Posts Tagged ‘wordpress’

ireland website security

Solutions for Website Security

Irish Web Design are please to announce that they have created a series of packages to provide a high level of security to small to medium business websites.

The packages are designed especially for WordPress based information, blog, news and e-commerce on-line shop websites.

 

barbed wire pattern

 

Irish Web Design described the packages as consisting of the three S’s: Scan, Secure Survey.

The website security measures involve scanning the websites for issues, securing the site and finally setting up a surveillance system to monitor the website in the longer term.

It is estimated that hundreds of thousands of websites around the globe that are running the WordPress software have been infected by malicious software.

Some of the software infects the computers of visitors, who may find a realistic looking ‘Anti Virus Scanner’ pop up on their computer.

The owner is informed that his machine is infected and this software will remove the threats and provide on-going security.

This ‘peace of mind’ only costs a very modest amount, typically $10 to $20.

This is a scam, the programme is not real.

What the criminals who are behind the scam want are your credit or debit card details.

They may wait a long time before they use the information gained to empty your account of funds.

There are many variation on these scams, including straightforward blackmail: you want your site back, you will pay.

Irish Web Design have researched the issue and designed a solution to ensure that website owners can sleep at night.

While there can never be an absolute guarantee as situations can change very rapidly the system is designed to provide alerts to any suspicious activity.

Contact Irish Web Design if you want your website audited and secured.

 

 

 

 

 

 

Solutions for Website Security

bank of america signs

Little and Large Websites Attacked

Little and Large Websites Attacked

The coordinated attacks used to knock a large number of websites offline grew became more powerful in the past months. According to the American company Prolexic who run the world’s largest and most trusted distributed denial of service (DDoS) protection & mitigation service, there has been an eight-fold increase in the average amount of junk traffic used to take sites down.

bank-of-america logo

Chase Bank Logo

citi bank logo

wells fargo logo

Attackers have moved on from just using compromised PCs in homes and small offices to flood websites with vast volumes of traffic, and are now using Web servers, which have vastly more more bandwidth available.

The recent ongoing attack on servers running the WordPress blogging application is constantly seeking new computing power that can be harnessed to form vastly bigger botnets.

Prolexic reported that well-financed attackers  are increasingly able to coordinate with fellow crime organizations in the large-scale assaults.

These types of attacks appear to be here to stay and can only be achieved by having access to significant resources  including manpower, technical skills and an organised chain of command.

The most prominent targets of the attacks have been the America’s largest banks, including Bank of America, Wells Fargo Bank, Chase Bank which at times have become completely unreachable following the flood of traffic.

Prolexic believes these attacks are not individual youngsters flexing their muscles, because the efforts involved in the harvesting of hosts, coordination, schedules,  specifics and the sheer military precision of the attacks suggests the presence of experienced criminals that recruit ‘digital mercenary groups’ to do their work for them.

San Francisco-based CloudFlare’s network was recently bombarded by data sent by more than 80,000 servers across the Internet that all appeared to be running WordPress.

Attackers will enter a legitimate user name along with passwords that are known to be invalid, which, when repeated millions of times overwhelms the servers as they perform database lookups and then report the authentication failure which the system struggles to record it in the internal logs.

The vast increase in applications such as WordPress and Joomla  could become to this decade what the early versions of Microsoft’s Windows XP were to the previous decade. In the 2000s it was easy to compromise desktop PCs and turn them into spam-sending engines or botnets to perform various nefarious acts.

Nowadays using a server that is at least ten times as powerful as a desktop computer can do a great deal more damage.

Recent Irish websites that have been attacked include the websites for the Department of Justice and the website of the Department of Finance.

Little and Large Websites Attacked

Irish Web Design

wordpress attacked circular 3d logo

Protect Your WordPress Website

One of the most popular content management systems in use on modern websites is WordPress, found on more than 60 million websites around the world.

WordPress has been in the news recently as the subject of a large-scale attack from a huge number of computers from across the internet.  This automated botnet attack was attempting to take over servers that run WordPress websites.

Many experts believe that this current attack is a relatively small scale version of a botnet that will infect computers in the future. The next attack may be vastly stronger and more destructive than what we have seen recently.

Running on the servers that have bandwidth connections that are hundreds or even thousands of times faster than machines in homes and small businesses.

The enormous popularity of WordPress shows its vulnerability in a situation like this, as a result of it’s ease of use is weak security by users.

This typically means that users continue to use the word ‘admin’ as a user name, as this is the default administration account that’s created when you first install WordPress.

Weak passwords may be guessed by the ‘brute force’ attack of a botnet, able to try vast numbers of password combinations in a short space of  time.

For the moment every WordPress user should disabled the default ‘admin’ account in their installation,  and replace it with something else. This may take you out of the immediate danger from the current the attackers.

To create a strong password you need to use at least ten characters with a combination of upper and lower case letters along with some numbers and even some extended characters

The recent attack serves as a reminder to everyone that that security for your WordPress blog or website is something you do need to continue to work on.

What follows is Irish Web Design’s advice on what can you do to make your site more secure. These actions will help to deter such attacks in the future.

Update to the latest WordPress (currently version 3.5.1)

If there is an administrative user called ‘admin’.

Create a new account with a different name, unconnected with the name of your website. Give it administrative privileges.
Give it a strong password you have never used before.
Write these details down in at least two different places.
Sign out of the account.
Sign in as the new user.
Delete the old ‘admin’ user account.
During this procedure, you’ll be asked by  what account should you assign posts to created by ‘admin’ to.
Choose the new account name you just created.

You should also enable ‘two-step verification’ for each user in your WordPress account. As this is a more complex process with additional implications we will carry an article on the subject in the near future.

Irish Web Design would also recommend changing all passwords connected with access to the site, server and database on a regular basis.

As a matter of course Irish Web Design also recommend that all users should install a number of security programmes on all WordPress websites to prevent them being hacked.

In our view, if you adhere to minimum standards of security for your WordPress site it will give you a good level of security and will make it more difficult to hack into your site.

Don’t let the spammers, hackers or botnets destroy your presence on the web. Your site or blog can be secure with a little thought and effort.

Title of article: Protect Your WordPress Website published by Irish Web Design

Irish websites attacked

A report from the BBC News website reported:

WordPress website targeted by hackers

Wordpress website
WordPress users are advised to change their user names

WordPress has been attacked by a botnet of “tens of thousands” of individual computers since last week, according to server hosters Cloudflare and Hostgator.

The botnet targets WordPress users with the username “admin”, trying thousands of possible passwords.

The attack began a week after WordPress beefed up its security with an optional two-step authentication log-in option.

The site currently powers 64m websites read by 371m people each month.

According to survey website W3Techs, around 17% of the world’s websites are powered by WordPress.

“Here’s what I would recommend: If you still use ‘admin’ as a username on your blog, change it, use a strong password,” wrote WordPress founder Matt Mullenweg on his blog.

He also advised adopting two-step authentication, which involves a personalised “secret number” allocated to users in addition to a username and password, and ensuring that the latest version of WordPress is installed.

“Most other advice isn’t great – supposedly this botnet has more than 90,000 IP addresses, so an IP-limiting or login-throttling plugin isn’t going to be great (they could try from a different IP [address] a second for 24 hours),” Mr Mullenweg added.

Matthew Prince, Chief Executive and co-founder of Cloudflare, said that the aim of the attack may have been to build a stronger botnet.

“One of the concerns of an attack like this is that the attacker is using a relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack,” he wrote in a blog post.

“These larger machines can cause much more damage in DDoS [Distributed Denial of Service] attacks because the servers have large network connections and are capable of generating significant amounts of traffic,” he added.

Hi-tech crime terms

  • Bot – one of the individual computers in a botnet; bots are also called drones or zombies
  • Botnet – a network of hijacked home computers, typically controlled by a criminal gang
  • Malware – an abbreviation for malicious software ie a virus, trojan or worm that infects a PC
  • DDoS (Distributed Denial of Service) – an attack that knocks out a computer by overwhelming it with data; thousands of PCs can take part, hence the “distributed”
  • Drive-by download – a virus or trojan that starts to install as soon as a user visits a particular website
  • IP address – the numerical identifier every machine connected to the net needs to ensure data goes to the right place.

Many Irish websites attacked, and further information provided by Blacknight revealed that:

Last Tuesday they began to see high load on a small number of their shared hosting servers, upon investigation they saw the cause was an unusual number of login requests to the admin section of WordPress sites.

It quickly became obvious the scale of this attack was far greater than the usual attacks seen on self-hosted WordPress sites and was the work of a large botnet.

Our technical team work around the clock to ensure servers and services remain online and work as expected. While many hosting companies began reporting the attack and took action at a server level, including in some cases blocking access to wp-login, we worked to mitigate the issue at a network level. This was due mainly to the large number of servers involved.

The attack slowed down on occasions during the week and then increased again with some characteristics changing to overcome the defence mechanisms that were put in place.
By Friday afternoon the attack was no longer growing and the number of new IPs we were seeing had reduced greatly, the attack continued to slow at the weekend.

So here are some numbers and statistics that we are happy to share.

Over the week our Engineering team recorded over 10 million login attempts originating from over 190,000 IPs, of that we blocked 65,000 IPs from over 183 countries, from our network during the attack.

Top 30 – blocked IPs by country

13866 : BR, Brazil
6313 : TR, Turkey
2909 : MX, Mexico
2419 : IN, India
2252 : PL, Poland
2171 : ID, Indonesia
1862 : VN, Vietnam
1795 : AR, Argentina
1751 : KR, Korea, Republic of
1568 : RS, Serbia
1431 : GR, Greece
1392 : PT, Portugal
1366 : FR, France
1319 : TH, Thailand
1281 : EG, Egypt
1185 : VE, Venezuela
1118 : MA, Morocco
1035 : DZ, Algeria
907 : RU, Russian Federation
873 : CL, Chile
801 : BA, Bosnia and Herzegovina
796 : UA, Ukraine
775 : SA, Saudi Arabia
769 : ES, Spain
754 : RO, Romania
752 : IT, Italy
728 : CO, Colombia
569 : MY, Malaysia
527 : PE, Peru
475 : US, United States

 

Visit Us On TwitterVisit Us On FacebookCheck Our Feed