Posts Tagged ‘website’

How to Increase the Security for Your Website

Friday, November 18th, 2011

The security of your business’s website should be one of your highest priorities. A secure website is one of the best ways that you can establish trust with your customers. The security of your website will directly impact your number of visitors and has the potential to hinder or boost your sales. With the massive number of website intrusions this year alone, hacking has become a major concern for most online shoppers. Whether it is to protect your website or your customers personal or financial data, a secure website is a must have. The following are some tips for creating a strong and secure website environment for your consumers. Securing Your Website

Use a Strong Administrative and Database Password:

Creating a strong administrative and database password will prevent hackers from accessing the admin interface and from taking over your entire online business. If a hacker does gain entry to your website’s administration panel they can pretty much do whatever they please from defacing your website to committing fraud by pretending to be you or your company. To learn more about creating strong passwords visit Elements of a Strong Password.

Secure Admin Email Address

An admin email address is used to login to your web server, CMS, database. It should be kept private and different from the one that you have on your contact page.

Make sure you have Firewalls Implemented:

Configuring a firewall will help prevent unauthorized access to your site and acts as a filter for the information that is sent to and from your website. You should configure your firewall to the highest security preferences so that it will deter hackers from attempting to gain entry to your site.

Update Your Antivirus Program Regularly:

New malicious programs are created and discovered every day so it is important that you not only have Antivirus software but that you also keep it up to date. Antivirus programs scan, track, and remove any problems from your hard drive. Like Antivirus software a spyware program can detect and eliminate any spyware that has made a home on your hard drive.

Read the Latest Information on Tech Blogs:

Reading tech blogs regularly will keep you up to date on the most recent vulnerabilities and will help you stay one step ahead of hackers.

Use robots.txt to Keep Certain Things Hidden from Search Engines:

Add a robots.txt folder for the documents, images, and information that you do not want to be indexed by search engines.

Use a Secured FTP Access and Restrict Root Access

SFTP access prevents others from being able to view what you are uploading or downloading to & from the webserver. Restrict the access to certain non-system folders to prevent FTP uploads by people other than the system administrator.

Check Your Software and Third Party Scripts:

Ensure that any software you use is kept up to date with the latest security fixes. (Blogging software like WordPress, third party scripts, etc.) Also remove any scripts, services, or other software that you are no longer using.

Perform Security Testing:

It is important that once you have the previous security items in place that you perform security testing. Search your website and source code for any security flaws that may allow unauthorized access. You can check your source code for free with Source Code Analysis Tools. Using security plugins like WordPress Security Scan are also a great way to analyze the security of your site.

Keeping your website secure is a never ending job, there will always be new threats and hackers will continue to find new ways to gain unauthorized access. Implementing these suggestions in addition to doing your own research will help you to stay as far ahead of these types of individuals as possible

Thanks for Reading!

Dustin

ComputerFitness.com

Providing Tech Support for Businesses in Maryland

Tags: , , , , , ,
Posted in Firewall, Information Security, Web Development | 1 Comment »

Major Security for Major Websites Does Not Always Prevent Vulnerabilities

Friday, May 13th, 2011

Online security threats and system vulnerabilities will always be an issue on the Internet regardless of the amount of security we implement. As the security for major online companies gets smarter the hackers and computer viruses get more inventive as well. This balance is unlikely to disappear because there will always some kind of benefit for people who perform these destructive actions. Whether it is for notoriety, money, or information the effects of these actions require companies to be forward thinking and remain focused on the protection of their users.

caution

Following the largely publicized PlayStation Network Hack a couple weeks ago, two other major websites experienced their own misfortune. For Google it was discovered that their images were replaced with malware and Facebook was also notified that their applications were unintentionally leaking information to third parties. Although these two incidents are completely different with one being pure mischief and the other being an oversight the two cases highlight severe vulnerabilities for major websites.

After weeks of user complaints Google identified that some of their Google Images search results were pointing users to webpages that forced misleading anti-virus scans and security alerts. The attackers apparently infiltrated high trending Google Image search results and planted their own PHP scripts to generate their own malicious content. Once their own PHP scripts were implemented the Google bots crawled and eventually displayed thumbnails for their bogus web pages. When clicked on, the image redirected users to a bad page. Google is currently working hard to remove all of the bad links. For more specific details on how and what was affected visit More on Google Image Poisoning.

Shortly after Google realized their security flaw, Facebook was notified by Symantec regarding their security issue. On Tuesday May 10, 2011 Symantec published that Facebook applications have been unintentionally leaking user information to third parties. Although it is impossible to pinpoint the exact number of affected users it is estimated that the information of hundreds of thousands of users could have been exposed. However Symantec and Facebook state that it is also possible that most of the third parties didn’t even realize the leaks.

The leaks occurred through access tokens which are basically authorization codes that are assigned once a user accepts or grants permission to a Facebook application. Once Facebook was notified of the leaks they implemented the necessary changes which are described in the Facebook Developers Blog. Concerned users can take their own actions to nullify any current access tokens by changing their account password. As mentioned although these leaks were accidental this incident provides a perfect example for the vulnerabilities that websites like Facebook still have even with good security.

Sometimes the bigger the company, the bigger the target. Security should always be a crucial aspect and top priority for any business.  It is not only up to the major websites to try to stay head of the relentless security threats and system vulnerabilities, the individual users should do their part as well by being educated about online risks and by taking the appropriate precautions to remain safe.

Thanks for Reading and Have a Great Day!

Dustin

ComputerFitness.com

Providing Tech Support for Businesses in Maryland

Tags: , , , , , , , ,
Posted in Information Security | No Comments »

Cyber Criminals, Targeting Your Sympathy in the event of a tragedy!

Friday, March 18th, 2011

When natural disasters occur many people and groups across the world feel sympathetic to those that have to endure through the hard times.   Whether it is through donations, prayer, or assisting in reconstruction, people usually come together and offer their support in one form or another.   However, this of course is not always the case and where good hearted people may see an opportunity to help out there are others out there that are looking to take advantage of the situation.

phishingAlthough the Internet has greatly advanced over the past years it still remains vulnerable to cyber criminals.   Even with the number of safety and security precautions established on the Internet the number of threats has nearly doubled within the last two years.   Social media may be partly responsible for the growing number of threats because as the number of web users increases so does the number of these attacks.

Taking into consideration how much the Internet has evolved and the number of security features that have been implemented one thing remains the same and that is the human factor.   Not all people are good and this is evident with cyber hackers, criminals, and the other individuals that only see the negative opportunity when tragedy occurs.

There are a number of ways cyber criminals take advantage of the Internet and web users. Among the most frequently used methods is phishing.  These websites and emails are designed not so much to take advantage of the people impacted by a tragedy but the sympathy and compassion others express following the disaster. These sites and emails are created to make them appear as a legitimate company, meanwhile they have no connection to that company whatsoever nor do they have any intention of offering the support they are promising.   Their only purpose is to gain access to your information and money.   Following the devastation in Japan or any of the other natural disasters like the Indian Ocean Tsunami and Hurricane Katrina , most the time people want to help which makes them a perfect target for online scammers.

Often times it is amazing how quickly support efforts are rallied. It is shocking but not surprising that just as fast as support efforts are gathered the same is being done for fraudulent swindles. As if the catastrophe wasn’t bad enough now the people who are trying to do something to help and make a difference now have the misfortune of being mislead and cheated as well.   Not only are these individuals cheated out of money but the group of people facing the tragedy is not receiving the help and support they were meant to have.

Already a number of fraudulent relief efforts have been reported and there are probably many more that are yet to be discovered.   Its important to remember that there always has been and most likely always will be someone trying to profit from the kindness of someone else and not to fall victim to their attempts.   Remember that these criminals seek out these opportunities and take every advantage to exploit them.   Some key tips include not providing your information through email and making sure that you are doing your research before donating.   If you wish to help make sure you locate a secure, legitimate and reputable organization for which to offer your support with.

Learn more by going to the links below

Current situation in Japan

CBS News, Disaster in Japan

Have a Great Day!

Dustin

ComputerFitness.com

Providing Tech Support for Businesses in Maryland

Tags: , , , , , , ,
Posted in Information Security, Internet | No Comments »