Category: Security

Changing the Wireless Password on a Netgear WGT624v3 Router

  1. Connect a computer to the Netgear wireless router with an Ethernet/network cable. You can use any of the 4 ports grouped in the back. Make sure the Netgear is powered on.
  2. Open your Web browser. In the address bar, enter 192.168.1.1 and press the Enter or Return key.
  3. A window will appear asking for a login and password.The default login name is: admin
    The default password is : password

    Enter this info and click OK.

  4. Once logged in, click the Wireless Settings link on the left.
  5. Underneath Security Options, select the third option: WPA-PSK [TKIP].
  6. Where it says Passphrase, type in your new password. Your new password must be at least 8 characters. It can have both letters and numbers, and is case sensitive. You may want to write it down and keep it in a safe place.
  7. Click Apply. The Netgear will restart. Once the router has completely restarted, you’re done.

Changing your hosting passwords

This information is for Cruzio Website Hosting services. If you got your web hosting before July 2006, please see the Classic Web Hosting FAQ.

To follow the procedures in this help article, you will need to know your Control Panel password. If you don’t know your Control Panel password, please contact Cruzio Support for help.

Changing passwords: a good website security practice

To keep your website or web application safe, it’s good practice to not only keep your site’s software up to date, but also to change your web hosting-related passwords regularly.

For other Internet security recommendations, please see Cruzio’s Security Tips.

Changing your Control Panel password

  1. Log in to your control panel.
  2. Click one of the following icons (different control panels use slightly different wording):
    • Under Tools, click Edit icon. OR
    • Under Account, click the Change Password icon.
  3. Enter your new password in the Password field, then enter it again in the Confirm Password field. Click the OK button.

Changing your FTP passwords

  1. Log in to your control panel. Under Domains, click the name of your domain (you may have to click a Domains icon before you see the name of your domain).
  2. Click one of the following icons (different control panels use slightly different wording):
    • Under Hosting, click the Setup icon. OR
    • Under Web Site, click the Web Hosting Settings icon.
  3. Under Account Preferences, enter the New FTP Password. Enter it again in the Confirm Password field. Click the OK button.
  4. Repeat for each domain in your control panel that has FTP access.

Changing your Web application’s administrative passwords

Here are the official instructions for changing your password in WordPress or Joomla. For other Web applications, please refer to the documentation for your application.

If you’ve lost your administrative password, see our instructions on resetting your Joomla, WordPress, or Drupal password.

Changing your email passwords

  1. Log in to your control panel. Under Domains, click the name of your domain (you may have to click a Domains icon before you see the name of your domain).
  2. Click one of the following icons (different control panels use slightly different wording):
    • Under Services, click the Mail icon. OR
    • Under Mail, click the Mail Accounts icon.
  3. Under Mail Accounts, click your email address.
  4. Under Tools, click Preferences. Under Mail Account Properties, enter your New Password. Enter it again in the Confirm Password field. Click the OK button.
  5. Repeat for each email address on your domain as desired.

Cruzio Security Policies

Cruzio Security

Cruzio takes every precaution possible to keep your account and your information safe and secure. We also encourage you to learn how to surf the Internet safely.

Use the Internet Safely!

Learn what you can do to keep your personal information and your computer safe.

» follow Cruzio’s Security Tips

Cruzio doesn’t give your information away

We don’t sell, exchange, or share your information with other companies, except the minimum required to partner with other companies to bring you services (see our Privacy Statement for details).

Cruzio has strict rules about giving out even small pieces of information or making any changes to an account. We must see proof of identity or proof of account responsibility before we do so.

Cruzio helps you keep out the bugs

Cruzio’s firewall blocks emails carrying known viruses. In addition, every Cruzio email address comes with a junk mail filter, should you choose to activate it. Read more in our Spam and Junk Mail article.

Cruzio provides security features for your website

Cruzio supplies secure Web space for all Web hosting accounts. Keep your customers secure and confident by letting them know your website uses secure transmission.

You can also protect any directory on your website with a password. Only people you tell the password to can view that part of your website.

Cruzio’s network is protected and monitored around the clock

Cruzio’s servers are kept in two state-of-the-art network operations centers, safe from fire, flood, power outages, thieves, and of course, hackers. Our engineers are on-call 24 hours a day, vigilantly monitoring our network.

Firewall Configuration

Firewalls help block unauthorized access to your computer by restricting incoming connections. A firewall running on your computer is a useful security tool, even if you also have a router that acts as a firewall.

Windows Vista

The Vista firewall is on by default. If it has been turned off:

  1. Click the Start button and choose Control Panel. Click Security.
  2. From the Windows Firewall section, choose “Turn Windows Firewall on or off.”
  3. On the right, click “Change settings.” Click “On (recommended).”

Windows XP

If you are running Windows XP Service Pack 2, the firewall is on by default. If it has been turned off:

  1. Click the Start button and choose Control Panel.
  2. Switch to Classic View and double-click Network Connections.
  3. Double-click Local Area Network Connection and then click the Properties button.
  4. Select the “Advanced” tab. Put a check in the checkbox that says “Protect my computer and network by limiting or preventing access to this computer from the Internet.”

Older Windows Systems

A firewall program that works with older Windows systems is called ZoneAlarm and is free for personal use.

Mac OS X 10.6 (Snow Leopard)

The Snow Leopard firewall is off by default. To turn it on:

  1. Choose System Preferences in the Apple menu.
  2. Click the Security icon.
  3. Click the Firewall tab and click the Start button. If the button says Stop, your firewall is already running.

Mac OS X 10.5 (Leopard)

The Leopard firewall allows all incoming connections by default. To restrict incoming connections, see Apple’s Leopard firewall information and instructions.

Mac OS X 10.2, 10.3, or 10.4 (Jaguar, Panther or Tiger)

The firewall is off by default. To turn it on:

  1. Choose System Preferences in the Apple Menu.
  2. Click the Sharing icon.
  3. Click the Firewall tab and click the Start button. If the button says Stop, your firewall is already running.

Mac OS X 10.1 (Cheetah or Puma)

Mac OS X 10.1 includes the command line program ipfw. If you are unfamiliar with command-line tasks in the Terminal application, and you’re not using a router or other hardware firewall, Cruzio recommends upgrading to a newer system.

Mac OS 9 or earlier

Firewall software is not included with the system. If you have OS 9, and you’re not using a router or other hardware firewall, you may want to protect your computer by turning off file sharing.

How to Add SPF Records for Website Hosting

This information applies to Cruzio’s Website Hosting services. If you purchased web and domain hosting with Cruzio after July 2006, you likely have a Website Hosting services. Otherwise, you may have a Classic domain.  If you have a Classic domain, you will need to contact Cruzio if you want to add SPF records to your domain.

Setting up a SPF Record on your domain will help prevent spammers forging email from your domain. Learn more at openspf.org.

You can use the SPF Record Wizard to create a record to put on your domain.

Adding an SPF record in your control panel

  1. Log in to your domain control panel with the Cruzio Domain Tools.
  2. Select the domain name you want to create the SPF record for. If you are on host 6 or 7, this can be accessed by first clicking Domains under the Main Menu in the upper left hand corner.If you do not know what host number you are on, after you log into your control panel, look at the URL at the top of your browser. You will see it start with https://host followed by a number. That is the host number you are on.
  3. If you are on host 1, 2, 3, 4, or 5, click DNS Settings under the Services section. If you are on host 6 or 7, click DNS Settings under the Web Site section.
  4. Under the Tools section, Click “Add record.”
  5. Under “Record type,” open the dropdown menu and choose TXT.
  6. In the field next to “Enter TXT record,” paste your SPF record. Click OK.

Keeping your website secure

Malware can infect our websites, not just our personal computers. The basics of protecting your website include:

  • Keeping your computer secure
  • Using strong passwords
  • Keeping your website’s software updated
  • Making regular backups in case of disaster

Read on for details, and for more suggestions.

Basic Security Measures for your Website

Keep your computer secure

Start by keeping your computer secure, so your website passwords don’t get stolen by malware. Follow Cruzio’s Security Tips.

Take extra care on public Internet connections

Generally, do not manage your website from a public wifi connection. Others using the same connection could learn your passwords while you’re logging in to your website, or using FTP.

The exception: it’s fine to log into and use your domain’s control panel, since it uses encryption (notice the https in the browser address of your control panel—s stands for secure).

Set strong passwords

Set strong passwords for your website’s control panel, administrative user account, and FTP access. And if your website is compromised, change them. Follow these instructions for changing your hosting passwords.

Keep your website software up to date

Old web software often has security vulnerabilities that make your website an easy target. Web applications like WordPress, Joomla, and Drupal are miraculous software that make building and maintaining a website so much simpler—but you must keep your copy of that software up to date.

Installatron does upgrades, not just installs

If you installed your site software using Installatron, then use Installatron to apply upgrades. It’s fast and easy. Installatron makes a backup of your site right before upgrading, too, so in case something were to go wrong, you could quickly and easily restore the previous version.

Plugins count too

If you’ve installed any plugins or extensions to your web application, make sure you keep those items up to date as well. Plugins are like mini-applications, and they need the same care as your main web software.

Back up your website

No matter how many precautions you take, there’s always the possibility that your website may become compromised. If or when that happens, you’ll want to have a recent site backup in good shape.

Back up your website on a regular basis, but only when you’re reasonably sure that the site is in a healthy state. If your only backup is infected with malware, you’re not going to want to use it to restore a damaged website. You can use a free scanner to check your site’s health, though a good result is not a guarantee.

Installatron backups

If you installed a web application with Installatron, then use Installatron to create backups. It’s very easy, and you can keep multiple backups if you wish. Installatron backups also have the advantage of being very easy to restore.

The other control panel backup tool

If you installed or built your website manually, use the “Backup Your Account” link in your control panel’s sidebar. Click the icon under the B column to create a backup. Check the boxes of all the items you want backed up. Note that you can only keep a single backup on the server at a time, and that there is no restore tool. Just like you built your site manually, you’ll have to restore it manually as well.

Additional Security Measures for your Website

Website Security Consultants

Maybe you have limited time for reading, researching, and implementing security measures for your website. If you want to enlist someone to handle it for you, hire a consultant with experience in website security. You can check the Computer and Internet Services section of Cruzio’s Guide for local professionals.

Protecting your Windows Computer

Introduction

This document is for Windows users who want to ensure their computer is protected. Windows computers can get bogged down with spyware and viruses which can make them slow and unreliable. Preventative maintenance through the use of anti-virus and anti-spyware programs is a good way to mitigate that from happening.  Please note: Cruzio does not support computers or devices or any type of computer care.

» back to the top

What programs are available?

Below is a list of various software that can be installed on your computer to handle different aspects of that preventative maintenance. Each protects your computer against different threats, so it can be a good idea to install all of them.

  • AVG looks for spyware and viruses. The default setting for this program automatically checks for updates and scans the computer everyday at noon. It cleans what it finds. You can download it and find more information at the AVG website.
  • Spybot Search and Destroy is very good at getting nasty spyware, malware and hijackers off your computer. It does not update itself automatically nor does it scan the computer automatically, so you will have to manage it manually. You can download it and find more information at the Spybot Search and Destroy homepage.
  • Malwarebytes uses different methodology and definition files to root out spyware, malware, and hijackers from your computer. The free version does not automatically update itself and scan your computer, so you will have to manage it manually. There is a paid for option that will do this if you buy it. You can download it and find more information at the Malwarebytes website.
  • Ad-Aware looks for similar threats that the Spybot and Malwarebytes programs find. The free version of this program does not update itself automatically nor does it scan the computer automatically, so you will have to manage it manually. There is a paid for option that will do this if you buy it. You can download it and find more information at the Ad-Aware homepage.

» back to the top

How often should these programs be run?

AVG will update and scan your computer automatically. It is recommended to update and scan the computer with Spybot, Malwarebytes, and Ad-Aware twice a month. There is no harm involved with scanning the computer more frequently than that. However, depending on the computer, it may be slowed down while the scan is running.

» back to the top

Other options for keeping your computer safe

» back to the top

Using Secure Email (SSL)

What is secure email?

This help page explains how you can secure your email communications between your computer and the mail server.

Usually, your email program communicates with the mail server in “cleartext” (unencrypted data). Someone with bad intentions could “listen in” and read your email login and password, as well as your messages.

However, if you use SSL (Secure Sockets Layer), your email program will communicate with the mail server in “ciphertext” (encrypted data). Anyone listening in will only find encrypted gibberish.

» back to the top

Does my Cruzio service include secure email?

Currently, secure email is available only in our Domain Email (email addresses at your own domain—@yourdomain.com).

Secure email is not yet supported in Cruzio Mail.

Secure email is not supported in Classic Email. If you have Classic domain hosting and would like to use this feature, you may want to consider migrating to Cruzio’s Website Hosting Service, which includes Domain Email. Contact Cruzio for more information.

How do I set up a new secure email account?

  1. First, choose an existing email address to use, or create a new one in your control panel.
  2. Next, open your email program and create a new email account for your email address. (If you need help, see our Email Setup Instructions.)

    While you are setting up the account, the program may ask you if you want SSL enabled. If it does, then yes, choose to use SSL.

  3. Finally, follow the instructions in the section below to check that both your incoming and outgoing mail communications are SSL-protected.
  4. If your email program does not allow you to enable SSL while setting up your account, follow the instructions below to make your setup secure.

» back to the top

How do I make my existing email setup secure?

Follow the instructions below to enable SSL for your new or existing email account.

Mac OS X Mail

  1. In the Mail menu, select Preferences. Click the Accounts button.
  2. On the left, select your account. On the right, click the Account Information tab.

    In the “Outgoing Mail Server (SMTP)” section, select “Edit Server List”. (This Edit option will be either in a button or a drop-down menu.)

  3. Look for “Use Secure Sockets Layer (SSL)” and “Use custom port”. If you do not see them, click Advanced.

    Select “Use Secure Sockets Layer (SSL)”, and set “Use custom port” to 465. Click OK.

  4. You should now be back in the Accounts window. Click the Advanced tab.

    Select “Use SSL”.

    Close the Accounts window. If it asks you to save your changes, click Save.

Windows Mail

  1. In the Tools menu, select Accounts.
  2. Select your mail account and click the Properties button.
  3. Click the Advanced tab.

    Under both the Incoming and Outgoing server ports, select “This server requires a secure connection (SSL)”, and set “Outgoing Port (SMTP)” to 465. Click OK.

    You should now be back in the Accounts window. Click Close.

Thunderbird

  1. In the Tools menu, select Account Settings.
  2. On the left, select Server Settings.

    Set “Use secure connection” or “Connection Security” to SSL or SSL/TLS.

  3. On the left, select “Outgoing Server (SMTP)”.
  4. Select your outgoing mail server and click Edit.

    Set Port to 465 and set “Use secure connection” or “Connection security” to SSL or SSL/TLS. Click OK.

    You should now be back in the Account Settings window. Click OK.

Outlook 2007

  1. In the Tools menu, select Account Settings.
  2. Select your mail account and click Change.
  3. In the lower right corner, click More Settings.
  4. Click the Advanced tab.

    Select “This Server requires an encrypted connections (SSL)”, set “Outgoing server (SMTP)” to 465 and set “Use the following type of encrypted connection” to SSL. Click OK.

    Click Next. Click Finish.

Outlook 2003

  1. In the Tools menu, select E-mail Accounts.
  2. Select “View or change existing e-mail accounts” and click Next.
  3. Select your mail account and click Change.
  4. In the lower right corner, click More Settings.
  5. Click the Advanced tab.

    Under both the Incoming and Outgoing server ports, select “This server requires a secure connection (SSL)”, and set “Outgoing Port (SMTP)” to 465. Click OK.

    Click Next. Click Finish.

Other versions of Outlook or Outlook Express

Please follow the steps above for Windows Mail.

» back to the top

Watch out for phishing emails claiming to be from Cruzio

Cruzio has seen a few instances of phishing attacks on Cruzio customers. Phishing is a scam tactic to obtain your personal information. (For more information, see Cruzio’s Internet Security Tips.)

If you receive an email purporting to be from Cruzio that asks for your password, credit card info, or any other personal information, do not respond to it. Cruzio does not ask for this type of information via email.

If you’re at all unsure about any email communications you receive, please Contact Cruzio to confirm its legitimacy.

An example of a Phishing email follows. Remember that this is not a legitimate email from Cruzio.

Phishing example. This email is not really from Cruzio. It is a fake.

Dear Cruzio Member,

Your e-mail account was used to send a huge amount of unsolicited spam messages during the recent week. If you could please take 5-10 minutes out of your online experience and confirm the attached document so you will not run into any future problems with the online service.

If you choose to ignore our request, you leave us no choice but to cancel your membership.

Virtually yours,
The Cruzio Support Team

+++ Attachment: No Virus found
+++ Cruzio Antivirus – www.cruzio.com

[ Attach #2/2: Filename: McAfee_EmailScanReport.txt ]