Open Sesame! As a child, perhaps you had a fort, tree house, or maybe just your bedroom where you required others to use a password to enter. It was a fun way to control who entered your space. However, in today’s society, passwords are such a common thing that they have, perhaps, become a necessary nuisance. And, for many people, the statement(s) they dislike seeing/hearing are “What is your password” or “create a password”.
After all, creating a password means coming up with a series of letters, numbers and characters that are unique to you and a particular account. But beyond the creation of the password, becomes the need to remember said passwords. Considering the experts now say a password should be a minimum of 16 digits, keeping up with several passwords can seem like a job in itself- never mind the tasks associated with many logins! Thankfully, there is a way to make keeping up with passwords easier.
However, despite the ease of use a password manager offers, surprisingly few people actually use one. In fact, a Consumer Reports survey found that only 39% of people use a password manager! Despite the low percentage of people using them, this in no way means they are not needed.
As long as there have been websites, there have been hackers and malware whose sole purpose is to gain access to a website and wreak havoc. As such, it is crucial that as a business owner, you do your part to protect your company website from those entities with malicious intent. However, even in taking steps to protect your website, there is still malware that can cause a significant amount of trouble. For instance, the recent GoTrim botnet malware has been causing problems since this Fall.
GoTrim, is attacking self-hosted WordPress websites and then uses brute force practices to obtain the administrator’s password to take over the website. The bot is designed to work in 2 modes – “client” and “server”. It works by using a bot network to scan a site and attempt to brute-force the admin accounts by using stored credentials. If it gains access, GoTrim then spreads to the command and control server (C2). The bot then uses PHP scripts from a hardcoded URL to delete the script and the brute-forcing component from the infiltrated system. When successful, the bot reports credentials to the C2 server. GoTrim is designed to steal credit card information, making it a threat to you and your clientele.
It should be noted that the GoTrim requests for access are sent to C2 every few minutes. If, after 100 tries and not getting a response, the bot will then automatically self-terminate. This is because the goal of the bot is to evade detection- which is why the primary targets are self-hosted websites as many WordPress users do not employ proper security practices. However, if the bot is successful in getting through then the following information can be accessed by GoTrim:
Target URL
Username
Password
Command ID (1 for WordPress, 3 for OpenCart, as well as several others)
Brute force status (“0Good”)
In studying how the GoTrim bot affects sites, it has been found that while WordPress CMS sites are the most affected since they make up 40% of the market share, other targets include self-hosted Joomla!, OpenCart, and DataLife Engine. In addition, GoTrim is also capable of bypassing some anti-bot techniques used by host providers. It is designed to copy legitimate requests from Mozilla and even supporting content encoding algorithms like gzip and Brotli, while also detecting what CAPTCHA plugins are being used. Of special import is that so far, GoTrim cannot override Google, WP Limit Login Attempts and Shield Security’s CAPTCHAs.
What to Do About Malware
So, now that you are aware of GoTrim, and perhaps others, you may be wondering what you can do to protect your website. Fortunately, there are several proactive measures you can implement.
Set up a two-factor authorization (also known as a 2FA) – This is the most common step to take and the one recommended by Page Progressive and many other website pros. Two-factor authorization is required on bank, government sites, military sites, and many others where the proper level of security is common. However, due to so many hackers, identity thieves, etc. out there lurking around for sit e access 2FA has become common for many other types of sites. A tool we recommend is Wordfence.
Be sure your site is set up as an HTTPS – If you have not updated your site to be an HTTPS, then you are more susceptible to being attacked by malware. If your site is HTTPS compliant then not only will the URL begin with HTTPS but there will be a green lock symbol with the word “secured” in the URL. This lets your customers know that you have taken proactive measure to protect their financial information. Making this change will also help your Google search ranking- so it’s a win for everyone!
Use a CDN (Content Delivery System) – A Content Delivery System uses a separate system to keep malware and viruses away from the backend of your website.
Have firewalls in place – A firewall restricts traffic to and from your website, and only allows trusted guests to enter. A firewall also protects against dangerous SQL (structured query language) statements and cross-site scripts that could shut down your site.
Always Backup Your Information – Don’t loose vital information because of a hardware failure (or worse, a cyber-attack) and not have anything backed up. While no one wants to think about the aftermath of being hacked or hit with a malware attack such as GoTrim, you can’t ignore the risk! Be sure to run scheduled backups- ideally daily. Talk to your web host provider to set this proactive measure in place.
Implement services such as SiteLock, Cloudflareand Sucuri – These services use good bots to automatically block the bad ones. They are designed to eliminate backdoor breakthroughs, keep your plugins and website’s core components updated and mitigate malicious use of CAPTCHA.
Keep in mind that bots can be quite powerful, and they will cause a significant damage. As such, they should not be ignored. After all, when it comes to protecting your website, it is up to you to do your part. Take advantage of the various proactive measures available to protect your website, as well as the information- yours and your guests-that is stored there.
If you are unsure if you have taken the necessary measure to protect your website, now is the time to make updates. The Page Progressive team is well-versed in implementing security measures and tactics to protect your website from GoTrim and other bots. Give us a call today to schedule a consultation and learn how we can help you protect your website.
If you are finding it difficult to believe that a new year is rapidly approaching, then you are not alone. For many people, the year has flown by, while for others it might have felt like an eternity But, regardless of your opinion on 2022, it is now time to start thinking about 2023 and what you would like to accomplish. From long-range goals to short-term action items, having plans for the year ahead is important. And, as a business owner, having goals and plans is a must. But what should those goals be?
While the goals will vary, some action items can benefit nearly any business. While not all companies are the same (though they share a common goal of turning a profit!) there are some basic goals and resolutions that will make a difference whether you are a small start-up or a large corporation.
Prior to 2020, having an office management system in place was a great tool that helped everyone stay up-to-date and on task for work projects. However, during and since the pandemic, where so many people worked – or perhaps still work- from home, it has become vital to have a tool that has group texting, tracks progress, and does traditional conference calls, but having a tool that keeps all the players connected both individually and collectively is a must.
A wide range of office planning tools is available, each with its perks and quirks. They are all designed to help your business run more efficiently and effectively. But how can you determine which tool is best for your needs?
No matter the size of your business or organization, having an email service provider (ESP) is a must. You can choose a paid service or a free one, but email is still the standard method of communicating in most business environments – whether to an individual or a large group. However, there are many different email service providers to choose from so deciding which one to work with can be daunting. Knowing what type of email service provider you should use, based on your entity’s specific needs will help make the decision easier.
Despite what many people think, website maintenance and website hosting are not the same. Sure, the terms often get used interchangeably, but they are not synonyms. Each of them is necessary, however, to having a successful website and ensuring that you get the most leads you can from visitors.
If you have never had a website, or are trying to decide what you need, then understanding the difference between each of these services is important. After all, you want to be certain that in getting your company on the Web, you do it right the first time.
With so many websites and internet users, having a website that engages site guests is a must! But what can you do to make your website and your products and services stand out from the crowd? This question can be sobering, but it is also inspiring. After all, it is possible to make changes to your website – it’s just a matter of knowing what updates and trends should be implemented. But the good thing is there’s no time like the present to give your company website a new look.
While the calendar year begins in January, for the business world, it is often July that indicates a new fiscal year. With that in mind, now is the time to think about how you want to do things over the next 12 months. There may be expected changes to the budget, advertising, marketing, and other facets of business but one area that companies overlook – their website.
Your company website is one of the most important investments you can make to boost your business’s bottom line. After all, numerous studies show that consumers check out a company online before they ever call or visit the location. So, if your website needs a redesign to remain effective, then chances are that potential customers will find another place to work with.
Sadly, many businesses overlook the value of updating their website. It is like the picture that is always hanging crooked. Sure, you know it should be corrected, but you are so used to seeing it off-kilter that you don’t put any effort into fixing it. A crooked picture is easy to spot. But, it can be difficult to identify when a website needs to be corrected.