WordPress Flaw found in Social Media plugin

Simple Social Buttons plugin flaw found that can take over your site.

 

URGENT – If you use the plugin ‘Simple Social Buttons’ in your WordPress installation, you should immediately update it to the latest version as there has been a serious flaw found in it that could allow an attacker to take over the site. The flaw, which was discovered last week by security researcher and developer Luka Šikić, has been discovered and a video showing how to use it to break in to WordPress websites has been released.

The flaw has been fixed by the developer and a patch released. So if you haven’t already then you should update now.

The flaw can only be leveraged in sites that allow user sign-up, which most sites have disabled due to security reasons. Never the less you should update before they figure out how to exploit the flaw without user sign-up requirements.

Any of our customers who have website maintenance contracts will have already been updated to the latest security patch. If you are not sure then you should contact your web development team and/or your host to see if they can help.

If you are really stuck then we may be able to help, please submit a support ticket with your website URL and contact information. Do NOT post your username and password in the ticket we will contact you separately for the information if needed.

If you use the Simple Social Buttons plugin for WordPress then make sure you update your site to correct the security flaw immediately.

Stay Safe

CritchCorp Computers Ltd.

 

Your email account has been hacked, emails

Many of our users have seen this type of email in their spam filters, most don’t actually get through to your account, although the odd one might. That is all the spammers, who are usually organised crime syndicates, need and rely on.

A full version of the email is at the bottom of this post.

What are these emails and why do some of them have my password in them?

These emails raise many questions and I will try to answer most of them here.

It is of course possible for what they say in the email to be true, but in most cases it is not. There have been many hacked websites over the years and there are now plenty of lists of people’s usernames and passwords, that have been compiled from these hacked websites. There are now two or three main lists that have been compiled and in turn these in to one list of over 500,000,000 usernames and passwords. Security researchers use this list to determine things like frequency of passwords, your chosen password is probably not as unique as you think it is; monkey, password, 123456, abc123 were the top password for many years and although recent research shows that they have moved about, they are still in the top 15.

The bad guys use these username and password lists to try to gain access to your accounts on other wesites and even your email account. Now some bright spark has decided to take your username and password combination where your username is your email address and send an email to you, firstly showing your password to you and secondly faking the sending address, which is trivialy to do, and then tells you that they know something about you that you don’t want revealed to others. This is a typical phishing scam in that they don’t have any access to your email (that is not say that they don’t but they tend to use other scams that are more profitable when they actually have access to your email). Read More

New Spoof RansomWare

New Malware has been found that is cross platform, so it works on Windows, Apple and Linux systems. It can also get in to web servers and deletes any MySQL, Mongo, Maria and Couch databases it can find causing websites and software to not work, then displays a ransom note asking for money to be paid. Once paid you would think they would give you back the data, but not this time. This is Spoof Ransomware and as it deleted the tables and did not encrypt them, therefore it cannot give them back to you. At the time of writing this there are 46 known cases of people who paid up an average of $125, totalling around $6000 but not one of them has received their data back, funding this probable organised crime gang (in China), with no hope of getting their data back. Furthermore, once it is on the server it can then start to infect other computers through the browser with a version that will work on your system and once in to your computer it will do a variety of things, from deleting data and asking for money, to installing a botnet (on Linux machines) and mining crypto currencies, stealing your computer resources such as CPU time, Memory and hard drive space, making your computer run as slow as possible.

Watch out for more information on this as new comes out, we only heard about this particular malware called Xbash.

How to protect yourself

To protect your computer systems and networks be sure you have your computer fully patched and running some antivirus software and firewall; on Windows PCs you should be able run the free built-in antivirus software and most PCs will have a built-in firewall which with it updated should be enough. The biggest issue is getting your firewall to not accept incoming connections for services on a server or PC that you don’t need to have. By default some servers have all ports for all services open to everyone, such as MySQL. If you don’t really need it to be open then close it and where possible if you need it to be open, then tie it down to as few connection locations as possible.

Get some antivirus software for your server and for your site. In most environments each website is in its own virtual space and so having some effective security protection for each site is important. Something like cWatch Security, available here, is a good starting point.

All of our hosting accounts now come with a FREE copy of cWatch Basic to help mitigates against these types of attack. If you already have a website hosted with us then you can claim you FREE copy of cWatch Basic as well and we will even help you to install and set it up as we believe that this is critical to protecting your website, your visitors and your reputation. Please check your Addons section or submit a support ticket if you would like some help with this.

 

Google Forces Sites to use SSL Certificates

***Notice to all Website owners***

That’s right, as of July 2018 Google Chrome will start reporting non-SSL sites (that is sites that don’t use https:// for access) as insecure. This is a major change from the current norm which is to highlight sites that use SSL certificates with a green SECURE next to the address and other browsers who use a green padlock. They will from July this year not show the green SECURE but they will show a NOT SECURE next to any site that does not have an SSL certificate. Making the norm to have an SSL certificate. That is going to be followed in the future by a warning screen that informs users that continuing to your site is not recommended. Though the warning wall is not being implemented right away it is planned for the future.

Google's July update, what it looks like

What the browser will report before and after July for sites that do not have an SSL certificate.

The new move forces website owners to have an SSL certificate and make their site secure, even if it is not required, or risk losing visitors that are scared away.

There are several different types of SSL certificate and the higher (more expensive) ones will still show the green bar in the address bar, but the norm will be to have one of the cheaper ones and if you don’t have any or it expires, the company backing the SSL cert (Cert provider not the retailer) goes out of business or has their master certificate rejected then you will be faced with a blocking screen when trying to get to your site which will prevent users from going there, with warnings that your site is insecure and should not be visited. This is obviously not good for business.

Google have also hinted that sites that use SSL certificates currently get a boost in the Google rankings over those who do not.

At CritchCorp Computers Ltd we have a quick and easy way for you to comply with this new Google rule for all our shared hosting customers you can purchase a fully managed SSL certificate from your yesDomains account or submit a support ticket here to get the ball rolling. It is quite an in-depth process but we will take care of it for you, with as little interaction as possible required by you. Please go here to get started.

The industry is working towards lowering the cost of SSL certificates to nothing and automating the install and renewal process, but that is still in development so for the time being you will need to purchase an SSL certificate in the normal way. If you want the users browser to light up in green then you need to select the Extended Validation (EV) certificate otherwise the cheaper normal one will suffice to prevent you being labelled as NOT SECURE. We have monthly or annual billing options to spread the cost but all certificates are annual commitments.

We use Comodo, DigiCert, Symantec, Thwarte, GeoTrust and Trustwave certificates  that are strong providers in this field and highly unlikely to go out of business or have their master certificates rejected. This provides you with stability and reassurance that your certificate will not become invalid before it expires as does happen from time to time with smaller SSL providers.

If you want to read the Google blog entry about this; with their advertising spin on it then click here. What this does do is add further costs to businesses. Whilst we absolutely agree that any site that accepts payments or collects user data should be secure, there are still many sites that do not and so forcing them to have this does seem unfair to us, but that is what the mighty Google has decided and so it shall unfortunately be.

There has been some discussion about the colour of the NOT SECURE. The current SECURE label is green and it is understood that the new NOT SECURE is going to be Red, although some discussions at Google say it will be more neutral, which ever it is it isn’t good for business.

Keep safe

CritchCorp Computers Ltd

Update to the new Ransomware

For the original post see: http://www.cc-computers.com/?p=241

In the original post I talked about the new ransomware that it taking hold all over the world. It has even hit a police station in America that had to pay the “fee” to get back their data.

The latest version of this virus now takes advantage of all the help that has been available on line to “improve their product”. Now if you thought that you could get your data back through shadow copies (Also known as previous versions), think again. The virus now encrypts those too.

Here is what it does now, which is the same as before but better.

Currently the infection vector is through email as an attachment; usually a zip file or pdf that is actually an exe file but as most people have the “Hide extension of known file types” ticked on you would not normally see it. You will see filename.pdf when the actual filename is filename.pdf.exe. I expect that this will change or be improved on as well with links in email and other file types, etc.

When you open this file it infects your computer and immediately contacts a server from a list of around 1000 possible domain names generated through an algorithm. When it finds a live server it exchanges details with it and starts the encryption process. At this point it doesn’t let you know that you have been infected and is not picked up by most antivirus software. The first version would finish its work without interruption of antivirus software.

It encrypts all user content that it can find on your PC, mapped network drives and any shares that it can find on the network and file sharing programs data such as box.net and drop box. It also encrypts any shadow copies and backups that it can get to. When it has finished its work it pops up a message to tell you what it has done, it even gives you a list of the files that it has encrypted so that you can verify that they are your files. It then gives you a countdown timer starting around 72 hours. You have this amount of time to pay the fee and get your files back. Now where the old version used to just delete the key if you didn’t pay up in time the new version will give you a discount for paying within the time frame. Currently it is 1/2 bit coin (which is now about £500). If you fail to pay in time then it goes up to 10 bit coin (About £5000). This “service” is available for an extended amount of time.

In short get yourself protected and keep offline backups and redundant copies.

CritchCorp Computers Ltd.

 

New ransomware takes hold

New ransomware has been taking hold of businesses and households around the world. Be very careful with the email attachments that you open, although this is probably only the first wave; they will find other ways to get to you.

What’s new about this virus then? This virus; actually it is a malware strain named ransomware, named that for a very good reason, is an example of modern encryption done right. They have created a perfect system that can encrypt your data using public key technology that cannot be cracked!!

How does it work? Well, at the moment you get an email about something that is relevant to you (that’s how they trick you in to opening the attachment, or clicking the link). Once the software is running, it quickly establishes a connection to its command and control server, where it generates a random encryption key specifically for your system. This type of encryption is particularly cleaver as the key that encrypts it cannot be used to decrypt it without the other part that is held on the command and control server (it never gets sent to your computer, so there is no record of it for you to find). it then searches your computer and network, any backup drives you have access to, in fact, any resource that contains user created or user data and encrypts them all! Any evidence of the key locally is then destroyed and a page pops up to inform the user that they have been robbed! It can show you a list of the files you once had so that you can verify the threat is real and then gives you the ultimatum of pay $300 or 300 of your local currency or lose your data, you have 72 hours to make your mind up. After 72 hours have passed the only key that could decrypt your data, which is on the command and control server, is deleted, permanently!

If you do not have any backups of your data and you need it, then you have no choice but to pay up, and thousands of people and businesses have done so. They have also been very cleaver with the payment method as they cannot be tracked through the payment either. When law enforcement find the servers and take them offline, the only people hurt are the people who now cannot get their data back. The ad guys have their command and control servers moving around and are not needed for the payment loop; they just create and hold the keys to your data.

The other point on this is that they seems to have written the encryption part exceptionally well, not so good is the decryption side of the program with reports that not all and in some cases none of the data is returned and there is nothing you can do to get it back.

Be careful and watch this space as it will only get worse!!

A New Domain Name Scam

Domain names are big business, well if you hold a lot of them or the right ones they can be. We charge £2.99/year (plus VAT) for a co.uk domain name. I have seen people or companies that charge over £50/year for these same domain names. Unscrupulous or just business? I would say that it is just business. A company can charge what they like for a domain name, there is no real limit on it and the customer is free to choose where they purchase them from. We love domain names but we do not charge the Earth for them. People are able to choose whether or not they want to pay prices as high as that or pay our prices. I have not really looked in to many of these companies that charge a high premium beyond the information on their website and it appears to me that they do not really want more customers, they are happy with what they have and that’s that.

There of course, have been some domain name companies that try to scam people either out of their domain name or just to win the business. Whichever it is I do not agree with underhand tactics to get business. People come to us because we are honest and open and we do an excellent job, not because we conned them in to moving to us.

The one that most people have probably seen the most is a company, that I will not name but they have been conning people for years now and more recently have been trying to clean up their act to appear more professional. They send out postal letter and emails to the registrant (owner of the domain name) and in the beginning they said that if they did not pay this extortionate rate their domain name would be lost forever. Anyone dumb enough to fall for it could have fallen in to many problems, as they were effectively transferring their domain name to another company and their website, emails and everything else could easily have stopped working and been lost. On top of the fact that they have paid a lot more for the domain name renewal than was necessary.

Always know who you have registered your domain name with and check with them first before renewing anything with a third party. This particular company have been forced by trading standards, I believe, to clean up their act. They still send out ridiculous emails and letters to try to steal customers from other companies, in my opinion, by deception. Their latest one stating that if you do not take their offer of SEO and domain name then no-one will be able to find your website. I will not go in to the technically details of this but to anyone with any technical ability they know this is not true, but it must be fooling some unwitting domain name holders or they would stop.

Another long running scam is the Asia domain name company that tells you that someone is trying to register a domain name that is similar to yours and they are going to give you first refusal of the domain name. A scam as well that has forced thousands of people to buy domain names that they do not need or want.

The latest email to go to domain name owners is one that is intended to scare you though showing you a whole lot of technical information about your domain name. All of it is probably true but means nothing in the context. From what I can see their whole point of sending you a large font email telling you that your whois information has been updated (which is a lie) is to get you to purchase other domains from them. I have not been any further and I have only just seen this one going round so I am sure that we will see what devastation it causes in the coming weeks and months.

If you own a domain name make sure you know the basic information of who it is registered with and when it is due for renewal. Even if you have technical people to look after things like that for you, make sure you have basic information (read: http://www.cc-computers.biz/Blog/?p=228 to make sure you don’t lose your domain name)

Be vigilant with emails and letters that come in the post telling you that you need to do something, check with the right people first.

Support Team

CritchCorp Computers Ltd.

Prices correct at date of publish.

Domain Name Owners Beware!

It is your Domain Name!

Everyone who owns a domain name (which is just about everyone today), needs to be aware of how the domain names work, and not in a technical way. That is to say that there are three parts to every domain that you need to be aware of and where it is. There is a lot to be said for keeping everything in the same place but it not necessary and can sometime be beneficial to have them in different places. As long as you know where each of them are, and you keep control of them.

If you do not know too much about them then it is worth learning where the most important parts are. The most important parts can be different to different people, but make sure you know how each part is affected by the other. Here is a brief list of each part and how it is currently in relation to our hosting platform.

Registering a Domain Name/Renewing a Domain Name & DNS Server Location

We have a billing website (www.yesDomains.co.uk) from here you can register any domain name you like (from the supported list see: https://www.yesdomains.co.uk/whmcs/domainchecker.php for our current list and prices), it is important to note that this is one of the most important parts to the domain as your website, email and any other service will use this. From here you can control ownership of the domain and where the DNS servers are to be held, as well as the billing/ordering/cancelling of any additional add-on products. You can also preform transfers in to and away from our servers in this section.

DNS Servers

The next part which is important is the DNS servers. These are the servers that tell anyone on the internet how to find you. By default these are pointing to our DNS servers as they work with our hosting control panel but they could be pointing to anywhere. The DNS servers contain a list of the resources and where your computer (or any device) can find them. So you want to get to your website; you type in www.your-domain-online.com and your computer will then go and ask the DNS server how to get there. It will then be told to go to our hosting server and there it will find your website and display the pages on your computer. In the same way, when someone send you an email the senders email server will look-up your email server by querying the DNS server. You will have received another control panel login when you opened your hosting account and this is where you will be able to add email addresses and find the details to add your website and crucially, control what is in the DNS servers. Many of our customers have their own email server or they use one of our dedicated or cloud servers for their website, this means that they are no longer in the default location and these resources are in a different place. This is all made possible by DNS. By adding a record to the DNS server to tell computer to find your website at a different location and to send email directly to the server in your building. These sorts of things are usually handled by your technical team or by us on your behalf.

So as you can see it is possible to have the resources in different locations and even with different companies. It is therefor important that you keep control of and have access to the main parts of the services you need the most. Looking at it like this there are three levels:

Level 1

Access to the domain name billing and DNS server location. If you lose control of this then you probably do not own the domain anymore and the website and emails can be diverted away.

Level 2

Access to the DNS servers them selves to add or delete resources (www, email, etc.) Lose of this section would be a disaster but not the end of the world. Using the Level 1 access you can retake control of your domain and re-setup the DNS server settings. It would require some help from technical people but it can be fixed, and perhaps even put back to the way it was.

Level 3

Access to the resources themselves. This is to the actual pages on your website or to setup and remove email addresses. Loss of this could be each resource or if on a standard hosting platform they would be together with the DNS, Level 2 above. If the website is important and you have a copy then you can reset it up again, the same for emails. This is where most developers of websites would need access. If you have a company that looks after all your IT then they would probably need access to this and level 2 access. Unless they are a registrar they would probably not need access to Level 1. A registrar is bound by the rules of each Registry that they support and should act accordingly. Ensure you check that they are an authorised Registrar or a reseller of an authorised registrar. If they are only a reseller then check with them that any domain names that they hold for you are:

  1. Registered in your name
  2. You have full and complete access to the domain names registry level functions namely:
    • DNS server addresses
    • Transfer Key (also known as EPP key or Authorisation Key)

If you have someone who does your website for you then they will need access to the webserver (usually through FTP) and possible to the MySQL or database server. They may also need access to the DNS servers to add resource locations. They probably do not need access to the billing side or the DNS server location settings. In any case it is down to the owner of the domain name to ensure that they have the correct username and passwords to get access to the resources that mater the most to them. In most cases I would say that your domain name is important. You need to make sure you have record of the following:

  • Control panel address (ie www.yesDomains.co.uk)
  • Username
  • Password
  • Renewal date

From this information you can protect your domain name; don’t leave it to someone else. You do not need to be technical to know these things. As long as you have this information a technical person can help you to get the rest going.

If email is important then know where it is hosted and ensure you have control panel access to it, even if you do not use it, make sure you have it. Also true for websites; you may have spent a lot of money having your website built and it would be a tragedy if it were lost because of a billing error or even a technical error. Have a backup of the website and access to the control panel. (ie control.ccc-solutions.co.uk).

As long as you have these then you can find a technical person to put it back together for you and make things work, but if you lose control of any one of these then you will lose your investment: email, website or even the domain name itself.

With our hosting solutions you have control over your domain name, even if you are not technical you need to know you are in control. We provide you with the technical support your require, we can do all the complicated DNS resource location settings for you, but you still have the power. We give you control panel access to your billing and DNS server location that is fully automated and doesn’t require anything from us. If you decide to move elsewhere you can (we hope you would stay) but it is your choice, also you can move domains in to our control panel for safe keeping.

Keep control of your domain name!

We recently had several people try to move their domain name and resources to us from other providers. In one case the web developer had gone AWOL and the owner was not able to get the changes done that he required. We tried to help him to move across and managed to get the website and emails setup but he did not have access to his domain name itself and then the domain name expired. His resources and domain name and DNS servers were with three different companies, which he did not have all the access details to and when he finally managed to convince the right company that he was the owner of the domain name, it was too late, someone else had managed to buy the domain name after it had expired. He has now got to buy a brand new domain name and make everything work with that, including getting all of his customers to the new website address and emails to the new address, all in all a complete nightmare, and all because he did not keep control of his domain name. He though his web developer was taking care of it for him and relinquished control of his entire online life to his web site developer.

Our domains are registered in your name, not ours, we are a Registrar, you are the Registrant, owner of the domain name. Make sure you choose a company that will look after you and your domain not you and their domain.

If you have any questions please submit a support ticket here.

Keep a look out for the new domain name extensions coming soon.

The Support team

CritchCorp Computers Ltd