Another Security Breach in the World of WordPress

wp_security_141210275505_640x360According to Search Engine Journal, see it HERE, over 100,000 WordPress sites have been infected due to a Russian malware attack called SoakSoak. Now, to be fair, this isn’t an attack on the WordPress site itself, rather a plugin for the site called RevSlider that is used in many of the WordPress themes. But you already know enough not to use plugins – right? Unfortunately, this plugin is buried so deep in some of the most popular WordPress templates, users wouldn’t know they are using them.
The not-so-much-talked-about issue is that over 11,000 of these sites have been blacklisted by Google already. So what does this mean for Search Engine Optimization (SEO)?

In a previous post, we had discussed the security vulnerabilities in plug-in based template sites and the latest malware attack is a perfect example. The problem: many of these plug-ins are not easy to update and leaves not just the plug-in but the whole website in jeopardy. Each plug-in (and there are literally hundreds) can be developed by a different business or individual who is responsible for monitoring security threats and creating fixes. If your website “solution” relies on 4 different plugins (not uncommon) that translates into a lot of potential issues (more…)

Domain and DNS Solicitations – Are They Legit?

Many of our clients get solicitations from domain registry companies and DNS management services on a regular basis. They look like an invoice, and sometimes they even have what looks like legitimate information on them. But – beware…these are sneaky marketing pieces trying to get you to just pay it, when in fact, you may not have to. Here’s what they look like:

letter about DNS hosting

We have also had clients receive mail from places like Domain Registry of America, a company that handles domain registrations. However, their marketing piece looks like a notice of a domain expiring, and that by paying the invoice (or what looks like an invoice), all will be well with the domain name. Here’s what that might look like:

(Notice in both examples the areas in red….these are giveaways that it is just a solicitation, not a bill requiring payment.)

In the big picture of marketing, this tactic isn’t new. Magazines have been doing this with their subscriptions for years. But – in today’s technology-driven world, a domain name can make or break a business. The industry has made their money on fear – our fear of losing a domain, fear of our competitor getting our domain, fear of losing business all because we let a domain name expire. Wow! That’s powerful!

So, it’s no surprise that business owners and website managers are cautious anytime they receive a notice about their domain name. As they should be – it is important to pay attention to. However, there are easy ways to go about making sure that your domain name is well taken care of.

1. Check your WHOIS listing.

WHOIS is a directory of domains and their registration information. Look for the expiration date, and the “Registrant” info. Your company name should be listed as the Registrant. You can find your WHOIS listing by going to who.godaddy.com and typing in your domain name.

2. If you manage your own domain name with someone like GoDaddy, Network Solutions, ENOM, or other similar sites,make sure to set your domain name to ‘Auto-Renew’. That means that it will automatically renew your domain name for you without having to worry that it will expire.

3. When purchasing a domain name, purchase it for multiple years (max is usually 9 or 10 years). This not only takes the burden off of you to renew it every year, but it also gets you bonus SEO (search engine optimization) points!

4. Call JB Systems! Domains seem like the unknown to many small business owners, but it doesn’t have to be a part of your business that is shrouded by fear. If you’re ever in doubt, our team at JB Systems can check on your domain, or manage it for you.

Purchase Your .CO Domain Names, Before Your Neighbor Does

by Gerald Bauer, owner of JB Systems, LLC

Greetings JB Systems Blog Subscribers! As most of you know, .CO domain names were announced at this year’s Super Bowl. We’re learning that many companies are buying up these domain names – just to sit on them and resell them at a later date. This is known as domain squatting and is frowned upon by most professional web agencies.

If you’d like your domain name in the .CO extension, please call us right away. Registrations are only $15.00 per year and we can secure it for you. As always, you own your domain name with JB Systems. Your receipt of purchase entitles you to that.

Call us before it’s too late – if another company purchases your .CO, they have legal right to charge whatever they’d like for you to obtain it. But at JB Systems though, $15.00 per year (like all of our domain registrations) is all it takes.

Until next time….

Scam Alert – December 2010

by Gerald Bauer, owner of JB Systems

It was recently brought to our attention that some customers were receiving “mock” emails from Charter Communications politely asking users for their email usernames and passwords. The exact email looks something similar to this:
————————————————————
From:
customercare@charter.net [bcc12@rogers.com]

Sent: Wednesday, December 22, 2010 12:35AM

To: customercare@charter.net

Subject: Your Account Update

Dear charter Customer
There are some changes necessary in order to upgrade your e-mail account.Please send us your e-mail
ID and password so that we can upgrade youraccount and avoid any interruption in service.
Thanks,charter Support Team.
——————————————————————————–


There are several things to note here – such as the improper capitalization of things – but most importantly, review the “To:” address – and note the [bcc12@rogers.com]. This is dangerous – at Outlook will “blind carbon copy” your reply to an address at rogers.com. Do you really think this is Charter Communications? Probably not!

Also – for everyone’s information – Charter would have all the tools necessary (or we hope that they would) to manage their email accounts without soliciting their users for passwords. NO EMAIL PROVIDER SHOULD EVER REQUEST A PASSWORD FROM THEIR CUSTOMER. This is bad practice – and they have the tools to manually reset the passwords if they needed to.

Until next time everyone – have a great holiday and stay safe – both offline and online.

Email Scam Alert

Hi All,

JB Systems has recently uncovered a new scam attempt being sent by email.
If you receive any message with the subject “FINAL VERIFICATION OF YOUR ACCOUNT” - please disregard the message and delete it promptly. The email will ask you to confirm your email account and personal details, such as:

  • Email Username
  • Email Password
  • Date of Birth
  • Country You Live In

Once again – DELETE THESE MESSAGES.

JB Systems will contact you personally should we have any issues with your email accounts – or if we need to verify your information. We’ve taken necessary measures to block all future attempts of these messages on our mail servers but even that is never foolproof.

Thanks for tuning in – and let us know if you have any questions.

SCAM ALERT

Dear Viewers,

JB Systems, LLC would like to inform you of a Scam from China that is currently making the rounds. If you receive an e-mail that is similar to the follow, please ignore it.

Hello! Sorry to trouble you!

We are a domain name registration and dispute organization in Asia, which mainly deal with the global companies’ domain name registration and internet Intellectual property right protection in Asia.

On the July 8, 2009, we received an application formally from Ic-cont Holdings Limited ,who applied for the Internet Brand” YOUR DOMAIN NAME HERE ” and some domain names relevant to this trademark from our organization.

According to our procedures and in order to protect your intellectual property rights, we need to send this email to the original company for confirming the actual relationship with this company. If you do not know this company, we doubt that they have other motivation to register these  domain names and probably want to do some cybersquatting. Currently, we have postponed this application of this company temporarily already. In order to deal with this issue better, please contact us by telephone or email as soon as possible.

PS: If you are not in charge of this matter, please transfer this email to appropriate dept.

Best regards,
Colin lau

HongKong Net Center
Tel: +852-30723948
Fax: +852-30723949
Email:Colin.lau@hkito.net

Your Team at JB Systems, LLC