Author Archives: kevin

fix website security risk

How Your Website is a Security Risk + What You Can Do To Fix It

In this day in age, cyber security is of the utmost importance. Don’t let your beautiful website design and reputation go to waste because of a security risk.

Did you know an average of 30,000 websites are hacked every day? If you think you’re not vulnerable, think again.

In this article, we’re covering common ways new websites are at risk for hackers and viruses.

Don’t worry. This is meant to help you, not just scare you. We’re also covering how you can fix it to protect your site and data. Read on for more.

4 Ways Your Website Is a Security Risk and How You Can Fix Them All:

Excellent website design is just the beginning. You also need to protect your site against cyber attacks, hackers, and more. Here’s how.

1. Malware

Malware is short for “malicious software,” and it is just as sinister as it sounds.

Malware programs are designed to gain access to your computer or website specifically without your knowledge.

Malware can be responsible for data theft and search engine blocking, among other consequences.

Protect your website with malware scanners to monitor security 24/7. Always update platforms, apps, and plugins as soon as the new version comes out.

Always be cautious when it comes to free software programs and research them thoroughly before installation.

2. Get an “SSL” (HTTPS)

Google is leading the way on encouraging every website to be secure. Specifically, every website should be protected by an “SSL” certificate which encrypts all user data submitted in forms or payments.

If the URL for your website doesn’t start with, “HTTPS,” your site isn’t secure. Pretty soon this is going to hurt your site in Google searches, which is incentive enough to secure your website!

There are sites out there like “Let’s Encript” that offer free SSL’s, but not all web hosting companies accommodate them. (They would rather have you pay for theirs) 

If you have to pay for an SSL, it will cost you about $60/year, which is a good incentive to host your site with a company that offers a free SSL.

3. Passwords

It’s obvious that you need a hard to guess password to protect your site from invasion.

For maximum security, require a two-factor authentication for the admin page, so that only authorized admins are able to access the heart of your site and your valuable data.

Require specific password regulations for your users as well, such as the use of numbers and capital letters.

Further protect your customers from hackers by using a one-way function such as SHA (secure hashing algorithm). This will secure the data by using an algorithm that scrambles the data in a way that only the sever will know how to keep track of.

This helps to prevent password guessing software from easily accessing your user accounts.

4. Backups

Backing up your site is an important way to protect your hard work, but it’s also a way in for hackers and cyber thieves.

Keep backups stored locally and offsite to minimize the security risk. In the case of a malware invasion, you’ll be able to more easily restore a secure version of your site.

*Related coupon: 50% off Carbonite backup

5. Manage User Access

We’re not saying trust no one, we’re just saying don’t trust anyone else’s cyber security.

Every time you allow user access, even to another admin (an employee or a guest poster, for example), you’re opening up a pathway for invasion.

Limit who has admin access to as few computers and accounts as possible. Create a layered system of access to limit the functions of the site to only what is absolutely necessary.

Now You Know!

Implementing these cyber security practices will help ensure the functionality, trustworthiness, and reputation of your site.

It’s much easier to take extra precautions to dodge a security risk than to repair it after an attack.

Want more? Check out this post about the worst high profile data leaks of 2017 or this post about how to avoid dating site scams.

worst data leak cases

Hacked Companies: Inside the Largest Data Leak Cases of 2017

From popular dating sites to major retailers, threats to your cybersecurity and sensitive data are everywhere.

If you think you’re immune just because you’re a larger company, think again. Read on to learn more about the biggest data leak incidents of 2017.


Saks Fifth Avenue

This March, popular department store Saks Fifth Avenue experienced a massive data leak that posted the email addresses and telephone numbers of over 10,000 shoppers online.

The personal information was posted on an internal page of Saks’ website, where customers could sign up to get placed on a waiting list for products.

On the bright side, it was confirmed that no credit card information had been stolen and posted online — a rare thing for the cyber hacks of today.


Gmail

In May of 2017, hackers broke into the personal email accounts of over 1 billion Gmail users.

How did they get in?

By using what’s commonly known as a “phishing” scam. Essentially, the hackers sent an email that was disguised as a note from someone on their contacts list. Of course, many users didn’t think twice before opening it, as the sender was familiar to them.

Then, the victims were told that they needed to grant access to a third-party app in order to view an attachment their so-called “friends” had sent them.

Once the virus had the personal information it needed, it could then send itself to all of the initial victim’s contacts. This meant the scam was able to grow incredibly rapidly.

The lesson of this data breach? Always think twice before giving out your personal information to a third-party app.

*The IRS has even recently launched a campaign called, “don’t take the bait” to combat phishing scams that target tax professionals.


Chipotle

Yes, even everyone’s favorite fast food chain isn’t immune from a hack. Sadly, those who frequent the popular restaurant got a little bit more than just extra guacamole in April of this year.

By installing malware in Chipotle’s Point of Sale devices, hackers were able to steal the credit card information of countless customers. Essentially, the hackers were able to read the magnetic strip on the back of credits cards and get their numbers.

Hacking incidents like this are why inserting the chip is now so popular.

The hack was especially frightening as it affected multiple restaurant locations in a variety of cities.

Fortunately, Chipotle was able to quickly get a handle on the hack.


How Can You Prevent A Data Leak?

As you can see from the incidents above, data leaks can be costly, a huge blow to your brand’s reputation, and an enormous threat to customer service.

It’s always a good idea to invest in professional virus protection — especially if you use cloud-based software. Frequently run back-ups of your work, and always conduct rigorous testing to make sure there are no cracks in your security.

Additionally, if you have been hacked, you need to act as quickly as possible to prevent the situation from spiraling out of control. Start by using free data recovery software to ensure that you won’t lose all of your customer’s information or your company’s data.


Protect Your Customers — And Your Brand

Don’t end up like the companies on this list. Instead, start getting proactive about your data protection and recovery services.

Remember that new threats happen every day. Always stay on top of the latest hacking and malware news so you can continue to protect yourself and your customers.

tinder and match.com scams

Match.com Scams: Security Tips for Dating Sites & Apps

Avoid scammers & protect your privacy on dating sites like match.com: Are you thinking of trying out an online dating site? Millions of people now have profiles on Match.com, Tinder, Bumble, and Plenty of Fish, and online dating is now a multi-billion dollar business.

But wait, before you go ahead and set up your dating profile, there are some things that you need to know. Protecting your privacy on dating sites and avoiding scams is very important. There are so many people out there who want nothing more than to take you for a ride.

If you want to keep yourself (and your finances!) safe, you need to be as cautious as possible. Luckily for you, we have all the information you could possibly need to protect yourself. Enjoy!

match.com security scammers

Tip: Actually read the privacy policy

Before you sign up for any dating sites, you need to check out their privacy policy. Most people simply select ‘accept’ without reading what they’re agreeing to. The problem with that is that you could be signing all your personal information away without even realizing it. Frankly, that’s a very scary thought! Here are some of the things that you have to be mindful of:

  • The site giving your information to third parties
  • Whether your profile can be found by search engines
  • The information that is shown as ‘public’

It’s well worth taking the time to sift through all the text and figure out what you’re agreeing to. That way, you can take care of your personal information and truly understand what rights you’re giving away here.

Tip: Be ultra strict about your settings

Once you’ve actually set up your site, it’s time to take a proper look at your settings. Sure, it’s easy to just leave it and assume that it will all be okay, but doing so is a real mistake. Remember, you should have a whole load of control over what is shown on your profile and what is not. Head to the settings tab and see what controls you have.

If you want to protect your privacy, it may be worth making yourself ‘invisible’ to the public. That way, you can make sure that only people you want to contact you can contact you.

Be extra careful on “free” dating sites

“When something online is free, you’re not the customer, you’re the product.”

Open a “free” swimming pool in the middle of the city, and see what happens. Pretty soon you won’t want to stay in the water! Dating sites shouldn’t be free either. There should be a cost to participate, and a valid credit card attached to every account.

Match.com has a free trial, but it only lasts 7 days at the most. New members on a free trial are a mixed bag, so be extra careful in your interactions with them. (Also know what a site like match.com really costs before signing up)

No ‘free’ dating sites or apps should ever ask you to hand over your banking details. If they do, you should be very careful about handing them over. In the same respect, if on the off chance a user asks you to give your account details, you absolutely need to report them.

Tip: Keep your communications safe

One of the things that you will come across time and time again is match.com scammers asking you to hand over your phone number or email. If you’ve only just started to talk to them via the site or app, you really don’t want to rush into external communications. The truth of the matter is that if this person’s a con artist, they could well want to lure you away from the site to scam you.

If you do wish to chat to people outside of the app or site, it could be worth making a dedicated email address (that’s not attached to any of your personal information or accounts) that you can use. That way, you can speak to anyone without worrying that your personal information will be available to them.

How to catch a ‘catfish’

online dating scams

In case you haven’t heard, ‘catfishing’ is a massive deal for the online community. If you’re hoping to keep your privacy safe on dating sites, you need to be aware of this common issue. Basically, there are people out there who will pretend to be someone they are not, i.e. assume the identity of another individual.

Usually, Tinder or match.com scammers (or other popular dating sites) will do this so that they can con people out of money or steal their identity. You might also fall victim of Ransomware, where someone locks you out of your own computer and demands that you pay a ransom to access your files. Yikes! (consider backing up your files

When you first start talking to someone, it’s worth doing a little background research. Take a look at their social media accounts and online activity to see whether they are legitimate. Who are their friends online? Hopefully they have ties to a good mix of family and friends, and not just superficial ties to more shady characters or fake Facebook accounts.

Tip: try a “Google reverse image search”

match scammersIf you want to check out if a user is who they say they are, there’s a simple trick you may wish to use.

Copy their picture from the site and reverse image search it on Google.

If you find that the photo appears on other sites under a different name, you should steer clear of that person. If you find anything else troubling, you may even want to report them to the site.

Finally, avoid these common scams

Of course, you should take all of the above into consideration when it comes to setting up your site. However, there are a few common scams that it’s worth knowing about ahead of time. Here’s what you need to know:

  • The ‘sob story’ scam: This scam on match.com or Tinder is perhaps the most common. Someone you start talking to on a site like match.com will suddenly have an ‘emergency’ and need financial help. As tempted as you might be to give them a loan, don’t do it! Remember you don’t know this person at all and you owe them nothing. Just last year a woman lost her lifesavings to a match.com scam, ($270k) which is hard to comprehend, but shows you an extreme example of how people get conned by scammers
  • The malicious link scam: If someone sends you a link and asks you to click on it, it’s a red flag.  Much of the time, the site will be a porn site or even a page with a virus or creepware on it, which can be really hard to get rid of. (consider having Norton Security on your devices) 
  • The webcam scam: You need to think twice before agreeing to go on webcam with someone you don’t know. They can record the session (and whatever happens during it!) and use it to blackmail you later. Be careful.

It’s not a bad idea to read all the bad reviews and complaints for match.com before joining. It might scare you away, or it might just make you more savvy.

If you follow all of the above advice, you should have no problem using dating sites securely and safely. Remember, you are in control of the information you give out, and so you can make sure that you are always as private as possible. Happy dating!

*Dating photo credits: Huffington Post + omgphotos.com

shared ip address seo harm

Yahoo & Bing Dropped Your Website? The Dirty Truth About Shared Hosting

One day I noticed that my site wasn’t showing up on Yahoo when I searched for “Chairman Meow.” I knew that was a red flag, so I tried a few more search terms. Still nothing. Then, I checked my other sites under the same account. All of them missing. It didn’t take me long to realize that my site(s) had been dropped by Yahoo and their partner Bing.com, and something weird was happening.

I’m not part of any paid-linking or “black hat” SEO schemes, and I don’t really do anything “shady” online, so why was my site dropped by Yahoo?

Has Your Site Been Dropped By Yahoo / Bing?

Try doing a search for your domain name on Yahoo.com. If you don’t see your site come up, you may have been dropped. If it has, you’ll likely see your Facebook page, or an obscure page or two from your site might turn up in search results instead. So, was your site unfairly dropped?

If you’ve been paying a guy in the Ukraine to do your SEO work, or send out spam emails by the thousand, you probably aren’t an innocent victim. Your site was probably dropped for the same reason they throw certain characters out of bars and NASCAR events. However, if you play by all the rules, consider taking action immediately to get back in search results.

Site Dropped for No Reason? Your Shared Hosting Plan May Be to Blame

If you’re paying under $50 a month for hosting, (like most of the masses) you’re on what is called, “shared” hosting. With hosting companies like GoDaddy, your site is on a server with hundreds of other sites, all with the same IP address. (the unique 11-digit number /address of each server) When one of the sites on your server starts behaving badly, Yahoo / Bing will likely block the whole server, even with WordPress hosting.

That means that your blog about “knitting patterns” and “photos of kittens” will be penalized because it’s on the same server as “DonkeyPorn.xyz,” because to Yahoo, you look the same!

Oh, no! What Other Sites Are on My Server / IP Address?

shared ip address blockedEver sit on a wet, sticky public toilet seat? That’s how I felt when I took a look at who else I was sharing a server with. There were hundreds of sites, and a few stood out as being shady. Clearly one of these dirty sites was the culprit, and to blame for my site being dropped.

You can do a reverse IP lookup online to find out who you are “in bed” with here. Just type in your site domain:

In my case, I got a message saying:

“It appears that the web server located at 123.456.78.910 may be hosting one or more web sites with explicit content. The web sites in question are highlighted in red below. There is a possibility that all of the web sites on this web server may be blocked by web filtering software. Search engine rankings for these web sites may be affected as well.”

Still in shock, I called GoDaddy to inform them of this news. “Do you realize you are hosting my website with a bunch of porn sites?” To which they replied that they have no control over what people put on their websites, and don’t have a screening process. What?!

Contacting Yahoo / Bing for Re-inclusion?

You might have better luck finding a personal email address for Taylor Swift than a helpful contact email on Yahoo.com. Before trying to contact them, I suggest you try to fix the root problem first. Paying for hosting on your own “dedicated” server is expensive and can cost $200+ month. So, to separate yourself from these bad actors, try getting a dedicated IP address.

Buy a Dedicated / Static IP Address

If you use one of the big hosting companies like GoDaddy or HostGator, adding a dedicated or “static” IP address to your hosting plan should be easy, and cost about $6/month. You should be able to log-in and do it yourself, and the transition should be simple. Contact your hosting company with any specific questions if it’s not obvious.

Contact Yahoo through Bing Webmaster Tools

Once you have a new IP address, you can either wait and watch search results, or contact Yahoo / Bing to tell them what happened. Yahoo’s customer support is notoriously bad, but since their merger with Bing, they offer webmasters a nice set of tools and help through Bing Webmaster Tools. It’s an easy sign-up, and let’s you look under the hood at how Yahoo / Bing view and index your site.

If you need to contact them, signup for Webmaster Tools, verify your site, and go to “Bing Webmaster help and How-to,” and click under “getting help & support” on “webmaster support.

bing yahoo contact site dropped

 

In my case, (not knowing why my site was dropped) I went through this process backwards and contacted Bing first, before getting a new IP address. They actually responded 2 days later. Within a week they confirmed that my IP address was being blocked due to spam originating from another site on my shared server.

Here’s the response from Bing Microsoft Customer Support
We highly appreciate your patience as we review this matter together with our Product Group. My name is Jenny and I will be providing you with the status of this Service Request.

We would like to inform you that the webserver that your site exists on is blocked by our bots due to Spam and the whole IP was crushed…

My Site Started to Reappear On Yahoo Search Within a Week

Bing webmaster support quoted that it would take “a week or two” to be back in search results, and as I type this, my .net site is slowly trickling back onto Yahoo search results a week after getting a dedicated / static IP address. This whole fiasco has lasted about a month so far!

Don’t Risk Bing Dropped By Yahoo / Bing; Get a Dedicated IP Address for SEO

Google doesn’t see to block entire IP addresses the way that Yahoo / Bing does, but getting dropped by Yahoo /Bing is serious. Together they account for a significant 29% off search traffic.

In my opinion, anyone maintaining a website or blog should have a dedicated IP address. It’s cheap insurance against being dropped because of the actions of someone else online. It’s also included with an SSL certificate, (which gives your site an “https:” url) and a layer of security if you collect information or take payments. If your site or blog is run on WordPress, consider managed wordpress hosting from a specialist like WP Engine Hosting.

carbonite plans pricing

Carbonite Costs, New Cloud Backup Prices

carbonite logoHow much does Carbonite cost? It’s easy to figure out the cost of Carbonite cloud backup. Their plans for Home or Office have 3 levels each, so you can determine which plan is best for your needs, and how much it costs.

In general, their 2-3 year subscriptions cost 10% less, and using a coupon can save you 10% on the first year. Here are the latest prices for Carbonite Home and Business (server) backup plans:

HOME Plan Pricing:

Here are the latest prices for Carbonite Backup. As you can see, the cost per-year drops with longer subscriptions. You can save 5% with 2-year plans, and get 10% off with 3-year plans:

 BASIC Plan: PLUS Plan: PRIME Plan:
1 Year: $59.99$99.99$149.99
2 Years: $113.99$189.99$284.99
3 Years: $161.99$269.99$404.99
Today's promotion: *See price*View price*See price

*View all coupons for Carbonitenew here


BUSINESS / Server Plan Pricing:

There are 3 levels of plans with Carbonite for Small Business: Core, Power, and Ultimate. While we break down the features below, here are the costs:

 CORE Plan: POWER Plan: ULTIMATE Plan:
1 Year: $269.99$404.49 (save 25%)$566.99
2 Years: $599.99$1,139.99 (save 5%)$1,619.99
3 Years: $999.99$1,899.99 (save 5%)$2,699.99
Storage:250 GB250 GB500 GB
Today's Promo: *View price*View cost*View prices

*Additional storage costs: $99/100GB. View full business pricing at carbonite.comnew


carbonite personal prices

Carbonite HOME Plans:  (Personal)

All personal plans for Carbonite include automatic secure cloud backup with free U.S.-based customer support. Here’s an overview of each plan:

  • BASIC Plan: Unlimited backup for one PC or Mac computer – Free trial available
  • PLUS Plan: Adds a mirror-image of your entire disk for full system backup + optional backup for external drives
  • PRIME Plan: Adds automatic video backup as well as a courier recovery service, which sends you your data on a physical disk
  • View Carbonite backup couponsnew or view plans & pricing on carbonite.com

carbonite business plans prices

Carbonite BUSINESS Plans: (For Office)

All Carbonite Business / Server Plans include computer backup for an unlimited number of computers with a minimum of 250 GB cloud storage space, plus free U.S.-based support 7-days a week. Here’s a summary of the Business Plans:

  • CORE Plan: Protects up to 250 GB of files on an unlimited number of computers, external hard drives, and NAS devices
  • POWER Plan: Includes 250 GB of cloud backup and adds image backup and bare metal restore feature for one physical or virtual server
  • ULTIMATE Plan: Backup up to 500 GB of files from unlimited computers and servers
  • Carbonite E2 – Protect all your small business dat both on-site, and in the cloud with powerful hybrid backup. Learn more about Carbonite E2
  • View coupons for Carbonite Businessnew or see plans & pricing on carbonite.com

You can add additional storage in 100GB increments to any Carbonite Business plan. See carbonite.com for PC / Mac operating system requirements.