Website Hacking, What Parents Need to Know

Young Boy Hacker
– Children Learning to be a Criminal on the Internet – 
Website hacking is in the news, daily. Internet ethics is one of the most valuable lessons a young person can learn to stay out of serious trouble with the law or a future employer. Before you allow your children to use a computer by themselves, you must teach them about the world into which you are about to unleash them.

If you don’t want your child to end up in prison, or to be fired by a future employer over computer misuse, teaching them Internet ethics is a must!

In reality, Internet ethics should be taught at home and at school. The lessons must include the harsh consequences given for misuse of the powers everyone has when they are using a computer.

“One of the ‘Anonymous’ Hackers could Face 440 Years in Jail, charged with Cyberstalking”

Website HackingThis isn’t just about social media bullying anymore. Bullying gets covered in school, the television news, movies and advertisements. Good parents understand bullying is wrong, whether it is on the playground or on the Internet. However, the Internet social skills being taught are not covering how our children are learning to get unauthorized access into websites and the consequences of such actions.

“A 12-year-old ‘Anonymous’ hacker has been sentenced to 18 months probation”

 

LEARNING WEBSITE HACKING FROM THE DARK WEB

Most parents don’t understand the Dark Web, or even know it exists. They also don’t understand what it offers or teaches their children. ‘Do It Yourself’ website hacking tools and instructions are abundantly available on the Dark Web. A young ‘Script Kiddie’ can cause as much damage to a website as an experience Hacker. The crime is the same, no matter what the perpetrator’s title or age is.

Here is how Wikipedia describes Script Kiddies:

In a Carnegie Mellon report prepared for the U.S. Department of Defense in 2005, Script Kiddies are defined as: “The more immature but unfortunately often just as dangerous exploiter of security lapses on the Internet. The typical script kiddy uses existing and frequently well known and easy-to-find techniques and programs or scripts to search for and exploit weaknesses in other computers on the Internet – often randomly and with little regard or perhaps even understanding of the potentially harmful consequences.”

“A 17-Year-Old boy arrested behind the locking of Apple Devices and demand Ransom”

Without a set of moral principles to guide their Internet usage, young children can grow up thinking it is OK to develop website hacking skills. After all, ‘it isn’t hurting anyone to break into a computer system and just look around’. That is the thinking of someone without Internet ethics and an understanding of the consequences of their actions.

Today it is the ‘Dark Web’, soon it will be something else. But with well-taught ethics in place, it won’t matter what the ‘next new thing’ is. As children mature they need to understand attempting to get into systems for which they are not authorized is wrong and criminal. The consequences are sometimes more severe than breaking into a neighbor’s home to ‘look around’.

18-Year-Old arrested for Hacking school systems to change his and four other students’ grades”

 

BUSINESS WEBSITES

Our company hosts many websites for small businesses – most are just starting out in business. The owner’s website is what pays the bills and puts food on their families table.

Young Hackers Attacking Business WebsitesImagine what happens if some youngster finds a way to bring down their website utilizing a tool they downloaded for free on the Dark Web. The motive? Just to see if they can do it. The consequences? Devastation to a small business and the arrest of a young adult.

All websites large or small, custom designed or template based, e-commerce or informational, are targets for Hackers.

AT&T hacker gets 41 months in prison

Most small businesses can’t afford to hire someone to build a custom website for them. Many opt for modifying a free template or theme and utilizing a website system from WordPress. These sites can have little or no cost which explains why the Internet has about 75 million WordPress websites on it.

The shear number of WordPress websites makes them a target for young thrill seekers testing out their newly learned website hacking skills. Their computer scripts crawl the Internet looking for sites with old vulnerable software.

Small businesses typically lack the budget to hire an employee to keep their website software updated and secure. Some try to do it themselves, others outsource it. Our hosting company installs an extra security plugin called Wordfence for our clients that use WordPress. We also teach website owners how to keep their software updated.

We have found the free version of Wordfence to be very beneficial in stopping the young, eager hacker from seeking vulnerabilities in websites. It also sends alerts if a new software update is needed for the website. The paid version is worth every penny when you consider what it costs to repair a website, plus the money lost while the site is down.

Young Hackers ArrestedOur security software disrupts hacking attempts on client’s websites EVERY DAY.

The attacks come from all over the world by Internet bots and by humans, but the most disheartening are those coming from towns right here in the U.S.A. Certainly all of the Hackers are not young, but we can see a large number are Script Kiddies utilizing old techniques.

There are so many hacking attempts we started to wonder why the young people were never taught ‘Internet right’ from ‘Internet wrong’. We figure the parents just don’t know what their young computer savvy children are doing. So we’ve decided to educate the parents in hopes the future lives of their children are not ruined by this early criminal activity. While some think breaking into a website and ‘just’ looking around is benign, we know it is criminal and a gateway to prison.

PARENTAL AWARENESS

Just by reading this article you have made yourself aware of one of the many temptations your child faces when using the Internet. Now you have to decide the appropriate time to discuss the temptations and consequences with your child and introduce them to Internet ethics. The ethics discussion will go a long way towards thwarting off new temptations. Use the following guideline to help in the discussion:

INTERNET ETHICS AND PARENTAL DISCUSSION GUIDELINES

  1. It is not OK to gain unauthorized access to another’s account. Do not access another user’s files.
  2. It is not OK to modify information on the Internet that you do not own.
  3. Never use a computer to cause harm to someone else. Notify an authority if you know someone is using a computer to cause harm to someone else.
  4. Respect the rights and property of others on the Internet. Don’t steal information or copyrighted material.
  5. Recognize and be sensitive to the fact that the Internet is international, not always subject to your local customs or values.
  6. Don’t pretend to be someone else, or use anonymity to behave like someone that you are not.
  7. Respect other’s views and that they have opinions. You don’t have to agree with them.
  8. Protect your personal information and use strong passwords.
  9. Respect other peoples passwords and their right to have private access to their information.
  10. Don’t use other’s (corporations or individuals) computer resources without their permission.

MORE ON THE DARK WEB

The Dark Web contains anonymous websites where items and information can be shared and downloaded anonymously. You cannot get to the Dark Web websites without special software. Serious users of the Dark Web use Linux based systems and run Tor. Anonymous browsing can be done using just the TOR browser.

The Tor Browser can be downloaded and used on Windows, Mac OS X, or Linux without the need to install other special software.

If your child is using the Tor Browser on their computer, you need to understand what they are using anonymity for.

THE HACKER LABELS

Consider what security professionals look at when investigating a website hack: means, motive, and opportunity. Young Hackers have the ‘means’ down – tools and techniques gotten from the Dark Web. The Hacker’s motives can be troubling to understand sometimes, but here is how they are generally classified:

  1. Fame Seekers (hack a site and post about it, etc.)
  2. Script Kiddies (considered derogatory to experienced Hackers, but can cause just as much damage)
  3. Hacktivist (politically or socially motivated purpose)
  4. Cyber Criminals (identity theft, money theft, data ransom, etc.,)
  5. Nation States (Government sponsored attackers)

HACKER HEADLINES

 UK: Now Hackers can face life in prison under  new Government’s Law”

It is our business to follow Hacker reports and arrests. This is an area you shouldn’t have to follow. In fact, the only time a parent may ever hear about a Hacker being arrested is when it is their child, a friend’s child, or a schoolmate. The crimes of trying to get unauthorized access into a website are taken so seriously now, we supply the ‘breadcrumbs’ of all hacking attempts to the FBI.

There is an Arrested Hackers Archive listing the latest news on progress made putting Hackers behind bars. If you look at it, you will see there are also government attempts being made to go after those participating in the distribution of hacking tools on the Dark Web.

Please follow us socially for more updates and informaton.

1st Choice Websites

Website: https://1stChoiceWebsiteSolutions.com

Facebook: https://www.facebook.com/WebsiteAgent

Twitter: @1st_CWS

IoT Medical Equipment found Vulnerable to Hacking

Internet of Things Vulnerable to Hacking

Internet of Things (IoT) devices are turning up everywhere. Many people think their lives will be easier with smart devices.

There are some really good reasons to connect certain devices to the Internet. Remote monitoring of industrial equipment and machinery is done using Internet connected devices.

But everything doesn’t have to be connected. And in the case of medical equipment, it is important to understand the consequences of a casual connection to the Internet.

Website Hackers and Cyber Attacks

According to The Hacker News report on Monday, March 27th, 2017, the Miele Professional PG 8528 appliance, which is used in medical establishments to clean and properly disinfect laboratory and surgical instruments, is suffering from a Web Server Directory Traversal vulnerability.

Jens Regel of German consultancy Schneider & Wulf has discovered the flaw that allows an unauthenticated, remote attacker to access directories other than those needed by a web server.

Jens has filed a bug report  which outlines the vulnerability in the Miele appliance when it is connected to the internet.

According to the report the basis of the problem is this: “The corresponding embedded webserver ‘PST10 WebServer’ typically listens to port 80 and is prone to a directory traversal attack, therefore an unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks.”

And here is the code used to do it –

The bug report goes on to give a proof of concept which demonstrates the vulnerability and the sequence used. Once accessed, the attacker can steal sensitive information stored on the server and even insert their own malicious code and tell the web server to execute it.

The PoC exploit is simple and anyone can run it:

GET /../../../../../../../../../../../../etc/shadow HTTP/1.1 to whatever IP the dishwasher has on the LAN.

According to The Hacker News, Jens privately disclosed the vulnerability to Miele in November 2016, but did not hear back from the vendor for more than three months. So, it is unknown at this time when a fix can be expected (or if it already exists).

You may want to disconnect this machine from the internet, until you find out if the vulnerability has been repaired.

Websites Are Under Continuous Hacker Attacks

 

Website Hacking Never Stops!

Every Website is a Target –

WordPress, Joomla, Drupal, custom built and other sites are under attack everyday by website hackers. Websites of every kind are vulnerable. Recently we were asked to repair a site after the webmaster discovered his website had been hacked and defaced. It contained pictures linked from Imgur.com and played Middle Eastern music from a Youtube posting. The wording was mostly about corrupt capitalist governments, from an alleged Jordanian hacker (the hacker’s claims, not ours).

Scary stuff to wake up to! Which is why the panic level was high. After a quick look at the site we discovered that ALL OF THE CODE FOR HIS WEBSITE HAD BEEN DELETED! Not only did the hacker deface the site, but he left nothing behind but an Index file and one other PHP file.

We looked at the Index file, which gave us the info on the hacker.  After a little research we found the hacker used a bot to continuously crawl IP addresses to find vulnerabilities. The other PHP file was encrypted, but basically it would give the hacker Admin access to the site if we were to rebuild it without removing the hacker’s files. The hacker’s site listed all of the websites he had defaced, like they were his trophies.

These hacker bots are constantly crawling IP addresses. Each time your website is crawled the bots will look for some new way to attack.

Website Hacker Malware

Website Malware Installed by Hackers!

Website Hackers don’t always deface your website. Sometimes they install Malware or a Virus. You may not even notice anything wrong with your website. Some Malware uses a 404 error redirect. This trick points your visitors to an advertisement or a virus site when they stumble upon a website page that doesn’t exist anymore (404 error). You may never know this is happening without monitoring your sites security.

Keeping Your Website Secure –

The best thing you can do to protect your site is to be prepared. The cyber attacks will only increase over time. Here are some suggestions to keep your panic level to a minimum about being hacked:

  1. Keep backups of your site. In the case sited above, a backup of the home directory and the database existed; we were able to restore the site in about 15 minutes. The number of backups you need to make will depend on how often you update your website. Some e-commerce businesses need to run backups daily. More static sites can get away with monthly backups.
  2. Keep your software, themes, plugins, etc., up to date. If you receive notification that an updated version of software that you are using is available, you need to install it. Hackers send out web crawlers (bots) looking for websites that have vulnerabilities and down-level software in them. When they find them, they exploit them. They crawl websites 100’s to 1000’s of times a day.
  3. Don’t have ‘Admin’ as a user name for logging into your site. It doesn’t matter how good you think the password is, the hackers will eventually crack it. Using Admin as a login name just cut their work in half. See item 6 below.
  4. Only use strong passwords. That means NO SENTENCES, i.e., “thisismywebsitepassword”. You must use capital letters, non-capital letters, numbers and special characters (like &, %, $, etc..). If you are allowing others to log into your website, enforce the strong password rule.
  5. If you are installing Plugins or any add-on to your core code, make sure you only get them from a trusted source and that they have a lot of installations before yours. This creates a struggle for new Plugin developers, but you need to care about protecting your site, not helping a developer’s app get popular. Check to see when the last time the Plugin was updated too. We’re skeptical of a Plugin that hasn’t been updated in the last 6 months.
  6. Use a security program that will test your code for suspicious activity, malware or software changes. This type of security typically runs from another server. It will have a lot of options to set up, so you might ask for help with this one. For example, we set the security software to immediately block an IP address for a set amount of time if  ‘Admin’ is used as the name when a login is attempted.
  7. If you are allowing visitors to comment and upload files to your site, disable the ability to upload PHP files. You want pictures uploaded, not code.
  8. NEVER KEEP CONFIDENTIAL INFORMATION ON YOUR WEBSITE! While it is OK to segregate information by using password protected pages, don’t think that the information behind those pages can’t be hacked. If the content that you have behind password protected pages would be problematic if shown publicly, don’t put it on your website. Use a different method to deliver that private information to the intended recipient.

Be Prepared for Cyber Attacks –

Backups will help you restore your site, should you ever get hacked. Taking some steps to ‘harden’ your site against hackers will slow them down. Unfortunately, the Cyber War is real and the targets appear to be all websites. If some of this is confusing or overwhelming, contact us for help: 1st Choice Websites. Being prepared is your best defense.

Logo Design

Updated: 12-21-16

Logo Design for Small Business

logo designs for small businessThere are a lot of great logo designers in Chandler, AZ. Logo design is usually one of the first efforts small business owners spend money on. Getting a logo doesn’t have to be expensive. At 1st Choice Websites we typically use a graphics designer to create logos for our customers. But you can design your own logo and save a lot of money.

We have reviewed a few logo design software programs and found that some are easy to use. You can spend an hour with some of these programs and get pretty good results.

Picking Logo Design Software

Picking software is time consuming. Many have terrible reviews, so here is one that we think has enough content to help with your small business needs, Icons-Logos-Symbols-Pictograms…. This package gives you a lot of logo ideas to help you get started. If you don’t have the skills to design from one of their ideas, you can show it to a designer and tell them what you want altered. It will save you time and money. It is available from Amazon so you can get free shipping with Prime and it is typically under $100. You can follow the link and get more information on everything it includes. Plus, Amazon will show you comparative programs that you might like.

If you are looking for something really simple and fast, try Logo Design Studio Pro. You can create, modify and save logo files quickly and easily with this software. The reviews vary, but if you don’t have a lot of time to spare, this will help you get a few ideas on paper before talking to a graphics designer. If you get what you are looking for in the first couple of days, you will save some money over having a graphics team build your logo from scratch.

Design Tips for Logos

Once you install your logo design software, spend 20 minutes playing with it. After you understand the basics, start designing. Create a few logos and set them aside for a day or two. Look at the logos again and start tweaking your favorite until you love it. You would be doing the same thing if you paid someone to make the logo for you.

After you have narrowed your logo designs down to two, show them to others and get their opinions. You will be looking for their first reactions, so show them one at a time. When you get a consensus of the one that sparks the most interest, use it. Don’t spend a lot of time second guessing yourself. You can always switch to a different logo.