Softhird Consulting LLC - Blog

Scamming Freelancers

There seems to be failry new scam going around, and this one is targeting mostly freelancers and professionals who rely on the Web and social media to get majority of their clients.
I have not had any clue that it was going around until the day I was targeted myself.
It all started with a text message to my cell phone, claiming to be from a "hearing impared" woman who wanted to hire a web designer/developer.
After reaching back to her, I received the following email, describing the possible project:

I have small scale business which i want to turn into large scale business now it located in TN and the company is based on importing and exporting of Agriculture products such as Kola Nut, Gacillia Nut and Cocoa so i need a best of the best layout design for it. Can you handle that for me ?. so i need you to check out this site but i need something more perfect than this if its possible . the site would only be informational, so i need you to give me an estimate based on the site i gave you to check out, the estimate should include hosting and i want the same page as the site i gave you to check out and i have a private project consultant, he has the text content and the logos for the site.
1. I want the same number of pages with the example site i gave you to check excluding videos and blogs.
2. I want only English language
3. I don't have a domain yet but i want the domain name solidfarmproduce
4. you will be updating the site for me.
5. i will be proving the images, logos and content for the site.
6. i want the site up and running before ending of next month.
7. My budget is $4000 to $8000

Kindly get back to me with:
(1) an estimate
(2) your cell phone number
(3) And will like to know if you are the owner ??

I produced a quick estimate (very high level, as there was not much details in the email above) and asked for more specific information. Instead, I got an email back, telling me that she was ready to pay the balance as soon as possible, but only using a credit card. I got a bit worried, since I had never gotten a client in such a short period of time. Interestingly, she quickly mentioned that she would not be able to use PayPal, nor Square, but only some other, shady credit card processors. That gave me a big pause, as I knew something was not right.
I asked for some extra time getting my "ideas" together, and I started looking up some of the information on line. I quickly found a few places mentioning the same scam that's been going around recently. So I decided to have some fun with the scammers... I send an email back claiming to be heading up to Tennessee (that's where she calimed to be from) for business, so we could meet and discuss the details. This is what I got back:

I am presently recuperating from the diagnosis of lung Cancer and am still in the hospital

I think that ends this interesting adventure.

The lesson is: beware! There is always a new variation of the old "Nigerian Scam". This one is probably using stolen credit cards to force the unsuspecting business owners to overcharge and then refund some amount of money. The damage to your business is at this point mostly reputational and it might require some legal dealings with the credit card companies. However, there might be more elaborate versions of this scam which could affect your business directly. As always, what looks too good to be true, probably is.


Keeping Your Site Safe - Upgrading to Joomla! 3

One of the most important aspects of securing your computer resources, including your PCs, laptops, tablets and smart phones, is keeping all the software running on them as much up to date as possible. This includes updating operating system, application software and all of the plugins and utilities that we rely on in our daily work.

Your company web site is no exception in this process, as it probably runs under some sort of Content Management System, like Joomla!, WordPress or Drupal. While the maintenance of the back-end of your Web infrastructure should be left in the domain of your hosting company (make sure you use a reputable hosting company to ensure timely updates), you are probably responsible for the code running your web site and any customizations added on top of it.

Now, to the main point. Joomla!, being one of the most popular Content Management Systems in existence, is used to power countless web sites around the world. At the end of December 2014, its 2.5 codebase was retired, which means that Joomla community is no longer providing regular maintenance upgrades and bug fixes to the latest 2.5 version (2.5.28). This also means that if your site runs under Joomla 2.5, it will no longer receive security updates and might becomeĀ vulnerable to hacks and, as a result, to blacklisting on the major search engines.

Joomla community has prepared a nice guide to help webmasters and developers to migrate from 2.5 codebase to the latest 3 version. The process is not difficult, but it does require some knowledge of the back-end setup and, if something goes wrong, it might require some additional work to restore your site. The complexity also depends on the amount of third-party extensions that your site utilizes, as some of them might not be available for Joomla! 3.

If you feel that this migration is too complex to do on your own, or if you want to have a complete peace of mind and an assurance that your site's down time is kept to a minimum, your can contact us at Softhird Consulting LLC and we can help you with this very important task.

In any case, do not wait and upgrade as soon as possible if the security of your web site and your company reputation are important to you.


Don't Panic!

Having your Web site disappear from public view, because it had been hacked and Google decided to black-list it, is no fun. Your business suffers, your reputation suffers and your suddenly find yourself scrambling to fix something you have no idea about.
After all, you are busy running your business, and worrying about your technology stack (Web, IT, etc), is not something you want to do.
Prevention is the best option, and for that, check my previous post "When Your Site Gets Hacked", which basically boils down to: learn all about technology, or be prepared to pay. However, if you are faced with a site that's already compromised, there is a few things that help to minimize the damage. You can read about them in this great article from the Smashing Magazine blog: Are You Prepared Against A Hack?
Read on and be prepared... or get support from someone who know what they are doing.

Joomla! Security Focus

Joomla! Content Management System has had its share of security problems, as they all do. When you are working to implement and maintain a large software framework, it is inevitable to introduce security bugs and to have exploits pop up here and there.
As I have been around Joomla! system for almost 10 years now (back when it was called Mambo CMS), I have noticed how serious the core team has became about security and problem resolution.
Just in the last few months, Joomla! security team has released a number up updates to the core system, after discovering bugs affecting software security. Not only the bugs were quickly discovered, but they were equally quickly patched up as new versions of Joomla! were released.
However, all this great work means nothing, if the sites that utilize Joomla! are not patched up as fast as the core code. This job falls on us, the Webmasters and technical consultants, running those sites and portals. One way to ensure that your are up to date with Joomla! security news is to monitor Joomla! Security Center, which provides up-to-date information on important bugs and fixes to the community.
Most imprtant: keep your sites up to date... update often and make sure your third-party components are secured too.


When Your Site Gets Hacked

So, you are running a small business, and some (if not most) of your income comes from your Web site. It could be in a form of actual merchandise sales, or as referrals for service. Just a few years ago, a company Web site was perceived as a cheap alternative to advertising and as a quick way to get a new sales idea on line. Most of the small businesses either did not have revenues to invest in it, or just did not want to, cutting corners at every opportunity. Web sites built on the cheap started popping up all over the place, and the fact that most of the hosting companies have advertised extremely low cost plans, had not helped. In addition, the popularity of easy to customize Content Management Systems (CMS), like Joomla, WordPress, or Drupal, just to name a few, enabled almost everyone to create a site and start selling and advertising for very little money.
Fast forward a few years, in which most of those businesses failed to have a viable strategy to keep those sites updated and secured, and you have a recipe for disaster, in this case a blacklisting by Google.
If you running a site on a shared server (like most of hosting plans), and you have anything more complex than a simple HTML, it's just a matter of time, before some automated script takes interest in your code. You are probably a bit luckier, if you had a budget for a good programming team to build you a custom site. "A good programming team" is a key concept here, since poor coding can be as bad (if not worse) as an outdated CMS. If you decided to use a CMS, hired a team to customize one for your needs, and then cut your maintenance costs down to zero, now you are in much more difficult situation. Content Management systems are excellent for both the initial build of a site and for a subsequent maintenance, since they give you a wide range of customization options, plus allow for almost unlimited functionality extensions, however, they give a false sense of security to the end user. Most of the small business owners will pull any additional resources from their Web project after the initial build, happy that the site runs itself, safely and securely. Unfortunately, the reality usually catches up rather quickly, a few software releases later, when a widely known security hole is not patched up and your site gets hacked. If you notice it fast, and fix it, you might be lucky enough to be the only one to know about it. If you don't (and most of the time you don't, because you are not paying anyone to run you site, so you have no idea), within a few weeks, your site gets blacklisted by Google, and your business disappears from the search results, or even worse, it shows up with a big warning not to visit it.
This is increasingly common scenario for many businesses, as the very underrated and forgotten security on the Web, has been getting wider and wider attention in the past years.
There is a very good overview of the problem on the CNN's business site: Google's dreaded 'blacklist'
What's the best solution?
There is no simple one at this point. As with everything else in business: you get what you pay for. If you want low cost, you are probably not going to get a lot of freedom to customize, and you might have to learn a little, so you can do things on your own. If you need a lot of options and customizations on your site, you need to pay for it, either with your own time and skills, or by hiring someone who knows not only software, but also software security. If you think you can get it all, cheap and high quality, you are denying reality, and, as always, reality does not care... it'll run over you and your Web site sooner, or later.


Page 1 of 12