What is cloaking?

/0 Comments/in

Cloaking is a technique where you provide specific text/information to Google that is not in your website.

The visitor will not see that text/information. But Google will!

Cloaking, used by “professionals and SEO-ers”

cloaking slecht plan

This technique (false trick) was used by many SEO practitioners and web agencies in the 2000s+ to make a website rank higher in Google search results.

Obviously, this technique worked for a short period of time and then had mostly negative effects on your website’s results and reliability in Google.

Google soon realized the trick and changed the algorithm and did double checks to see through the trick.

So how was cloaking used by “professionals and SEO-ers”?

Example: You have a web agency. Your website states that you create websites for 1500 to 2500 euros each. The page title is: professional websites from 1500 euro.

With cloaking you give Google false information.
The page title is then called, for example: The best and cheapest websites in the Netherlands!
And the description becomes, for example: Fast and cheap a good website? Professional and fast.

How does Google detect cloaking?

Google has several ways to detect tricks.
Periodically, special programs are run by Google to check website for hidden texts, cloaking, keyword spamming and the other 50+ tricks used by many.

When these tricks found in your website.

If the trick is discovered by Google the value of the domain, used to be called “Pagerank” will drop causing you to rank less high in Google’s search engine. From a 2nd, 3rd or 5th position on the first page of Google, you can just drop 10 positions, which means you will be in the 12th, 13th or 15th position. That’s the 2nd page that quite few people click on. You can lose so many website visitors because they simply don’t see you listed when they search for you or your services.

A lowering of the search position is the most favorable situation, if cloaking or other tricks are found to be used to deceive or rob visitors the website runs the risk of:

Being completely banned from search results

How cloaking is now used by hackers

Cloaking is the ideal way for hackers to get their own website in Google, on the back of your website!

Often cloaking is applied in 2 steps:

A redirect is made from your page to the hacker’s website, often to expensive (and sometimes illegal) products that the hacker – aka criminal – sells through a webshop.
The information for Google is modified, see example below:

Someone searches Google for v i a g r a, for example, or other e r o t i c products.
The searcher on Google sees a page appear with a great offer, but on your domain name.
When that person clicks on the search result, they are redirected to the hacker/criminal’s webshop. So there is another piece of malware involved besides cloaking, but if the hacker can cloak your website, he has usually also put a redirect through the Htacces, the database, or a link in your website.

But… if visitors are sent via your website to an unsavory website, then you will quickly notice!

No you don’t see that quickly, the hackers use different techniques to show you your own website and redirect other visitors.

Some examples:

a. One piece of code makes the redirection to the unsavory website not work when you are logged in.
b. Through a cookie or browser session, the redirection is only used 1 time.
In short, you see it 1 time and then never again. Usually you then think that you yourself clicked wrong the first time or that the problem is already solved.
But every new visitor does get redirected!
The rerouting trick is also not easily reported to you by your website visitors because they are reluctant to tell you that through your website they suddenly landed on an e r o t i c website….

Cloaking is a serious problem that is becoming increasingly common.

It damages your website’s reputation, but worst of all, you don’t realize it quickly.

Fortunately, there is 1 scanner that pays close attention to cloaking!
That is the scanner on this website: www.isithacked.com
Use the isithacked.com website if your revenue is decreasing, if your visitors report strange behavior on your website or if you notice that your website’s search results in Google show very different information.

PS: Chances are that Google is also going to warn you. But then you’re actually already too late….

How can you prevent cloaking?

You can prevent cloaking by not hiring cheap SEO-ers who make big promises for little money.

You can prevent cloaking by hackers by securing your website properly, or even better: have your WordPress website properly secured.

Good security is a profession, and intercepting cloaking and other tricks of hackers is even more so!

Report 2019 – Malware trends, tricks and techniques

/0 Comments/in ,

Sucuri has released an overview of the trends in hacks, hacking and malware over the past year. The overview counts 43 pages and is entirely in English.

But since we read through it anyway, we immediately share the various interesting points with you. In Dutch! We add our experiences, so you get a complete understanding.

Foreword: Without up-to-date knowledge no visibility into hackers & Malware

It is important to stay up-to-date in the ever-changing world of Malware.
Up-to-date knowledge ensures that you know what to look for.

2019 has shown that the techniques of hackers and the Malware they have developed are at an ever-increasing level. This is due to the capabilities of the Internet, but also because the loot is becoming more and more valuable. Websites are becoming more and more a part of our lives and income. WordPress as a platform is still growing.

Type hacks in 2019

Below are the trends in hacks, and especially the effects of hacks.

1 62% of hacks consist of SEO spam

wijzer

Links to web shops, link building or even flat advertising through banners in your website. This is what is most common: Ransomware – holding your website hostage to payment & defacing – modifying the style is much less common.

SEO spam, placing links in your website is completely automated. In every post and page a link, within seconds with a script that uses a leak or in 47% of cases via a backdoor: A backdoor placed during a previous hack.

2 Technical support with fake company names

Another common problem. What happens is that you see a (fake) notification on a website that the computer is infected.

telefoonThe notification appears to come from Microsoft or some other reliable company, you are shown a phone number that will “help” you get your computer back in order. NEVER CALL!
Fixing your infected computer is obviously never going to happen, at worst it will actually make adjustments that will make you need their service as a “tech company” more often.

Now you’re thinking, I’m not falling for that!

But another might, someone who gets such a notification when they visit your website well known and trusted, they might fall for it. (It’s mostly the elderly who get fooled.)

Of course, you don’t want to be part of that, you don’t want that virus notification from a fake company displayed on your website. It comes at the expense of your good reputation, even if someone doesn’t fall for it … they’ll see it when they visit your website!

The SEO spam and the fake tech notification are both highly undesirable hacks that you want to PREVENT. (And not to take out afterwards only when you finally discover the false information).

3 Credit card data theft

Sucuri has removed 2300+ scripts from servers & websites last year that used to steal and forward credit card data.

creditcard veiligheidIt just might be your credit card information! As ingenious as a WooCommerce webshop can work, hackers are just as ingenious when they steal credit card information.
Don’t underestimate that if you have a WooCommerce webshop.

4 Cryptomining

There is a large decrease in the number of scripts that prompted the visitor’s computer to mine crypto coins.

crypto

1 reason is the change in exchange rates, the drop in value and the antivirus software of computers that dealt with this threat very seriously. Cryptomining in fact led to increased CPU usage and in this way led to additional (power) costs for the website visitor.

Brief summary:

The above methods are only 4 out of hundreds. These are the most commonly used, but that doesn’t mean you won’t encounter other tricks.
In particular, fishing and reselling account information often runs parallel to these tricks.

Keep your WordPress website up-to-date, secure and if you don’t have a site but have encountered these tricks: be aware that even the most trustworthy website can be hacked and thus provide false information. Make sure you have a good Antivirus for your computer, that will prevent many of the trojans trying to install themselves on your computer.

 

Wat is Country Blocking?

/0 Comments/in

Country Blocking allows you to block visitors from certain countries. Those countries can then not visit your website.

[Press server]99% of all visits from abroad are from bots, these are not real visitors… it costs the server a lot of capacity to process the requests from bots. That’s why I recommend blocking large countries, provided you are sure you don’t have customers or visitors sitting there of course.[close-press-server].

When do you use Country blocking?

If your target audience, i.e. your potential customers are all from the Netherlands, it is advisable to block other countries.

Example: Someone from India or Russia will not become a customer just like that. But the number of hackers and bots harassing your website or testing for WordPress leaks is huge in those big countries.

Technical: How does the Country blocker work?

The Country blocker works with a database of IP descendants equivalent to a country. When the visitor meets a certain IP address, he will receive a notification that the website is not accessible, or if you have set up a redirect, the visitor will be redirected.
Because the database of IP addresses must be updated regularly (dynamically) this will not be done via the Htacces but will be processed by the relevant security plugin (wordfence) when your website is requested.

What is the disadvantage of Country blocking?

  • If your target audience or one of your customers is located in one of the blocked countries, they will not be able to reach your website.
  • Country Blocking works based on the IP address of a visitor/attacker, many individuals use a VPN – Proxy allowing them to trick security by pretending to be from another country.
  • Some services (Crawlers, Cloud services, Backup & monitoring tools) run on servers in other countries. Therefore, those cannot access your website for good purposes.

Which security plugin offers Country Blocking?

  • WordFence
  • iThemes Security

My experience with Country Blocking

I have only used Country blocking 3 times in the past 10 years. That was because a certain hacker group had set its sights on a customer’s webshop. It was necessary to block that country and several surrounding countries. This was necessary not only to stop them but especially to stop the auto-bots that were flooding the server with requests.

Cyber-attacks on your website, where do they come from? What is the target?

/0 Comments/in

Did you know that many WordPress websites are visited 3000x a day by bots? Where do these bots come from? And what is their purpose?

The guys at WordFence (source in English) see millions of attacks on websites come by, that’s because their security plug-in collects those from thousands of websites to keep the Firewall and protection of WordPress websites optimal.

This month they shared the top 5 countries where the most attacks on WordPress have come from in the past month.

  1. Australia
  2. Germany
  3. United States
  4. Ukraine
  5. Finland

These are currently not the standard countries where most cyber attacks used to come from, which was often China or Russia.

What does this say about the countries themselves? Not necessarily that more cyber criminals live here.

The number of cyber-attacks from a particular country depends on several factors

Consider:

  • Availability of servers.
    Attacks are done via servers, where the most powerful servers are located more can be achieved
  • The IP statuses of a country
    Good status is more reach
  • Unemployment
    More time and need for new (unfortunately illegal) income
  • The state of security
    A leak in certain software can provide access to many criminals
  • And sometimes a political situation
    Like a country where there is war, that is not only fought with weapons these days

What is THE PURPOSE of cyber-attacks?

Currently, WordFence reports that:

the (hackers, criminals) of the top five countries are all trying to access websites

Once you have access to the websites, a criminal can:

  • Share information with the world
  • Steal information
  • Make money from advertising, spam & black hat SEO
  • Make money selling access data
  • Make money using complex scamming methods based on the stolen information

Then, of course, the question: do cybercriminals just manage to not only attack a website but actually gain access to it?

Yes, there is always a percentage of the millions of websites that have a leak at the time an attack is made.

The attacks go on day-and-night, 24/7.
The moment your website contains a leak, a specific payload (script/set of code) will be unleashed on your website that will allow a cybercriminal to access your website.

For that reason, to the incessant flow of attacks it is necessary to use and otherwise install a good security plugin in your WordPress website.

This can be the free security plugin from WordFence, or the paid premium version offered by WordFence.

You can also use iThemes, which has a security plugin specifically for WordPress. Also a free version and a paid pro/premium version.

Want to make sure your website is up-to-date? Secure? Then let us secure your WordPress website. We have packages for small WordPress websites, WooCommerce webshops and for large WordPress websites!

Are attacks on WordPress websites a thing of the past?

/0 Comments/in

Every WordPress website is hosted by a web hosting company, a company with several server security specialists. Large web hosts employ IT professionals with 30-50 years of cybersecurity experience.

Many people with a WordPress website therefore assume that it is within the capabilities – and even responsibilities – of the web hoster to keep the website hack & malware free.

After all, the attacks are done on the website towards the server right? And malware + hacks eventually end up on the hoster’s server. Right?

In the video below (english), Mark Maunder, the Founder & CEO of WordFence – 1 of the largest WordPress antivirus services – explains that because of connection encryption (TLS), it is hardly possible for hosting companies to identify and/or directly stop attacks. Only the elaboration can be identified. But in many cases that is already too late.

ance attacks are constantly changing & the elaboration (payload, hack, malware) are constantly changing & there is still a piece of customer privacy and self-determination over the website & the server is made for performing tasks and not blocking… it is not feasible for web hosts to recognize, block, and remove all malware.

For that reason, as a WordPress security specialist, I still have work to do 😉

But WordFence has now launched an interesting service.

WordFence Intelligence

WordFence’s security experts see millions of attacks, and their effects, through the WordFence plugin.

Based on that information, they can fairly quickly determine which hacks & IP addresses come from hacked or rogue servers. They are going to make that information of those addresses and hacks available to web hosts via a WordFence Intelligence API.

Will that be a solution that will prevent all attacks and malware on web hosts’ servers in the future?

There will always be a 30-60 minute “wait time” between attacks, their processing and blacklisting/information.

So 100% protection cannot be provided by this tool for web hosting companies either, but it can address the biggest dangers. It can stop thousands of Web sites from being attacked!

And better yet, that thousands of requests on the server via changing ip’s are blocked faster which benefits server capacity and reduces power costs.

So a good development!

But who knows, maybe we will gradually move toward a time when massive attacks on millions of websites will become a thing of the past.

Until then, as a website owner, make sure that your website is at least protected with an antivirus plug-in with firewall, or better yet, have your website protected!