menu

Blog

  • Categories

  • Subscribe:

    Get our blog’s monthly recaps!

  1. Protect Your WordPress Website: Don’t Get Hit by GoTrim

    As long as there have been websites, there have been hackers and malware whose sole purpose is to gain access to a website and wreak havoc. As such, it is crucial that as a business owner, you do your part to protect your company website from those entities with malicious intent.  However, even in taking steps to protect your website, there is still malware that can cause a significant amount of trouble. For instance, the recent GoTrim botnet malware has been causing problems since this Fall.

    GoTrim, is attacking self-hosted WordPress websites and then uses brute force practices to obtain the administrator’s password to take over the website. The bot is designed to work in 2 modes – “client” and “server”.  It works by using a bot network to scan a site and attempt to brute-force the admin accounts by using stored credentials. If it gains access, GoTrim then spreads to the command and control server (C2). The bot then uses PHP scripts from a hardcoded URL to delete the script and the brute-forcing component from the infiltrated system. When successful, the bot reports credentials to the C2 server. GoTrim is designed to steal credit card information, making it a threat to you and your clientele.

    It should be noted that the GoTrim requests for access are sent to C2 every few minutes. If, after 100 tries and not getting a response, the bot will then automatically self-terminate. This is because the goal of the bot is to evade detection- which is why the primary targets are self-hosted websites as many WordPress users do not employ proper security practices. However, if the bot is successful in getting through then the following information can be accessed by GoTrim:

    • Target URL
    • Username
    • Password
    • Command ID (1 for WordPress, 3 for OpenCart, as well as several others)
    • Brute force status (“0Good”)

    In studying how the GoTrim bot affects sites, it has been found that while WordPress CMS sites are the most affected since they make up 40% of the market share, other targets include self-hosted Joomla!, OpenCart, and DataLife Engine. In addition, GoTrim is also capable of bypassing some anti-bot techniques used by host providers. It is designed to copy legitimate requests from Mozilla and even supporting content encoding algorithms like gzip and Brotli, while also detecting what CAPTCHA plugins are being used. Of special import is that so far, GoTrim cannot override Google, WP Limit Login Attempts and Shield Security’s CAPTCHAs.

    What to Do About Malware

    So, now that you are aware of GoTrim, and perhaps others, you may be wondering what you can do to protect your website. Fortunately, there are several proactive measures you can implement.

    • Set up a two-factor authorization (also known as a 2FA) – This is the most common step to take and the one recommended by Page Progressive and many other website pros. Two-factor authorization is required on bank, government sites, military sites, and many others where the proper level of security is common. However, due to so many hackers, identity thieves, etc. out there lurking around for sit e access 2FA has become common for many other types of sites. A tool we recommend is Wordfence.
    • Be sure your site is set up as an HTTPS – If you have not updated your site to be an HTTPS, then you are more susceptible to being attacked by malware. If your site is HTTPS compliant then not only will the URL begin with HTTPS but there will be a green lock symbol with the word “secured” in the URL. This lets your customers know that you have taken proactive measure to protect their financial information. Making this change will also help your Google search ranking- so it’s a win for everyone!
    • Use a CDN (Content Delivery System) – A Content Delivery System uses a separate system to keep malware and viruses away from the backend of your website.
    • Have firewalls in place – A firewall restricts traffic to and from your website, and only allows trusted guests to enter. A firewall also protects against dangerous SQL (structured query language) statements and cross-site scripts that could shut down your site.
    • Always Backup Your Information – Don’t loose vital information because of a hardware failure (or worse, a cyber-attack) and not have anything backed up. While no one wants to think about the aftermath of being hacked or hit with a malware attack such as GoTrim, you can’t ignore the risk! Be sure to run scheduled backups- ideally daily. Talk to your web host provider to set this proactive measure in place.
    • Implement services such as SiteLock, Cloudflareand Sucuri – These services use good bots to automatically block the bad ones. They are designed to eliminate backdoor breakthroughs, keep your plugins and website’s core components updated and mitigate malicious use of CAPTCHA.

    Keep in mind that bots can be quite powerful, and they will cause a significant damage. As such, they should not be ignored. After all, when it comes to protecting your website, it is up to you to do your part. Take advantage of the various proactive measures available to protect your website, as well as the information- yours and your guests-that is stored there.

    If you are unsure if you have taken the necessary measure to protect your website, now is the time to make updates. The Page Progressive team is well-versed in implementing security measures and tactics to protect your website from GoTrim and other bots. Give us a call today to schedule a consultation and learn how we can help you protect your website.

  2. New Year’s Resolutions to Consider for Your Business in 2023

    If you are finding it difficult to believe that a new year is rapidly approaching, then you are not alone. For many people, the year has flown by, while for others it might have felt like an eternity But, regardless of your opinion on 2022, it is now time to start thinking about 2023 and what you would like to accomplish. From long-range goals to short-term action items, having plans for the year ahead is important. And, as a business owner, having goals and plans is a must. But what should those goals be?

    While the goals will vary, some action items can benefit nearly any business. While not all companies are the same (though they share a common goal of turning a profit!) there are some basic goals and resolutions that will make a difference whether you are a small start-up or a large corporation.

  3. 8 of the Best Platforms for Office and Task Management

    Prior to 2020, having an office management system in place was a great tool that helped everyone stay up-to-date and on task for work projects. However, during and since the pandemic, where so many people worked – or perhaps still work- from home, it has become vital to have a tool that has group texting, tracks progress, and does traditional conference calls, but having a tool that keeps all the players connected both individually and collectively is a must.

    A wide range of office planning tools is available, each with its perks and quirks. They are all designed to help your business run more efficiently and effectively. But how can you determine which tool is best for your needs?

  4. Choosing the Right Email Service Provider

    No matter the size of your business or organization, having an email service provider (ESP) is a must. You can choose a paid service or a free one, but email is still the standard method of communicating in most business environments – whether to an individual or a large group. However, there are many different email service providers to choose from so deciding which one to work with can be daunting. Knowing what type of email service provider you should use, based on your entity’s specific needs will help make the decision easier.

  5. The Difference Between Website Maintenance and Web Hosting

    Despite what many people think, website maintenance and website hosting are not the same. Sure, the terms often get used interchangeably, but they are not synonyms. Each of them is necessary, however, to having a successful website and ensuring that you get the most leads you can from visitors.

    If you have never had a website, or are trying to decide what you need, then understanding the difference between each of these services is important. After all, you want to be certain that in getting your company on the Web, you do it right the first time.

  6. Does Your Website Need a Facelift? 8 Signs Your Website is Outdated

    While the calendar year begins in January, for the business world, it is often July that indicates a new fiscal year. With that in mind, now is the time to think about how you want to do things over the next 12 months. There may be expected changes to the budget, advertising, marketing, and other facets of business but one area that companies overlook – their website.

    Your company website is one of the most important investments you can make to boost your business’s bottom line. After all, numerous studies show that consumers check out a company online before they ever call or visit the location. So, if your website needs a redesign to remain effective, then chances are that potential customers will find another place to work with.

    Sadly, many businesses overlook the value of updating their website. It is like the picture that is always hanging crooked. Sure, you know it should be corrected, but you are so used to seeing it off-kilter that you don’t put any effort into fixing it. A crooked picture is easy to spot. But, it can be difficult to identify when a website needs to be corrected.

  7. Top 7 Reasons Your Prospects Can’t Find Your Website

    Your website is your online calling card. Sure, people still use business cards, but if a company doesn’t have a website, it is missing out on a valuable resource to produce interest and revenue. However, just having a website is not enough. Numerous companies around the globe have websites that are merely holding a spot on the Web. This may be unintentional in that the company truly thinks they are doing all the right things. Or perhaps, it is intentional because the company has a site that is a slow work in progress.

    If you feel like your website falls into the first category, it is wise to step back and determine why your website is not getting the traffic you expected or would like to see. Quite often, you need to make changes so that people are not just finding your website but are engaging and purchasing from it as well.

    However, before addressing why your site may not be getting the attention you wanted, consider this:

    Your website may be website is attracting the wrong audience. These people are not likely to make any type of purchase due to finding your site by using search terms that are not the most effective for your business and thus attract the wrong demographic or interest group. This “confusion of search terms,” whether due to your choice or theirs, can be corrected-at least on your side- by improving your site’s web content and structure.

    Once this issue is addressed, it is time to improve your website and make it more inviting.

  8. Why Mobile First is Important for Your Business Success Online

    A little over a decade ago, a business could get by with a web presence that was little more than a basic site that told who the company was, what they offered, a shopping cart for purchases, and a contact page. Times have changed. No longer is a simple website truly sufficient in most cases. Today’s websites must not only be user friendly, have security features, convey your company brand in a clear and aesthetically pleasing way but also needs to be optimized for mobile first. While the term “mobile responsive” may be a familiar one, mobile first is a similar but different approach to website design.

« Previous EntriesNext Entries »