All Posts, Web Development
You may have received a few web form submissions on your website that at first would seem like a bunch of HTML coding garbage with an email address and name that make absolutely no sense.
I did a bit of research and found out that these are from hackers in China. When I first started to receive them I just deleted them because the forms on our server are not stored on our server but instead are sent via email to our office. Eventually over the next few days I began receiving 5-10 form submissions every few hours each day. This can be terribly troublesome and alarming.
In order to combat this you’ll need to block the IP addresses from those rogue computers/hackers in China. Fortunately for the forms we currently use on our HTML website, the Country and IP addresses are provided. To block them you’ll need to create a HTACCESS file with instructions on blocking the IP addresses. I found this website to be quite informative with a host of IP addresses not only from China, but also other known Countries like Nigeria and Russia. I mean let’s be honest, we know we don’t have a fortune waiting for us in some Nigerian back just waiting to be transferred.
If you need help putting together your own htaccess file, leave us a comment below and we’ll get some details from you and send you one via email.
Hacker Image credit: Iconfinder.com
All Posts, Web Development, WordPress
When it comes to your website, most people don’t always think about how safe it may be at this very moment. The thought of spambots or website hacking robo-scripts really doesn’t resonate until the worst happens. I’ve seen some websites get hacked and it isn’t a pretty thing. Hackers take pride in vulnerabilities and WordPress tries to do a good job with updating whenever these threats come to their attention.
There’s a new plugin that we’ve been using for the past few weeks that has been pretty stable and informing on what’s going on with our websites.
This plugin features a host of options there in:
- Scans core files, themes and plugins against WordPress.org repository versions to check their integrity.
- WordPress Multi-Site (or WordPress MU in the older parlance) compatible.
- Wordfence Security for multi-site also scans all posts and comments across all blogs from one admin panel.
- Premium users can also block countries and schedule scans for specific times and a higher frequency.
- See how files have changed. Optionally repair changed files that are security threats.
- Scans for many known backdoors including C99, R57, RootShell, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx and many many more.
- Continuously scans for malware and phishing URL’s including all URL’s on the Google Safe Browsing List in all your comments, posts and files that are security threats.
- Scans for heuristics of back doors, trojans, suspicious code and other security issues.
- Includes a firewall to block common security threats like fake Googlebots, malicious scans from hackers and botnets.
- Rate limit or block security threats like aggressive crawlers, scrapers and bots doing security scans for vulnerabilities in your site.
- Choose whether you want to block or throttle users and robots who break your security rules.
- Includes login security to lock out brute force hacks and to stop WordPress from revealing info that will compromise security.
- Real-time traffic includes reverse DNS and city-level geo location. Know which geographic area security threats originate from.
- Our online forums are available 24/7 to answer your WordPress security questions.
And there’s so much more. One of the things we cared the most for was an option where we can set the amount of failed login attempts to the WP dashboard then lock a user out after so many failed attempts. Having multiple sites that all have different plugins and settings, Wordfence does a good job and sending emails on whenever plugins need updates as well as when WordPress itself requires updates.
Resolving Threats is quite simple too as well as intuitive.
Seeing the live traffic is a bit interesting too. Especially if you just released a new post or want to see how a live marketing campaign is working for your site.
Well don’t just take my word for it, check it out for yourself from WordPress.org Plugin Directory and see what others are saying about it. Or visit the Wordfence website for full disclosure. This plugin is actually FREE, and is fantastic for what it offers. However I would suggest their premium version as it adds a bit more functionality like remote scans, more scan frequencies in a day, and the ability to block IP’s from known malicious areas around the world