Fast Secure Contact Form

Some of the websites I have built use a plugin called Fast Secure Contact Form. It was a very popular form handler highly regarded by users written by Mike Challis.  The plugin was sold to a third party in June of this year and the new owner attempted to manipulate the code in the plugin to set up adverts.

Please check ASAP whether the version that is currently in use on your website is version 4.0.56. You can do that by logging in, and going to the Plugins page and look down the list. You will see an entry similar to the one below which includes the version number.

If you have version 4.0.56 you are OK! Don’t panic. 

If your site is at an earlier version contact me immediately and I will sort out updating it. 

(update: 6:00am 27/9/17 Nobody has reported a problem so far, all sites have upgraded automatically. That was to be expected. If you cannot find Fast Secure Contact form another method is used for forms on your website. Probably Form Manager. You are not affected by this notice.)

Why is this important?

Continue reading Fast Secure Contact Form


Is my internet slow?

Or…   the Onion of Discontent

There are many reasons why an internet connection may be slow, some of them will be directly under your control, and others will be under the control of the equipment manufacturers of the devices used that the communications pass through. The extent of which is from the device you are using to the server at the far end of the connection. Various services providers share the responsibility of carrying the traffic. It is a complex picture to reconcile.

Where is the problem?

When trying to establish where a problem exists the first person you call is your service provider (BT, Talk Talk, Virgin etc). They will follow a fixed trouble shooting process which will try to prove that the problem is something you are doing, or have done or is within that part of the network you control. They adopt this approach because if nothing is listed as a fault in your area, then statistically it is most likely to be something at your end.

That will include your router/ hub, your phone wiring, the building materials used in your house, the location of WiFi access points, the list is large. They will not be as direct as that, however those are the implications. Continue reading Is my internet slow?


Phishing Page

What is it?

We have all read about phishing trojans, but many of you probably do not know what they are or how they work. I came across one over the weekend while backing up a client’s website. My anti virus system prevented me from downloading the backup to my computer and warned me that one was present. As I was concerned about the security of this particular website I took it apart to find out where it was, and what it was doing.


Phishing refers to a form of identity theft, it is where credentials like a user name and password are compromised, often without your knowledge. Other than reading about them, I had not come across one before. This one relates to stealing the credentials to access someones email address and email password.

I turned off my anti-virus (not recommended if you do not know the risks) and downloaded the zipped folder containing the files into a special area on my computer and then inspected the files. Two files contained code, one was a web page. Only one of the files was being flagged as the one containing the Phishing Trojan, the file contents were very simple, they packaged up the information and sent out an email to two recipients.  Continue reading Phishing Page


Two Scams to be aware of…..

I have come across two scams this week targeting small regional charities, one about domain registration, I came across several years ago, but it looks like it is still going on. The first is encouraging you to call a premium rate number.

Scam #1  Contact me message

You all have forms on your websites, and you usually get legitimate enquiries on these forms. Do however check the contents in a message and if the only way you can contact someone is via a premium rate number then don’t bother calling. If the content is virtually non existent like this one below, it is encouraging you to call a premium rate number. In this particular case I checked the number through a web search. This individual is sending messages to websites through contact forms.  So if 10 people call back then that is £1+ they have made depending on how long they keep you on the phone, you would not know what their premium rate is prior to calling.

If you are not sure, type in the following into a Google Search form:  who called me 08712771062  (Obviously substitute the number you wish to check. In this particular case it took me to this page: if you read the reported cases there, you can see the depth of the scam and other people’s comments.

Normally anyone contacting your organisation will provide more information in the form for you to process and not leave a short message like this.

Scam #2  About your domain name

In many cases I am looking after your domain names, so if you get anything like this send it to me, it is a bit more subtle than the previous one. In general domain names are registered to organisations and that registered information can be located on the internet. So a determined third party can find it and then contact you. This is how the domain scam works: Continue reading Two Scams to be aware of…..


Group Calendar

I have been asked on a number of occasions is it possible to have a group or office shared calendar. The problem is generally those people who are used to using Outlook in a business context have used an Exchange Server which managed all of the calendaring functions for you. In a charity situation, particularly a small regional one, it is not very likely that your charity uses a Microsoft Exchange server. The calendar management needs to be handled at a central point such as a server.

I received a request about a group calendar a few days ago and did some digging and have come up with a solution. So if you are interested in having an office calendaring system that is online, that your volunteers and office staff can log into then this may be for you. Continue reading Group Calendar


Good Catch ESET

Here it is a bit closer:

I have recommended to quite a few of my clients the benefit of using both an antivirus program and a personal firewall. The products I have used for around 20yrs now are from ESET.  I currently use Smart Security.

It simply runs in the background and checks things for you. I frequently use to check out information relating to websites. I went to one just now and in my haste typed in (there is an e in there that should not be in there). A sharp hacker has taken out that domain name and used it to hide a virus. It was detected as I opened the webpage.

If you just use a free AV product, this would not have been detected. Many of the charities I work with have no AV, or free AV products. I consider myself to be very careful on the web. But even I can make a mistake.

I recommend Eset Smart Security to protect your Windows computer. You can find out about here:

As a charity you can get it heavily discounted, and if you buy more than one or multiple licenses then it is even lower cost.


Wannacry Ransomware

On Friday the 12th of May a large cyber attack occurred infecting computers all around the world. In the UK, many NHS systems were affected bringing IT systems to a halt. Researchers indicate it is not clear why this particular event occurred so quickly, it is unlikely to simply be people clicking on links in emails, which is one way these viruses end up on computers. One researcher accidentally found a “Kill Switch” for this virus on Friday afternoon which stopped computers encrypting disks around the world. So while this last major event stopped pretty soon after it started, other variants have already appeared, but have not propagated as quickly as the one on Friday.

I have visited a few of my clients over the years, because of the nature of the business and the low IT budget, computers are often old and frequently not up to date. Another feature is some do not have any anti-virus software running on them either. These circumstances can leave you open to an attack of this type and many other less crippling viruses.  Continue reading Wannacry Ransomware


Hosting Move News (May 2017)

While preparing the newsletter for May, I thought I would place a quick summary here for those that are interested.

At the beginning of May 2017, I am around 75% of the way through moving everyone from their former hosting to the new hosting.  For most people the move required little more than a change to where they were picking up email from. For those using 3rd party email services, or not using mail associated with their domain name, they did not need to do anything.

Some Goodies for you

For many people that find the idea of editing a website to be a daunting prospect they are not generally interested in looking any deeper into the systems that are available through the hosting.  Things such as email set up, out of office messaging, forwarders etc. For this reason I have set up Control Panel users for the new system on the basis of whether they were accessing their control panels before the move or not. If you were not using it, I have not bothered to ask. If you are a “power user” then I have set you up on the new system.  Anyone wishing to have access to their hosting control panels can contact me and request to be added. I will need from you your contact details including address and telephone number. These are used in the form to set up the control panel user. Continue reading Hosting Move News (May 2017)


Obfuscated links – take care

One of the websites I look after was taking content provided by third parties and adding it into the website. I was working my way through some posts when I came across a strange looking link hidden under an innocent looking title.

The editor in this case had just cut and paste everything, and had not tested it. There were two cases, one went to a newsletter mailing website and then was diverted to the actual site. In this case the actual site was simply a holding page, and the fact that the link went to that site via a third party meant it was logged. Of course we do not know what else happened on the way.  The link text contained Yurts for Life, but the link was actually going to here:  

Which is not going to Yurts for Life. The behaviour of the link when clicked went somewhere, then to somewhere else.

The link was provided in good faith, however if nobody checks these things it can be simply passed down the chain. In this case it is probably completely innocent, however what if it wasn’t?  Would you know; the fact you have put this on your site, exposes it to all of your visitors.

Test it when you publish it

Continue reading Obfuscated links – take care