Why would they hack little old me?

WordFence posted a great article on “Why is an insignificant website like mine being attached?”, a very common question asked by owners of smallish sites.

Most of it comes down to money. Here’s a quick synopsis:

1) Using your host’s server to run their own programs (the latest craze is cryptocurrency mining)

2) Leveraging your reputation

a) hosting phishing pages
b) hosting spam pages and injecting spam links
c) sending spam email
d) attacking other sites
e) hosting malicious content

3) Leveraging your site contents

a) malicious redirects
b) defacements
c) distributing malware

4) Stealing data

5) Ransomware

Full article at: https://www.wordfence.com/blog/2018/03/ask-wordfence-why-is-an-insignificant-site-like-mine-being-attacked/

FBI warning re: W2 scam

The FBI has issued a warning about a scam which is making the rounds, asking your HR personnel to release W2 info. Be wary, especially between now and April 15th.

Captcha Bypass

We’ve seen a large uptick in the number of spam getting past the defenses in the last two weeks – it seems someone has devised a new way to get around Captcha.

The Akismet plugin has been catching most of it on those sites which have it enabled. We’re seeing 4-5 times as many spam getting caught.

The spam which has gotten through to my email accounts typically has a short message and a link for you to “check out”. I’m sure most of you are sharp enough to know this, but just in case you’re tempted: Don’t follow the link. It’s almost surely a site which will try to infect your computer with malware.

Company fined £400k for sloppy security

A UK company, CarPhone Warehouse, was fined £400k (about half a million dollars) for a massive breach basically caused/allowed by ignoring basic security rules that we all should know:

  • Use secure, unique passwords (all their servers had the same root password, which was known by 30-40 people)
  • Software kept up to date (their WordPress installations were 6 years out of date; other software also years out of date.)
  • Although the historical transactions were protected by encryption, the encryption keys were stored in plain text within the application.

“Carphone Warehouse had claimed that the attack was ‘sophisticated’, but in reality the attacker used the Nikto web scanning tool which is freely available and checks for outdated web servers, application software and common configuration errors.”

Full article at https://www.accountingweb.co.uk/tech/tech -pulse/carphone-warehouse-fined- ps400000-for-cyber-attack

January ’18 updates

WordPress core files were updated to 4.9.2 on January 16th, and WordFence saw an update to 7.1 on Jan 24. If you don’t see those on the list in your monthly report, your site received the updates as an automatic “push” from WordPress.

 

MalwareBytes bad update

If you use MalwareBytes (anti-malware program), they pushed out a bad update on Saturday, 1/27. 

How to resolve / verify you have the fixed update package:

Update package version 1.0.3803 or higher contains the fix.

To resolve, simply reboot your machine. In some cases, a second or even third reboot may be needed.

To verify you have this update, go to Settings -> About -> Update package version: 1.0.3803

More scary stuff

Lots more brute force attacks this month following the leak of 1.4 BILLION username/password pairs.

Away Mode

SolidWP Security (formerly known as iThemes Security and installed on all the sites we manage) allows you to enable “Away Mode” – disallowing any administrator logins during hours when you’re sure nobody should be working on your site.

Hackers try to get in to sites around the clock. But are you likely to log in at 3am local time?

Security news

As usual, there’s lots of scary stuff in the security news these days. Be safe:

  1. Use different passwords for each site or service. Never re-use.
  2. Use secure passwords. There’s plenty of advice on the ‘net about what that means. Or use a password generator, or a password service like LastPass or 1Password.
  3. Be hyper aware of phishing attempts especially at this time of year. Don’t open attachments from people you don’t know – or people you DO know when you’re not expecting them. Nothing is so time critical that you don’t have time to ask “Did you just send me ‘HappyPuppies.docx”?    And be sure the response comes from the person who supposedly sent it.  I recently received a dropbox link from a cousin, out of the blue.  I hovered over it and it obviously was not a link to DropBox, so I was a bit suspicious.  When I emailed him (at the same address) I got a response that yes, he did send it… but no other details.  Which reminds me… I still need to call and confirm!
  4. Consider using an anti-malware program. ClamAV (Windows) and ClamXAV (Mac) are inexpensive and effective, as is Sophos Home.

Automatic Updates

We’ve had another round of important updates this month, including WordPress 4.8.3 to 4.9.0 early in the month, followed by 4.9.0 => 4.9.1 on the 29th. You may not see that one in your monthly report from us, as WordPress automatically updates the “dot” releases (those taking you from #.#.X to #.#.Y).

Sometimes the automatic updates get it done before we do!