. Neither are specifically addressing any security issues, fortunately.