CitrusKiwi's Web Design, Internet & Marketing blog

A question I get asked from time to time is, "Why should I pay you to design my site when there are lots of free options?" And it's a fair question. If you're not analyzing every business expense then...

main name renewal scams Questions... Where was your domain name registered, when is it due for renewal, and about how much should you pay for a 1 year renewal (generally)? If you don't know you'r...

I'd hoped this may have died and gone away on its own, but it seems that "Melanie" (or whoever she or he really is) is a persistent little scammer that's working hard to screw you over. I've seen this...

For those who are more my age (suffice it to say, I'm still in my 50s...just!), and took to computing back in our 20s, we remember having to configure EVERYTHING! "Plug-n-play" wasn't even thought of ...

Yes, I confess, the title is a little melodramatic! However, when it comes to your online and IT security, a little paranoia is a good thing! The truth is, there are people out there just waiting...

Perhaps another, better, questions, is, do you have one? Or what IS a Content Security Policy? That's a great questions! It's a quite complicated series of policies designed to make websites more...

 We're all told to be vigilant about internet scams, and to safeguard our online profiles. But, in trying to do this, have we unwittingly exposed ourselves more than we already were? A few years ...

A couple of times in my computing life, I've had that sinking, cold pit in my stomach where I realized that I've lost data and have no backup. It's not a fun moment, but, fortunately for me, the data ...

While Healthcare isn't what we do, data security, and online security in general, is something we're very interested in. I got an email from IDShield today as part of my membership (IDShield is part of the LegalShield umbrella which we are affiliate, and recommenders, of. I thought it so important that I've added as a post so all my readers can be warned - cybercrime is huge and getting bigger. Is your healthcare data for sale? There are, alledgedly, 655,000 patient records for sale on a dark web marketplace. The hacker who's selling them, claims they are from 3 separate healthcare databases. Healthcare ID theft is the golden goose of ID theft. Steal someone's credit card details and you can sell them for $50-100 - limited life, limited value. But get hold of someone's medical ID - that's worth thousands to sell, and even more to use. Read the whole article...

Passwords and how to store them Just recently, one of our clients had their GoDaddy account hacked. The hackers, fortunately, only pointed the domain at a random Vietnamese hosting company - it could have been much worse. However, the client had to go through all the hassle of being without a site for over a week, and dealing with getting access to their account so I could reset their settings. It could have been so much worse though. 2-step authentication If you have an account (like GoDaddy's) that offers 2 step authentication, turn it on. This sends a text to a specified phone number which the person trying to log on must enter to get in. It's a great layer of security, and simple to set up. Is is more painful for you to then log into your account(s)? Of course, that's the point. However, it sure beats being hacked! So...

I quite regularly hear clients and non-clients alike boldly proclaim their website is safe because it's small and insignificant. It doesn't have sensitive data such as credit card or social numbers on it. The reality is quite different. The 3 main hacking reasons Malicious "joyriders" For want of a better term (and to be polite!) I'll liken them to someone who steals your car, races it round town, then crashes it into something and runs off. These hackers are in it to either hack you because you're there, to see if they can, or to deface your site, either with nasty stuff or to promote something that's "dear" to them. This sort of hacking is usually very evident when you, or you client, visit the site. Data thieves These hackers are out for information, stuff they can either make use of - credit card details, social numbers, etc - or stuff...

A few weeks back, someone on Facebook alerted me to the raft of permissions I, and every other app user, blindly says "Yes" to when installling them. We give them permission to take photos and videos, send and receive messages, snoop round in our data. The list of permissions is truly staggering. But this last week, I read that one of the worst culprits is the humble flashlight app - or more correctly, some of them. It seems that some of them have taken noseyness to a whole new level sending all types of info back to their authors. Take the "Super bright LED Flashlight" app. This is what it can do (YOU gave it permission to when you installed it!): control flashlight - well that's what you'd expect, but...retrieve running appsmodify or delete the contents of your USB storagetest access to protected storagetake pictures and videosview Wi-Fi connectionsread phone status...

A coule of weeks back, I blogged about using add-ons/extensions for Joomla that came from warez sites, and the potential security problems associated with that (see "How to get a free lunch on the internet"). A joomla website is just a bunch of images, text, HMTL files, PHP files and CSS files. Whilst it's possivle to attach "nasties" to an image, or embed in text, when it comes to websites, usually the most common is adding code to one of the last 3. And of those 3, PHP is the "best" (from a hackers point of view) as it's the most powerful for wreaking havoc. Templates for Joomla, or any modern CMS, are a collection of HTM, CSS and PHP files, so are just a good a target for hackers as the core website files. When we're doing sites we code our own templates - we don't buy templates, so your...

According to the latest statistics from the British Department for Business Innovation and Skills (BIS), 60% of small businesses had a cyber security breach in 2013, slightly down from 64% in 2012. I'm doubting that the stats are any better anywhere else. Current statistics show you have a better than even chance of having your website hacked! Often, hacking is just an annoyance, requiring deletion of the existing upload, and reinstalling of a (known) clean backup. Oh, you DO do regular backups right? DON'T rely on your host to do it - mostly they don't care as long as you don't infect their servers. Assuming you have a backup, you can restore. But does your website, or the server it's on, have security holes? An article I was reading this week talked about one such small business from the UK who got hacked. The owner had had a great holiday away...

As a web designer and webmaster, internet security is a huge issue. Not only for myself and my company's site, but for all my clients. Part of my job is protecting my clients from my other clients. It's like this..... For the last couple of months, I've had all manner of high power techs chasing a spamming bot that's very sophisticated and tenancious. As soon as we block one avenue, it morphs and starts using another. We were all convinced it was some sneaky piece of code buried deep in one client's site. But multiple scans and digging revealed nothing. In the end, we've concluded it's very much off-site and, in fact, on my client's computer (one or more of them). Why didn't we go this route sooner, you may ask? The simple fact is, as a host and webmaster, internet security for my clients is my job, and it's counterproductive...

Or, how to be safe on the Internet Doing what I do, I come across all manner of passwords from clients.  Some are good passwords, and some are bad passwords - some are SERIOUSLY bad passwords.  There are lots of articles around the 'net telling you what you should and shouldn't use.  For me, what you shouldn't use is a complete no-brainer and takes one sentence, not a whole article.  If you can type it into Google and find it on the 'net DON'T use it!  It's that simple.  So, that includes the really dumb ones like your name, your spouse's name or your kid's or pet's name.  1-2-3-4-5, password, admin or any other password shipped with your equipment.  For bad passwords, that's it. What is a much better question is, what is a good password?  Another simple answer, one YOU didn't come up with!  It's hard for a human to...