Web Savvy Marketers

What’s New With WordPress 3.9 and How Does It Work?

WordPress 3.9 Is Named After a Jazz Pioneer

The new WordPress 3.9 features will make your life rock, or rather jazz, since the memorial naming of new versions is after jazz musician greats. Jimmy Smith, whose organ-loving skills brought said instrument into the jazz and blues music scene, is the namesake for the latest version.

Only two of the twenty-four WordPress versions have been named after female jazz greats: Ella Fitzgerald and Carman McRae. Seeing how code lacks any biological characteristics, you could argue that it’s irrelevant whether a version has a male or female name.

But still.

The latest “Smith” WordPress 3.9 version has a great roundup of new features. Even if it is another male moniker. Here’s how it works.

Audio Video Playlists

There’s no need to install a plugin to create your own playlist of songs. You upload video and audio using the media library, just like you do images. Once added, you can choose to create a playlist.

WordPress 3.9 featuresJust drag and drop your favorite tunes right from iTunes! The album cover artwork is supposed to be added, but it doesn’t seem to work consistently. If it does fetch the artwork, it will display for the tune selected for play in the post.

Mad Media Gallery

No more navigating back and forth between the edit page and the media library. Now you can see live previews of your media, including a new media gallery view.

The updated visual editor also allows you to drag and drop your images from your desktop right into your post. When you do this, the images are automatically added to the media library and formatted to the post.

Instant Image Resizing

Once your image is added to your edit page, you can also resize it right on the page.

WordPress 3.9 featuresForget the days of having to open and reopen the edit window to make incremental reductions in size. All you have to do is click on the image, grab the corner, and drag.

Wonderful Widgets

Widgets are easier than ever to add and view. Without having to leave the screen for a preview, and then refreshing it to see how it looks, you can see an immediate view of them in the sidebar.

WordPress 3.9 featuresAll this is done from the theme customizer. Once you’re satisified with your changes, then you can save them for the rest of the world to see.

No-Fuss Copy and Paste

This added feature lets you copy your Word-type document and paste into your edit page without all those annoying added paragraph breaks.

You are free to end your backspacing antics in order to rid your text of all the paragraph gaps. Things transition smoothly, unless you’re copying and pasting from Google Drive. No such luck with pasting from that software – you’re still going to be deleting paragraph breaks.

Easy Theme Preview and Installs

Want to try a new theme? Now it’s easier than ever to browse and try out new ones. The header image feature is also improved for more flexible image additions and changes.

Now that you know how it works, update to WordPress 3.9 and start having some fun!

How to Secure Your Accounts With Two-Step Verification

keep your accounts safeThere’s a price to pay for security. When you don’t pay, it costs even more.

Two-step security requires the investment of time. Otherwise it’s free. By giving your online accounts an extra layer of security with two-step verification, you’re keeping the hackers out.

Here’s How It Works

With two-step verification, you need to input two things, your password and a one-time use code. Once you enable a particular personal device as safe, then you won’t need to do it again. You will use the two steps only on devices that are public or shared.

In order for people to access your account, they would have to know both your password and the special code. You get your special code by text on your phone after entering in your password. Once both password and code are entered, you get into your account.

Here’s Why It’s a Good Idea

By having something you know (password) and something you have (cell phone), your online accounts are not as hackable. Passwords are often not secure enough on their own, particularly if you use the same password for multiple accounts.

As if anyone would ever do that. As if we ever have to use the “forgot password” link, like, every other week.

Popular accounts that offer two-step verification include Google (Gmail, Drive, etc.), Twitter, Facebook, LinkedIn, WordPress, Dropbox, and Microsoft. Let me know if you use it for something not listed here.

Gmail, Google Drive, etc.

By far the most critical account to secure with two-step authentication is your email account. Why? As Jeff Attwood explains, your email account is “the skeleton key to your online identity.”

At some point, your email probably contained sensitive data that included credit card numbers, bank account information, medical documentation, and who knows what other personal stuff.

Google’s security system sends you a code in a text message whenever you log in from a new machine. Check out Google’s two-step verification and get started. The only issue I had was with my Apple laptop. For some reason, my Gmail worked only through the site and not through my Apple mail account.

I easily configured my iPhone by generating an application specific password. Once you have it, you enter it into your phone when you’re prompted upon opening each app.

Twitter

Twitter walks you through its two-step verification here. By clicking on the gear icon, then settings, then security and privacy, you are able to enable log in verification requests to your cell phone.  You’ll need to re-confirm your email address to begin this process.

Securing my Twitter account seemed like a good idea. After reading about Mat Honan’s attack, which focused around his Apple products and Twitter account, I didn’t hesitate to jump on board.

Facebook

By going to Facebook’s security settings page, you can require a security code to access your account from unknown browsers. Facebook will text you a code that you enter in addition to your password.

Facebook’s blog gives you the rundown on its log in security feature here.

LinkedIn

By hovering over your profile picture in the top right corner, you will see a drop down menu with privacy and settings. Click on this, and then click on the shield symbol with “account” next to it near the bottom left of the screen. Then click manage security settings and you will be taken to the page for two-step verification sign in.

WordPress

By installing the Google Authenticator WordPress app on your smartphone, you enable a two-step authentication for Android, iPhone, and BlackBerry. Find the app and read more about this safety feature here.

Dropbox

Dropbox’s two-step authentication will send you a text message code when you attempt to log in from a new machine. Go to Dropbox security here, or check out Dropbox’s documentation for more info. If you want another layer of extra security, try TrueCrypt. Learn how to encrypt the contents of your Dropbox with this free open-source encryption software.

*Dropbox Update: TrueCrypt has been discontinued. Please see these free alternatives for disk encryption.

Microsoft

When you attempt to log in from a new machine, Microsoft’s two-factor authentication sends a code via email or text message. It also works with a number of authenticator apps. Find Microsoft’s account here.

The time it requires to input the codes is far less than the time – and potentially costly information –  you could lose by having your account hacked.

Two-step photo is a derivative of “second step” by Zaprittsky used under CC BY.

Beware of the Trojan Horse Emails

phishing emailsFraudulent email scams have upped the ante in their realism and ploy for urgency. The hard-hitting scams present themselves as the delivery services UPS, FedEx, and DHL, claiming that you’ve received a package.

Next, they want you to click on a link, or open an innocent-looking attachment of what appears to be a Microsoft Word document, or enter a legitimate-looking tracking number to check on your mystery package.

Hard to resist, right?

Once you’ve clicked the link or opened the attachment, it is impossible to resist. By doing so,  you’ve enabled the Trojan program to install itself so it can read your files, extract your confidential information, and then transmit all the goods to a server somewhere in the email-phishing hinterlands.

A Trojan differs from a virus in that a virus replicates itself – yep, just like in World War Z – and sends itself to other computers, whereas a Trojan is sent out by someone, often in a spammed email, and then installed by the unsuspecting victim.

Like the Trojan Horse in Greek mythology, a Trojan hacking program is hiding something that’s designed to attack you once it’s inside your system.

It hides within the phishing (as in phishing for information) email, which looks absolutely authentic, and because your curiosity is piqued – what can it hurt? – you go ahead and click. You thereby install the Trojan and begin the spiral into doom.

Your DNS records can now be modified and redirected so that incoming Internet traffic goes through the attacker’s servers, where it’s hijacked and injected with malicious websites and pornographic ads.

When a client of ours inadvertently installed a Trojan after receiving a UPS email, he called Super Savvy Carolyn to warn her about his doomsday fall. He continues to work with an IT professional who was able to retrieve some of his data.

The UPS email looks something this. As with both the UPS and DHL phishing email scams, when you hover your cursor over the link, the fake link is revealed, not a valid UPS or DHL link.

When I received a DHL phishing email, I remembered the all-important rule of thumb for attachments and links. When in doubt, go to the website directly.

I went to the DHL website, entered the tracking number, and discovered that it was an invalid number – duh! I also found their fraudulent email alert on the homepage. A happy ending to my story.

If you’re unsure of your own story’s ending and are concerned about a Trojan infection, this US government-certified publication outlines the steps to take. Go to the US-CERT site (Computer Emergency Readiness Team)  for more security tips and how to know if your computer is infected by a Trojan Horse or virus.

How to Avoid Infection from the Get-Go:

1. Know what you’re downloading and clicking!

Only download from trusted and well-known sites. Go directly to the website of the entity in question rather than the attached link. Don’t trust a pop-up or other unknown source for downloading anything.

2. Don’t go to untrusted or suspect websites!

Remember the rule for expiration dates and food items? It’s the same here.

When in doubt, throw it out!

3. Install a security software system!

If you own a Mac, use the Mac OS X’s built-in Firewalls and other security features. If you download a lot of media and other stuff, try ClamXav for Macs. For PCs, be sure to run up-to-date antivirus software like Norton Antivirus, and check out Mashable’s 5 Best Free Antivirus Software Options.

If you are unsure whether or not the program you downloaded or clicked on is infected, do a quick Internet search to see if other users reported issues after installing a particular program.

4. Avoid peer-to-peer file sharing applications!

By that I mean not only the obvious Napster-type of music file sharing, where you download often pirated small bits of files from many sources at the same time, but other sites as well.

Facebook, Twitter, Pinterest and YouTube are also vulnerable to malicious hacking. Links posted on these social networking sites are increasingly connected to malicious software.

The Facebook video masquerade and the Facebook bank account draining malware are two examples of cyber crime targeting social media’s most popular site. According to Symantec’s 2013 Internet Security Threat Report, “the number of phishing sites spoofing social networking sites increased 125%.”

Follow these tips to stay one step ahead of malware and Trojan Horse email and be safe from its hidden assault.

Flickr Creative Commons horse photo by Robin.

3 Lessons to Learn from Obamacare Problems

Obamacare problemsIt isn’t easy to build a website and remain free of all possible problems. As Super Savvy Carolyn will tell you, “It isn’t easy to do my job.”

In response to the Obamacare problems, a web designer might feel one part commiseration and one part exactness. I feel your pain, but I would hopefully be able to do better.

The Obamacare problems are massive and multifold. The Healthcare.gov website is only part of the disappointment and frustration.

However, breaking down the debacle into oversimplified lessons proved irresistible and instructive and even entertaining, thanks to Jon Stewart.

Obamacare’s problems can teach us 3 lessons on how to approach any web design project.

1. Technical Problems

From the initial logging-in problems to the website crashing to the delayed enrollment process, the technical problems with the Healtcare.gov website have been one of Obamacare’s biggest difficulties.

“Sloppy” contractors and the process of choosing them are being blamed for the faulty website infrastructure that will purportedly require more time than predicted for substantial improvement.

Jon Stewart on The Daily Show discusses Obama’s “tech surge” move to try to assist in fixing the website problems. When you have to implement a “tech surge,” things are looking very bad indeed, and Pac Man attacking is not a good sign.

Hopefully this tech surge will be able to solve the critical problem of where to access the healthcare information for the 47% of the uninsured who are uncertain of how to learn more about Obamacare.

The latest technical problem involves the shutting down of a data center, stopping all fifty states from online enrollment.

Lesson learned:

Build a solid website from the ground up, hiring skilled people who are invested in helping you implement a successful end product that is easy to navigate.

2. Security problems

A security flaw in the coding of Healthcare.gov has been revealed as allowing “clickjacking,” invisible links planted in legitimate websites that give hackers access to private information.

When a user inputs personal information such as a social security number into the faulty website, these invisible links give hackers the ability to create “fake identities, fake credit cards, and fake accounts very easily,” according to a Mother Jones interview with Kyle Wilhoit, a threat researcher at Trend Micro, a Japanese security software company.

Worse is the impression that the federal contractors who are responsible for the cybersecurity of the Healthcare.gov site don’t take it seriously.

Lesson learned:

Industry leaders as well as programmers must take responsibility for online security because we are all potentially affected by gaps in cybersecurity.

3. Planning problems

The Healthcare.gov site’s fiasco began with planning problems. The end-to-end testing wasn’t given enough time, the decision to go live October 1 was premature, and shelving a window-shopping feature just before going live probably contributed to a bottleneck instead of allowing users to look before registering.

From the smallest website project to a nation’s healthcare digital infrastructure, bad planning will come back to haunt you. And if you’re inaccurate or you make promises you know you can’t keep, you will be haunted even more.

According to experts, the Obama administration knew that millions of Americans wouldn’t be able to keep their existing health insurance, despite Obama’s highly televised claims otherwise.

The latest affront to the broken promise is the appeal for funds by OFA, funneled through emails requesting a survey on Obamacare that, once completed, directs the user to a donation request to support Obamacare.

Lesson learned:

For project success and fulfillment, don’t skip the necessary planning required. Undergo tedious testing, practice thorough development, and design insightful solutions as part of planning a successful website.

Oh, and part of planning means staying informed. Don’t make claims that you know aren’t accurate. It messes with your inner glam.

Photo courtesy of A Futurist at the Movies.

Learn Basic HTML Code (and Fix Things All By Yourself)

learn html codeCertain programmers, it seems, are horrified by the prospect of non-geeks taking up the scepter of coding know-how. With knowledge comes power. With power you gain independence.

When you learn basic HTML code you can fix unwanted formatting, add extra spaces, create line breaks, or introduce links and images. All by yourself.

We’re not talking full-on programmer or hard-core code monkey here. Learn basic HTML code and you can find the freedom to not only fix things, but you can add these links or images to your sidebar in the text widgets as well.

Basic HTML Code

learn code

 

 

 

 

 

Click on “Text,” your HTML (which stands for Hyper Text Markup Language) editor to see how a post looks compared to the visual or plain text where you type your posts. It’s in the upper right of the New/Edit Post menu in WordPress.

HTML code can normally be found between the carrots or angle brackets, like this: <html>. HTML tags are the keywords surrounded by the angle brackets.

  • HTML tags often come in pairs: <p> and </p>.
  • The start tag is the first tag and the second tag is the end tag.
  • The end tag looks like the start tag but with a forward slash before the keyword or tag name.
  • Start and end tags are also called opening tags and closing tags.

Everything that is found between an opening and closing tag is “wrapped” inside and will be displayed in the visual editor according to that type of tag. For example, when you want something bold, everything found between the start and end tag will make it bold, like this:

  • <strong>This sentence will be bold!</strong>

Here are more examples of simple HTML with start and end tags:

  • <p>This is the beginning and end of a paragraph.</p>
  • <em>This sentence will be in italics, or “emphasized.”</em>
  • <h1> This is the title or header.</h1>
  • <h2>This is the subheader.</h2>
  • <h3>This is another subheading.</h3>

If you use multiple tags to alter text, be sure to keep the end tags in the same order as the start tags.

There are also tags that don’t require both a start and end tag:

  • </ br> Use this HTML tag to create a line break, or to skip a line
  • <hr> This gives you a line across the page and stands for horizontal reference.
  • To add a single space type these 6 characters in: &nbsp;  (This stands for non-breaking space.)

HTML for Links

Link tags make those blue-colored (or occasionally other-colored) and sometimes underlined hyperlinks that you can click on and go to another website or another page. Link tags in HTML come in a set of two beginning with <a href and ending with </a>. Here is an example of a hypertext link, also known as an anchor text link:

<a href=”your url here”>your anchor text here</a>

When creating a link to Google.com it will look like this:

<a href=”http://www.google.com/“>Google</a>

This is what it will look like in your text: Google

  • The “a” stands for anchor and starts the link to another page.
  • The “href” stands for hypertext reference and tells the browser where the link is going
  • Add the full URL address to where the link goes. It has an equal sign in front of it and is enclosed in quotes because it’s an attribute of the anchor tag, which is a command inside of a command.
  • The anchor text is what appears on the page that the viewer will read and be able to click. Always write something that names the link instead of generic terms such as “click here.”
  • The “/a” ends the link command.

For a Link to a New Window

If you want the link to open in a new window (which is what you want your links going to a different site to do), you need to add a target, like this:

<a href=”http://www.google.com/” target=”_blank”>Google</a>

Now your link will open in a new window: Google

For a Link With Pop-Up Text

If you want to add text that pops up when you hover over the link with your mouse, you need to add a title, like this:

<a href=”http://www.google.com/” title=”Google me!”>Google</a>

Now try hovering over the link: Google. (I know, it’s so cool, isn’t it?)

HTML for Images With the <img> Tag

This is the tag you use when you display an image:

<img src=”image.gif” alt=”name of image”>

An image of your favorite cat photo might look like this:

<img src=”favoritecat.gif” alt=” Cutest Cat Ever”>

  • “Src” stands for source and the “image.gif” is the url of where the image is stored. Your WordPress site has a media library where you can upload and store images for display.
  • The “alt“ attribute specifies the alternate text for the image if the image cannot be displayed for some reason.

To Shift the Image to the Right

When you want to shift the image to the right you need to add that information to the end of the tag, like this:

<img src=”url of image” alt=”image name often keyword” align=”right” />

You can change the “right” to “left” or “center” to float the image wherever you want it. Now you are no longer a Rookie, and you can add Beginning HTML Expert to your resume.

How to Keep Your WordPress Usernames Safe

loophole hackers haveThere’s a simple way for hackers to phish your username and then attempt to log in through your log in page.

First, finding your WordPress log in page is as easy as typing in this:

yourdomain.com/wp-login.php

Second, they can phish for your username by entering what’s called the author archive’s URL into the address bar:

yoursitename.com/?author=1

All hackers have to do is change the author number until the usernames come up. When I tried this on two different sites I have admin access to, not only did the usernames of authors come up, but the usernames of subscribers were also exposed.

As I changed the author number, the subscriber names either popped up on the web page with “Archives for” preceding the name (even though there are no archives/content for the names), or they appeared in a drop down box beneath the address bar, or in the browser tab.

Avoid the Danger of Username Theft

In the meantime, when an author is identified with admin rights, the hacker can attempt to access your site by brute force password attacks. This loophole for finding usernames in WordPress sites confirms the danger of two things.

1. A weak password needs updated.

WordPress offers password strength help here.

Your WordPress password is easily changed in your Users Profile under About Yourself.

2. For your username, don’t choose author name, admin, administrator, or any one of the targeted usernames.

See the list of targeted usernames in the recent brute-force attack here.

Your username can’t be changed in your WordPress profile. Follow my simple steps in How to Change Your WordPress Username through your Cpanel.

For every loophole there is an equally effective loophole filler. In a perfect World Wide Web, that is. Staying abreast of countermeasures against hackers requires constant vigilance and a few WordPress plugins to keep the invasion at bay and your usernames safe.

Keep Hackers Away With a Safe Slug

While the World Wide Web isn’t perfect, there are steps you can take to keep your site secure. The WordPress plugin that works to keep your usernames safe is WP Author Slug.

By automatically creating a different display name from the username, hackers are prevented from figuring out your log in name through the author archive’s URL. Instead, the URL will show a set display name and not the username that’s used to log in.

In case you’re wondering, the author “slug” is also known as your “nicename” and is the URL-friendly version of the website title with the author name. It is automatically generated by WordPress to look like this: example.com/author/authorname.

Just wanted to clear that bit of potential slug-confusion up. Nothing like visions of a slimy slug in your URL to ruin your day.

Good luck keeping your WordPress site secure and the loopholes plugged with safe slugs.

 

How to Change Your WordPress Username

It’s nearly as scary to take the necessary steps to protect your website against hackers as the threat itself.

When venturing into your WordPress database, remember this: You won’t make a mess of things if you’ve done the research and know what you’re doing.

Follow these steps in changing your username and you’ll protect your website from becoming part of a zombie army of infected computers.

Staying Ahead of the Hackers

Your WordPress username tops the list of potential threats against site security. If you have “admin” or any of the other commonly used names (adm, admin1, administrator, manager, qwerty, root, test, support, user), or yours is on the list of the 1,000 username/password combinations used in the recent WordPress brute force attack, it’s time to change it.

Changing your WordPress username by deleting your original administrator profile left me queasy with anxiety, I’ll admit. I went so far as to create another user profile, but couldn’t hit the delete button.

Because I couldn’t find anyone online who has done it this way with a similar version of WordPress, I decided I wasn’t taking any chances.

Here’s how you do it without any fear of deleting your posts. All you have to do is access your cPanel. To do this, you’ll need to know your cPanel username and password. This is worthwhile to know, so it’s worth the trouble to find out.

1.  Login to cPanel.

cPanel login

Enter your website name followed by cPanel into the browser tab, like this: example.com/cpanel. This will bring you to a login page similar to what you see here.

Enter your current cPanel username and password. (Check here to see if your password strength meets the criteria for hard-to-break.)

   


2. Scroll down to phpMyAdmin in the databases section.

change your username

Click on this to get to the database for WordPress.

 

3. Find your WordPress database in the left hand column.

change your username

It will look something like this, but might have your username preceding the _wrdp (I erased mine.)

Click on it.

 

 

 

4. Find wp_users in the left hand column and click on this to show your username list.

change your WordPress usernameAs an administrator, your information should be on the top row. Click on the Edit in the row that your username is listed. This will give you a new screen with parameters for your profile only.

Look for user_login (not user_nicename!) and change the username in the box where your current username is.

Now go to your WordPress login page and try logging in with your new username.

 

 

 

Remember, if you haven’t changed your password recently, do this as well. This is easily done through your WordPress dashboard.

Click on “Your Profile,” scroll down to the About Yourself section, and enter in your new password. You can also access your profile by hovering over your name in the top right corner and clicking on “Edit My Profile.”

Congratulations! You’ve taken the necessary precautions in protecting your website from brute force attacks. Don’t you feel more secure now?

How To Prevent Zombie Hack of Your WordPress Site

Hackers seek out WordPressWhen you’re the most popular system out there, you’re bound to be singled out and attacked by jealous rivals. Just look at Microsoft and Google. The jealous underdog, Microsoft, even launched a Scroogled campaign in an attempt to undermine their arch nemesis, Google, the clear favorite.

Hackers Seek Out WordPress Sites to Build Zombie Army

WordPress is an obvious target by web-surfing culprits, with over 65 million users around the world. The crime campaign of recent brute force attacks against WordPress sites is a sign that a jealous rival has resorted to subterfuge.

The password-guessing nature of these attacks means the perpetrators are scanning the Internet for WordPress installations and attempting to log in using a list of over 1,000 password and username combinations, infecting over 90,000 IP addresses in its recent campaign.

“The attacker is using a relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack,” Cloudflare CEO Matthew Prince wrote in his blog post.

In other words, they are trying to build an army of zombies for future use in a cyber attack.

3 Things To Do Now

As a WordPress site owner, this means taking preventive action against becoming infected with a zombie-building virus. Take the advice of WordPress creator, Matt Mullenweg, and make three strategic moves to prevent hack of your WordPress site.

1. Change your password

There are several ways to change your password. The easiest way is to go to your WordPress dashboard and click on “Users” in your toolbar. Next, click on “Your Profile” and scroll down to the About Yourself section and enter in your new password.

You can also access your profile by hovering over your name in the top right corner and clicking on “Edit My Profile.”

The password strength indicator will tell you when you’ve found a strong password. Check out WordPress tips to selecting a strong password, which includes what not to do when choosing a password.

2. If your username is “admin,” or a suspect on the hacker list, change that too.

Most of you probably chose something other than “admin” when creating your profile. However, if you have “admin” or a common variant (i.e., adm, admin1, administrator, manager, qwerty, root, test, support, user), change it immediately.

If your username is the name you commonly use on your blog or website, changing it is advised. Remember, changing your username is half of your site security.

Here’s the list of the username/passwords that the hackers used in the recent brute force attack. Nothing like a glimpse into the mind of a cyber criminal, if this does indeed offer one.

For a simple step-by-step to changing your username, go here.

3. Keep your WordPress site and all plugins updated.

You know that little number that pops up next to the plugins on your dashboard? That’s the number of plugins that needs updating at any given time.

Before updating a plugin, check to see that the new version is compatible with your theme by clicking on “View version details.” Then update one plugin at a time, checking on a separate tab to see that your website is still functioning with the reload button.

Doing a website backup is another wise step before updating plugins.

If this sounds neurotic to you, then you haven’t experienced website failure from plugin conflict. If your site does go down, you’ll need to deactivate the plugin. If you can’t access your site to do this, you’ll need to go through your FTP (File Transfer Protocol).

Regular plugin updates are very important in keeping malware and hackers from finding a weak link in your site. Out-of-date and old plugins have been updated for a reason, and hanging onto them is an invitation for hackers to wrangle their way in.

If you are a Web Savvy client, call us, or call your Web hosting company to help you.

If your WordPress site has already been hacked, check with your hosting provider.

Flickr photo from Gabriel GM

Cybercrime Threatens to Break the Internet

Break the InternetCyber attacks have grown so big, so fast, and with so little preventive action in place that they’re being compared to a massive iceberg colliding with the Titanic.

“We see the threat coming [but] we haven’t taken adequate action to prevent harm, and every week the threat gets a little closer,” James Lewis, director of the technology and public policy program of the Center for Strategic and International Studies in Washington, was quoted in The Hill.

Last week saw the largest cyber attack in history. A DDoS (denial-of-service) attack at 300 gigabytes per second was aimed at Spamhaus, a European nonprofit organization that works to block spam from the Internet. A mere 50 gigabytes per second can derail a large bank.

Internet Highway Gridlock

DDoS attacks are like a giant traffic jam, where all the cars are trying to enter through a single gate, and everyone must show an ID card to get through. In the case of Spamhaus, CyberBunker, a web hosting service angry over being blacklisted, targeted them with an unprecedented amount of traffic in an attempt to make the service unusable.

As traffic clogged the Internet, other exchanges were affected and Internet slowed for mostly European users.

CloudFare, hired by Spamhaus to deflect the attacks, helped keep the site online. CloudFare’s co-founder and CEO, Matthew Prince, said, “I do expect that this record for the largest attack won’t be held long.  [A larger attack] could dwarf this in size. And that may, literally, break the Internet.”

Further damage occurred last week when three scuba divers tried to cut one of the main underwater cables that connects Europe off the coast of Egypt. Disrupting Internet service in Egypt and slowing down Internet connections as far away as India and Pakistan, the congested data was forced to flow the long way around the globe.

USA Launches Cybersecurity Order

In an effort to quell cyberespionage, Obama signed an executive order in February. The recent upsurge in Chinese hackers waging a cyber-spying campaign on U.S. businesses raised new security issues and new measures, including a ban on government agencies from buying China-made computers.

Not only are businesses and government agencies at risk, the people who are infiltrating our critical infrastructure are capable of wiping out  “our power grid, our financial institutions, and our air traffic control systems,” Obama said.

So what can you do?

“Clicking the Link” Strategies from the Department of Homeland Security

The Department of Homeland Security offers strategies for helping to prevent cyberattacks, focusing on email attachments.  Being educated on the “clicking the link” pitfalls is a critical first step in staying safe. Security tips won’t prevent all serious threats from crashing websites, but they will give you a road map to avoid common traps, including chain letters, email hoaxes, and urban legends.

Check Out These Kitties!

The growing threat has led some employers to adopt a program designed to educate employees with a simulated cyberattack.   By sending emails with links enticing people to click to see more adorable kitties, companies are training workers through “ethical hackers” to learn the techniques of true hackers.

DHS checklist for personal cybersecurity:

  • Never click on links in emails. Even if you think it’s a legitimate email, go to the site and log on directly.
  • Never open the attachments. Retailers will generally not send out emails with attachments. Only open attachments from known contacts and after checking the sender’s email address.
  • Do not give out personal information. When on the phone or in an email, either ask for a number to call them back, or contact the agency directly to verify the request. 
  • Set secure passwords and don’t share them with anyone. Avoid using common words, phrases, or personal information and update regularly.
  • Keep your operating system up to date.  This includes your browser, anti-virus, and other critical software.
  • Pay close attention to website URLs. Malicious websites sometimes use a variation in common spelling or a different domain (for example, .com instead of .net) to deceive unsuspecting computer users.
  • Turn off email option to automatically download attachments.
  • Be suspicious of unknown links or requests sent through text message as well as email. Do not click on unknown links or answer strange questions sent to your mobile device, regardless of who the sender appears to be.

Have you been caught unaware through an email or other cyberattack method? What is your experience of cybercrime?

 

 

What to Do When Your Web Site Goes Down

Your web site goes down
Flickr Creative Commons by SanGatiche

Your web site is down. Your customers are unable to find you. Your business is an unreachable Internet entity. Your frustration level reacts with a terminal velocity akin to Superman.

Relax. It’s inevitable that your web site will experience some downtime. Servers are not in a position to guarantee 100% site uptime.

A .1% Downtime Is Over 8 Hours a Year

Maintaining 99.8% uptime means nearly eighteen hours of downtime a year. When you experience web site downtime, you’re experiencing what every site owner experiences.

Even top sites have to manage site downtime. Here’s the evidence: Check out the site downrightnow where favorite web services are monitored for status alerts on any site issues, including Facebook, Gmail, YouTube, LinkedIn, and Netflix.

Where There is Internet Service, There is Interruption

Before you notify your web host provider, here are several things to check to be sure the issue is with your web site.

1. Refresh your web site page.

By clicking the “reload” button located next to the web site address at the top of your screen, your browser if forced to download the most recent version of your web site.

2. Try to connect to another well-known web site, such as Google.com.

If your web site page won’t reload or you can’t access a different web site, then the problem is an internet connection issue and you should contact your internet service provider.

3. Check your domain registration at Whois.net.

By entering your web site name, you can check to see if your domain name registration has expired and if you simply need to renew your registration with the domain name registrar to get your web site back up and running.

If you have a web site provider like Web Savvy Marketers, we take care of this for you before it ever expires.

4. Contact a friend and ask them to check your site as a last-ditch effort to be sure it’s down.

They can also check Where’s It Up or Down for Everyone or Just Me to see if your site is down for others and not just you.

5. Call your web hosting provider.

When it’s an issue that lies with the server, your web hosting service will be able to make the necessary calls to confirm any technical difficulties to get your site up and running again.

Major server issues are not uncommon, as in the major web host and domain registrar GoDaddy outage, which took down millions of sites.

The World Wide Web runs 24/7, which means your website is continually open to technical problems as well as cyber attacks. Cyber thieves continually compromise Internet security. The FBI has had to step in, shutting down thousand of sites in an effort to do a global clean up.

We Fix Your Website Woes

Having a web hosting provider you can easily reach, whom you can count on to be available to take your phone calls when your web site’s function is in question, is the key to obtaining quick recovery to web site problems.

Let us know if we can help with your web hosting questions by leaving a comment below.

Our Location

222 Pitkin Street, Suite 125
East Hartford, CT 06108
Phone: 860-432-8756

Talk to Us

Follow us, subscribe to us, email us, or call us at 860-432-8756. We’ll use our Super Savvy Tool Belt to stay in touch however you prefer.

Sign Up for Email Updates