Captcha

Brute force attack is password hacking method by guessing every possibilities. We can use Recaptcha to prevent brute force. Recaptcha use adaptive challenges to prevent bot from login and register on your website.

This simple checkbox is easy for human, hard for bot.

Recaptcha isn’t just for login. Recaptcha also useful for filtering spam comments. So that only legitimate users will be able to comment.

Security is our top priority. All of our web development packages included Recaptcha for your website security.

How to Properly Close Android Apps

How do you usually close Android app? Press home button? Do you know the app is still running on background?

To check running apps on Android press menu button on bottom. If there are too many apps running will slow down phone and drain battery.

It is a good habit to close app every after use. Rule of thumb is only keep one app running at a time. Unless you are doing transaction between apps. This way you use battery efficiently and last longer.

How to properly close Android apps:

Disable Acrobat Reader Update

Sometime we would want to disable Acrobat Reader update for compatibility issue. Ie: Indonesia’s SPT eform require 32 bit Acrobat Reader. On 64 bit computer auto update can overwrite it to 64 bit version without confirmation. To keep 32 bit version we have to disable auto update.

Steps to disable Acrobat Reader update:

Domain Email

Some of our clients that use free email have complained that they were spoofed. Since anyone can register free email, it is very easy to be spoofed. For example:

Hurricane company have email: hurricanecorp@gmail.com

John create a look alike email: huricanecorp@gmail.com and send email to Hurricane’s customer. If not careful, the customer will think that they got email from Hurricane company.

Gmail have billions of users thus it is very hard to find available good email address. You might end up with email like johndoe1945@gmail.com. With domain email, you can create a clean and easy to remember email address like john@hurricane.com.

Using domain email have many benefits:

  1. Authentic. Domain email is less likely to be spoofed.
  2. Looks professional. Increase customer trust and sales.
  3. Good email address. Exact real name as email address.
  4. Drive traffics to website. Clients can follow website from email address.
  5. Unlimited email accounts.

Order email domain now https://www.ekomersial.com/web-hosting

Whatsapp Group Invitation

Whatsapp allow everyone to invite you to group by default. Even worse Whatsapp doesn’t have approve or reject confirmation button for group invitation. When anyone invite you, you instantly in the group. This sometime can be annoying when some random peoples invite you to unrelated group.

To override this default behaviour, you can change in privacy setting:

Now only poeple you know may invite you to group.

Minimum Password Length

How long is your password? 8? Most of site today require minimum password length of 8 characters. How long it take to crack the password by brute force? The result might shock you.

It only need 5 hours to crack a 8 characters password. Minimum is just a minimum. We need more length for a more secure password. Combining lowercase, uppercase, number, symbol dramatically increase numbers of variation to guess. Each characters added to password boost crack time exponentially.

We need to choose sustainable password that crack time exceed owner’s lifetime. That is 12 characters.

Remember, over years, password weaken as computational power increase. We may need to increase minimum password length in the future.

Windows 7 End of Life

Windows 7 has been end of life since January 14th, 2020. As the result, some software such as Outlook began cease to work. Encryption is always update to improve security. As it update, old encryption became obselete.

Clients facing encryption issue on Windows 7 Outlook can use www.thunderbird.net as mail client or event better upgrade to Windows 10. Use unsupported OS can be potentially dangerous. Although Windows 10 come with native mail client, we also recommend to use Thunderbird on Windows 10. Thunderbird is more stable, lighter, and faster.

Whatsapp Two Factor Authentication

There are cases that Whatsapp account being hacked. Whatsapp account is linked with phone number. If our sim card somehow terminated due to inactivity, provider can recycle the number and sell it to others. If the new user install Whatsapp, it instantly gain our account access.

It is better to add additional layer of security by setting two factor authentication. To set Whatsapp two factor authentication:

  1. Open menu by clicking three dots button on top right corner.
  2. Click Settings menu.
  3. Click Account menu.
  4. Click Two-step verification menu.
  5. Click Enable button.
  6. Input pin.

WordPress Security

WordPress’s security is good by default. But no system is safe. There are several steps that must be done to make WordPress secure:

wp-config.php Permission

After installed WordPress, wp-config.php permission is somewhat set to 666. This can be potentially dangerous as wp-config.php can be overwritten by hacker. You must change wp-config.php permission to 400. To change file permission easily using cPanel file manager:

  1. Login to cPanel.
  2. Click File Manager icon.
  3. Click wp-config.php file. Click Permissions menu.
  4. Check only Read on User colom. The result is 400.

XMLRPC

XMLRPC is a Remote Procedure Call method that uses XML passed via HTTP as a transport. With it, a client can call methods with parameters on a remote server and get back structured data.

XMLRPC has been a part of WordPress since beginning. XMLRPC enable communication between WordPress and other applications. The code is stored in xmlrpc.php file in the root directory.

Since the REST API was integrated into WordPress, xmlrpc.php is no longer used. XMLRPC introduce security vulnerabilities. Hacker can do DDoS attack by sending large numbers of pingback. This could overload your server and make your site timeout. Each xmlrpc.php request send username and password. Hacker can send brute force attack. There is a chance they could eventually hit on the right one, giving them access to your site to insert, delete, or damage your site.

To disable xmlrpc.php, add following code in your .htaccess file:

<Files xmlrpc.php>
Order Allow,Deny
Deny from all
</Files>

Macro

Macro has helped human ever since. Macro do tedious repetitive task for human. Sometime human jobs are repetitive in same pattern. These jobs can be did by macro.

Macro initially made for games. Many gaming gears equiped with macro function. Macro also has other use for work. Macro can continuously do repetitive task in timely fashion. We can save time by using macro.

Step to set Logitech G102 macro: