An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Topic Options
#35212 - 07/25/15 04:54 PM Best website protection service?
slolerner Offline


Registered: 08/25/09
Loc: New York City
Cousin's website got hacked, lots of malware and finally a malicious redirect. Using SiteLock right now to put a firewall in place and clean out the code. Will cost a lot to keep up the level of security we will need right now because it appears that the site has become quite a target. There is no commerce on it, just pictures. It has been suggested that the name has high value search words. It is unclear whether changing the IP will slow down the continuous attacks. None of the content is of a controversial nature and the site generally has little traffic and few updates.

Top
#35215 - 07/26/15 12:33 AM Re: Best website protection service? [Re: slolerner]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
Given your description of your cousin's website as so innocuous, he/she must have really ticked off a bunch of hackers for some reason. confused
Care to speculate (in order to put the issue into some context that might explain why)? It sounds like someone's really into revenge of some sort.

Top
#35218 - 07/26/15 05:33 AM Re: Best website protection service? [Re: slolerner]
ryck Offline


Registered: 08/04/09
Loc: Okanagan Valley
Originally Posted By: slolerner
Will cost a lot to keep up the level of security we will need right now because it appears that the site has become quite a target.

Originally Posted By: slolerner
It has been suggested that the name has high value search words.

Originally Posted By: slolerner
None of the content is of a controversial nature and the site generally has little traffic and few updates.

Just a thought but, given these three facts, would your cousin not be better off simply to take his content and set up a new site with a different name?


Edited by ryck (07/26/15 05:36 AM)
_________________________
ryck

iMac (Retina 5K, 27", 2017), 3.4 GHz Intel Core i5, 8GB RAM, 2400 MHz DDR4
OS High Sierra 10.13.6
Canon MX712 Printer
Epson Perfection V500 Photo Scanner
Time Machine on 320GB OWC Mercury OTG Pro
Super Duper on 500GB OWC Mercury OTG Pro

Top
#35226 - 07/26/15 04:38 PM Re: Best website protection service? [Re: ryck]
slolerner Offline


Registered: 08/25/09
Loc: New York City
He cannot change the name of the website or the business. He has outstanding world-wide press, brand recognition and loyal following in a niche industry that is not necessarily high-margin. The business is so enjoyable one might say it is a labour of love and deep dedication. That's probably all I can say about it.

All ftp's were flooded with .html files of fake goods related to his industry, 8,000 files. That is what I believe the intent was related to. The IP of the originating hack was in China. Note: the files never showed up on the site, they were simply put in the ftp's.

After it was cleaned up by SiteLock and everything looked ok, it was hit with a malicious redirect, a page was put up saying that Flash had to be updated with a link, so I immediately took down the site. As it was explained to me, the only prevention would have been a constantly updated Firewall. We have thought of changing the IP, but I fear that may be a temporary solution given the nature of the files.

Note: It is not a Wordpress site, if that makes a security difference.


Edited by slolerner (07/26/15 05:07 PM)
Edit Reason: Shorten, clarify

Top
#35272 - 07/28/15 03:02 PM Re: Best website protection service? [Re: slolerner]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
He likely hasn't really come to anyone's attention. Eastern European organized crime uses completely automated software that scans the Web looking for known and documented vulnerabilities in Web sites; if it finds any, news spreads fast and other automated software starts hammering at the site.

It's nothing personal. It's all automated software.

What platform is he using? Is he using a CMS like Wordpress, Drupal, or Joomla? (Edit: I noticed you sayit's not WordPress; is he using any other CMS or is it just flat HTML?)

Keeping a CMS secure requires skill and proactive work--hackers will usually reverse-engineer security updates in popular software packages and add exploits within 24-48 hours of a new version being released, so if you do not update your plugins or CMS within at most 48 hours after an update is available, that's it, you're done. Your Web site will be pwn3d and it doesn't matter if you are popular or not, well-known or not, have good Google rank or not--it's all totally automated.

I've ben doing quite a bit of research on WordPress security and Eastern European organized crime lately, so if he's using WP I can definitely offer some tips.


Edited by tacit (07/28/15 03:03 PM)
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#35273 - 07/28/15 04:04 PM Re: Best website protection service? [Re: tacit]
slolerner Offline


Registered: 08/25/09
Loc: New York City
Yeah, that seems to be the case. So, with a Firewall in place now that is constantly updated and notification if anything changes, it seems this is thwarted for now. SiteLock is doing a good job.

It is a custom site with Flash embedded in html. To me, it's all Voodoo. I'm a print person.

There is at least one hosting company, Firehost, that I believe works with SMB's, but there are few economical choices for small businesses under attack like this I guess.

Thanks all. It's sad that there is so much bad intent out there.

Top
#35274 - 07/28/15 04:08 PM Re: Best website protection service? [Re: tacit]
ryck Offline


Registered: 08/04/09
Loc: Okanagan Valley
For my education, are these:

Originally Posted By: tacit
….looking for known and documented vulnerabilities in Web sites

these?

Originally Posted By: tacit
...hackers will usually reverse-engineer security updates in popular software packages and add exploits within 24-48 hours of a new version being released


Edited by ryck (07/28/15 04:09 PM)
_________________________
ryck

iMac (Retina 5K, 27", 2017), 3.4 GHz Intel Core i5, 8GB RAM, 2400 MHz DDR4
OS High Sierra 10.13.6
Canon MX712 Printer
Epson Perfection V500 Photo Scanner
Time Machine on 320GB OWC Mercury OTG Pro
Super Duper on 500GB OWC Mercury OTG Pro

Top
#35275 - 07/28/15 06:57 PM Re: Best website protection service? [Re: tacit]
slolerner Offline


Registered: 08/25/09
Loc: New York City
Originally Posted By: tacit
I've been doing quite a bit of research on WordPress security and Eastern European organized crime lately, so if he's using WP I can definitely offer some tips.

I was trying to figure out if changing to a WordPress site had any security advantages, such as automatic security updates?

Top
#35280 - 07/29/15 05:17 AM Re: Best website protection service? [Re: slolerner]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
I was under the impression that Wordpress was the poster child for bad security? Not necessarily because it has bad security itself, (though it may be a bit like flash and java in that regard also?) but that the average Wordpress "site admin" bought it as a point-click-install and has below-average skills to maintain the site and make sure updates get applied. Would this be a fair assumption? Wordpress lets people that are otherwise incapable of running a secure web site actually go ahead and try to run one anyway? (at least 80% of the phishing I see have bait clicks that direct to a lookalike web site hosted on someone's hacked wordpress site, and omg I am soooo tired of seeing gsx phishing, Apple must have leaked their email list, I was getting a gsx phish TWO PER DAY for weeks, it's down to one every other day now)
_________________________
I work for the Department of Redundancy Department

Top
#35293 - 07/29/15 01:44 PM Re: Best website protection service? [Re: ryck]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
Known and documented vulnerabilities can come from reverse-engineering security patches, or from reading CVE bulletins, or from reading security blogs and newsletters. Information about vulnerabilities gets disseminated pretty quickly.

A lot of folks are scared of zero-day vulnerabilities (vulnerabilities that are discovered by the bad guys and exploited before a patch exists), but it is far, far more common for bad guys to exploit well-known vulnerabilities after fixes are released. They rely on human nature--few people take security seriously, and a dismaying number of people can't be arsed to update their software.

I would not recommend using WordPress if your goal is good security. I've done computer security for years, and I keep on top of my WordPress sites, and yet I've still been hacked twice in the last three years. If you do use WordPress, there are some things I strongly, strongly recommend in order to make it more secure:

1. Install a plugin like Wordfence. This will add a firewall to the WordPress site, block brute-force hacking attempts, notify you of security problems, scan the WordPress site for malicious scripts and tampering, and send you emails when people attempt to hack the site or updates are available.

2. Use the Move Login plugin to change the Wordpress login page to another place, like mywebsite.com/my-secret_login. A lot of Wordpress attacks are simple brute-force attacks; by moving the login page, you make hackers knock at a door that doesn't exist.

3. Use Infinite WP to manage your sites if you have more than one. Infinite WP is a free package that keeps watch over all your Wordpress sites and lets you update them all at once with a single button click. I don't know how I survived without it.

Also, choose a reputable host that cares about security (meaning, not Dreamhost).
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#35296 - 07/29/15 03:54 PM Re: Best website protection service? [Re: tacit]
slolerner Offline


Registered: 08/25/09
Loc: New York City
Curious, if there are other domain names that do not have hosting but simply point to a Firewall protected domain, is that a vulnerability to the protected domain? What about parked domains on the same account?

Do these "bots" target mail servers? If so, can they break SSL? This is all new to me.

Top
#35303 - 07/30/15 05:02 AM Re: Best website protection service? [Re: tacit]
ryck Offline


Registered: 08/04/09
Loc: Okanagan Valley
Originally Posted By: tacit
….few people take security seriously, and a dismaying number of people can't be arsed to update their software.

Totally inexplicable, given the constant stream of media coverage related to hacking of major sites. My simple-minded approach is: "If they can hack Microsoft or the military or…., then my computer can't be a great challenge so I should at least do what I can."
_________________________
ryck

iMac (Retina 5K, 27", 2017), 3.4 GHz Intel Core i5, 8GB RAM, 2400 MHz DDR4
OS High Sierra 10.13.6
Canon MX712 Printer
Epson Perfection V500 Photo Scanner
Time Machine on 320GB OWC Mercury OTG Pro
Super Duper on 500GB OWC Mercury OTG Pro

Top
#35308 - 07/30/15 06:30 AM Re: Best website protection service? [Re: ryck]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: ryck
My simple-minded approach is: "If they can hack Microsoft or the military or…., then my computer can't be a great challenge so I should at least do what I can."

You would think. But experts say that many, perhaps most, of the biggest data losses could have been prevented by the simple expedient of keeping up to date with the latest updates and patches. But look at the number of people here on FineTunedMac who, for whatever reasons, are unwilling to upgrade from older no longer supported OS versions with known vulnerabilities that Apple is no longer going to patch. They are choosing to have a less secure system.

I am not criticizing their choice, because they each have what they believe to be a compelling reason not to change and they are only risking their own systems and data. But when the DoD, the IRS, the FBI, major corporations, etc. make similar choices they are endangering the data of tens of thousands, if not hundreds of thousands, or even millions, of other people and institutions. There are a number of civil lawsuits currently in the courts over this and inevitably the companies and agencies will suffer significant financial penalties but never enough to fully compensate the injured victims. mad
_________________________
joemikeb • moderator

Top
#35318 - 07/31/15 05:41 PM Re: Best website protection service? [Re: slolerner]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
If a domain only points to another domain, the first domain has very little security exposure. Unfortunately, people will often forward an old domain to a new domain but still leave hosting set up on the old domain (often with weak passwords), and then get hacked. I've seen it many times.

Usually, mail servers are "hacked" by getting folks to turn over their mail credentials voluntarily (via, for example, emails that say things like "AOL alert: Your mail is over quota and will be shut down if you don't click on this link and enter your email address and password...") It is possible to do brute-force hacking of email accounts with weak passwords, and folks do do that, but phishing attacks are more common in my experience. Why try to hack when you can get someone to turn over access to their email account voluntarily?
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#35319 - 07/31/15 05:45 PM Re: Best website protection service? [Re: tacit]
slolerner Offline


Registered: 08/25/09
Loc: New York City
Thanks.

Top
#35366 - 08/03/15 07:36 PM Re: Best website protection service? [Re: slolerner]
slolerner Offline


Registered: 08/25/09
Loc: New York City
Question: Can bots spoof US IPs? There seem to be about 50 suspicious ones that keep trying to get through, but most have IPs that trace back to here. Btw, this is what happened:
Originally Posted By: Tacit
If a domain only points to another domain, the first domain has very little security exposure. Unfortunately, people will often forward an old domain to a new domain but still leave hosting set up on the old domain (often with weak passwords), and then get hacked. I've seen it many times.

That was the original hack. Then the main site got hit.


Edited by slolerner (08/03/15 07:54 PM)
Edit Reason: More

Top
#35367 - 08/03/15 10:44 PM Re: Best website protection service? [Re: slolerner]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
Bots are usually running on hacked systems or on virus-infected PCs, so their IPs can be anywhere...including the US.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#35379 - 08/04/15 03:08 PM Re: Best website protection service? [Re: tacit]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Going along with slolxerner's original topic, This month's Small Dog Electronics Tech Tails has some suggestions for improving the security of Wordpress installations.
_________________________
joemikeb • moderator

Top
#35505 - 08/13/15 02:26 PM Re: Best website protection service? [Re: joemikeb]
slolerner Offline


Registered: 08/25/09
Loc: New York City
This just in: Google is now lowering the ranking of sites that do not employ SSL encryption. I don't know if their bots are checking for other vulnerabilities and scoring on that basis as well.

Top
#35510 - 08/14/15 05:20 AM Re: Best website protection service? [Re: slolerner]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
Originally Posted By: slolerner
This just in: Google is now lowering the ranking of sites that do not employ SSL encryption. I don't know if their bots are checking for other vulnerabilities and scoring on that basis as well.

I'll be surprised if they don't catch a lot of flak for that move. They normally don't get too detailed about their search ranking as it is, and it's difficult to argue that SSL-enabled sites have better search results. The only obvious conclusion is they're using their dominant position in web search to apply pressure for people to change. While the change is arguably good, the use of market dominance to apply pressure is usually not good.
_________________________
I work for the Department of Redundancy Department

Top
#35518 - 08/14/15 02:53 PM Re: Best website protection service? [Re: Virtual1]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
The decision to use SSL as one of the signals for scoring (not the only signal, but one among many) is based on the idea that linkfarms, Web scrapers, and black-hat SEO sites tend to be transient and don't employ SSL. A site that employs SSL is statistically likely to be a higher-quality site.

I have switched many of my sites to SSL, though I've discovered in the process that some ad networks are, unbelievably in this day and age, still not able to serve ads securely--meaning some browsers won't display ads on SSL sites.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#35520 - 08/14/15 05:01 PM Re: Best website protection service? [Re: tacit]
slolerner Offline


Registered: 08/25/09
Loc: New York City
What is a Web Scraper? Also, do you know of other SEO changes for Google?


Edited by slolerner (08/14/15 05:08 PM)
Edit Reason: More

Top
#35523 - 08/15/15 07:12 AM Re: Best website protection service? [Re: slolerner]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: slolerner
What is a Web Scraper?

See this Wikipedia article for a full explanation.
_________________________
joemikeb • moderator

Top
#35598 - 08/18/15 09:37 AM Re: Best website protection service? [Re: joemikeb]
slolerner Offline


Registered: 08/25/09
Loc: New York City
Originally Posted By: joemikeb
But look at the number of people here on FineTunedMac who, for whatever reasons, are unwilling to upgrade from older no longer supported OS versions with known vulnerabilities that Apple is no longer going to patch.

Upgraded last night. So far, so good.
_________________________
Mid 2010 MacBook Pro 13"
2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5
1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD
HP Laserjet 6MP printing postscript via 10/100 Intel print server
Netgear WN2500RP Range Extender (Ira rocks!)
Linksys WRT1900AC Wireless Router
Brother MFC-9340CDW Color Laser
iPad Air

Top
#35599 - 08/18/15 11:23 AM Re: Best website protection service? [Re: slolerner]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
👍
_________________________
joemikeb • moderator

Top

Moderator:  alternaut, dianne, MacManiac