Wordpress Redirect Outlook Phishing Attack

Added on August 20, 2021

Our partners at Astra Security have discovered yet another vicious attack on Wordpress websites. If you own a Wordpress website and you aren't using Astra Malware security protection, it's time to do so!

Let's take a look at their report:

Although it is one of the most common attacks on WordPress, WordPress redirection hacks never cease to surprise. In a new strain of the hack identified by our security engineers, the malware redirects WordPress website to phishing pages of renowned companies such as Microsoft’s outlook, security, and antivirus companies as well as known malicious domains such as

  • travelinskydream[.]ga
  • track.lowerskyactive[.]ga
  • hxxps://pipe.travelfornamewalking.ga
  • hxxps://greenlinetask.me/w_15.js

and several other domains that we previously saw in the Buyittraffic WP redirection hack and Digestcolect redirection hack. We have seen a large number of WP sites increasingly getting targeted with this attack.

What does the actual redirect attack look like?

When you click on the infected website’s URL, it takes you to the legitimate Microsoft Outlook login page with hostname https://login.microsoftonline.com/ (see picture below).

Microsoft Outlook Phishing Attack

When unsuspecting users authenticate on this form, they are then presented with a permission requesting Add-in – inserted/modified by the hacker – to gain apex-level access to their outlook account.

Microsoft Outlook Malicious Phishing Attack

The hacker also presents other fake pop-ups emulating security and antivirus software prompting to scan their device for malware as depicted below:

Applecare Phishing Attack

Clicking on the Scan Now button can reveal your sensitive details to the hacker or give him complete access to your device.

Browser Notifications Phishing Attack

The Technical Breakdown

The hack, like most WordPress redirection hacks, involves an injected malicious JS script.

The following script is just an example of the JS script we found on the database of the infected website.

As you can see, the script adds a redirection URL to hacker known domain ‘track.lowerthenskyactive.ga’.

Hacked Wordpress Admin

On close investigation, our security team also found the following script injected into almost all .php files inside wp-content (plugins/themes) directory of the infected WordPress website.

Besides, all the .js files were also heavily infected with the following obfuscated code.

which decodes to –

Have you been hacked?

  • If your website is also redirecting to any of the mentioned phishing pages, you have been hacked with the office-365 malware.
  • If you can’t log into your WP backend, that’s another sign of the hack.
  • If you see unfamiliar and suspicious-looking usernames in your WP admin panel, it is probably the hackers’.

These are some other common hack symptoms that you should look out for here. We have compiled the most common hacked symptoms seen on WP websites here.

Or you can just scan your website with a malware scanner to confirm the hack. Here’s how Astra’s machine-learning powered Malware Scanner flags malware on websites:

Astra Malware Scanner

How to repair your website

The best solution, if you are confused about how to deal with this hack, is to hire a professional security team. Astra Security has helped thousands of websites get out of a hack safely. We take care of the matter end to end and in record time (<6 hours of your sign-up).

If for any reason you can not hire a security team, start with taking a backup and changing all the passwords (WP admin panel, database, etc.) if you still have access to your website.

Next, download the checksums of the core WP files and compare your current files with that. If it doesn’t make you lose a lot of work, replace the files altogether. Otherwise, check for unfamiliar changes and undo them. However, be very careful doing this as you may also delete a benign piece of script mistakenly.

Next, check the database tables for any rogue insertions.

What to do after you've restored your site

After your website has been restored, ensure it becomes as hack-resistant as is possible.

This is how you can do this:

  • Check your website runs on the latest versions of WordPress and other complementary software and extensions.
  • Set up a regular backup routine. You can use a WP plugin to make this easier.
  • Set up a website firewall. A firewall monitors your website round the clock and blocks known malicious traffic from reaching your website.
  • Set up timely malware scanning to detect malware/intrusions before it’s too late. A daily malware scanning is ideal and recommended.

When is the last time you reviewed the security of your business and/or personal website?

Added on July 24, 2021

If you’re like the majority, it’s very likely that you haven’t done much to make sure your website is secure from hackers. In today’s news, we’re always hearing of new cyber attacks on large businesses. What we don’t hear much about are the attacks on smaller websites and what they did or didn’t have in place for security.

Over the years, we’ve seen that most website owners don’t know that they need a security tool or how to go about implementing one. With all of the confusion of competing products out there, it’s very easy to understand why most websites don’t have the security they need.

While every website is different, we feel we have a solution that is universal for every type and size website that can be tailored even further if needed. Evolve Hosting has partnered with a company called Astra which has developed an AI (Artificial Intelligence) backed security to system that is easy to install and highly effective at keeping the bad guys away and the malware out of your files.

Astra is simple to install and for 95% of the websites out there, it’s as simple as installing a plugin or extension after you purchase a license through Evolve Hosting. There are no DNS changes or sophisticated configuration steps.

Once the plugin is enabled, Astra will begin scanning your files on a regular basis for Malware and if any malware is found, it will be removed. Astra also uses a sophisticated firewall that stops intruders from even accessing your website. In the Astra dashboard, you will be able to easy see the attempted attacks, where they come from and how Astra has stopped them.

To secure your website, it really doesn’t get any easier then this! Please reach out to us today so that we can help protect your website before an attack occurs.

Open a live chat at evolvewebhost.com

Send us an email to hello@evolvewebhost.com

Call 303-900-5050

Act now for a free 2 week trial of Astra. During the trial, if malware is found, it will not be removed until you upgrade to a paid license.

If you like the service, we’ll get you signed up for a monthly or annual license. If you don’t like the service, simply let us know and we’ll deactivate the license.

For as little as $19.99 per month, you can know that you are protected from the bad guys!

Astra works on every website, no matter who your hosting provider is.


Questions to Ask Before Transferring Services to Your Website Designer

Added on June 14, 2021

If you've ever worked with a website designer, they've very likely asked you if you would transfer your domain name(s) and hosting to them as well. While this is not always a bad thing, you should take the time to answer the following questions to make sure it's a good fit for you. Any reputable designer should not refuse to work with you even if you don't agree to transfer your domain name(s) and/or hosting to them as well.

A majority of the website designers are looking to make additional income by reselling a web hosting companies server space and using their domain registration services. Typically, they are looking to take over the technical management for you and mark up the price a little bit to provide them with additional profit.

Who you have your website(s) hosted with and where your domains are registered is critical to your business operations. We've put together a list of questions to ask yourself, based on past experiences we've seen over the years.

Questions to Ask About Your Domains

It's not always about going with the largest company or the cheapest price

1) Will you have access to your own domain name(s) if needed?

2) Will your domains remain registered under your name or will they be registered under your website designers name?

3) How much will you actually be paying?

4) If you decide to end your relationship with the website designer at some point in the future, are they going to cordially release your domain name back to you?

Keep in mind that anytime you register or transfer a domain name, it can not be transferred again for 60 days. This is true with any domain registrar.

5) Which domain registrar will they actually be transferring your domain to?

6) How do you get support if you need it?

7) What hours of support will they be able to provide you with and what is the average first response time?

Questions to Ask About Your Hosting

Not all hosting providers and networks are created equal

1) Who's servers are they actually using?

2) Will you have your own control panel and access to it?

3) What is the server uptime?

4) Who will provide you with support when you need it?

5) How soon will you get a first response?

6) If you want to change hosting companies at a later date, will they give you access to your data?

7) Who will be moving your data to a new server and will you be paying extra for this?

Questions to Ask About Your Website Security

Don't let this be an after thought or have zero options available to you

1) What security options are available?

2) What precautions are taken to minimize hacking?

3) In the unfortunate event that your website is ever hacked, do they have the resources and tools to help you restore your website quickly?

While it may seem easy and convenient to transfer your services to your website designer, that's not always the case. Some website designers are best at creating websites and that is their forte. It may be best to keep control of your digital assets and get support when you need it directly from the hosting provider. You can also give temporary access to your designer to make changes when needed (such as uploading files, creating a database or updating DNS). This is a decision that only you can make and it's best to put some thought into it before making any moves.

Evolve Hosting is a managed service provider so we are always available to help make any configuration changes you need and our business is built around keeping our customers and their assets secure. Security is not an afterthought. If you're hosting with us, using our domain registration services and/or security services, we're a quick support ticket away. We've got your back day and night, 24/7/365!

If you're a website designer or developer and would like to partner with us to offer your clients hosting and domain services, be sure to reach out to our sales team. We work with several agencies to help them and their clients keep their websites up and running and secure.


Awesome New Microsoft Teams Features

Added on June 7, 2021

For those of you that are avid Teams users or for those of you who aren't sure what Teams is about, read up on the latest about this amazing software!

Meetings and webinars

Dynamic view

Dynamic view automatically arranges the elements of your meeting for an optimal viewing experience. As people join, turn on video, start to speak, or begin to present in a meeting, Teams auto-adjusts and personalizes your layout.

Microsoft Teams Dynamic View

Presenter mode

Presenter mode empowers presenters to customize how their video feed and content appear to the audience with powerful professional layouts. The first layout, Standout, is now available to show the speaker's video feed as a silhouette in front of shared content. That way, you can easily direct your audiences' attention through hand gestures and facial cues, without making the viewer choose between the speaker and the content. Stay tuned for the next two layouts coming soon: Reporter and Side-by-side.

Microsoft Teams Presenter Mode

Large meeting support

Hold interactive meetings and webinars with more attendees—up to 1,000 people, including chats, polls, and Live Reactions. If you go over that limit, your meeting seamlessly scales to accommodate up to 10,000 people in a view-only experience. During this time of increased remote work, you can take advantage of view-only broadcasts for up to 20,000 attendees through the end of this year.

Custom attendee registration

Add a custom attendee registration page to your meetings or webinars to better manage attendance before your virtual event starts. You can add custom questions and images to learn more about your audience and promote your brand. Once your attendees finish registering, they’ll automatically receive a confirmation email with a calendar invite to join the event.

Microsoft Teams Custom Attendee Registration

Improved experience for sharing content in a meeting

The new share content experience helps presenters find their desired content more quickly and easily. Windows are consolidated into a single bucket to provide a concise view and all PowerPoints are automatically organized to present with PowerPoint Live. Now you can focus on the content of what you’re sharing instead of rummaging through the correct content to share in your meeting.

Microsoft Teams In Meeting Share Content

Include computer sound when sharing on Mac

Mac desktop users can now include audio when sharing their desktop or window during a Teams meeting. This is great when sharing a video with voiceover and music. It allows everyone to watch simultaneously without echoes or sync issues. You can find this setting in the share content.

Breakout room timer

Organizers can now set a timer for Breakout rooms from the Breakout Room settings. Once the timer has expired, rooms will automatically close, and participants will return to the main meeting.

Microsoft Teams Breakout Room Timer

Edge and Chrome browser meeting updates

Edge and Chrome browser users are now able to change the Teams meeting layout to 2x2 Gallery view, Together mode, and Large gallery. With the ability to see up to 49 participants in a single screen, you can enhance your virtual meeting experience where participants feel closer together even when you are apart.

Updated settings for attendees video

There are three new ways that you can now manage your attendees’ camera. First, meeting attendees are able to turn their camera on or off to share video by default. You can also configure to have all attendees’ camera disabled by setting Enable camera for attendees to Off from the Meeting Options web page before the meeting. Next, once this new setting is turned Off, you can also reverse this setting during the meeting to allow all attendees to turn their camera on. Finally, you can also enable or disable the camera for individual attendees. Note that these settings do not automatically turn on attendees’ camera or affect presenters and meeting organizers. This feature aims to focus on attendees to prevent disruptions during a meeting and help create a safe meeting environment.

Microsoft Teams Enable or Disable Attendee Video

AI-based noise suppression for Mac users

In November, we launched AI-based noise suppression for Windows. Now, we are expanding this feature for Mac users. Real-time AI noise suppression feature automatically removes unwelcome background noise during your meetings. Your audio feed is analyzed to filter out the noise and retain only the speech signal. You can also control how much noise suppression you want, including a high setting to suppress more background noise. This feature is now available for all Mac users except devices with M1 ARM processor.

Improved participant list

The participant list is now broken out into three sections: Lobby, Presenters, and Attendees. For Lobby, you can now review the full list of people waiting before admitting them all into the meeting. Attendees are sorted in alphabetical order and those who raise their hands are elevated to the top of the participant list.

Search in meeting participant list

You can now search by name or PSTN within the meeting participants roster. The user can continue to search for participants outside the meeting and request for them to join. Whether you are trying to admit a specific attendee into the meeting or pin someone during the meeting, this new search feature makes it easy to quickly locate a specific participant and perform the desired action.

Microsoft Teams Search Participant List

Reporting and analytics improvements in Teams Admin Center for 1000-person webinars and meetings

With the recent 1000-person meeting deployment, we are providing Admin support to troubleshoot meeting. Capabilities has been added in Teams Admin Center to 'Search' based on partial text, sort based on a selected set of fields and to 'Export' the meeting participant list and call quality details for offline review purpose.

New Teams Live Events eCDN - Ramp

You can now work with Ramp, a certified eCDN partner, to optimize your network for live events held within your organization.

Intelligent Question Suggestions for Polls in Teams meeting

Within the Polls tab of your Teams meetings, you now receive intelligent suggestions for polls to launch during your meeting. Based on both your meeting purpose, indicated by your meeting title, and polls you launched in past meetings of the same name, you receive relevant suggestions for questions to ask. With Forms intelligence, poll preparation is now even easier.

Multiple Choice Quiz option for Microsoft Forms Poll in Teams Meetings

Now, you can launch multiple-choice quizzes (previously known as “Correct Answer Choice”) in your Teams meetings. For this new type of poll question, perfect for trivia questions or knowledge checks, you can mark one or more choices to be correct. After your meeting participants vote, the correct answer(s) to the multiple-choice quiz are shown in the Results card. You can also reference these polls results in read-only mode where all your forms are normally stored. This feature exists not just for Teams Meeting polls (in the pop-up window), but also for polls in Teams Chat both inside and outside of meetings.

Microsoft Teams Multiple Choice Quiz for Forms Poll

Block Downloads for non-channel Teams meeting recordings on OneDrive

All users with view-only permissions of a non-channel Teams meeting recording uploaded to OneDrive are blocked from downloading the recording by default. This feature provides greater control for end users over meeting recordings and how they are shared. You can toggle the block download feature on or off for individual files through the file share dialog in OneDrive.

Microsoft Teams Block Downloads

Calling

New Calling Experiences

Simplify the calling experience with a streamlined view that shows contacts, voicemail, and calling history together. Previously, you had to select each of these in different tabs. Now, it is consolidated in the same screen, making it easier to initiate or return a call with a single click.

Microsoft Teams New Calling Experiences

Call Merge

Call Merge gives end users the capability to merge their active 1:1 call into another 1:1 or group call. For example, during a call with someone (or a group), you need to ask someone else a question. With this feature, you may add them directly into the first conversation seamlessly. This applies to Teams VOIP calls and PSTN calls.

Microsoft Teams Call Merge

Microsoft Calling Plan expansion

Microsoft Teams Calling plans provide a fast and simple way to deploy calling in Microsoft Teams with no on-premises equipment. We have expanded our geographic coverage to ten new markets including New Zealand, Singapore, Romania, Czech Republic, Hungary, Finland, Norway, Slovakia, Poland, and Luxembourg. This means that customers in 28 markets can now use Microsoft-provided calling plans to place and receive PSTN calls in Teams

Branch Office Survivability on Teams phones

With this new capability, users in a Branch Office can continue to make PSTN call on Teams phones to other users even if the Branch office loses internet connectivity. This is beneficial for the continuity of communication and adds a layer of confidence that information can be conveyed even when connectivity may be jeopardized.

Devices

Teams casting with Mobile Phone for Microsoft Teams Rooms

For quick ad-hoc sessions that don’t necessarily require setting up a formal meeting, people can use Teams casting to wirelessly connect to a Teams Room running on Windows, and display content from their mobile phone. Users can broadcast their screen and cast content stored locally on their device or accessible via Office 365.

Microsoft Teams Teams Casting

Newly certified devices

We've have newly certified devices for Microsoft Teams this month from Creston, Poly, and Yealink.

Crestron Flex Microsoft Teams Rooms

The certification covers the small meeting rooms with the MM30 and B30 products and medium and large rooms with the M50 and M70 products. A benefit of the Crestron Flex X Advanced systems is that it extends the USB and HDMI cables over a Cat5 cable, for a simpler deployment.

Poly Voyager Focus 2

Voyager Focus 2 is a stereo Bluetooth headset with 3 levels of active noise canceling (ANC) and up to 19 hours of talk time. It is certified under Microsoft Teams premium microphone for open office headset.

Microsoft Teams Poly Voyager Focus 2

Yealink MVC840

The Yealink MVC840 Microsoft Teams Room system is a bundle video solution for medium and large spaces. This includes the UVC84 4K camera, VCM34 audio system supporting a 6-meter and 360° voice pickup range, MCore mini-PC, and MTouch II touch panel. Further, it features simplified deployment with one CAT5e-cable technology, wireless content sharing with WPP20, and the Yealink Device Management Platform.

Chat and collaboration

Group chat with external users

Chat with up to 250 participants across multiple organizations in a single chat. This makes it easy to start a chat with external partners, just like how it’s done today within an organization. External group chat is expanding on the existing ability for Teams users to find, participate in 1:1 chat, calls, and set up meetings with external Teams users in federated organizations. This feature is part of Microsoft Teams Connect, which enables users to share a team with guest users, and share channels as well as chat with people from multiple organizations right from their own tenants.

Microsoft Teams Group Chat with External Users

Microsoft Viva Insights

New personal wellbeing experiences to help you mindfully organize your workday and build better work habits are coming to the Viva Insights app in Teams.

  • A reflection feature helps you become more aware of how you're feeling and identify patterns over time. These insights are personal and private to the individual.
  • Praise enables you to express appreciation for your colleagues and schedule praise reminders to build a habit of sharing gratitude.
  • Virtual commute helps you wrap up your tasks at the end of the workday, prepare for tomorrow, and transition into your personal time with peace of mind.
Adobe Sign Integration in Approvals App

There may be times when you need something approved and recorded with more formal attestation and adding signatures to the approval process is necessary. With the new Adobe Sign integration, you can create an approval request with a natively integrated electronic signature. Once submitted, signers are notified with an email and can easily review and sign. Approvals keeps track of the entire workflow right in the context within Teams.

Power Platform and custom development

Updates to Dataverse for Teams administration

We increased the Dataverse for Teams environment limit for larger tenants from the current 500 limit to now 10,000 for large organizations. Also, now you are able to seamlessly upgrade your Dataverse for Teams environments to take advantage of the full premium license capabilities. This means you can utilize the apps and data you’ve built in Dataverse for Teams in an upgraded solution on full Dataverse without having to re-build apps or transfer data.

Security, compliance, and privacy

Microsoft 365 Customer Key now supports Teams

Microsoft 365 Customer Key enables organizations to meet encryption key management compliance requirements by providing the encryption keys used to encrypt customer data in Microsoft’s datacenters – now extended to include Microsoft Teams!

Admins can install Apps in Meetings

IT admins can select specific Teams apps that can be installed by end users in Teams meetings for their organization. Apps in Teams meetings are accessible during meetings using the tab gallery.

Teams for Education

Supervised chat

Chat messaging can be an important tool for group collaboration between students or one-on-one follow-up between educators and students, but many schools are concerned about inappropriate use of chat. Supervised chat grants designated educators permissions to start chats with students and blocks students from creating new chats unless an appropriate educator is present. When chat supervision is enabled, supervisors are not allowed to leave chats and other participants are not allowed to remove them, ensuring that chats involving students remain properly supervised.

Career Coach - Microsoft Teams for Education app powered by LinkedIn

Career Coach is a Microsoft Teams for Education app powered by LinkedIn that provides personalized guidance for higher education students to navigate their career journey. Students can discover their career path, grow real-world skills, and build their network as they make progress towards their goals. Education institutions gain insight to enhance the student experience, improve student success, and drive employment outcomes.

Add assignments to Office 365 calendar

Stay on top of due dates and classwork by turning on calendar sync for Teams assignments. This is a setting that educators can select for individual assignments or turn on in Assignments Settings for their whole class. Once toggled on, the calendar feature adds an entry at the due date and time for that assignment on Teams and Outlook calendars for both educators and students.

Microsoft Teams Add Assignments to Office 365 Calendar

Frontline Workers

Tag APIs

Tag APIs let frontline workers quickly reach a group of people by role, shifts etc. Using these new APIs, you can now programmatically create and manage tags in a team with actions like creating tags in a team and assign users, getting a list of tags in a team, updating tags, and deleting tags.

Manage retail frontline tasks with Microsoft Dynamics 365 Commerce and Teams

With Teams and Dynamics 365, retailers can provide the frontline with streamlined mobile tools to connect with peers and get near-instant access to information they need to deliver exceptional customer experiences. Task management functionality in Dynamics 365 Commerce allows managers and workers to create task lists, manage assignment criteria, and track task statuses integrated between Dynamics 365 Commerce back office, store commerce, and Teams applications. Users can easily track task completion across all relevant stores, re-assign tasks, and give feedback and proof of execution where applicable directly from Teams.

Microsoft Teams Manage Frontline Dynamics 365


Check Your Website Security - for FREE

Added on May 12, 2021

It's almost a daily occurrence that you hear about cyberattacks and ransomware. It's time to ask yourself the question - When is the last time you checked your own website security and took steps to make it more secure for your visitors and yourself?

There is a common list of things you can do that include:

1) Updating all passwords on a regular basis. This includes Admin login credentials, control panel for your hosting service, email passwords, etc. Make sure you use a unique password for each set of credentials and each password includes uppercase and lowercase letters and a symbol or two.

See the following articles about creating strong passwords and additional ways to keep yourself protected:

Password Do's and Don'ts

Securely Share Passwords and Maintain Them

2) Keep your website software up to date to patch any vulnerabilities

3) Making sure you are using a supported PHP version on the server your website(s) are hosted on

4) Use an SSL certificate to encrypt transactions performed on your website

Now for the major questions you should be asking yourself:

1) When is the last time you had a malware scan run for your website?

2) Do you have a firewall that is protecting your website from hackers even getting to your website?

3) What are you doing to maintain your online reputation and build user trust?

4) Is your website blacklisted?

Having a security plan in place that takes care of these items will go a LONG way towards building user trust and avoiding the dreaded HACKED WEBSITE and downtime.

Evolve Hosting is a partner with Astra Security company. Astra is one of the easiest security solutions to setup and protect your website. This doesn't have to be over complicated!

Use this link to run a FREE security audit: https://securityscan.getastra.com/

Evolve Hosting offers one of the lowest prices, if not the lowest you'll find for Astra Security and we help you secure any website, even if it's not hosted with us.

Monthly for $19.99 per domain

OR

$179.88 for the year (3 months free) per domain

To learn more about Astra, visit this link Astra Website Security and/or reach out to us over live chat or by giving us a call.

To signup for Astra, order here online


DKIM and SPF Email DNS Records

Added on November 9, 2020

You may or may not be wondering what DKIM and SPF DNS records are and why they are important. In short, these 2 records provide validity to your email address and help to ensure your messages land in someone's inbox and not in spam / junk folders.

DKIM Record

DKIM stands for DomainKeys Identified Mail. A DKIM record needs to be created for each domain you send email from and this ensures that emails are not altered in transit between the sending and receiving servers. The receiving server is able to look at and verify your DKIM record to determine that your emails are not junk / spam.

SPF Record

SPF stands for Sender Policy Framework. Setting up an SPF record helps to prevent malicious persons from using your domain to send unauthorized (malicious) emails, also called email spoofing. The SPF protocol is used as one of the standard methods to fight against spam. Some email recipients strictly require SPF. If you haven’t published an SPF record for your domain, your email can be marked as spam or even worse the email will bounce. If an email is sent through an unauthorized mail server, the email can be marked as spam. Having a properly set up SPF record will improve your email deliverability and will help to protect your domain against malicious emails sent on behalf of your domain.

If your hosting account uses cPanel (all Evolve Hosting accounts do), you can quickly create both of these records without the need for any technical knowledge. All new accounts create with us have these records created automatically. If you are unsure, reach out to our tech support and we can take care of this within a few minutes for you.

You may also read more here from cPanel: https://docs.cpanel.net/cpanel/email/email-deliverability-in-cpanel/