- Website Design, Development & Marketing

Strategies Security Alert

Strategies Security Alert

We have noticed a number of high profile security issues coming to our attention. This document outlines our basic advice to customers on accessing and managing web sites especially Jobboards that have a high profile with hackers.

1. Strategies will never send you an email asking you to download software to update your system. We have seen examples where admin have received unsolicited email pretending to be from a site administrator address. These emails typically ask people to help us carry out a system update or security audit by running an attached file or downloading a file from a provided link. Strategies will never send out emails to customers asking you to do this and if you receive such an email you should forward it to itadmin@strategies.co.uk and then delete it from your inbox. You should also be able to confirm the true sender of the email by viewing the message headers on the email. It is very easy to spoof a “from” address but viewing the headers will show the true sender of the email. If you could also forward to us these headers so that we can block the sender from our systems it would be much appreciated.

2. Any PC accessing the admin or management part of our system must have up to date anti virus software and anti-spyware installed. A specific area we would ask you to take note of is people being infected with key loggers where a clients PC is compromised and all the keystrokes used are sent to a 3rd party. This would enable this 3rd party to access any websites that you have visited. A good anti virus or spyware tool should prevent this.

3. We also recommend using strong passwords for any admin or client logons that you create for your website. We have had previous instances where a hacker has managed to deduce the logon details from publicly accessible information such as company name, contact details, email address and then access that clients account. Passwords should contain a mixture of lower and uppercase characters as well as numbers. The longer the password the better. Please refrain from using site or company names within the password if at all possible and always change the default logons that we give you when your site is first created to something more secure.

4. Please do not use the same password and email address for all your website accounts. If a hacker has found out your password and email address then they will most likely try to use these details on other popular websites such as ebay, PayPal, facebook, banking etc.

5. Always ensure that when you are logged into any of our websites and you leave your desk for any reason that you lock your computer.

6. If a virus or spyware does infect a computer you are using then please inform us immediately.

7. There should be no links to the admin system login page or any other admin page placed anywhere on your site or indeed the Internet. This should include any pages you create with a content management system. You should also never allow unauthorised people access to the administrator account on your site or send electronic communications containing logon details to unauthorised users.

8. You should never share admin so you should always create unique administrator accounts for each user that uses the system. In this way we can identify which administrator account has been used to access the site if a security breach does occur.

9. In the latest versions of the jobboard software we have introduced numerous in-built security features to reduce the amount of risk that you as a site owner and we as a systems provider are under from malicious users. For example we regularly have over a thousand logged hack attempts on our jobboard server a day. We have found however that site owners have requested that some of these features be turned off for various reasons. In future we will not be able to automatically comply with similar requests due to the nature of the threats we are facing. These features have been designed to auto-detect certain threats and ban users automatically for certain behaviour we deem unacceptable. For more information you should read the document contained within your sites online help system.

10. If you think your web site has been compromised in any way please inform us immediately. Please provide details of the URL, user accounts, IP address, details of what the exploit is and how it happened along with dates and times if possible.

Important Notice for Jobboard users

If you are using our most recent version of our software you may find some issues when logging in as administrators due to a change we have made to make the login process more secure. We have made both the username and password on the admin logon page case sensitive. If you have stored usernames or passwords in your browser cache, which are not case sensitive, then you will need to clear the AutoComplete cache for that logon page so that you can re-enter them correctly.

Firefox users:

Tools > Options > Security > Saved Passwords > Remove the password for the site in question

Internet Explorer users:

Tools > Internet Options > Content > AutoComplete > Clear Passwords

Article added: 28 October 2009

Franchise Opportunities

Web Design and Development Franchises are now available across the UK.

Join our growing team of successful business franchise merchants.

Our People

Strategies Management Team

Meet the Team

The Strategies team is made up of a diverse mix of web designers, developers and project manager. Meet the Strategies management team.

Join Us

We are always looking for talented individuals to join our team of web designers, developers, sales people and project managers.

If you think you can make it in an ever-changing environment, send your cv or view our web design and development jobs.

Strategies is an equal opportunities employer.

+44 (0)1276 701200

Strategies Group Ltd

2 Albany Court
Albany Park
Camberley
Surrey
GU16 7PL

tel: 01276 701200
fax: 01276 701202

email:
web: www.strategies.co.uk