Get hacked? Keep in mind some simple rules for your website

What does it mean to get hacked?
Protect your website

Use a secure password. This means something better than just taking  your pet’s name. We have information in Keeping Your Hosting/FTP Password Secure.
Have your site scanned regularly. A lot of companies offer tools that will go through your site looking for malicious/suspicious-looking code or activity.
Update your website’s software. If you use something like WordPress®, keeping your software up-to-date is the difference between your site running smoothly and having a site infested with malware
By being aware of the threat of hackers and taking a few precautions, you can stop your site from harming visitors and other sites around the Internet.

If you cannot access the email address associated with your account…

  1. You have lost access to the email address on your account.
  2. You are unable to validate the account with Customer Support.
  3. You are listed as the Registrant on one or more domains, but do not have access to the account that contains the domain(s).
regain access to your account or domain(s)
regain access to your account or domain(s)

Here is the solution!

If you cannot access the email address associated with your account and cannot verify the information required for our customer support department to assist you, you can submit a Request for Change of Account/Email Update Form to request an update. Along with the form, we also require:

  • Photo ID — A color copy of a government-issued photo identification, such as a driver’s license, military ID, or passport.
  • Business ID — If the domain is registered to a business, we also need valid business identification, such as:
    • Business license
    • Tax certificate
    • Doing Business As documentation
    • Fictitious Name documentation
    • IRS 501(C)3 “Determined Letter”
    • Government-issued certificate of tax exemption that proves charitable status
    • EIN/TIN verification letter (IRS Letter 147C)

Please follow this for more information 

Be Aware of Top 3 Online Threats

1. Injection.

It’s not uncommon for web applications to have injection flaws, especially SQL injection flaws. A hacker who finds one will send malicious data as part of a command or query. The attacker’s message tricks the app into changing data or executing a command it was not designed to obey.

keeping you and your customers safe from hackers and other online threats.
keeping you and your customers safe from hackers and other online threats.

Malicious users can exploit injection flaws if a site isn’t configured to validate input. Attackers might attempt to trick websites into providing unauthorized data, prevent specific site functions, or locate other vulnerabilities to exploit. SQL injection attacks are the most common, which execute SQL queries entered in a text form.

2. Cross-site Scripting.

Cross-site Scripting flaws occur whenever an application sends user-supplied data to a web browser without validating it first. Hackers use these flaws to hijack users away from the site or deface it, thereby costing the site owner in lost business.

3. Insecure Direct Object References.

Applications that lack checks to verify a user is authorized to view particular content can be manipulated to access private data.

Other threats

  • Broken Authentication Cross-site Request Forgery (CSRF).
  • Security Misconfiguration.
  • Insecure Cryptographic Storage.
  • Insecure Cryptographic Storage.
  • Insufficient Transport Layer Protection.
  • Invalidated Redirects & Forwards.

Defend your website now!

Password and basic security precautions

NOTE: No password is 100% secure. You still must take basic security precautions such as not sharing your password with others, changing it frequently and changing it immediately if you believe it may have been compromised.

A password is your first and last line of defense in computer security. Typically people choose bad passwords because they are easy to remember. However, you wouldn’t leave the door to your home unlocked because it is too much of a hassle to unlock it before you open the door, would you? A weak password is the same thing.

Using words that appear in a dictionary, in any language, make cracking your password that much easier. Adding numbers to dictionary words doesn’t increase the password’s strength at all if it is based on a dictionary word. Even with character replacements like capital letters and non-alphanumeric symbols, you’re not getting a stronger password.

A true strong password should consist of 8 or more characters and be part of a “passphrase”. A passphrase consists of a phrase that has special meaning to you, therefore making it easier to remember. For example:

Mickey Mouse for President. It would be awesome!

One simple approach to create a better password is to take the first letter of each word in your passphrase, giving you:

mmfpiwba

That looks seemingly random, and it’s a fairly hard password to crack. But why not make it harder by using the punctuation from the sentence?

mmfp.iwba!

Now that is a much harder password to crack. Why stop there, though? Let’s make it even stronger by capitalizing some letters and adding numbers.

MM4P.Iwba!

Now you have truly difficult password to crack; but is still fairly easy to remember. To make it even stronger, you can salt it with non-alphanumeric character replacements for greater difficulty. For example, replacing an “a” with a “@” leaving you with:

MM4P.Iwb@!

NOTE: Our shared hosting accounts do not allow the following symbols to be used in the password (second symbol is a space):

? ^'”:\&><~;`*)(_-=+|[]{}.,/

The following symbols are acceptable:

!@#%$

Do’s and Do Not’s of Password Security:

Do:

  • Combine letters, symbols, and numbers that are easy for you to remember and hard for someone else to guess.
  • Create pronounceable passwords (even if they are not words) that are easier to remember, reducing the temptation to write down your password.
  • Try using the initial letters of a phrase you love, especially if a number or special character is included.
  • Take two familiar things, and then wrap them around a number or special character. Alternatively, change the spelling to include a special character.

Do not:

  • Use personal information such as derivatives of your user ID, names of family members, maiden names, cars, license plates, telephone numbers, pets, birthdays, social security numbers, addresses, or hobbies.
  • Use any word in any language spelled forward or backward.
  • Tie passwords to the month. For example, don’t use “Mayday” in May.
  • Create new passwords that are substantially similar to ones you’ve previously used.

About Malware in your server

Keep your site clean and secure. Every time shoppers place an order, they’re trusting you to keep them safe from hackers who steal information or spread spyware and viruses.

Malware is short for malicious software. It’s a catch-all term that describes harmful applications or other malicious code such as adware, spyware, trojan horses, worms or viruses.

images (3)

Malware comes in many forms, from an unwanted ad reappearing on your site to an executable file that infects visitors who click on it. Telltale signs that your site is infected can include unexplained ads, links or pop-ups, but some malware can have no noticeable effects at all.

Your best defenses against malware are staying current with third-party application patches and using strong server passwords. When checking for the presence of malware, be sure to check the code residing on your server and not your backup files. Always use a virtual machine for verification to avoid infecting your own computer.

We cannot assist you with removing malware from your server. Consider taking your site down immediately to prevent infecting visitors, and take action quickly to identify/remove it.

Defend your website

SiteLock protects your web investment, keeping you and your customers safe from hackers and other online threats.

If your website is hacked, it means a few things:

“Hacked” is a term you hear thrown around a lot — especially regarding websites — without much definition.

If your website is hacked, it means a few things:

  • Someone gained access to your account (typically via File Transfer Protocol, a.k.a. FTP). By gaining FTP access, hackers can insert their own code on your site.
  • After gaining access to your site, they put malicious code in it. What the code does depends on the hacker’s objectives.

Because hacking can be extra insidious, sometimes your site can get hacked without you ever realizing it. Other times, hackers will be incredibly ham-fisted and either bring down your site or replace it with an obscene message.

Among the other unpleasant things hackers do to sites:

  • Install viruses on visitor’s computers
  • Redirect visitors to other sites
  • Use your website to attack other websites, bringing them down

Now, unfortunately, there’s no LoJack® for a hijacked website, but there are a few things you can do to make sure you don’t fall victim to a hacker:

  • Use a secure password. This means something better than just tacking a numeral 1 to the end of your first dog’s name. We have information in Keeping Your Hosting/FTP Password Secure.
  • Have your site scanned regularly. A lot of companies offer tools that will go through your site looking for malicious/suspicious-looking code or activity.
  • Update your website’s software. If you use something like WordPress®, keeping your software up-to-date is the difference between your site running smoothly and having a site infested with malware

By being aware of the threat of hackers and taking a few precautions, you can stop your site from harming visitors and other sites around the Internet.

Stop clicking links in your email

Phishing schemes are attempts to steal sensitive personal information such as passwords, credit card numbers, social security numbers, etc., through the distribution of fraudulent email messages.

And they can happen to anyone, and any company. Whether it’s a specific attack on our company, or it’s an attack on your personal email account, there are a few things you should know about every phishing attack.

  1. Stop clicking links in your email. That unfamiliar company that sent you a confirmation email receipt for the software you purchased, even though you don’t remember the purchase, is really attempting a phishing scheme.
  2. Hone your inner spelling bee champ. Learn to be suspicious of any grammatical mistakes in an email. Large companies pay someone to proofread everything that’s sent.
  3. Double-check the URL. If you’re still going to click on links in your email, hover over the link with your mouse to see the full address. Hackers are notorious for creating websites like www.cool.example.com, or having a link say www.coolexample.com when it actually goes to www.cool.example.com. Safest bet: Use a search engine to locate that company and manually enter the URL you find.
  4. Change is inevitable. It’s always a good idea, especially if you just fell for a phishing attack, to change your passwords. For more information, see Generating a Strong Password.
  5. Send out an S.O.S. Use a search engine to find out how to inform your personal email provider, or the legitimate company that’s being spoofed by the phishing attack. If you need to email us, be sure to send it to phishing@secureserver.net. Make sure to forward it as an attachment.
  6. Don’t unzip. Never ever unzip an attachment. Legitimate companies don’t attach .zip files, or really any attachment.

Be diligent. Always remember to follow these steps to minimize phishing attacks both internally and externally.

HTTP vs. HTTPS – Help search engines see your site as secure

HTTP, or hypertext transfer protocol, is the way a Web server communicates with browsers like Internet Explorer® and Mozilla Firefox®. HTTP lets visitors view a site and send information back to the Web server.

HTTPS, hypertext transfer protocol secure, is HTTP through a secured connection. Communications through an HTTPS server are encrypted by a secure certificate known as an SSL. The encryption prevents third-parties from eavesdropping on communications to and from the server.

An SSL certificate keeps you and your customers safe by protecting the information that’s flowing to and from your website. It encrypts names, addresses, passwords, account and credit card numbers and more so hackers and other online criminals can’t read them.

HTTPS and Search Engine Ranking

Search engines use HTTPS as a ranking signal. For now it’s only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while they give webmasters time to switch to HTTPS. But over time, They may decide to strengthen it, because they’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.

Google-HTTPS-SSL

An SSL certificate keeps you and your customers safe by protecting the information that’s flowing to and from your website. It encrypts names, addresses, passwords, account and credit card numbers and more so hackers and other online criminals can’t read them.

An SSL certificate serves as an electronic “passport.” It establishes the website’s authenticity and credibility and enables the browser and Web server to build a secure, encrypted connection.

Credibility is established by checking the digital certificate, which includes:

  • The Certificate holder’s name (individual or company)
  • The Certificate’s serial number and expiration date
  • A copy of the Certificate holder’s “public” cryptographic key
  • The digital signature of the Certificate-issuing authority
  • Extended SSL Certificates give the site visitor an additional visual cue, displaying the Certificate holder’s name against a distinctive green background in the visitor’s

Once a visitor is on an SSL-protected page, the following visual indicators appear to show them that your site is secure and to give them the confidence to proceed:

  • A “padlock” icon in the browser’s status bar
  • The https:// prefix in the URL
  • The URL address bar turns to green (Extended Validation Certificates only).
  • The Trusted “Verified and Secure” site seal

Our SSL certificates provide the same type of ironclad, corporate-class security as our competitors, but for up to 90% less than you’ll pay elsewhere!

see more information about HTTPs and Ranking here

 

SiteLock protects your web investment

SiteLock protects your web investment, keeping you and your customers safe from hackers and other online threats.

sitelock

Without SiteLock

The hacker plants malware on Geoff’s site.

Geoff’s customers begin to see offensive messages and leave in disgust, swearing never to return.

Some visitors are taken to a fake site, where they submit their bank information without suspecting a thing.

By the time Geoff notices something’s wrong, customers are rioting on Twitter. It’ll take months to undo the damage.

With SiteLock

The hacker plants malware on Kathleen’s site.

SiteLock’s daily scan discovers the malware, notifying Kathleen of where it took place. With her SiteLock Premium plan, the malware is removed automatically so Kathleen can stay focused on her business.

Kathleen’s customers continue to browse her site, safely and without interruption, as SiteLock keeps scanning in the background.

Kathleen gets back to business without any downtime. Her customers stay safe and her reputation stays golden.

See more information about SiteLock protect your website here

or get a cheap domain regustration service to create your website today