Archive for February, 2011

Everyone blogs these days and some are yet to give it a shot, so you have finally thought of setting up your blog or you already have a blog and the number of visitors are catching up too. But sadly and seriously these days, there are huge rush of people who hack into blogs either for fun or to malign work of others. So I have found some simple tips to keep hackers away from yours. Let’s see what are those:

null

Upgrade your Blog software

Most bloggers use platform like blogger, WordPress, typepad, Weebly, etc,, Perhaps you have wondered why blogs releases a new version of their software every few weeks. Thousands of people go over the Wordpres code every day in an effort to improve it. A lot of the time, they are trying to plug up security vulnerabilities which hackers have figured out how to exploit. By upgrading regularly, you can be sure that you have all the latest security fixes.

Update plugins

Many times, hackers will figure out how to gain access to your blog through a vulnerability in one of your plugins. The creators of these plugins often release updates that are more secure, which is something you should take advantage of by updating them regularly.

Most Importantly Hide plugins

If the hackers don’t know which plugins you have, then they won’t know where to begin trying to hack your site. The way they find out which plugins you have is by looking in your /wpcontent/plugins directory. If you create a blank document, save it as index.html, and upload it to this directory, you can prevent anyone from accessing this information. Alternatively you can block the standard file list from showing with .htaccess.

Get rid of Admin Login name & Use strong password

Do you still use “admin” as your username to log into your account? If so, you are making things much easier for hackers. If they know the username of your administer’s account, then hackers already have half of the information they need to break into your account. If your password is something like “wood floor”, then it can be extremely easy for hackers to guess. They can often simply use a program which guesses your password based on dictionary entries. Create a lengthy password made up of upper and lower case letters, numbers and characters in no particular order and avoiding dictionary words.

Login securely

One way that hackers will steal your password is by intercepting it through the network while it is on its way to most blogs. You can solve this problem by installing the Chap Secure Login plugin. This plugin will automatically encrypt your password when you login, so the hackers will only be able to see your username.

Remove your version information

Often, hackers will attack your site based on the version of the blog you are running. If they don’t know which version you are running, they won’t know how to attack your site. Install WP Security Scan to remove the identifying code from the header and feeds.

Prevent brute force attacks

One of the simplest ways for hackers to break into your account is to try different passwords over and over until they find one that works. The easiest way to prevent this is to use the Login LockDown plugin. If someone fails to guess the correct password three times within a 5 minute period, this plugin will prevent them from even trying again for the next hour.

Third Party Code

Adding site counters, templates, and other third-party code to your blog can be a great way to add some flare to your content, but can also leave your blog vulnerable to malicious activity if you aren’t familiar with its source. So take a moment to review the code and look for anything that seems out of place. For example, if you are adding a weather gadget to your blog and notice in the code that there are links pointing to unrelated sites, take that as a red flag and keep searching for another weather gadget. There is no reason that a weather gadget should include a snippets like ~ a href=”http://completelyfreemoneysamples.com”>Make Money Online!/a~

Before saving new template code, always preview first. Malicious template designers may sometimes include pop-ups or other unexpected ads in the template code, which will usually be revealed with a quick preview.

Look first to ‘trusted’ code repositories for a new template or widget. There are probably thousands of places across the web where you can find widget and template code, but it may be helpful to first check out some of the more widely known and trusted sources.

Protect against comment spam

Spam can be a danger to your blog and its visitors. Comment spam can insert unwanted content onto your website. One way of protecting against spam is using plugins that track comments and trackbacks, running them through tests to check on whether they are spam and then refusing or approving based on the test results. Though its worth noting that this is not completely full proof and depending on the size of your blog you may even want to personally moderate commenting, or maybe even limit commenting to specific posts.

Anti-spam Plugins and additional resources on how to protect from comment spam:
Akismet
Spam Karma 2
Codex on Combating Comment Spam (http://codex.wordpress.org/Combating_Comment_Spam)

Secure your WordPress Admin directory

This is mainly for WordPress Bloggers since it’s more the choice of pro bloggers and for its rich theme. This is one of the most useful tips where you have to whitelist all IP adresses that can access your /wp-admin/ directory. This method will only allow the access of wp-admin from your chosen IP addresses like your home computer, office computer, laptop etc. It is easy to do through .htaccesswhich you can place at /wp-admin/.htaccess. Here is the code you need.

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “Access Control”
AuthType Basic
order deny,allow
deny from all
# whitelist home IP address
allow from 64.xxx.199.99
# whitelist work IP address
allow from 64.xxx.199.210
allow from 199.xxx.136.200
# IP while in Bangalore; delete when back
allow from 128.xxx.2.27

Change IP addresses with the ones that you want to allow. If you are staying in a hotel for a few days, add their IP address in the file for that period and take that off when you leave that place. A very good security measure to keep your blog safe.

Finally, have a backup plan

You have to have a complete backup (database + files/plugins/themes) in case of uncertainty. It is always a good idea to keep your blog’s backup on more than one places (like computer hard disk, USB drive, CD etc) and take regular backups. This has worked like a charm to me many times bringing back many of my other blogs up in matter of seconds if something went wrong.. The following plugins can help automate the database backup process in wordpress, visit their websites for more information:
wp-db-backup (http://www.ilfilosofo.com/blog/wp-db-backup)
wp-dbmanager (http://www.lesterchan.net/wordpress/readme/wp-dbmanager.html)

Visit the the WordPress codex for further details on backing up your website.

As usual if you think i missed any leave a comment so other stay informed of it.. C U next week, till then take care..

Advertisements

I am now addicted to browse only on Google Chrome, not sure of why I like it compared to other browsers :). But I thought the high speed browser was lacking its shine and crashing quite often now a days, but last week a new beta shows up and shatters that impression. Last Thursday, the search titan announced a new Chrome 10 beta that boosts JavaScript performance by a substantial 66 percent, as measured by Google’s own V8 benchmark, and implements GPU-accelerated video playing. The beta also changes the way users set options, and lets them sync passwords. So I am using the beta quite a while now and thought it would be fine to review its performance.

null

In my own speed tests on a 2.6-GHz dual-core system, Chrome 10 beta showed significant improvements on Google’s V8 benchmark and Mozilla’s Kraken, but on Webkit’s SunSpider JavaScript Benchmark, it was nearly identical, and still trailed Microsoft’s Internet Explorer 9 Release Candidate’s 231ms.

V8 BenchMark Suite.

V8 BenchMark Suite.

Writing in a post entitled “Faster than a speeding rabbit: speed, sync, and settings” on the Google Chrome Blog, product manager Jeff Chang and product marketing manager Li Chan described the GPU video acceleration: “Users with capable graphics hardware should see a significant decrease in CPU usage. In full screen mode, CPU usage may decrease by as much as 80%! This means better battery life so you can keep going and going like that pink bunny in the commercials.”

Beyond performance, the new beta adds a couple of other new user features. Users can now sync saved site passwords on multiple computers. The released version already allows syncing of bookmarks, preferences, themes, and extensions. The new feature also allows for encryption of the synced password if the user chooses that measure of extra security.

The Settings interface has been redesigned, displaying on the Web page area, rather than a separate dialog. This follows a longstanding trend in Chrome towards making every function look like a Web page—just as it does with History, Downloads, and Extension settings. Also new for settings is a search box, where you can just type in the function you’re looking for and set it on the resulting page.

The new version will likely make it to the stable release channel some time in the next few weeks: Chrome versions have been coming out at a pace of once every three months—more frequently than any other major browser. To try out the beta for yourself, head to the Google Chrome Beta download page, or change your current Chrome release channel to the beta on the channel changer page.

Overall, Chrome 10 beta brings a 66% increase in performance in the V8 benchmark over the current stable version (version 9). The boost is thanks to the new Crankshaft engine, which adds more aggressive optimizations to the V8 JavaScript engine. Opera 11.10 (codenamed Barracuda) on the other hand is at a very early stage right now. It adds support for Web Open Font Format and changes the behavior of the browser to be more compatible with other browsers.

With this the browser War heats up has never before..

=================================================
It’s been 2 years since I started this non-profit blog which is till my hobby over free time ;), but I never expected my readers would contribute over ~$4,700 so far to Social Vibe Charities towards Social Welfare across the world. So I once again Thanks all my readers for there generosity. Thanks everyone and have a great week ahead…:)

This week post is quite Funky and simple, I simply list the most Fifty common passwords you should never use, that’s it :)) Time and again, the attack on online sites of all genere be it social networking, internet banking, mail, etc show the risk of using weak passwords. An analysis of passwords stolen in the Gawker incident late last year also showed a similar pattern. Unfortunately, an analysis of the passwords stolen in the Gawker incident show that many people are choosing very poor passwords, that are easy for intruders to guess.

null

In fact, post Gawker attack, several websites like Google, Twitter, LinkedIn and Yahoo advised users to change their passwords. Security experts often warn users that using the same username and password for multiple sites may be convenient, but it can prove costly. Similarly, many internet users also use poor passwords that are easy for online criminals to guess.

According to security company Sophos, many users (33% according to its research) use the same password on every single website. This means that if their password is stolen in one place, it can be used to unlock access to other sites too. So here is the list of world’s 50 worst passwords. Time to go through them and make sure your password isn’t part of the list.

Top-50-worst-passwords

Top-50-worst-passwords

Also here is a tip on “How to foolproof your email password

Simply upper-casing your password can minimise a hacker’s chance of finding out your account.

A six-letter password in lower-case text takes a hacker’s computer just 10 minutes to crack. But make those letters upper-case and it takes 10 hours for it to randomly work out your password.

Add numbers and/or symbols to your password and the hacker’s computer has to work for 18 days. Despite widespread warning, 50 per cent of people choose a common word or simple key combination for their password. However, the security conscious among you may want to try this – choose a nine letter password that includes numbers and/or symbols as this would take a hacker’s computer a staggering 44,530 years to break.