That’s a question I hear a lot from clients and associates lately, and it’s a valid one. I sat down with a client that wanted a website for her new business. She was in a partnership with a friend and between them had limited funds allocated for web development and marketing, they were putting all their money into the product. They signed up for an account on Wix.com (which is a free website builder and host) and gave forth a great attempt at putting together a “professional looking” website. Problems arose when they wanted custom options that were just not available to them under the free plan. Now they were going to have to purchase a rather pricey monthly plan which would still require some CSS knowledge, a decent photo editing program that has a steep learning curve and as well as tons of time learning the ins and outs of the Wix content management system, SEO, marketing, etc. At the rate they were progressing, they would have ended up spending even more money than they wanted as well as delayed the business open by over a year. Time is money and they wanted to invest time in growing their business not learning new software.
Another client was using a free self-hosted website. He had tremendous amounts of original content including videos, photos and case studies. He also used a free self-hosted site with a free template. The site looked professional but the biggest problem was he had no readership. Just because you build it, does not mean they will come. SEO and SEM are a skill that takes time to learn and execute. This client was more inclined to write and share. He did not want to learn nor worry about optimizing pages, building back-links, check his site for 404’s or register his site with the search engines.
A third client had a website hosted on Squarespace. It for a business site which showcased some past work and had all the necessary means for contacting the company. Unfortunately, there were many problems – images weren’t optimized, the content was poorly written and certainly not SEO rich. The site looked like it was put together by an amateur. There was no sitemap, the business was not indexed by any search engines and he wasn’t getting any business from the web. There was a decent social media presence but again the site was very poor and far from professional.
Yet another client had a site that was hosted on a VPS with GoDaddy.com. The site was built using WordPress with a custom template. The owner had originally paid to have the site developed and installed by an outside company but figured he could maintain it himself. He knew how to post content, add photos and even tweak a thing here or there, the problem was – he got hacked. Sadly, the owner didn’t stay on top of the most recent news and hadn’t upgraded his WP version or plugins in quite some time. A known vulnerability in the version he was using was exploited. Had the site been updated he would never have been vulnerable. Luckily the host had backups of his database and files as he wasn’t making any on his own. By the time we got the backups restored and the site running again he had lost a few days presence on the web, this, in turn, resulted in lost revenue.
Hiring a consultant to develop, install and manage your website might seem like a big unnecessary cost but the ROI will be ever-present. Good professional consultants will be on top of the latest trends and news. They will know when a security risk is present and will work to prevent downtime. Consultants that specialize in SEO and SEM will better know how to optimize and market your site so that you get as much visibility on the web as possible. An expert will make sure you are regularly backing up, will have a test site running so all changes can be tested and make sure you don’t LOSE revenue.
Ransomware has been around since the late ’80s but appears to be more proliferate today – especially with the advent of the bitcoin. Having a currency that is completely untraceable makes it more appealing to hackers and cryptographers to create these harmful yet possibly profitable bits of software. Remember – malware doesn’t develop on its own, someone(s) somewhere had to sit and code a piece of software and then determine the best way to get you to install on your machine. Much thought goes into these schemes.
Today I came across an article entitled Forget Game of Thrones as Android ransomware infects TVs, where a new variant of ransomware is targeting TVs. Sounds crazy right? but no makes sense.
Many of today’s smart devices rely on an underlying operating system (Linux, Android, BSD, Windows) to function. The manufacturer will build a proprietary interface to sit on top but the guts are generic and freely available as are their exploits. Now with app stores for just about everything with a screen and internet connection, it’s very easy for people to create programs that can infect anything. Such is the case with Flocker – the new ransomware that targets smart TVs that use the Android operating system.
Yes, this piece of malware can actually lock up your tv with a warning and a way to pay to have it “released”. The aforementioned article goes into things a bit deeper and how to clean should you be one of those unfortunate victims.
How do I keep myself safe from ransomware?
- Firewall – enable your Windows firewall. This will help prevent your infected machine from contacting the command and control server.
- Be careful when open emails and attachments from unknown sources – even known sources
- Install modern A/V as well as Admuncher or other ad blocking software (Adblock for Chrome) and Malwarebytes anti-exploit. All free
- Back-up the hell out of your data. This should be practiced regardless as many things can go wrong with your PC.
- Turn on Shadow Copies if you are a Windows user.
- Pray – OK a bit of a joke here but unfortunately, you can take all the necessary preventative measure in the world and still get infected. That’s why it is crucial to backup your data.
- Don’t install apps that you aren’t sure are 100% safe.
- For tv’s – get outside – you should be playing anyway.
Unfortunately, I’ve come across different variants of ransomware and thankfully we had good backups in place so there was no data loss. Good luck and happy surfing.
I had an issue last week with a client’s site being hosted on GoDaddy. The site was originally set-up by another consultant that used a less than desirable domain name. We chose to go with one that matched the name of the business as opposed to one that is supposedly keyword rich. It really wasn’t anyway. The problem was the account was set-up using the undesired domain name as the primary and the one we really wanted was set-up as an alias.
Long story long – the site had been working quite well for a number of months. Then we noticed last week the site was unresponsive. We were getting 500 errors or super slow load speeds. Step one was to call the hosting company.
The first tech we worked with almost insisted that the problem was with WordPress and not hosting. We explained that nothing had changed on the WP side of things and that the site was working fine just the other day. We poked around to see if any core files or the database had been hacked but there was no evidence of tampering. The tech insisted it was the install. After disabling plugins and testing a different theme, the tech concluded that there was nothing wrong with WordPress and handed us off to hosting support – which is the next tier support.
The next tech got on the line and asked what the problem was, apparently they didn’t read the notes from the tech before. So after convincing this tech that there was nothing wrong with the install, she went ahead and ran some MySQL tests and noticed there was a lag. She put me on hold for 15 minutes and returned apologizing that there was definitely something wrong with the host and it was finally marked on the whiteboard. She said to wait it out and if not fixed by the next day, to call back. 2 hours later, we finally hung up and waited for the problem to be resolved.
The next day the site was still down. We called back to ask the status of the problem. The new tech explained that there was nothing wrong with MySQL and the problem has to be that the domain name is set-up as an alias and not an add-on. The tech said I would receive directions on how to change it and after 24 hours the site would be fixed. Being I wasn’t the domain owner, I had to wait for them to email the client and then the client to forward to us. The process was pretty straightforward and we made the necessary changes. This did nothing to resolve the problem. We called back.
The next tech that we got on the line was actually rather nasty. She asked if any changes had been made to the site and when we said “no” she said “What are you talking about? I see a ton of changes were made to your site. You can’t do this that and the other thing and expect it to work?” We then explained that every change that was made was under the direction of a GoDaddy technician and that from Day 1 we knew the problem had nothing to do with WordPress or that any of the changes were going to remedy the situation. We actually went on to explain that we didn’t appreciate the tone the tech was taking with us. After a few more minutes the tech realized the problem was that we needed to change the primary domain to the one we wanted to use. She made the change and stated that it would be about 24 hours for the change to propagate. We said thank you and then hung up.
We tested the site throughout the day and noticed the main page would load as well as the admin page but all our sub-pages were receiving 404 errors. We just waited for 24 hours as the tech had suggested, although that still didn’t seem right.
24 hours later we tested the site again with the same results. The 404 errors were not even being thrown by WordPress but by the server. Something just didn’t add up. We proceeded to create an FTP session to look at the site files. We noticed the .htaccess file had been renamed htaccess_bak, which is obviously wrong and was certainly not renamed by us. After properly naming the file, the site kicked in completely. 6 days of downtime – 8 hours on the phone and much hair pulling we finally got the site back up. We didn’t switch hosting providers as that would result in more work and downtime but GoDaddy did not impress. Tread lightly.
Yes, you read that right. I don’t mean protect your business remotely – I mean to protect your business from one of the greatest (if not THE greatest) information tools ever created. The www is filled with photos, videos, sound bytes, cats doing silly things to dogs, babies laughing uncontrollably and of course men seeking women for discreet relationships. Oh and it’s a terrific tool for business as well.
As great a tool as the internet can be – it can also be a very dangerous place both at home and at the office. If you have children; especially younger ones, it is pretty safe to assume that you would not let them walk out of the house and down a dark busy street all by themselves – especially if that street has a bad reputation. The information superhighway; similar to that busy, dark and unsafe street, should also be navigated with extreme care and children need to be protected.
If you are a small business owner, it’s possible you have an office with high-speed internet access for your team to send and receive email, browse the web for new work, share files with clients, or whatever the case may be. Left unabated, those users can unknowingly or even willingly, compromise company data by downloading malicious software, uploading confidential files, viewing illegal sites or just waste time cruising social media or sports sites.
How do you protect yourself? And for a limited budget?
There are a few ways, some are free and some cost money, some are high maintenance and some are easy to configure and maintain. Here are a few options I have come across both to protect my home network as well as those of clients.
One of the free-est methods to protect a computer – but also one of the more cumbersome – is to edit the Hosts file. The Hosts file – typically found in C:Windows/System32/drivers/etc/ is a local file that is used to convert domain names into IP addresses. It is similar to a DNS server but it resides locally – both work like caller ID for the phone. You can use notepad to open the file or download a hosts file editor. If you know of a particular site that is either dangerous or undesirable, you can put the name in the file ex. playboy.com – hit tab – then key in 127.0.0.1. That is the loopback address of the machine and will just bring up a blank page. There are many blacklists that can be downloaded but A – this would need to be done quite often as the web changes every second and B – if you have more than one machine – this could be time-consuming and very cumbersome. Cheap and somewhat effective but far from cohesive.
Another option I have used, especially at home, is to sign up for an account with OpenDNS. OpenDNS works similarly to the Hosts file solution except that it is maintained by a third party, is automatically updated and doesn’t require editing any core Windows files.
The Parental Controls in OpenDNS:
Covers any device connected to a single home network. Includes web content filters, two weeks of basic reports, SmartCache, and phishing protection powered by PhishTank
I am currently using this at home. I have my DNS servers pointing to OpenDNS and then my family is protected from the web. It is free and pretty easy to maintain. Downside – it blocked some sites my wife needed and historical data doesn’t go back further than 2 weeks. It also doesn’t do actual packet filtering so unwanted nasty-ness can still traverse. Also, if a user is savvy enough, they can change their DNS servers to something public and completely circumvent protection. Now granted, this is only using the free version, I have not used the paid version and at the time of writing this article, you either have to request a quote or fill out a form that will surely land you more spam in your inbox.
Now if you are a business owner and have a little bit of a budget to blow, then using a hardware device could be a great alternative. I have used the iPrism by Edgewave and the Barracuda Web Filter. Both work pretty similarly, have one time cost as well as an annual maintenance fee and are fairly easy to set up. The biggest difference and benefit to these devices is that fact that it sits on your network and filters traffic as it flows through it. It examines packets for malicious software, you can select categories or individual sites to both deny and allow, and you can monitor all web traffic – both historically as well live. There are tons of reporting features, blacklists are maintained and updated daily and you as a business owner can feel a little more comfortable that your network is protected. The downsides – the start-up and annual fees, the initial set up can take a bit of time and there will be a brief (although very brief) interruption as the device is put in place.
There are other free and paid solutions, both hardware and software based and the selection can be a bit daunting. For help – give West to East a chance to help. We’ll provide the right solution for your network.