Your website and emails in the age of hackers

All websites are potentially at risk, however this information refers mostly to Joomla Version 1.5 websites.

The Risks

  • Your emails will be flagged as spam and not delivered.

  • Your website will be hacked, defaced and suspended until it is fixed.

  • Your website visitors will see a Warning instead of your website.

The Cause

  • Malicious Software (Malware) injected in to your website.

The Solutions

Details.

Over the last 2 weeks we have encountered around 30 of our client's sites being hacked or infected with malware.
Normally we'd expect no more than a handful of hacked sites per year.
Most of these were version 1.5 of Joomla with insecure plug-ins. Notably the JCE Editor.

So it is now likely that if you have an insecure Joomla 1.5 site you will be hacked soon.

The hacks fall in to two categories;

1. Defacement Attacks.

Often with an image and slogan connected with the political situation in the Middle-East.

2. Spamming Attacks.

Sometimes with fake bank (phishing) webpages being set up on your account.


We will probably know that you have been hacked before you do and your site will be immediately suspended  for everyone's protection.

You may notice a large volume of bounced-back undelivered emails (called backscatter). If you do, let us know asap as that often means your site has been hacked and is/was spamming.

What should you do now ?

  • Don't ignore the threat.

  • Log in to your Joomla administrator area and check that it is version 1.5.26, (or 2.5+ or 3+) these versions are safe although your additional plugins may not be.

  • Check that if you have the JCE editor installed, it is the latest version

  • Find any other plug-ins, components or modules and ensure you have the latest versions. Uninstall any you no longer use.
  • Consider migrating your site to Joomla Version 2.5 or 3. More details here

  • Go to your email software (e.g. Outlook) and change the Outgoing server to your Internet Service Provider's smtp server. See this list   Also go to More settings...Advanced and change the Outgoing Port to 25.

  • Change passwords of all Administrator accounts on your website.

  • Change your cPanel (hosting ) password.

  • Delete any old versions of your website which may still exist in subfolders on your website. They are vulnerable too.


More help

If you are worried, please get in touch and we will be happy to help.

The AISweb Team 2014

 

 

 

 

Why you must upgrade your Joomla 1.5 site

If your site uses Joomla version 1.5 it is not fully secure.

We have built scores of great J1.5 sites - it's a sad fact of life online that hackers continue to multiply like insects in summer.

In the six month period to August 2013, 100,000 websites were compromised by one single spam attack.

Of those, 60% were Joomla 1.5 sites.

hacker codeAny popular web software is at risk, for example the popular Wordpress is one of the most vulnerable.

What do they do ?

It varies but commonly includes any of the following:

  • Using your website to send out millions of spam emails.
  • Hosting fake bank 'phishing' web pages. These are designed to steal people's bank details.
  • Defacing your website - sometimes with offensive images.
  • Recruit your website to a botnet army. That is, it can be remotely used in a Distributed Denial Of Service (DDOS) attack.

Indeed, you may already have been hacked and be unaware of it.

What is the answer ?

As fast as the bad guys hack, the good guys patch. The trick is to stay right up to date with the latest software.

 Upgrading Joomla 1.5

upgrade joomlaFrom Joomla 2.5 onwards, upgrading to the latest version of Joomla and also the latest versions of any installed components has been made very simple. Often a single-click upgrade is possible from your Administrator area.

Unfortunately, getting from Joomla 1.5 to Joomla 2.5 or 3.0 involves a fairly complicated migration.

If you are a confident Joomla user, you may like to just follow these step by step video instructions to migrate from Joomla 1.5 to Joomla 3.

Typically a simple, non-ecommerce website with few additional components will be easier to migrate than a more hand-made site with lots of template and function extras.

A lot will depend on if your installed components and your template are available in Joomla 3 versions.

We are keen to help you upgrade at the best possible cost and we'll give you a fixed price quotation so you can decide what you'd like to do. Just Contact Us here.

So we stick with Joomla ?

The latest Joomla versions are very strong and with the simple upgrade process which now exists, we'd definately recommend you stick with Joomla.

You may decide to use this opportunity to revamp your site.

It's not impossible to recover from a hacking incident but it can be expensive and you may also be added to blacklists. That can really harm your business.

Are we just trying to scare up some new business ?

Absolutely not.

As a company we have never been busier, thanks to our wonderful clients recommending us. We don't for example, need to advertise.

Please do it yourself or contact your local web developers and ask them to upgrade for you.

Whatever you decide, please don't ignore this.

Finally...

A lot of bad software (malware) finds it's way on to your website via your own computer. It is vitally important to keep your home antivirus and antimalware products right up to date and run them often.

The final piece of the puzzle is to ensure your website is hosted in a secure environment and that it's configuration is optimised for security. We offer a powerful forensic audit service to ensure your website is as protected from attack as possible, please ask us for details.

If you have any questions, or if you have been hacked, please contact us asap.

We will give you fair and genuine advice.

Paul Jenkins. AISweb 2013.

 

 

All our Hosting Plans have been upgraded.

 
All our Australian Hosting Plans have been upgraded.We’re happy to announce all our Hosting Plans have been massively upgraded at no extra cost.

  • All plans have been upgraded to Unlimited Bandwidth !
 
Also please enjoy the following free upgrades:

  • Unlimited Email Accounts
  • Unlimited Subdomains
  • Unlimited Databases
  • Unlimited Parked Domains
  • Unlimited FTP Accounts

 

Domainnames.com.au - how a good domain name can hide a shonky company.

www.domainnames.com.au

..sounds good doesn’t it ?

Unfortunately, just like looks, domain names can be deceiving.
The company in question here came to our attention with delightful weekly junk faxes. Using up our time, ink, paper and patience.

Polite requests to be removed from their spamming list have fallen on deaf ears.
Further research reveals a catalogue of horrors, please read (if you dare)

Whirlpool forum discussion about domainnames.com.au

Here’s a typical excerpt:

I have just had the most fun in a long time with domainnames.com.au
I chose them to buy a domain name from because I stupidly thought it was an Australian company. I wish I had seen the other comments on here before hand it would have saved me some wrist cutting experiences. I have never had to deal with so much arrogance and rudness and just plain vindictiveness.

Dodgy.

Don’t get fooled by the swanky domainnames.com.au domain name, and beware, there are many other companies trying to fool you into renewing your domain name with them. Some will send convincing letters (real paper ones) to you.

Caveat Emptor – let the buyer beware.

Also remember the mantra to Never Ever Buy From Spam Emails or Faxes.

 

eCommerce and Jennifer Hawkins: why poor communication is not Lovable.

Not happy LovableHere at AISweb we’ve built many eCommerce/online shop websites for our customers and their success depends on reassuringly professional design, easy navigation and great marketing and SEO.

Recently however, we have had an experience which has reminded us that the best laid plans can come unstuck when one particular component fails.

The human component.

With 14 days to go until a family member’s birthday, we ordered and paid for a pair of pajamas from www.lovable.com.au – the official website of this Australian based company.

We received the usual auto email confirmation the same day, with the line:

Please allow up to 7 days for delivery within Australia

Well, the pj’s didn’t arrive and the birthday came and went.

I’ll spare you the details but needless to say several polite follow-up emails to lovable.com.au has to date* ( 6 weeks after placing the order ) failed to secure the goods.

There may be a genuine reason; they are out of stock ? they lost our order ? some clerical error ?

It should be noted that the pj’s in question are still for sale on the lovable website today.

The problem is, even though we have now secured a promise of a refund, there is still no explanation of what went wrong.

I will certainly be using lovable.com.au to illustrate to our customers this crucial principle of e-Business, that Communication is King.

Had we been informed of a supply problem and given the opportunity to choose another product from the lovable.com.au online shop, we would have cheerfully done so. Instead we are left disgruntled, out of pocket and pajama-less :-(

Perhaps Lovable spent all their budget on their sexy website and the lovely Jennifer Hawkins ?
Maybe there was nothing left in the kitty for staff training ?

There’s an awful sinking feeling when you have bought something online and it doesn’t arrive.
So, as eBusiness people we must ensure we don’t fall into the Lovable.com.au trap.

It’s not enough to have the slick sexy eCommerce website, if the systems fail you, you need to be prepared to engage on a human level.

In an increasingly wired world, reputation is everything.

———————————————————————-
* Update: Full refund has now been received.

Recession ? Great, lets start a business !

Recession, depression, global downturn, GFC, choose your favourite term. It’s time to batten down the hatches of your small business, put that new idea on hold, reduce expenditure, slash the marketing budget, sandbag the door and ride out the storm, right ?

Wrong !

Let me share with you something I read today:

The recession of 1923 to 24 plunged the United States into an economic quicksand that destroyed more than 10,000 businesses. Yet this was precisely the time that a man who lived by the creed ‘if you can dream it, you can do it’ risked everything to launch a small cartoon studio called Disney Brothers.

About 15 years later, doomsayers told two young electrical engineers they were sure to fail when they started their tiny electrical machine business during the Great Depression with $538 and one product. Undeterred, Bill Hewlett and Dave Packard got to work in a rented garage.

Fast forward to 1975. Oil prices are soaring, bankruptcies reach record levels and one-fifth of the US population becomes eligible for food stamps. As economists declare a recession, two childhood friends make the first sale of their computer programming language and Microsoft is born.

Ok, there are not too many Bill Gates per generation, but the point is that keen entrepreneurs see the current crisis as a great opportunity.
Here are some reasons why:

  • Low interest rates.
  • Less competition.
  • Conditions favour new, slimline start-ups more than bloated existing companies.
  • Less demand for start-up loans. Yes banks are still lending money every day. It’s what they do. If your idea is well costed and sound, you will be up against fewer competitors.

Where does your website fit in ?

Lets assume you’ve budgeted for a new website design to support your new venture. (You have, right ?).

How do you machete your way through the jungle of information out there screaming for your attention and your website design budget ?

Simple. You find some web designers you can trust, and you ask their advice.

Ok, so how do you know who you can trust ?

1. Personal recommendation.

Talk to friends and colleagues, ask them who they use for domain name registration, website hosting and website designs. Ask them about their experience with their ecommerce website, what was the development process like, were the web designers fast, accurate, professional, trustworthy ?

What about since the website was live, are the developers noticeable by their absence ? Even if your site is built on a Content Management System model – and hence updatable by you – you will probably still have teething troubles.

It’s a huge weight off your mind to have chosen web designers who will continue to offer help and advice after the invoice has been paid in full.

2. Go surfing.

You know the websites you admire, the clear, easy navigation, cool colours, great presentation. Most people are proud of their small business website and (with the possible exception of direct competitors) will often be happy to tell you what they thought of the web designers they used.

Look at the foot of the web pages, you will often find a link to the web design firm who developed the site. Visit their website and browse their portfolio of websites. Then visit those websites, email the owners and ask for their opinion of their web designers.

3. Google for opinions.

You’ll find no shortage of opinions, blogs, forums etc with views about the best cheap hosting, domain name registration, small business website design and so on.

Just be cautious as this is the wacky world wide web and you shouldn’t believe all you read.

There are often entire websites setup to offer product comparisons, reviews, recommendations, top 10s and so on with the sole aim of promoting one product or company.

Caveat Emptor.

What can you achieve in 3 seconds ?….

Of course a website is neccesary for any and all businesses these days, but did you know that vistors typically form an opinion about your company within 3 seconds of arriving at your home page ?

I’ll just repeat that.
“…vistors typically form an opinion about your company within 3 seconds…”

That is important for any small business website, but it is crucial  for your ecommerce website. Your ecommerce website must give a flawless, professional appearance if you are to inspire confidence and convert visitors into customers.

Don’t put it in the Too Hard Basket.

Once you have located the guys (or girls) you can trust, you’ll be surprised by how fast and painless the process can be. Make sure you know what you want in terms of design, have your products measured and weighed, have great digital photos ready to go and you may well see the birth of your new website in under two weeks.

And finally.

While you are talking to the owner of an eCommerce website, ask them how it felt the first time they made a sale while they were asleep…

…notice how you can detect a smile even over the phone ?

——————————————————————————–

Author: Paul Jenkins of AISweb

 

How to set up Outlook to read your website emails

Here Paul Jenkins from AISweb answers the most frequently asked question with web site email.

In this example, we’ll be using Microsoft Outlook, but the settings will be similar whichever email software you use.
(We use and recommend Thunderbird from Mozilla)

1.
Open MS Outlook and click Tools/E-mail accounts. Click Add a new e-mail account and click Next>

2.
Choose POP3 and click Next>

3.
Now we are at the TRICKY page.
In this example our website is called www.sagan.com and our email address is setup as This email address is being protected from spambots. You need JavaScript enabled to view it. .

Carefully check your settings against these example ones.

Notes.
Your Incoming mail server (POP3) is mail.yourdomain.com, NOT This email address is being protected from spambots. You need JavaScript enabled to view it.

Your Outgoing mail server (SMTP) refers to your internet service provider (ISP) and so for example, in Australia it might be mail.optusnet.com.au
If you don’t know this setting, try googling for it or ask your ISP.

Your User Name is your entire email address, not just your name.

Your Password is your email password for this email account.

4.
Finally click the More Settings… button and on the Advanced tab, ensure that Leave a copy of message on the server is NOT ticked.

5.
You are now ready to click Test Account Settings… you should get all ticks and then receive the test email.

 


 

Customers of AISweb are welcome to contact us for help.

Australian Government warns against using Internet Explorer

In a move to warm the hearts of people who work in the web industry, many governments around the World including the Australian Federal Government, have recently issued stern warnings against the use of any of Microsoft’s Internet Explorer web-browsers.

It has long been a complaint from web-developers that the World’s most used browser, IE, in it’s various versions, is a substandard and potentially dangerous product.

The frustration for the IT community has been getting people to listen. “Who cares what a bunch of computer geeks say about IE ? It works ok for me.”

The fact is that even IE8 is one of the least standards-compliant browsers. The annoying part of that is websites which don’t display properly or give spurious ‘error on page’ messages. The serious side are the security holes which leave users open to possible abuse from cyber criminals.

Many people don’t realise that all the various browsers out there are completely free. It’s akin to being offered a brand-new 2010 Mercedes to replace your old, familiar but flawed Ford. Why wouldn’t you upgrade ?

Here is a sobering passage from the ABC news report today:

The Government is warning that people risk having their computers infiltrated and passwords stolen unless they install temporary fixes from Microsoft or use alternative browsers.

Here at AIS we prefer the Firefox browser, but Safari and Opera are also browsers we enjoy using.
We recommend trying a few and making your own decision about which one you’ll switch to.

Whichever browser you upgrade to, it is important to keep it up to date.

Link to full article: ABC News: Australian Government warns against using Internet Explorer web browsers Jan 20th 2010