Tag Archives: marketing viruses

  • -
WordPress Security

WordPress Security more important than ever!

Tags : 

Greetings from Allan at MindVisionmedia.net and I hope this post finds you all well!
WordPress SecurityRecent revelations have disclosed that with WordPress reaching record numbers in popularity, the threat of hackers and those who have nothing better to do than infringe and impose on the hard work of others has increased.

Over 75 million websites now use WordPress, that’s pretty impressive for an open-source development project that started out as a tool for Blogger’s!

In a recent article by Imperva, WordPress sites are attacked almost 25% more than any other CMS. Why is that you may be asking, part of the reason is because it is a free tool accessible to not just fortune 500 companies and high-level entertainers, but also to the everyday Joe and Jane who know nothing about websites and may not be Internet savvy enough to know the dangers of starting a website or Blog.

Of course its safe for the most part, but there are hidden dangers lurking just behind all those cute little pictures, graphics and stories on your website or Blog.

Anybody can copy and paste some images or install a plugin to put up a website. But far too many users don’t research or know what the risks are once you open up your life and the life of your visitors and users to the world. Self-proclaimed webmasters often think they have it all down pat, that they don’t need to know anything other than copy and paste, that they don’t need advice or skills beyond that but many have learned the hard way and continue to do so.

According to research, alerts and articles from companies like Imperva and Wordfence, attacks are on the rise partly because of the relaxed, comfort mentality many feel once they set up a website. I am here to tell you there’s more to a WordPress website than having a pretty site with bells and whistles. Not only do you need to know about other skills like HTML, CSS and PHP as well as server-side functions and settings, but having a broad knowledge of security is a must in today’s Internet driven society. Otherwise it’s not a matter of if, but when you will be compromised.

WP experiences 60% more XSS incidents which is a type of security vulnerability which allows attacker’s to inject external client-side code on a website. 48% of all attacks are against retail-type applications, Blogs with many users and login functionality suffer almost 60% of these attacks and more than 60% suffer an SQL attack. Comment spam remains a major thorn in many a side too these days and it can be a nightmare to get rid of if it infects your database and user tables.

What can you do? For one, I used to create passwords that I could remember, but now with so many accounts for this and that, it has become almost impossible for me to remember all of them. Now with experience in matters of site security and helping others with the same, I create passwords that are impossible for me to remember let alone a hacker to figure out, called “strong passwords“.

This helps a great deal but it doesn’t stop there. Changing that strong password periodically helps as well as having good reputable security plugins and themes installed. Old themes and plugins leave cracks in your security so always update right away if the update won’t break your site or have major conflicts with the normal function of your site that is. If so, search for an alternative but know that occasionally it may be best to eliminate that conflicting plugin altogether.

Always research the update to know before hand if a conflict is expected, check the log files and change log of that plugin or theme to see exactly what they changed. In some cases as with the popular Responsive Theme in recent updates, an update can break your site and cause all types of problems. Also, install an SSL certificate if you do a lot of e-commerce or user registration, this will help protect valuable personal information from you and your customers and registered users.

Your web host should be reliable and accessible 24/7 to address issues with security and also provide updates and notices about current threats. They should provide you with information about their efforts to fight such threats openly and in a timely manner. After all, one site can infect an entire server so it is in their best interest to educate and work with their clients to ensure everyone is protected.

And don’t forget, keeping your personal computer safe is part of maintaining a website too, an often overlooked aspect of site security. if your computer is infected and you are uploading files to and from your site, guess what, you’re spreading the infection! Other than that, always keep a recent backup of your site and database in case of the worst scenario.

By
Allan Whitney
Owner/Administrator
MindVisionMedia.net


  • -

Internet Marketing Scams

Tags : 

no-textenhance

Protecting your website and your customers is paramount. You should know that Internet security is a major factor if you plan to establish an online presence. The threats from adware, malware, viruses, intrusive marketing infections, tracking cookies and spam are more prevalent than ever. The people who code malicious viruses, shady marketers and thieves are always willing to compromise your computer, site and unsuspecting customers just to make a buck! Your hosting company should provide you with adequate base-level security and backup options as well as the ability to upgrade your security if needed.

In the end, being aware is the best defense!

A Different Type of Internet Threat! Are Marketing monsters like Text-Enhance and others Ethical?
Sometimes it’s not a virus threat at all! Right now there is a threat that is affecting thousands if not millions of websites, web developers and end-users on the Internet. It is called “Text-Enhance” (Similar to “Coupon Connection” and other intrusive ad-ware infections that put intrusive ads on your web pages. These ads are attached to random text in your page creating hyperlinks to products and services. You may think this is normal but it is not. Unlike the professional services Google offers for developers to implement such as “AdSense” and “AdSense Custom Google Search” where a developer is well aware what he or she is doing and can opt-out or close their account, these marketing scams are like Ramora’s attaching  themselves to a users computer and browser most often unknowingly to present ad’s and hopefully suck money from the infected user.

It is far more annoying than getting tons of junk mail, flyers on your porch and spam in your mailbox. If you are experiencing this phenomenon it can be very difficult to get rid of! These cookies, bots and spiders change names and come with aliases and are able to evade detection and removal through normal uninstall or Opt-Out functions. Chances are that you might have unknowingly installed it along with another program that you did want like Adobe’s Flash Player (one of the vehicles through-which this ActiveX style infection invades your system.)

This so-called opt-in program (infection) has what appears to be a fake website and a fake “Help Desk” site that sends out automated emails telling the person who is infected to enable third party cookies in order to opt-out?? This is very dangerous to your system and could make things worse by allowing other third party intrusions to further invade your system. What intelligent, professional Internet company would give that kind of advice in a world where personal information and protecting identity are at the forefront of World Wide Web Integrity? That alone should raise suspicion! Text-Enhance is being implemented on sites like Adobe’s plugin download site and the CNET Download site where millions of unsuspecting people go to download free, common software and plugins.

At CNET, the opt-in information is present for some of these types of malware/adware but you have to really pay attention in their “new” download interface which has 3-4 pages or more of offers before you get to your download installer so just be aware. With Adobe it is quite different. Millions of unsuspecting people TRUST and download the Flash plugin because Flash is predominant on the web when it comes to playing movies, games and animation files on the web. Most computers (PC) have the Flash ActiveX plugin pre-installed already. The problem is that Flash ActiveX is vulnerable to certain exploits, please see the list of links below to read up on Flash vulnerabilities.

It runs through cookies and ActiveX add-ons that hijack your browser(s), track your movements and habits on the Internet, sells or passes on your personal information and places “geo-aware-hyperlinks” on your pages text for you to click and buy products. I made up that grammatically incorrect term because the ad’s appear to know your geographical location and offer ad’s that are in your area as well as on the Internet, serious technology when you think about it.

For developers, it is a nightmare! There are thousands on the Internet discussing this issue and trying to resolve it. The term Opt-In implies you have been given a clear understanding of what you are opting in for without deceptive, hidden, cleverly designed or confusing information.

Embarrassing as it may be, I have had my personal computers infected by this infection and have made a video explaining how it works. I show how the infection piggy-backs on to the Adobe Flash player active-x and can be difficult to stop or get rid of if you don’t know what to look for. It is quite ingenious how they have bypassed virus protection and detection to market products. Which leads me to believe that these companies where the infection is downloaded from are either unknowingly or knowingly in on it as well as the companies sponsored in the ads. Why? The main reason is that pay-per-click-revenue is a big business. Companies battle over Internet traffic which in turn generates more and more potential for profit for them and the advertisers. Sadly isn’t it always about money over ethics?

As an emerging developer, AdSense user and Google member, I am so glad that Google does not use these tactics and better, sets a benchmark for other companies to follow!

Now I ran (3) test downloading and installing the plugin directly from the Adobe site, each time my system was infected with one or more of these intrusive infections (Text-Enhance or Coupon Connection) so I have completely uninstalled the latest Flash plugin from all of my computers and now use Firefox as my default browser with the Greasemonkey plugin for Firefox and running the “ViewTube Script” inside Greasemonkey. I have no problems viewing YouTube videos now without the Flash Plugin and can download the videos in different formats including MP4 and WebM.

As a backup to view more Flash content, I installed an archived version of Flash (version 10.3-67.3mb 3-5-2012) and have had no issues with text-enhance showing up on my pages. This tells me that the problem started in a version more recent but as of yet I have not taken the time to experiment with each version to determine which plugin (month/year) became vulnerable.

I also installed DivX to cover other different and emerging video formats and to become familiar with the DivX technology since it has the Flash plugin in it’s sights with the intent of taking it out of the equation. Flash is proprietary and a user MUST have the Flash plugin to view current content. This is not in the best interest of creating an open source format that everyone can view, which is the direction the web is going back to. I also disabled all third party cookies and increased my awareness so I examine everything I download very, very carefully and choose the cookies I want on my computer and from which site. Remember your virus software won’t detect marketing scams because they are not viruses. Sometimes you can actually find the weird program in your program list under Add/Remove Programs but you still need to uninstall the nefarious plugin for your browser too (all browsers you have installed.) From what I a have been reading though, it always seems to find a way back in to your system?

We can attack them back or at least their wallets by making a list of the companies who advertise with Text-Enhance and spread the word for people NOT to shop with them. Also contact these companies and tell them you are displeased with their choices in marketing their products through Text-Enhance and other intrusive marketing companies and that you won’t shop with them until they change their methods!

View the simulation video below where I demonstrate how Adobe’s latest Flash Player Plugin allows the infection to function and when disabled the infection goes away.

[embedplusvideo height=”440″ width=”550″ standard=”http://www.youtube.com/v/0M-0J54QF90?fs=1″ vars=”ytid=0M-0J54QF90&width=550&height=440&start=&stop=&rs=w&hd=0&autoplay=0&react=1&chapters=&notes=” id=”ep5128″ /]

Written by Allan Whitney
Owner/Administrator
MindVisionMedia.net
blogger-logo-small


October 2017
M T W T F S S
« Jan    
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

2015 | Need a Website? Need WordPress Theme Modification? Get Started Now!