Help! Facebook Spam Messages

Wow, that many people have viewed my profile on Google? Or wait…is it YouTube?

If you have received a private message on Facebook from a friend (and it could be a friend you trust!) with a video that says you’ve received an outrageous amount of views on Google or YouTube (or any other site) with your name on it, they all have one thing in common:

These messages are bogus

I have received several of these in the last few months, here is what they look like:

Look, ma, I’m famous! 595,902 views!! Or…not. This is just a clever phishing scam to get you to click on the link. It’s pretty enticing, right? DON’T DO IT!

What Happens When You Click On The Link:

The message is a scam. There is no video. If you click the link, you will be taken to a fake website designed to look like a Facebook login page.

“What is the harm in that”, you ask? This fake page, asks you to log into Facebook again. It looks identical to Facebook, but it isn’t Facebook. If you login through this page, the scammers steal your information and hijack your Facebook page. After they do this, they start sending private messages to your entire friend list like the one I’ve shown you in the picture above, with the same link you received. Once they have access to your Facebook page, they can post, send and link apps on your behalf.

Criminals can also use this or similar schemes to trick people into downloading malware or installing other apps and malicious browser plugins.

What Do I Do If My Account Has Been Compromised?

Try to secure your account as quickly as possible. The first step is to change your password. Go through all your security settings. It is quick and easy.

Secondary to that, go through your messages and let your friends know (those who were messaged) not to click on the link).

Facebook has some great help links, it is a good idea to see if anything else has been compromised. Most likely an app has been authorized and needs to be removed from your account. I

If you think yours or your friend’s account has been hacked, you can read more about that on Facebook’s help center here.

Free SSL Certificates via “Let’s Encrypt”

Today, security and privacy is more important than ever and because of that, more and more are choosing to encrypt their website traffic using SSL Certificates. We are very pleased to announce that all of our fully-managed shared hosting servers now provide access to FREE “Let’s Encrypt” SSL Certificates.

What is “Let’s Encrypt”?

“Let’s Encrypt” is a free, automated, and open certificate authority (CA), run for the public’s benefit. They provide FREE SSL Certificates using a quick and easy process that anyone can take advantage of. TrevNet Media servers are now fully ready to take advantage of this.

How does “Let’s Encrypt” compare to Commercial (paid) SSL Certificates?

From a technical perspective, “Let’s Encrypt” certificates and Commercial SSL Certificates achieve almost the same thing. There are, however, some significant differences you need to be aware of:

Commercial SSL Certificates

  • Commercial SSL Certificates are offered by a trusted CA like Comodo, GoDaddy, etc that provide all types of SSL Certificates.
  • You can also claim for warranty in case of misuse or data-breach.
  • They offer 24×7 online supports via email, chat or call.
  • Recommended for large or Ecommerce Websites.
  • Comes with trust seal/site seal
  • Every SSL comes with warranty (start from $10,000)

“Let’s Encrypt” SSL Certificates

  • “Let’s Encrypt” is a free and open certificate authority that offer Free SSL Certificates for 90 days.
  • Our servers will automatically renew these certificates for you.
  • You can secure your basic website only, but if you deal with online transactions, then it may not be sufficient enough to protect your website. However, “Woo Commerce” (The #1 Ecommerce WordPress Plugin) does recommend it.
  • Apart from this, the free certificate does not offer any warranty in case of misuse or data-breach.

In short; if you want a quick and easy way of getting your website SSL secured for privacy or security reasons, “Let’s Encrypt” is a fantastic FREE option for you. If you are an online retailer, or otherwise require the security, warranty, and support of a commercial certificate, this may be a better option for you.

Great for SEO (Search Engine Optimization)!

About two years ago, Google announced that they were using HTTPS as a “lightweight” ranking signal. If your search rank is really important to the success of your business, switching to HTTPS should help.

What About Certificate Renewals?

We have a process that runs every night to take care of this. It checks the validity of all “Let’s Encrypt” certificates, renews expired certificates, and attempts to issue new certificates for new sub-domains. The process is fully transparent and automated.

What Do I Need To Do Now?

If you’d like to keep your Commercial SSL Certificate, then there is nothing to worry about; business as usual.

If you are a current TrevNet Full Service Hosting customer and you’d like to take advantage of a “Let’s Encrypt” FREE SSL Certificate on your site, contact us to get started.


Sources:
https://www.quora.com/
https://webmasters.googleblog.com/


 

Are you sick of spam? We’re reducing email spam now!

Trademark300dpiThis week we are rolling out some new updates to our mail server which will help reduce the amount of spam being received by our customers. We’ve recently noticed an increase in spam over the last few months and decided to take action. This update will include a new settings panel in cPanel called “MailScanner Configuration”; here you can fine-tune how you want to handle a message when it is detected as possible spam. We went ahead and configured this for you and you should already be seeing a reduction in the amount of spam received.

You may start to see some emails come in that start with {spam?} or {Disarmed} but this is just the new spam blocking system working. You can delete these emails if they are spam or treat them as you would a normal message. If you have any specific questions or would like us to make some changes to your account, please contact us or open a support ticket.

We are always striving to improve the quality of service at TrevNet Media – and no one hates spam email as much as we do!

Heartbleed Vulnerability Update

heartbleedThe Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows information to be stolen that is protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

Services at TrevNet Media

We have been asked multiple times over the last week regarding our hosting infrastructure, your data, and our managed hosting servers. All of our effected servers have been updated and the security hole has been patched. Due to the nature of this security bug, it’s not possible for us (or anyone else effected) to tell you if your passwords may have been compromised since no data is logged. We can, however, assure you that all of our managed servers running OpenSSL have been updated since April 9th.

Heartbleed Explained

The problem affects a piece of software called OpenSSL, which is used for security on popular web servers. With OpenSSL, websites can provide encrypted information to visitors, so the data transferred (including usernames, passwords, and cookies) cannot be seen by others while it goes from your computer to the website.

Heartbleed exploits a built-in feature of OpenSSL called heartbeat. When your computer accesses a website, the website will respond back to let your computer know that it is active and listening for your requests: this is the heartbeat.

Check out this article to read more about how it works.

heartbleed_explanation.png.pagespeed.ce.jwNX4Q4jukSource: http://xkcd.com/1354/

What you should do

If you want to be on the safe side, we would recommend that you reset your passwords on any accounts you have with our services where you connect with SSL. While we don’t know if any data was stolen while any of our systems were vulnerable, it’s a possibility.

Over 60% of the internet was effected by this bug; this includes many popular sites you most likely use, or have used. Check out this list to get up to date. It includes websites like Facebook, LinkedIn, Google, GoDaddy, Netflix, Hulu, and more.

The Year of the Hack!

Some are calling 2013 “The Year Of The Hack”; it’s more important than ever to take the necessary steps to ensure your site is secure. Since 2008, almost half a million WP sites have been reportedly hacked and this number is sure to rise as WordPress gains more in popularity. Close to 19% of the world’s websites are powered by WordPress. By not keeping all of the plug-ins and themes associated with your site up to date, you could be potentially leaving it vulnerable to an attack.

Tips to reduce the risk of being hacked:

  • Keep software and all plug-ins updated
  • Remove all plug-in and add-ons not in use
  • Make security a priority when choosing a web hosting company
  • Use proper file permissions on your server
  • Use strong, varied passwords and don’t store them locally
  • Regularly scan your PC for malware

We are in an era where everywhere you turn, you hear stories of the latest hack, and it’s no secret that WordPress has received plenty of bad publicity regarding the topic. Recently, stories about hackers laying a massive, global siege on WordPress sites across the Internet have been everywhere. The main focus of these hacks was exploiting the default “admin” accounts and over 90,000+ IP addresses were involved in the attack. From this, companies scramble with their tail between their legs trying to patch up the security holes they swore never existed.

It should be made a general rule when owning a WordPress site to continuously stay current on the latest updates. Hacking aside, there are several additional benefits to keeping your website fresh and up to date. To put it another way, think about a car; you know the over-all cost of maintenance it is far less than fixing a problem should it occur. Keeping your website up to date, like your car, will be far less expensive in the long run and will give you more “mileage” out of your site.