Email Hackers or Spoofers

Email spam, we all get our share, and we all dislike (hate) them. Do these senders really think we want what they are selling after they rudely bombard us with their advertising?  What we often don’t realize is that the sending email address is often not the offender.  The process is called outbound spamming, and your very email address could be a victim.

If you have ever opened up your inbox and found a bunch of mail items from the Mail Delivery System with subjects something like “Undelivered Mail Returned to Sender” when you know you haven’t sent the email that was bounced; then you are probably a victim of outbound spam.  Making matters worse, there are probably a lot of people that did receive the spam emails thinking you are the offender.

When this occurs it’s generally a good indication that your email address is being maliciously used to distribute spam/malware to these addresses.  The two most common methods spammers us is to either “Spoof” your email address or outright compromising your account password.

Spoofing

Spoofing is when a spammer sends out emails using your email address in the “From:” field. The purpose is to make it appear that the message has originated from you, hoping to trick people into opening it. The good news – this can be rather easily defeated by creating a Sender Policy Framework (SPF) record on your server.  It is a little technical and may require someone familiar working with cPanels to help.

The SPF records allow you to specify exactly which servers are permitted to send/relay email messages using your domain; thus, preventing the real spammer from posing as you.

Compromised Accounts

A Compromised Account is when a hacker has gained access using the password to your email account and is now using it to send out their spam/malware messages. You can thwart the hacker by simply changing your email password to something more secure. This will prevent them from being able to login to send out email messages.

Raise Your Security Level

As much as we dislike spam and someone posing as us, we also dislike having to deal with passwords, specifically using and maintaining highly secure and unique passwords for every account we own.  So, most of us use the same passwords on everything.  To help with this issue, we suggest LastPass because it not only creates highly cryptic passwords, but then stores and manages them for easy retrieval whenever we are ready to login.  For more information on LastPass click here.


HOW TO: Creating a SPF record in cPanel (for Site5)

This instructions are for sites hosted with Site5.  If you have a different host (most likely) you should contact their support and ask for instructions  on creating an SPF record to protect against “Outbound Spamming / Spoofing”.  

To create a SPF record in cPanel, there is a built in utility to aide in the process.

1) Log into your cPanel and select Email Authentication.

2) You have options for DKIM & SPF. DKIM isn’t that widely supported at this time so it should not be used unless you really need it. Click Enable SPF

3) Upon clicking Enable SPF, it will  generate the record for you and display it for you. You do not need to save this and you can click Go Back

4) cPanel will now display the default SPF record for your domain. We will need to make one further adjustment. Select Add in the Include List (INCLUDE): section of your screen.

5) In the dialog box please enter: relays.webhost-mail.com and click OK

6) This will now see relays.webhost-mail.com in the Include List box. Click Update to save the changes.

Please Note: The “relays.webhost-mail.com” is the Site5 SMTP server relay service which is responsible for scanning outgoing mail messages for spam characteristics. This allows them to catch spammers in real time (almost) which helps keep their servers off of email blacklists. When a particular mail message is determined to be clean the SMTP Relay server will then attempt to send the message to its intended destination.  The relay listed in the SPF record simply means that you are allowing that server to send email on your domains behalf.

7) You record should now look like the following:

v=spf1 +a +mx +ip4:YOURDOMAINIP +include:relays.webhost-mail.com ~all

Forbes Website is Hacked by the Chinese

One of our security partners, WordFence, just published an article about the Forbes website attack and what it might mean for your business. The article explains that the “watering hole” attack was designed to plant malware which actually targeted visitors to the Forbes website – specifically employees of defense contractors and banks.  The article explains that ultimately the hackers were hoping their malware would install itself on the visitor’s workstation, giving the intruder access to the internal networks of their intended targets. The article goes on to explain the type of attack, how it was detected, and what has been done about it. Read full article here: www.wordfence.com.

This is not a situation that is unique to big companies like Forbes Magazine. Here at On-Target SEO, we’ve seen first hand situations where hackers have attempted to gain access to our clients’ small business websites right here in Ocala and Grand Rapids. Before he had the proper security in place, one of our Ocala client’s websites was hacked and over 300,000 spam emails were sent in one weekend from a business email attached to his website. As a result, the hosting company shut down his company emails.

We get asked all the time why a hacker would want to attack a small business website in Grand Rapids, Michigan or Ocala, Florida (where our offices are located). Well, the WordFence article also encourages the reader to “Take a moment to think about who visits your site and how much protecting their network matters to you as a WordPress site owner.” As I contemplated this question, I began to recognize at least one reason why a Chinese hacker might be interested in our local business websites. Ocala is home to a system assembly and high-rate production facility for our country’s #1 defense contractor, Lockheed Martin. And, the Western Michigan/Grand Rapids area has its share of defense contracting business as well: GE Aviation, L3, Woodward, Precision Aerospace, Eaton Corporation and Jedco.

So, if your business has a WordPress website, make sure it is secure for the protection of your business and your visitors. On-Target SEO is a local business in both Ocala, Florida and Grand Rapids, Michigan and we provide free website security evaluations for businesses with WordPress websites. Get more information now…

get-security-analysis-button

5 Million Gmail Accounts Hacked – Is Your Affected?

 

Two weeks ago, Google reported that 5 million of their Gmail accounts may have been compromised in a “credentials dump” – a posting of a list of usernames and passwords on the web. In Google’s public announcement regarding the incident, they stated that the breach was most likely a result of someone “reusing the same username and password across websites, and one of those websites getting hacked…”. You see, security on the internet is not just related to your personal computer any more. Modern day hackers want access to your email, other websites and a whole lot more…

Was I One of the Gmail Accounts Hacked?

One of our affiliates, LastPass (a FREE service that On-Target SEO highly recommends) has created a utility where you can easily check to see if you are one of the Gmail accounts hacked, by comparing it to the database of accounts that were affected (see link below). Hackers often get the initial login from a home computer with limited security. One of the most dangerous things you can do is “save” all of your logins and passwords on your computer or other device. If a hacker gets into your computer, he will have access to all of your “stuff“.   

So to keep your login information safe – you should have different login/password combinations for all of your online activity, AND you should NEVER save this information to your computer.

If you are like me, then you have many logins and the above plan is much easier said than done. The good news is our affiliate, LastPass, has a FREE service to easily and safely save all of your user-ids and logins in one secure location. Once you set up your account with LastPass you can log into any of your online locations securely from any computer. Safety aside, if you currently save your logins/passwords on your computer, what are you going to do when that computer crashes and you no longer have access to your saved information? What a headache! LastPass makes sure you can safely access all of your logins and passwords from any location and any computer. Your login information is stored on their server, which is infinitely safer than storing it on your personal computer. LastPass employs robust firewalls and heavy security used by large corporations, making it much more difficult for hackers to gain access to your logins and secure information.

Hackers Are After More Than Your Computer

Cyber Criminals today aren’t really happy with just hacking into your computer. If you are a business owner and have a business website that you log into from home, you may be especially vulnerable. If you routinely save login information on your home computer, a hacker can easily gain access to your business website. With your administrator login, the intruder can place a virus that will infect not only your website but your visitors as well.

For more information…

Watch our video, “Protection from Your Worst Business Nightmare”

Read our article, “3 Simple Steps to Secure Your WordPress Website”

Click HERE to Check Your Gmail Account Now

It is sad that we have to take such extraordinary measures these days to keep our personal information and our businesses safe. LastPass is a great tool that we at On-Target SEO use on a regular basis to help keep our business, our websites, and our clients safe from intruders.

You can learn more or sign up for LastPass through the check Gmail link above – just click on ‘How it Works’ in the LastPass menu at the top of their screen.

 

 

3 Simple Steps to SECURE your WordPress Website

Let me start by saying that no site is completely secure, and these three steps won’t drop a 12 inch wall of steel around your website, but they will help your website hide from potential hackers, and if they can’t find you, they can’t hurt you.  I also believe that hackers are generally lazy and will most likely bypass your site and go after the millions of other sites that are more vulnerable.

A large number of potential hacks start with little robot programs that get release on the internet searching for WordPress websites, then proceed to try and guess the login credentials.  I can attest to this very practice as each night between say 12 and 5 in the morning, our site gets probed by dozens of foreign IP addresses coming out of Europe and Asia.  Then I implemented these few strategies and it all suddenly stopped… poof!

So here they are:

1) Change your Login Page Name (URL).  

The robots are programmed to access www.yoursite.com/wp-admin.  If you rename the login page, the robots receive a 404 message and move on to someone elses website.

How to: Install the Plugin “Rename wp-login.php” then access Settings>Permalinks> and update the “login url” to anything you want.  Just be sure to write it down and tell anyone who normally logs into your site where to find it.

2) Change your User ID from something other than “ADMIN”.

Many setup utilities assign “Admin” as the default user name when a website is initially being created.  Chances are good that yours has an “Admin” user.  The hacker robots know this and have been programmed to try “Username = Admin”.  If they find “Admin” works, they have successfully cracked 50% of your login credentials.

How to: If you have a separate login and no one else used the “Admin” credentials, simply delete the user.  If you or others currently use “Admin” you will want to create a new user with a unique ID, test that you can successfully login with this new ID, then (and only then) delete the “Admin” user.

3) Make your Password difficult and completely unique

We all hate this one, because it is soooo hard to remember everly unique password for every other account we own, but your website is 5 times more likely to get hacked than any of your other accounts and probably 100 times more difficult to clean up and recover from.

How to:  Access your User profile and simply update with a password that uses letters, numbers, capitals and special characters (%&$#!).  I would highly suggest that you begin using a Password Vault which basically stores all of your passwords in the cloud under the protection of one super secret password.  You then login once (to your vault), and LastPass automatically fills in your other logins as you visit those sites/accounts.  We use “LastPass” (free version) and have been very, very happy.

If you own a website that is optimized so it can be found by your customers, then you are probably more likely to have hackers notice you as well.  These simple tricks are just phase one of a much more robust security plan we offer.  If you would like more information on WordPress Security (Click Here).