Archive for May, 2018

Removing Annoying Adware From Your Computer

Wednesday, May 23rd, 2018

Adware is one of those intrusive things that seems to have just “happened”. Of course, early computers weren’t often connected to the internet so the chance for annoying Adware to appear was a lot less. Unless you had the misfortune to use an infected floppy disk, you were probably OK.

Then came the turn of pop-up adverts but with the advent of pop-up blockers the adware companies have had to resort to other ways to get our attention. If most people block pop-up adverts most of the time, what’s the point in using them?

Some pop-up adverts are still unblockable – they just appear on your screen, sometimes below your current browser window, sometimes occupying the full screen. Most times you can just click the “close” button, but it’s still annoying. After all, why should anyone have the right to take you away from the current web page you’re viewing? It’s the internet equivalent of cold calling on the telephone and is enough to make you growl!

Adware gets worse when it starts to slow down your computer. The most intrusive is difficult to uninstall, such as programs that display random adverts and crash your browser in the process.

If you know exactly when the Adware installed itself, you may be able to get away with doing a Windows System Restore to a point in time before the Adware affected your computer. Always assuming that the Adware didn’t install itself with another program that you actually wanted.

Sometimes you can get remove Adware by paying an upgrade fee. Browsers like Opera work this way – you can have a free copy, supported by advertising, or you can pay a small fee and get rid of the adverts. Or you can change to an alternative program that doesn’t inundate you with adverts – this is easy with a web browser but may be more difficult with a more specialist application.

The next step in Adware removal is to do a search on the web for instructions. If you’ve been infected by a fairly common piece of software, this can be a viable option. But it still frequently involves delving around in the Windows registry, which is a dark and scary place (even to some geeks) and if you get something wrong you can destabilize your computer further.

Alternatively, you can get a piece of software to do the hard work for you. This has the advantage that – providing the software has been programmed correctly – it should be reliable and a simple process. Adware removal software is available free or fairly cheap. The free programs like Spybot Search and Destroy work well but you usually have to remember to run them.

If you’ve got more than enough things to remember already, it’s worth spending a few dollars on a program that will work away in the background of your computer in much the same way as your anti-virus software does. Incidentallt the only reason I can think of as to why most of the anti-virus companies don’t check for Adware as well is that they can sell us another program. But that’s life.

Did your site get hacked?

Sunday, May 13th, 2018

Before asking for help, you have to be sure that you aren’t crying wolf about a hack on your WordPress. In the past, several administrators have reportedly contacted anti-hack centres because of a suspected hack threat. However, your WordPress may either be misbehaving due to spam messages. There is a huge distinction between a hack and a malfunctioning site.

Signs that your site has been hacked

  1. When either the header or footer of your WordPress contains illicit ads. Such ads are about drugs or pornography. The penetrators of this act inject such pages without any presentation. Therefore, the ads may be invisible to the human eyes because it takes the semblance of dark text on a dark background. Fortunately, search engines can spot these.
  2. Using example.com as an instance, replace the handle with your site name. Then, paste in the Google search box. If you find malicious contents that aren’t recognizable, your site may be in trouble.
  3. When your audience send reports for spams or are redirected to a malicious website. This can be tricky because perpetrators can recognize you as the site administrator and probably hide the malicious content from you. The spam messages are only available to site crawlers, hence open your site on another account.
  4. When your hosting provider detects spamming or malicious content, they will send you a report. For instance, you may be sent a report about a spam email that is linked to your website. The mechanism lies in the ruse of the perpetrator by redirecting people to their website, using your link as a host. This is because your WordPress link, unlike theirs, can avoid spam filters.

There are many websites on the Internet that can detect such hacking problems. Therefore, research and attention are important tools to surmount the problem.

The importance of backing up your site

The first confirmed sign of a hack should urge you to back up your site without fail. By using a backup plugin or FTP, you can download a copy of your WordPress content. The reason for backup is because it helps you mitigate the risk of losing data to your hosting provider that will most likely delete content of your site when they file a report. This is a standard process that protects other systems from the infectious content on your WordPress.

Website database back up

As this is a priority, your website database must be protected. On completing this step, you can proceed to the cleanup process since you have a replica of your site in your possession.

Just before you clean your WordPress, here are some rules

You will not lose data by deleting plugins, wp-content, and directory. When you reinstall these plugin files, WordPress has an automated system which detects deleted plugins before disabling them. However, you must delete the directories in bulk and not just corrupted files.

In the themes/wp-content directory, there is always a theme directory dedicated to the site. You can spare this file when deleting other directories. A rare case is the ‘child theme’ which is a duplicate of the themes/wp-content.

Files which hardly get new files are wp-admin and wp-includes. Thus, these are the first files to detect hacking because they are mostly empty. When you find something new, it may be time to pull a hack alert.

Also, WordPress has routine backup and installation modules. Usually, most backups can be found in an easily accessible subdirectory called ‘old/’. While your main site may be secure, hackers can break down your backdoor and infect the main site.

Therefore, installations on WordPress should never be left on the site. Upon hacking, they should be discarded immediately before the malware spreads.

Who And What Is Coinhive?

Saturday, May 5th, 2018

With the value of cryptocurrencies skyrocketing, hackers are continuously seeking means to exploit web services owned by businesses. In this brouhaha, no one is spared. Government-owned websites and cloud service providers like Amazon and even yours could be hijacked by a cryptocurrency miner to mine currencies for free. There are many ways hackers are going about the cryptocurrency gold mine, but coinhive will be the primary focus of this piece.

What is Coinhive?

Coinhive is a JavaScript cryptocurrency miner that has been continuously abused by hackers. Hackers exploit a vulnerability in a website such that every time someone views the site, it anonymously mines cryptocurrency by stealing the processing power of the web visitors. The cryptocurrency miner itself is a legitimate software but has unfortunately been abused by hackers who are looking to earn a living to the detriment of unknown persons.

The JavaScript cryptocurrency mining service depends on a small chunk of computer code, created to be installed on websites. It works by using the power generated from any browser visited, propelling the machine to mine Monero cryptocurrency. The general idea of this software release was a means for Web site owners to make a living without running into intrusive adverts. However, shortly after its official release, Coinhive has been ranked as a top malware threat.

What Happened?

Thousands of websites were hijacked by a cryptocurrency miner, making web visitors a tool to mine digital currencies. It was discovered that Coinhive was at the center of this misdemeanor. Mining cryptocurrencies consume a lot of power; so why absorb so much and pile your bills when you can have numerous people do the work for you? This was the case. The plugin allows websites to anonymously use visitor’s computing power, while they mine for the cryptocurrency. In this case, they mined monero and not bitcoin.

Why Monero, and not bitcoin, the King of cryptocurrencies?

Although bitcoin is the most sought after cryptocurrency, hackers prefer to mine Monero because transactions are virtually untraceable. Monero was created with the same purpose as Bitcoin where transactions occur without a central authority involved. Many people hold a common misconception or belief that bitcoin is an anonymous currency. This is the case. Balances and transactions are connected to the users’ wallet address. As such, operations can be traced to wallet addresses, making it easy to track down hackers or criminals.

It is the contrary case with monero. This cryptocurrency has a more significant anonymity signature. Unlike blockchain wallets, monero wallets are protected by viewkeys. It implies that only the owners have access to their transactions, making it a safer and more discreet option for hackers. There is no way a third-party can intercept transactions between two people.

Hacking Implications

This version of coinhive runs without your knowledge, draining your system’s battery. It works in the background without notifications or permissions from whoever. Aside from wasting your system’s battery, what other implications are there for it? As earlier stated, mining digital currencies consume a lot of power and so can put your system in harm’s way without you detecting the cause of the problem. Some of the implications include:

  • Affecting your machine’s performance, making it run slower than expected. When the fans are kicking, and hardware is working more than usual with the CPU operating more intensively than usual, the machine is bound to fail.
  • Damaging your device. Running at full speed all the time is not ideal for a machine, so you should be careful.
  • Outrageous power consumption, which will make your electricity bill to skyrocket. This, in fact, is the principal reason hackers install these plugins to mine their digital currencies for them.

Worst of all, you don’t get to see the money because the hackers are diverting the currencies. In other words, you are an anonymous making machine for some unknown persons. They use your system and your power and still take the proceeds, leaving you with more bills to pay.

Is there a permanent Solution?

Hackers rely on loopholes in the system to perpetrate mayhem. The reason why government own websites were hacked is that they noticed a vulnerability or inadequacies in the system. A lot of people do not bother to protect their sites from internet fraudsters. It’s a wakeup call for website owners. The easiest way out is to install antivirus software or antimalware programs.

Regardless of how tech-savvy you are, you must ensure your system is equipped with a suitable antivirus software to protect you from hackers. Remember they use the backdoor to install the JavaScript plugin, working in the background, so you don’t notice. An excellent antivirus tool will detect the spyware, notify you with popups so you can proceed to block them from accessing your computer system.

Does Coinhive Benefit from The Hack?

This JavaScript cryptocurrency miner appears to benefit from the hack. It takes a 30% share off whatever amount that is mined using its code. Although It was not intended to be exploited, coinhive automatically takes a percentage every time an amount is mined regardless of whether the site gave its authorization or not.  The code has a unique cryptographic key that indicates the user to receive the other 70%. Little wonder why coinhive has been reportedly slow to act.

What Measures Have Been Taken?

Coinhive accepts complaints reporting abuse from but ignores grievances that do not come hacked websites owners. However, they respond to abuse complaints by nullifying the key tied to the abuse, and this does not issue a lasting solution. Instead, it begins to keep 100% of the digital currency linked to that account. The only person losing out is the hacker and you. According to Mursch, invalidating a key does not automatically disrupt the mining process. The code keeps running in the background and coinhive takes it all, leaving the hacker with nothing. In simpler terms, the problem remains the same- your system is still running at risk, and you still have a pile of electricity bills to pay.

As the case may be, coinhive claims that the organization is working to fix the current situation. It stated in an email that a user cannot delete a site key and that they were currently working on a mechanism to disseminate the invalidation of a key to their WebSocket servers. In response to the criticism, it released a code called “AuthedMine” which will prompt miners to seek authorization from website owners before running the cryptocurrency mining script.