WordPress Attacks

Distributed attacks on WordPress installations

In the last two weeks, the number of attacks on Word Press installations has increased exponentially.  At the root of this issue is the software’s handling of login attempts.  When a user tries to log in, the server processes that login check with a few database queries and log writes.  Unfortunately, out of the box the software will enable someone to attempt a password repeatedly without issue.  When this is done by several computers on one location at once, it’s only a matter of time until one of two things happens”

  • The password is guessed
  • The server crashes

In the first situation, the compromised installation is recruited into the effort, infected with a password-guessing script and folded into the distributed attack on other installations.  In the second, websites located on the affected server are either down or extremely slow.  With over 90,000 infected machines taking part in the attack and the startling number of WordPress installations on the internet today, you can see why this is such a problem!

 

A good password goes a long way

Good passwords are key.  As you’ve no doubt noticed, passwords have gotten considerably more complex over the years.  Few services will allow you to sign up with a simple 6-8 character letters-and-numbers password nowadays.  That said, a good password rarely contains real words.  Other things to consider including:
  • Capital and lower case letters
  • Punctuation
  • Numbers

Consider abbreviating a sentence you can remember.  For example, “My dog’s name is Sampson, and he was born in 2001!” could easily become: ” MdniSahwbi2k1!”  Though not perfect, this password is much more difficult to crack than something like “Sampson2001”  We can change a password for you during normal business hours.  Simply give us a call!

What is being done to protect my account?

Throughout the weekend, we took steps to integrate additional layers of protection to all WordPress accounts.  Initially, we loaded a simple plugin to all WordPress installations which limits the amount of times a single IP address can guess an incorrect password for a given account.  After a certain number of tries, that IP address is temporarily banned.  This drastically affects the ability of these attacks to guess and compromise new accounts.  None of our installations have been compromised.

We are taking additional steps to further improve security and ensure that this issue poses as little effect as possible to our customers.  We will be sending out a mailing shortly with additional information.

Feel free to direct any questions to our Facebook or Support email address.  Thank you.

Don’t be fooled by solicitations for DNS Services!

In the past two months, we’ve seen a distinct rise in the number of  customers receiving solicitations from DNS Services in Vancouver, WA.  These solicitations are misleading in that they present themselves more as an invoice than a sales pitch.  Typically they will identify you, your business and us by listing information on the nameservers we use to keep your website and email traffic flowing.  You’ll see something like:

  • HOST.EW3D.COM
  • NS1.EW3D.NET
  • NS2.EW3D.COM

Rest assured that these are not legitimate.  This company has a hefty stack of complaints on the site RipOffReport.  If you’d like to read more, a simple Google search for “DNS Services” will yield a mountain of information.

How did these people get my information?

As you likely know, your domain name — mybedandbreakfast.com — is secured with a yearly registration.  This registration includes your business contact information, and it is visible to the public.  The regulations governing use of this information dictate that it cannot be used for these sorts of marketing purposes, but this is a difficult cause to litigate.  Further, it is up to the registrars to take on the cause.

In the interim, you do have options.  Most registrars offer a private registration which makes this information invisible to the public, replacing it with a generic contact which can be used to contact you if the cause is legitimate.  While we will happily help you activate this service, we recommend against it.  Search engines do use the information on your domain name as a part of ranking your website returns.  As you know, every little bit helps!

Content Management System (CMS) video

We’ve just published a video featuring some basics of using our content management system.  Whether you’re a current user or simply interested in how the software works, be sure to check it out!

Got mobile? InnsMobile is here!

EW3D is excited to present InnsMobile!

In 2010 mobile devices accounted for 2% of traffic on the internet.  By 2011 that percentage more than doubled, finishing up at 5%.  In 2012 it was projected that this presence would be greater than 10%, but in fact hit 10% in April! 2015 is the predicted culmination point when mobile devices will account for more internet traffic than traditional devices such as computers and laptops.  In other words, mobile is not going away any time soon.

With this added platform comes a new concern for any business that relies on their website for marketing.  In all cases, a simplified and mobile friendly website is recommended.  However not all mobile devices are created alike.  Some can handle media rich content, flash animations and more without a hitch while others cannot.  Do you simply dumb down your mobile site to the point that it will work on older devices without taking advantage of the advanced features available on newer phones?

The answer:  InnsMobile!

InnsMobile is an exciting new product developed and maintained by EW3D.  With our easy to use interface, Innkeepers can log in and create their very own multi-paged website with simple, intuitive interface.  Add specials, photos, pages and more with just a few easy clicks.  Once your site is developed, you need only implement our detection software into your website, and then your new mobile site is live!  InnsMobile is simple enough that you can develop your own site in about an hour, but we do offer a premium service in which we’ll create the site for you within our engine.

The InnsMobile Difference

Unlike a Standard Web 1.0 website, InnsMobile is not static.  Our database detects over 15,000 different devices, such as the Apple iPhone & iPad, Android phones & tablets, Blackberry phones and many more.  Based on the device accessing your website, we deliver a mobile site that can best take advantage of the features available.  Simple, easy to use click-to-call functionality, email to a friend, and more can be found in all mobile sites while GPS-enabled phones can deliver guests right to your front door with only a click.  Because your mobile site is being delivered by our live, dynamic system it will evolve as new devices are released.  And, of course, you maintain the ability to log in and make changes at any time.

Yet Another Benefit to Being an EW3D Customer:

As a valued customer, we’re excited to present you with an exclusive promotional offer.  For a limited time, you can become an InnsMobile Premiere subscriber for only $200 for the first two years.  That’s a 60% savings on premiere accounts and 50% for standard!  This gets you the ability to develop your very own multi-paged mobile website which can be automatically delivered to guests of your website when they visit with a mobile device.  This is a $300 savings over the $250 yearly pricing plan being offered to the public for premiere listings.  Interested?  Visit us at innserver.com to learn more.  Be sure to follow us on Facebook for the latest updates, and visit our blog to view recent software patches and download our recent seminar on mobile websites which was delivered at the Mid Atlantic 2012 Conference in Williamsburg, Virginia.