Getting Started with SSL Certificates

Getting Started with SSL Certificates

An SSL certificate on your website builds a secure, encrypted connection between the browser and your Web server that lets visitors submit sensitive information, such as payment details, securely.

We offer multiple certificate types, so before you purchase an SSL certificate be sure to review your server configuration, and consider how you plan to use the SSL certificate.

After you purchase an SSL, request the certificate in your account. Depending on the certificate type, we verify requests with the domain registrant and possibly other factors before we issue the signed certificate.

When your certificate is issued, download all of the files from your account and install them on your Web server to secure your site. If your website is hosted in the same account, we automatically install the SSL and update the IP address for your website when your SSL is approved.

Identifying, Removing, and Preventing Malware

Identifying, Removing, and Preventing Malware

Malware is short for malicious software. It’s a catch-all term that describes harmful applications or other malicious code such as adware, spyware, trojan horses, worms or viruses.

Malware comes in many forms, from an unwanted ad reappearing on your site to an executable file that infects visitors who click on it. Telltale signs that your site is infected can include unexplained ads, links or pop-ups, but some malware can have no noticeable effects at all.

Your best defenses against malware are staying current with third-party application patches and using strong server passwords. When checking for the presence of malware, be sure to check the code residing on your server and not your backup files. Always use a virtual machine for verification to avoid infecting your own computer.

We cannot assist you with removing malware from your server. Consider taking your site down immediately to prevent infecting visitors, and take action quickly to identify/remove it.

IDENTIFYING MALWARE

If you think you’re having an issue with malware, change passwords that would be affected such as FTP or database passwords. Then use these guidelines to identify the problem.

NOTE: Always use a virtual machine to test for malware to prevent infecting your own computer. To get accurate results, test your currently-live code from your hosting server and not your backup files.

Check online malware clearing houses. Review sites such as Stop Badware and antiphishing.org for information about current known issues.

Check Google SafeBrowsing diagnostics. Visit http://www.google.com/safebrowsing/diagnostic?site=www.example.com and replace www.example.com with your site.

Test all downloadable software posted on your site. Software downloads can pass on malware. Even if you developed the software, it might have been altered by a hacker.

Test all links from your site. Make sure they do not go to sites containing malware.

  • Search for unknown links or links to executables such as .exe, .bat, .cmd, .scr, or .pif.
  • Use a link-checker software to scan all links in your code.

Check the ads on your site. Malware can be distributed through ads on your site. Identify these with a link-checker software and research your ad partners on the Internet to see if others have had similar problems.

Check all user-posting areas of your site. Scan all links with a link-checker.

Be alert to hacking attacks. Injection (inserting code or executables onto your Web pages) is a common method of hacking that exploits a security vulnerability to introduce harmful code, so look for code you didn’t add.

  • Look for invisible frames. They are virtually invisible because of their size, and are usually placed at the very top or bottom of the source code. Search for iframe tags with height=“0” width=“0”.
  • Look for strange code. A common way to hide malware is hiding it with encoding or encrypting:
    • Encoded code uses hex or unicode/wide characters. Look for strings of percent signs (%) followed by two characters (e.g. %ww%xx%yy) or u followed by 4 characters (e.g. u9900u1212u8879).
    • Encrypted code is harder to find because there are no set patterns. Most Web syntax is based on English words, so most of your code should be somewhat readable. Look for large sections of code that are completely unintelligible blocks of letters, numbers, and symbols.

Download your site’s files to a virtual machine and scan them. Avoid infecting your own machine by using a virtual machine, and scan using anti-virus and anti-spyware programs.

NOTE: Most hacking focuses on HTML code but malware can also be included in other file types such as executables, javascript files, PDFs or even images if the hacker gains access to your hosting server.

REMOVING MALWARE

If you discover you have malware, use these suggestions to remove it from your site.

Remove all links to malware sites from your site.

Remove infected software. Do not offer it again until you are sure that it is not infected. If you created the software, use malware prevention sites to learn guidelines for software compliance.

Remove malware-infected ads. If you use an ad network, you might need to remove all of the network’s ads until you are certain that the network is clear. You might also contact your ad provider.

Edit or remove user-generated posts where malware is present.

If you think your site has been hacked, use the following guideline to resolve issues and get back online.

  • Take the site offline to avoid putting site visitors and customers at risk.
  • Remove all offending code. This is only effective long-term in conjunction prevention.
  • Fix underlying security vulnerabilities to prevent future attacks.
  • Check for and remove “back doors” left by the hacker. A back door allows the hacker future access even after you secure the site.
  • Check for and install updates, and research the software you are using to find out if other users have been affected.

PREVENTING MALWARE

Prevention is the most important tool against malware. Follow these guidelines to save time, effort, and trouble in the future.

Use a daily site scanning utility. Vulnerability scanners can detect vulnerabilities that a hacker could potentially exploit.

  • Scan your site daily, even if you haven’t updated your site.
  • Correct vulnerabilities immediately.

Check all software before making it available for download. Scan all software before offering it and if you are a software developer, consider a Code Signing Certificate to protect your code from being altered.

Use only reputable ad providers and monitor them regularly. Make sure your ad providers are currently malware-free and that they scan regularly for malware from advertisers. Use Internet searches and review sites to check out new partners for previous or current problems.

Monitor user-generated areas of your site. Post terms of use for your forums or blogs to explicitly forbid posting links to malware. Actively monitor these areas for suspicious links or executables.

Use strong passwords.

Use FTP-SSL, if available. To check your hosting server for FTP-SSL availability and to connect using FTP-SSL.

Keep everything up to date. Install the latest available version and all available patches for third-party software on your site. This is integral to preventing malware, because if the software you use has a security vulnerability, then your site is also vulnerable.

What Does it Mean to Get Hacked?

What Does it Mean to Get Hacked?

“Hacked” is a term you hear thrown around a lot — especially regarding websites — without much definition.

If your website is hacked, it means a few things:

  • Someone gained access to your account (typically via File Transfer Protocol, a.k.a. FTP). By gaining FTP access, hackers can insert their own code on your site.
  • After gaining access to your site, they put malicious code in it. What the code does depends on the hacker’s objectives.

Because hacking can be extra insidious, sometimes your site can get hacked without you ever realizing it. Other times, hackers will be incredibly ham-fisted and either bring down your site or replace it with an obscene message.

Among the other unpleasant things hackers do to sites:

  • Install viruses on visitor’s computers
  • Redirect visitors to other sites
  • Use your website to attack other websites, bringing them down

Now, unfortunately, there’s no LoJack® for a hijacked website, but there are a few things you can do to make sure you don’t fall victim to a hacker:

  • Use a secure password. This means something better than just tacking a numeral 1 to the end of your first dog’s name.
  • Have your site scanned regularly. A lot of companies offer tools that will go through your site looking for malicious/suspicious-looking code or activity.  Here is the information for our SiteLock Malware Scanner.
  • Update your website’s software. If you use something like WordPress®, keeping your software up-to-date is the difference between your site running smoothly and having a site infested with malware

By being aware of the threat of hackers and taking a few precautions, you can stop your site from harming visitors and other sites around the Internet.

WordPress Plug-In Concerns

WordPress Plug-In Concerns

Morrissey said, “I’ve seen it happen in other people’s lives and now it’s happening in mine.” I don’t think he could have imagined that line would get appropriated to talk about WordPress® security.

When you install a plugin on your WordPress® site, you get the good with the bad — along with the increased functionality, you also inherit any of its security risks. By installing a plugin, you add more code to your site. The more code your site has, the more ways a hacker has to enter your site and do with it as they please. And when someone leverages your site to attack someone else, you’re making the Internet that much worse.

It’s easy to shrug that off as alarmist, but when you’ve seen thousands upon thousands of sites compromised because of a plugin, you feel less like Chicken Little and more like someone trying to save a lot of people a lot of grief. This is all to say your WordPress site is susceptible to compromise unless you follow some best practices:

  • Where’s the plugin from? Only install plugins from the official WordPress repository.
  • Do you need this plugin? If not, don’t install it.
  • Does this plugin seem shady? If you’re unsure, don’t install it. Or, at the very least, check out its reviews.
  • When was the last time I used it? Delete plugins if you don’t use them.
  • When was the last time you updated it? Update your plugins often.

By minimizing the number of plugins you use (or not using any) and continually updating the ones you do, the less likely you are to have your site compromised. If you’re careless, though, you run a great risk of getting hacked. It’s doesn’t only happen to “the other guy.” It can happen to you, and it won’t be pretty.

Website Protection – Make Sure Your Site is Up and Running!

Website Protection – Make Sure Your Site is Up and Running!

Your site is a potential target…always.  It is important to not only keep your site safe from hackers and malware injections, but it is critical to let today’s Internet patrons know for sure that your site is safe and protected with a website protection service.

Your site can become a target and any vulnerabilities could be exploited to steal information, vandalize your site, or infect all of your customers with malware or viruses.  This can be a very difficult, expensive, and time-consuming issue to overcome. You’ve heard the saying – it takes years to build a reputation, but only one incident to permanently destroy it. Our website protection service is a Sophisticated Site Scanner that looks for malware and security deficits on your website every single day. If any are found, it will then provide you with recommendations on how to fix them.  This helps to prevent your site from being banned by major search engines like Google, and boosts your visitor’s confidence level in your services with the trusted site seal we will provide you with.

Recently, a client who built his own website and had high rankings in the search engines called in a frantic outcry that his site was showing up as flagged and dangerous by Google.  With corrupt files and malware interjected throughout his scripts, it became a painful and time-consuming process to try and undo what a hacker had done.  Having a website protection service like our Site Scanner would have notified him immediately of the issues BEFORE he got flagged and had his online reputation trashed.

In addition, this website protection service includes our security hotline so you can speak with an expert on site security.  You have access to the results of your site monitoring through your online dashboard – keep your site safe, please don’t discount how important website protection services are.

Take a look at more information about our website protection scanner by Clicking Here.  We think you will find this website protection service to be an invaluable tool for your website management.

Take care,
M. Webby

Online Shopping Cart Builder – Do-It-Yourself (DIY)

Online Shopping Cart Builder – Do-It-Yourself (DIY)

Selling your products and services online doesn’t have tOnline Shopping Cart Buildero be difficult.  Using an Online Shopping Cart Builder can help you get a website up and running quickly and easily…and it is an affordable solution when considering the technical requirements and maintenance necessary for more custom options.  With this service, you can simply “point and click” your way to a professionally developed shopping cart focused website.

This article is intended for sites that intend to sell goods or services online…if you just need a website builder to create an informational website, look into our Online Website Builder (there is less you need to know, and it is more affordable).  Also, for those of you who are prepared to take on a bigger learning curve to get an incredible website with more flexibility and options, take a look here.

Now, let’s talk about how to get your shopping cart website online using our Online Shopping Cart Builder service! 

  1. We have to begin by getting your Domain Name Registered – even if you are not ready to proceed with the website.  Domain names are not very expensive and it would be a shame if someone else were to register the domain before you could – it happens!
  2. If you intend to accept credit cards by way of a Merchant Account (learn more about accepting credit cards here!), then you will need to secure your site with an SSL Certificate.  You can learn more about SSL Certificates, or buy one now.  Keep in mind that if you plan on accepting credit cards only through a third party service like PayPal, you do not need to have an SSL certificate – this is because the transaction is processed securely on their servers.
  3. Now we can talk about the actual Shopping Cart Program.  You can get started there now, or continue to learn more about our Online Shopping Cart Builder below.