Jolly Good Websites for Reading Businesses Established October 1999
Tel. 0845 6445513 (national) Tel. 0118 9507617 (local)

Tuesday, 21 July 2015

Added Wordpress Security - Protecting Our Servers Against Brute Force Attacks

Protecting Our Servers Against Wordpress Brute Force Attacks 

No matter how secure your password, you're still not safe from a brute force attacker.


In common with a lot of web hosts, we've been finding recently that Wordpress login pages are often falling victim to so-called "brute force attacks" where the site is bombarded with log-on attempts, often many times per second, in the hope of gaining access to the site through sheer fluke by using a combination of commonly-used letters and numbers.

Wordpress is of course a victim of its own success in the sense that there are so very many Wordpress installations around the world, making it an obvious target for hackers.

We always encourage customers to use complex passwords that would be near impossible to guess. However, this in itself does not negate the effects of a brute force attack, because while the attacks go on, the performance of the site - and in turn the whole server - can be affected. If it goes on long enough, the server will almost certainly grind to a halt eventually and will need to be reset.

With this in mind, we're installing and testing plugins on our customers' Wordpress websites free of charge to help tighten up security.

The only difference you will probably notice is that you'll now be asked to complete a "captcha" form when you log on. Thanks to the new plugin, if more than three unsuccessful logon attempts are made in the space of five minutes, the originating IP address will be blacklisted.

It goes without saying that whenever you log on to your own Wordpress website, you ought to check your records to ensure you're using the right password if you're not 100% sure of it, otherwise you may find yourself a victim of your own website security protocol. But don't worry - if that ever does happen you can just let us know and we will of course remove your IP address from the blacklist.

We can only apologise for this small added inconvenience, but hopefully you can understand that the right course of action is to try to protect everyone sharing our servers from these potentially catastrophic attacks. We've downloaded and played around with a variety of different security plugins and we hope we've identified the best balance of protection and user-friendliness, but of course we welcome your feedback.

Tuesday, 14 July 2015

Recovering data from a broken mobile phone

Broken mobile phone? The Gadget Lab has four little words to reassure you that it's not the end of the world.


Recovering data from a broken mobile phone

As part of my work with Wildfire HQ I am working for a fascinating, albeit anonymously-named company called FMS Group, which specialises in what's called "forensic digital investigation".

Big Brother Stuff

FMS works with law enforcement agencies to extract evidence from mobile phone handsets that might be used in a criminal investigation. For example, engineers can examine the data on a phone and, when combined with data and call records from mobile phone network operators, they can tell you where a phone was located when a text message or phone call was made or received. Those engineers can then act as expert witnesses to give evidence in court under oath if necessary.

In their video presentation (see below) you can see how the movement of a phone in a criminal case in Preston could be cross-referenced with images from traffic cameras to identify the licence number of a vehicle in which the mobile phone user was travelling. It's very clever, Big Brother stuff.

Introducing the Gadget Lab

Unsurprisingly, customers of FMS Group tend to be organisations such as the Crown Prosecutor, law firms, the defence industry and large corporations. But FMS has launched a new online service called Gadget Lab which is aimed squarely at you and me - which is to say, you and me when we're having a very bad day.

When your mobile phone, tablet or iPod has broken and you're unable to access some vitally important contacts - or irreplaceable photos and videos - then you need someone you can trust to retrieve that important data for you.

Four Little Words

The Gadget Lab website has a friendly and approachable designed to reassure us when we're feeling desperate. The site's opening message is four very encouraging words: "All is not lost". Even if your phone is broken beyond repair, it's often possible to retrieve your data. So, if the worst happens, you can pop your phone in a padded envelope and send it off. Gadget Lab will charge you £24.99 to assess the device and if all you want to retrieve is something text-based, like messages or contacts, then that's all you'll pay.

Four Big Services

Gadget Lab offers four main services. They can rescue your data, they can remove or reset forgotten passwords for about £50, they can transfer data from your old device to a new one for £45, or they can fix your mobile phone. Or some combination of the above, depending on exactly what's wrong.

Mobile phone repairs are of course sometimes impossible and often less than cost-effective. In some cases, you could spend so much money getting your phone fixed that you might as well buy a new one. But Gadget Lab can fix a dodgy USB port (which will cost you somewhere in the region of £40) or broken iPhone screen (£70 or thereabouts) or get the battery charging when it's stopped taking a charge (around £30, depending on the make and model).

Super-Sleuthing Boffins from a Data Detective Agency

Whatever happens, if your phone or tablet needs mending, no one can tell you how much the repair is going to cost unless they've examined it in person. One of the FMS engineers will look it over and assess the problem and give you a fair price for repair, including the best quality spare parts where necessary.

And with Gadget Lab, your device gets the attention of a qualified boffin employed by a super-sleuthing forensic mobile data detective agency. How cool is that?