was successfully added to your cart.
Monthly Archives

April 2017

How my Dreamhost Hosting account almost got hacked

By | makeweb

When I got this email from dreamhost hosting I went into panic mode. Because on the first glance this email looked pretty authentic as if it came from  Dreamhost hosting. I am with Dreamhost-hosting for some of my blogs and websites  and I had just got an email from them saying that I had requested to reset my admin password on my hosting account.

secure yourwebsitehttps://en.wikipedia.org/wiki/Phishing

I was pretty sure I did not do that at all, so I went into panic mode thinking somebody was trying to mess around. I knew there were hackers out there that exploited similar type of flaws in some login pages and wordpress websites  to gain access to your account, and so I panicked even more without checking the urls of the pages mentioned in the email.

Here is snapshot of the email i received

1.

email from dreamhost servers not

2.

phishing email from scammers

As you can see from above image

    • Email in inbox looks genuine
    • Sent fromemail looks genuine
    • Broken logo image is a bit of a giveaway of scammers
    • Url that has extension of wkpc.net is scammer giveaway as official website is https://www.dreamhost.com/
    • signature url for website has two .com.com in url  ..(spelling mistakes often made by scammers)

 

Website Security: Avoid Clicking On Suspect Emails

Turns out it was a “phishing attempt” as confirmed by Dreamhost support which was pretty prompt in getting back tome  I got a reply within 12 hours  telling me it was a scammer and not click any urls in that email. Wish  their response was a little bit quicker, but it turned out to be a phishing attack anyway, and i had not clicked any urls or attempted to reset  my password using that  emails links so  I was safe

I am pretty well versed with security IT and computers so I just panicked and failed to find out the flaws in the scam/fraud email in first glance. Which was really very evident , these scammers went one step further than most, the first thing I usually check with scam emails is the sent from email, which is pretty easy to do with Hotmail. Just click more details under the email button and it show you the senders email address.

Normally scammers email will default to some Hotmail , gmail address Or anything with random 1320-@hotmail.con address email rather than an official website address email. This ender email had a domain similar to my hosting account provider address, ( starting with dreamhost)but except that this one had a .net extension rather than a .com in the end .

dreamhost hosting 2016 (2)

Anyway just to make sure before i clicked any links in that email , I immediately forwarded that email to dreamhost with the page/email content, and the normal  ticket support came back to me later that day with response it was a phishing email . I had also sent a email to abuse dreamhost support email , and they came back to me later next day confirming that it was scammer email.

Turns out it was good, that I did not click that link and reset my password otherwise those scammers would have my real login email/password  and got access to all my websites. Thanks Dreamhost for the awesome support . I Have been with dream host for the last 7+ years now with some good service and support  from them , I rank them pretty high up there now with my other hosting service that I use like Bluehost, Hostmonster, Godaddy and Hostgator. You can go check out their (dreamhost  prices over here ) if you are interested in starting a blog, they also now have 1 click quick install for starting a website.

However  what i realised from this is , there will always be online criminals or hackers trying to get into your website for all the wrong reasons, and so it is also good to take a few precautions and beef up your website security.

Below are some good security plugins that you can use for you wordpress website to increase the security for your website. These word press plugins is good at  making it harder for unwanted people/criminal  trying to access your blog illegally , but you still have to be very careful that you don’t click links in fraud emails and send  your login and password  to scammers like these.

Security plugins for your wordpress website

 

Sucuri wordpess plugin

https://wordpress.org/plugins/sucuri-scanner/

The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.

The Settings page allows you to configure the website to your preferred security needs. Some of it’s features include changing the email notifications, via the notification settings tab or disabling integrity checking

Wordfence wordpress plugin

https://wordpress.org/plugins/wordfence/

Secure your website with the Wordfence security plugin for WordPress. Wordfence provides free enterprise-class WordPress security. Wordfence Security is 100% free and open source. You can find thier official documentation at docs.wordfence.com and our Frequently Asked Questions on our support portal at support.wordfence.com.

The Wordfence WordPress security plugin is full-featured and constantly updated to incorporate the latest security features and to hunt for the newest security threats to your WordPress website.

Login lockdown

https://wordpress.org/plugins/login-lockdown/

login lockdown for wordpress security

Limits the number of login attempts from a given IP range within a certain time period.

Installation of login lockdown

  1. Extract the zip file into your plugins directory into its own folder.
  2. Activate the plugin in the Plugin options.
  3. Customize the settings from the Options panel, if desired.

Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range.

Good Luck and stay Safe!

Whats new with dreamhost  ?

  • Secure your online brand with popular TLD extensions: Register a new .COM for $11.95, .STORE for $3.95, .TECH for $7.95, or grab a .XYZ, .LIFE, or .ONLINE for just $2.95! Sales prices 1st year, new registrations only. Git support is available in DreamPress through an SSH user connection.  REMIXERNEW! is our easy, click-to-edit website builder—free with any standard hosting plan! Build, edit and publish professional web pages on the fly!
  • .BLOG domain names have arrived! It’s a brand new TLD that’s perfect for your blog with tons of available names. Don’t wait, the good ones are going fast. Search Domains Now

This post on twitter