Categories
Security Tips & Tricks

Fake Emails – Beware

Unfortunately, fake emails are increasing in popularity and are now more and more sophisticated. We will show you the top 2 types of emails you must be aware of to protect yourself against fraud.

Type 1: The email message with a file attached

This is the most dangerous type because if you download this file, usually with a legit name like “purchase order”, “new order”, etc you will be installing a trojan software on your computer. The objective of the hacker is that you download and try to open the file, this will install the malware using a common name difficult to identify. The script will then run on the background without you even noticing. Meanwhile, it will collect information every time you type something for example usernames, passwords, etc. Then it will send this information to the hacker that sent the file.

Example of Virus

Type 2: The email message with a “Call to Action”

This kind of email is the most common, but most people already know that it may be a scam. The main problem is that hackers are getting more sophisticated. Inside the message, you will find a “call to action” that will open a new page that may seem legit, for example, your email provider, Amazon, Netflix, or a social media account. They will ask you to “verify your identity” and ask you to input a username and password. After you input your login details, the website will show a generic error message like “Network busy, please try again later”. Then, the hacker will receive your information and because many people use the same login details over several platforms, the hacker will be able to login to more important sites, like your bank account, Paypal account, etc.

Example of Fraudulent Email

Tips to Avoid Being Tricked

There is no single recipe that will be 100% effective. However, you can use one or more of the following tips to get a better idea.

a) Fake or fraudulent emails will usually include generic information. Real or legit emails will usually include information that you can verify, for example, a valid Invoice Number, your Name, etc.

b) Fake or fraudulent emails will usually attach unknown files. Do not download any file that is not in a popular format like PDF, JPG or PNG. Any other file format will increase the change of getting a trojan or malware script.

c) Avoid any “call to action” from an unknown source. If in doubt you can reply to the email and ask for references and how the person got your contact email. But never download a file or open links from this kind of sender.

d) Beware of files from known persons that are not your frequent contacts. Confirm with the person by a phone call if indeed they sent you a file as their email accounts may have been compromised.

e) Double-check the source of the email. For example, our company will only send you emails from our main domains: internetsolutions.hk and ishkdomains.com. Any other sender should not be trusted. If in doubt please contact our support team ASAP (support at internetsolutions.hk) to verify the authenticity of the message.

Tips to Improve Online Security

a) Never repeat a password for different websites. In case one website gets compromised, the hacker will not be able to login to other sites.

b) If possible, use different usernames for different websites. Our Enterprise Email service has a very useful option where all emails sent to a nonexistent address will be forwarded to your main email address. Example: you register a new account for a social media platform. You can use “socialplatform@yourdomainname.com” and all messages will be forwarded to your real email account.

c) Always use strong and random passwords. Password Generator.

d) Enable the “View File Extension” option on your computer and avoid downloading any dangerous file with formats like .exe, .zip, .tar, etc that may include malware.

Windows tutorial: https://fileinfo.com/help/windows_10_show_file_extensions

Mac OS: https://www.addictivetips.com/mac-os/show-file-extensions-on-macos/

Categories
News Security

Godaddy Also Experienced DDOS Attack

On its system alert page, GoDaddy apologized for the “brief delay in service.”

“We are fixing an issue impacting one or more services,” GoDaddy said.

On Sunday (April 12th), GoDaddy’s security team identified a spike in traffic that “could be malicious in nature.” The company claimed to have resolved the issue, however it seems that Monday’s outage may be related. An update around 4:25 pm ET, which replaced the message about the “brief delay in service”, said that GoDaddy’s security team has identified another spike in traffic that could be “malicious in nature.”

The timing is less than ideal for GoDaddy, who made its debut on the NYSE less than two weeks ago. On Monday GDDY stock was at $25.30, up 0.04 percent from its previous close.

More info: http://www.thewhir.com/web-hosting-news/godaddy-users-report-site-outages-company-investigates-potential-ddos-attack

Categories
Security WordPress

What To Do If WordPress Gets Hacked

WordPress is an extremely popular web platform, and because of its popularity, it is often the target of hackers looking to “take over” pieces of your site for their own benefit. Hackers like to maximize the effectiveness of their work, so they’ll often target widely installed plugins or themes with known security vulnerabilities. In most cases, your site was not targeted specifically but was hacked because of some vulnerability in a plugin or theme installed on your site.

If your site is hacked, read the following resources to help you get up and running again. Even if your site has not been hacked, many of these articles cover security topics that are helpful for anyone in charge of a WordPress website.

Categories
Security Tips & Tricks

Tips for our VPS Clients with cPanel

Please note that these tips are suggestions only and cPanel takes no responsibility for modifications to individual servers, or the security practices of individual servers. Server security is a collection of compromises, as any server that allows connections could be insecure. These tips are to be followed at your own risk.

1) Use secure passwords!
Insecure passwords are the most common security vulnerability for most servers. If an account password is insecure and is compromised, client sites can be defaced, infected, or used to spread viruses. Having secure passwords is paramount to having a secure server.

You can edit /etc/login.defs to configure many password options on your system. It is well documented.

Generally, a password utilizing at least 8 characters including alphanumeric and grammatical symbols is sufficient. Never use passwords based upon dictionary words or significant dates. If you are uncertain about the security of a password, then you can test it using JTR cracker. If a password can be broken in a few hours, then it is probably too insecure and should not be used. You can also install tools like pam_passwdqc to check the strength of passwords.

2) Secure SSH
Enable public key authentication for SSH and disable password authentication read more >>

Move SSH access to a different port. People are looking for port 22 as a possible way to access your servers. Moving SSH to a different port will add a simple way to deter those without specific knowledge of your server from easily discovering your SSH port.

You can modify the port that SSH runs on within /etc/ssh/sshd_config. Change the line that says #Port 22 to a different port such as: Port 1653. Make sure to keep your current SSH session open when testing the new port so you can change back to port 22 if the new port doesn’t work.

You should always use SSHv2 only as SSHv1 is not secure. Make sure to change the line in /etc/ssh/sshd_config that says #Protocol 2,1 to Protocol 2.

You may also wish to set Shell Resource Limits for you users to prevent applications and scripts from using all up your resources and taking down your server. You can configure shell resource limits in /etc/security/limits.conf on most Linux systems.

3) Secure Apache
The most readily available way to access a web server, is of course, the web server application. It is important to take steps to secure your Apache installation.

One of the best tools for preventing malicious Apache use is mod_security. This can be installed in Addon Modules in the cPanel section of WebHost Manager. You can find information about mod_security at http://www.modsecurity.org/.

When compiling Apache, you should include suexec to ensure that CGI applications and scripts run as the user that owns / executes them. This will help identify where malicious scripts are and who is running them. It will also enforce permission and environment controls.

We also recommend compiling Apache + PHP with PHPsuexec. PHPsuexec forces all PHP scripts to run as the user who owns the script. This means that you will be able to identify the owner of all PHP scripts running on your server. If one is malicious, you will be able to find it’s owner quickly and resolve the issue. To compile Apache + PHP with PHPsuexec, select the PHPSuexec option in the Apache Upgrade interface in WHM or when running /scripts/easyapache from the command line.

You should enable PHP’s open_basedir protection. This protection will prevent users from open files outside of their home directory with PHP. This can be enabled in Tweak Security within WebHost Manager.

You may also wish to include safe_mode for PHP 5.x and below. Safe_mode ensures that the owner of a PHP script matches the owner of any files to be operated on. You can enable safe_mode by changing the safe_mode = line in php.ini to safe_mode = On.

4) Secure your /tmp partition
We recommend that you use a separate partition for /tmp that is mounted with nosetuid. Nosetuid will force a process to run with the privileges of it’s executor. You may also wish to mount /tmp with noexec after installing cPanel. Check the mount man page for more information.

Also, Running /scripts/securetmp will mount your /tmp partition to a temporary file for extra security.

5) Upgrade your mail to maildir format
Maildir format adds extra security and speed to your mail system. Newer installs use maildir by default. If you’re running an older copy of cPanel, you’ll probably want to upgrade using /scripts/convert2maildir. Make sure to back up your current mail before converting to maildir, this can be done within /scripts/convert2maildir. If you see maildir is enabled when running /scripts/convert2maildir, you are already using maildir, and will not need to convert.

6) Lock down your system’s compilers
Most users do not require the use of C and C++ compilers. You can use the Compilers Tweak within Tweak Security in WebHost Manager to turn off use of the compilers for all unprivileged users, or to disable them for specific users only. Many pre-packaged exploits require working compilers. Disabling compilers will help protect against many exploits.

7) Turn off unused services and daemons
Any service or daemon that allows a connection to be established to your server is away for hackers to gain access. To reduce security risks, you should disable all services and daemons that are not being used.

For Daemons on Linux:
Check /etc/xinetd.conf for services you are not using. For example, cupsd (printing daemon) and nfs/statd (network file system daemons) are not used on many systems.

For Services:
Go to the Service Manager in the Service Configuration section of WHM and disable any services that you are not using.

Monitor your system
It is important to be up to date on what is going on with your system. Make sure that you know when accounts are being created, what software is being installed, when software needs updates, etc.

Check your system frequently to ensure it is functioning in the way you expect. Make sure to check things like:

netstat -anp : Look for programs attached to ports that you did not install / authorize

find / ( -perm -a+w ) ! -type l >> world_writable.txt : Look at world_writable.txt to see all world writable files and directories. This will reveal locations where an attacker can store files on your system. NOTE: Fixing permissions on some PHP/CGI scripts that are not properly coded will break them.

find / -nouser -o -nogroup >> no_owner.txt : Look at no_owner for all files that do not have a user or group associated with them. All files should be owned by a specific user or group to restrict access to them.

ls /var/log/: There are many different logs on your system which can be valuable resources. Check your system logs, apache logs, mail logs, and other logs frequently to make sure your system is functioning as expected.

There are many readily available utilities to monitor your system and to detect rootkits, backdoors, etc. Here are some commonly available utilities:

  • Tripwire – Monitors checksums of files and reports changes.
    http://tripwire.com or http://sourceforge.net/projects/tripwire
  • Chrookit – Scans for common rootkits, backdoors, etc.http://www.chkrootkit.org
  • Rkhunter – Scans for common rootkits, backdoors, etc.http://www.rootkit.nl/projects/rootkit_hunter.html
  • Logwatch – Monitors and reports on daily system activity.http://logwatch.org

9) Enable a Firewall
Installing a firewall to limit access to your server is useful. Removing all unused software on your system is more useful. Before you have the chance to remove all unused services and daemons, or the chance to figure out which services / daemons are unused, you can enable a firewall to prevent unwanted access.

The following will show the ports cPanel and WHM need open to function properly and what the port is used for:

http://docs.cpanel.net/twiki/bin/view/AllDocumentation/AllFAQ/WHMsFAQ#I_use_the_APF_firewall_rules_on

Please note that these ports are for all services that can be used by cPanel and WHM, you may or may not be using all of these services or other services and should adjust your rules accordingly.

Remember to set a cron job to disable your firewall every 5 minutes when testing your rules, or you may be locked out of your server.

10) Stay up to date
It is important to make sure that you are running the latest stable versions of the software on your system to ensure that it has been patched of any security issues that past versions may be susceptible to. Make sure to keep on top of updates for:

  • Kernel
  • cPanel and WHM*
  • User Applications (bulletin boards, CMS, blog engines, etc)**
  • System Software*

*These can be set to automatically update in WebHost Manager under Update Config in the Server Configuration section.

**You can upgrade all Addon installations through Manage Addons in the cPanel section of WebHost Manager.

Categories
Hosting Privacy Security

Online Security: Web Hosting Top Priority

To host thousands of websites is no easy task. We, Internet Solutions HK, keep all servers updated with the latest technology on online security in order to maintain your website safe.

However, you as client also need to help protect your website. Please follow these recommendations:

1. Always use STRONG passwords.

2. Update your passwords regularely.

3. Run antivirus scans in your computer at least once a week.

4. Never open attachments from senders you do not know or look suspicious.

5. Do not save passwords in your browsers.

6. Always update your CMS (WordPress, Joomla, Magento, etc) to the latest version.

7. Always update your WordPress Plugins.

8. Do not install Plugins you do not need.

Categories
Deals Security Tips & Tricks

Problems Installing a SSL Certificate?

If you are having issues installing a SSL cerfificate for your website dont worry! You are not the only one. Even the biggest in the industry like Google and Yahoo! will experience some kind of misconfigurations.

Internet Solutions HK will offer free SSL certificate installations for your website. Just contact us for more information.

Categories
Security WordPress

WordPress: Limit Login Attempts

WordPress security is becoming a more demanding issue with time. Hackers are aware that many people, specially does without coding knowledge, choose WordPress as their CMS and because it is open source is easy to find backdoors and exploit them to inject malware, trojans or viruses.

One plugin that helps increasing your WordPress site’s security is “Limit Login Attempts”. Its very easy to install and setup and you will not believe the great amount of succesful blocked attempts.

Also, and more important, is to ALWAYS update your WordPress site. Each upgrade will have a notice on why a new version was released. For example the latest one says:

  • Fixes a possible denial of service issue in PHP’s XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team. Fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team.
  • Fixes a possible but unlikely code execution when processing widgets (WordPress is not affected by default), discovered by Alex Concha of the WordPress security team.
  • Prevents information disclosure via XML entity attacks in the external GetID3 library, reported by Ivan Novikov of ONSec.
  • Adds protections against brute attacks against CSRF tokens, reported by David Tomaschik of the Google Security Team.
  • Contains some additional security hardening, like preventing cross-site scripting that could be triggered only by administrators.

Is your responsability to check often and upgrade inmediately to the newest WordPress version. Don’t wait for your website to get hacked!

Categories
Security Tips & Tricks

How to Scan Website for Virus

Cyber Security is very important and an extremely High Threat these years. That is why we have to scan regularly your website’s files for viruses and malware. Our CPANEL offers a tool for this purpose. It is called ClamAV.

Login to your CPANEL and find the following icon under Advanced:

Click on Virus Scanner. Then choose Scan Home Directory.

Click “Scan Now” and wait.

After the scan is finished you will have two results:

1. No virus found.  Good, close, and repeat again in the future.

2. Virus found. You will have the option to Quarantine the infected file(s) or Destroy them. Choose Destroy.