Tag Archives: security

What is Involved During a Typical Workday for an MSSP Engineer?

Engineer workplace the servers

Dealing with cybersecurity issues and responding to cyber-attacks means that there are few dull days or ones that feel like the movie Groundhog Day, where every day is a repeat of the one before. By contrast, no day is the same in the life of an MSSP Engineer – source: https://www.virtualarmour.com/blog/a-day-in-the-life-of-an-mssp-engineer. Intrusions can happen at any time day or night – it’s daytime somewhere around the world while they’re sleeping – and while people sleep, bad people are in cyber-attack mode.

Let’s look at some of the things that a security engineer deals with on any given workday. Continue reading

Secure Your Content: 4 Ways to Keep Your Site Safe

Businessman touching a dashboard with key performance indicator

Paragon Software Group found that one in five businesses have experienced data loss. Human error and hardware failure are just some of the reasons for loss. But there’s another more sinister reason behind data loss. The FBI estimates that 500 million computers a year are hacked. Some of those hacks include ransomware, where your device is locked down and the hacker demands money to unlock your device and files. Continue reading

Professional Web Security Analysis Provided by ‘corePHP’

joomla security vulnerability

Has your website security become compromised?

Luckily for you, you have come to the right place. Time and time again site owners neglect to keep their CMS updated, opening their website up to potential security issues. According to Sucuri, a Web security firm, states there are currently hundreds of websites that are becoming compromised each and every day. Since the start of the latest threat a few weeks ago, thousands of sites have become victim to this compromise, with many unaware their site has been compromised.
Continue reading

Critical Joomla! Security Alert!

joomla web security michigan

There are still many websites that have yet to update to the latest version of Joomla! and have since fallen prey to hackers. Contact ‘corePHP’ today to have our experts update your website immediately.

This vulnerability is so serious, the Joomla! security team has taken action and have issued a Joomla! security alert. The security team has also released a patch to resolve a critical remote command execution vulnerability in Joomla versions 1.5 to 3.4. If you are running end-of-life versions, like 1.5.x and 2.5.x, update TODAY to minimize your potential risks. Continue reading

Keep Customer Data Safe On Your eCommerce Site

keep your eCommerce data safe

Ways eCommerce store owners can keep their customers’ data safe.

No matter what eCommerce solution you’re using, as a website designer, integrator or e-commerce business, online data security is one of your greatest priorities. Cybercriminals want your customers’ private information, and most consumers don’t take proper steps to protect themselves. For example, a CreditDonkey survey found that more than 68 percent of consumers use the same password for multiple sites.

Continue reading

‘corePHP’ Announces Immediate Availability of paGO Commerce 1.0.7.1

paGO Commerce version 1.0.7.1 is available now from 'corePHP'

Today, software technology firm ‘corePHP’ LLC released version 1.0.7.1, its latest version update of paGO Commerce™, e-commerce software extension built for Joomla!® CMS. You may download this latest version of paGO Commerce now for FREE on the paGO Commerce download area, here. This update includes important bug fixes and security updates. For general product information, features and benefits about paGO Commerce, go here. For further questions and support, contact ‘corePHP’ here.

300,000 Affected by JoomDonation Hacker

I have your data - JoomDonation Hacker

When a hacker holds your small business for ransom, what would you do?

Late last week Tuan Pham Ngoc, developer of JoomDonation, a product of OS Solution, confirmed there was a security incident which ended up affecting over 300,000 Joomla users, most of them associated with JoomDonation.  A hacker broke into an OS Solution e-mail server, stole account information, and distributed a nastygram email to account holders (see the letter below, for context). Continue reading

Make your website secure using Joomla

There is one and only award winning content management system utilized by millions around the globe, including probably the most regarded organizations and that system is Joomla. It is one of the web’s most prevalent open source CMS and a standout amongst the most utilized open source CMS around the world. Another good feature of Joomla is that it is easy to do SEO for your Joomla website.

joomla-hosting-server

Nobody wants to have their site get hacked. But practically everybody has some motivation to overlook efforts to establish safety. Security is a standout amongst the most imperative issues confronting both web clients and web engineers. It gets considerably more imperative when you’re utilizing a CMS, for example, Joomla. Continue reading

10 Best Checklists to Secure Your Web Hosting Server

Having your business available online is vital in this digital world. Many people access the Internet to learn more about the products or services of a specific company. In order to reach out more potential clients, you must have an online presence. And this can be done through your website.

 

Once you have your website created, it must be available on the web for other people to see. First, you would need your domain name, which would be the address of your website. You then need to get web hosting service from a provider like Nethosting, in order to have a space for your site. This is where you upload files to make your website accessible for Internet users.

Since your web hosting server contains all your website files and information, it’s important to keep it secured. Hackers never stop in finding ways on how to gain access to these servers, which is why users must be extra vigilant. There are various ways on how to do this.

Determine if SFTP is Available

FTP or file transfer protocol is the protocol usually used for uploading files to your web hosting server or your cPanel account. While it’s generally a secured protocol, it can still be at risk of attacks. Determine with your web host provider if SFTP is available for you. SFTP or secure file transfer protocol is more secured as it adds an extra layer of protection. This prevents files from being interrupted or changed during transfer.

Use Firewall

A firewall can prevent unauthorized access to your web server. This is your first line of defense against hackers trying to get through your cPanel. Find a reliable firewall that is designed for protecting cPanel servers. There are firewall software that do not only block unauthorized access but also offers recommendation on how to better secure your server after running a system scan.

Install Anti-Virus Software

Anything that runs on the Internet is prone to virus infection. To protect your server from virus attack, installing an anti-virus for your cPanel is a must. One of the most popular
anti-virus used for cPanel is ClamAV. It’s an open-source application that scans directories and e-mail for suspicious files.

Change Password Regularly

One of the easiest ways to secure your web server is to change your password regularly. It would be more difficult for hackers to figure out the password if you keep changing it. Choose a strong password that would be difficult for others to guess.

Keep cPanel Up to Date

Ensure that your cPanel is updated. This is because the latest version often has known problems from the previous version solved, including security concerns. It’s recommended that you enable automatic update by changing your settings on “Update Preferences” under “Server Configuration”.

Turn on cPHulk in cPanel

An exhaustive key search or also known as brute force attack is the systematic checking of all possible combinations of characters to get the right password. Even if the data is encrypted, if the key search was successful, unauthorized access can still be done. To prevent this from happening, you may enable cPHulk in your cPanel. Here are the steps on how to do this.

1.Go to WHM.

2.Click Security Center.

3.Click Enable under CPHulk Brute Force Protection.

4.To prevent yourself from being locked out, add your IP address on the white list if it’s static. Click the White/Black List Management tab for this.

Disable FTP Use by Unknown User

Unknown users can upload files to your web server if the settings allow them to. To make sure that only authorized users have this capability, disable “Allow Anonymous Uploads”, as well as “Allow Anonymous Logins”. To access this option, click WHM, go to Service Configuration then FTP Server Configuration.

Use a Rootkit Scanner

A rootkit is a malicious program that gains access to your server without being noticed. It can’t usually be detected by anti-virus applications. This is why a rootkit scanner must be installed to further protect your system.

Remove Accounts That Are Not Needed

Accounts in your web server must have the right privilege to make sure that users only have access to appropriate files and features. Since these accounts are vulnerable to hacking, it’s best to remove those that are no longer used or needed.

Make Necessary Backups

Even with the best protection and cautions, unexpected things can still possibly happen including server crashing or attack. To make sure that your system or site will be up and running in no time, backup your data regularly.

It’s vital that your web server is protected from malicious attacks as this is what makes it possible for Internet users to access your website and learn about your company. Practice these safety tips to prevent unauthorized access and virus infection on your server.

What’s happening behind the scenes on your website – II

In part one of this posting, Tom Canavan, author of CMS Security Handbook: The Comprehensive Guide for WordPress, Joomla, Drupal..”  gave us a brief introduction to what is contained in an Apache log file and how to read it. Additionally we learned by example how to identify two types of attacks that occur against websites.

In part two of this blog post, you’ll learn how to find the logs, change your retention policy and download current and archived logs, all using the immensely popular web-server control panel, cPanel®.

In addition to this, you’ll learn how by making a couple of minor changes to your log retention policy can make the difference of knowing what happened and being able to take immediate action before an attack can be successful.    

Continue reading

What’s happening behind the scenes on your website – I

Often our daily tasks keep us busy and as long as our business websites are running, we are happy. It is only when our entire website or server is taken down by a hacker, does the back room machinations of our site suddenly have interest.

In this two part blog series, CMS security expert and author Tom Canavan, will present a brief tutorial on how to read and make use of ‘Apache’ access logs.  In the second installment he’ll discuss how we find, download and adjust settings for maximum value using cPANEL® one of the most popular control applications for webservers.

Continue reading

Ultimate Guide to Write a Perfectly Optimized Robots.txt file for WordPress

Many webmasters and bloggers still don’t know much about Robots.txt and the vast importance it holds for any website.

Obviously, there are many resources available over the internet about Robots.txt, but most of them are offering you ready-made templates of Robots.txt which you can just copy and paste for your own site. Easy stuff, isn’t it? But it may not work the way you want it to, as it has not been built focussing particularly your site on mind.

Each and every site in the Web is different and so a ready-made Robots.txt can never be a perfect solution. You need to design a custom Robots.txt file focussing on the SEO, Security and Server environment of your site.

So, in this article I will try to guide you to learn and understand how the Robots.txt file actually works and how you can create your own perfectly optimized Robots.txt. Continue reading