Thursday, 28 February 2013

Hacked off


Update:

Since writing this blog, it has become even more apparent that website hacks have increased still further - there's a particularly nasty ongoing attack on Wordpress based websites right now. For specific information regarding this 'botnet' attack and what you can do to safeguard your site, this is a good blog post that covers most of the info you need. We will continue to update and monitor all sites that we maintain to ensure that none of them are compromised.

How safe is your site?

Ok, so that sounds like some marketing scare headline to get you to buy something, but it's important to raise awareness of an issue that seems to be becoming more and more prevalent at the moment.

Here's the story...

We created a website for a client last year, who recently contacted us to find out why the site was suddenly being flagged as potentially 'compromised' on Google - although confusingly, the site itself still looked absolutely fine.

However, after some investigation we discovered that the site had in fact been 'hacked'. This was a particularly sneaky attack as it showed itself only to search engines – and as the site itself looked fine, the owner assumed all was still ok.

Fortunately, our hosting provider (see below) was able to discover when the site was compromised and was able to restore a backup of the clean version of the site - within 24hrs its Google listing was back to normal and everything was fine. We reset all admin passwords, updated the CMS software and checked any files for security issues. That should plug any possible security holes, but of course there are never any 100% guarantees. It looks like this was a rather advanced, automated attack that was designed to detect and exploit any newly discovered vulnerabilities.

After doing some more research into the matter - primarily to ensure this doesn't happen to any of our other clients' sites, we quickly came across plenty of similar stories, and it's not just limited to the smaller / lower cost sites. Let's face it, if the US Federal Reserve can get hacked, there's not much a small business can do to stop a genuinely determined cyber attacker.




Worryingly, whilst these hacking attempts are nothing particularly new, there does seem to be a significant increase in attacks to smaller websites over the last few months (especially those based on common, open source CMS such as Wordpress or Joomla – which power around a third of the world's websites between them).

So, how do you know if your site's ok or if it's actually been compromised – whose responsibility is it and what can be done?

How can I tell if my site's ok?

Well, the simplest thing will be to make sure you check your own site regularly - if there's anything that looks odd, out of place or broken, it's always worth investigating. Search engines will sometimes pick up on site hacks before you or your visitors so it's a good idea to do a search for your own site every now and again and make sure it still appears and its listing is correct. Also, take notice and take action if anyone contacts you to let you know your site is behaving 'strangely'.

If your suspicions have been raised, we recommend using this free site checker (it's a bit like anti-virus for your website). Type your website in and wait for it to tell you if everything is ok. This is a manual, one off process - but you can subscribe to their service for around £60 per year for constant site monitoring (they also claim to be able to fix site hacks too).

As an alternative, you can also sign up to Google's Webmaster Tools. Simply sign up, add your website URL and you then need to add a verification code to your site. Once added, Google will notify you if there are any issues with your site - ie. if it detects any viruses or malware.

What can I do if my site's been compromised?

This will largely depend on the type of attack and how badly it's been affected. For most of the time the hack itself is easy to remove - often there's simply been some additional code 'injected' into the homepage - removing this *should* fix your site, but if the hack is more severe, you'll need to get your developers on the case. Once the site is back up and running, you'll need to make sure you get them to check any possible security risks, upgrade your software /plugins/extensions etc. and change your access passwords.

Whose responsibility is it to fix?

Once your site has been designed and launched, it's usually down to you to manage and maintain it. If you have a maintenance contract with your development company, then you'll usually need to check what this covers, as most of the time this simply covers simple bug fixes and content updates. In general, it can be quite tricky to determine exactly how hackers gained access to your website files, as there are new security 'holes' being discovered and patched all the time. So, unfortunately, unless you're paying someone to manage your site AND site security - then keeping it running, up-to-date and virus free is down to you!



So what can I do?

One option is to sign up with a company such as Sucuri.net, who claim to be able to fix malware attacks, but this is no guarantee and will depend on the type of attack your site was subject to.

Similarly, you'll also need to check to make sure that your site is being regularly backed-up to ensure you can restore an older version should something go wrong - sometimes, if a site has been extremely compromised, a backup restore is the only way to make sure it's fixed properly.

In general and certainly with regard to the open source Content Management Systems, it's a good idea to keep the software that runs your site updated to the latest version as that can often contain security fixes. Sometimes (especially in the case of Wordpress) that's as simple as logging in and clicking 'update' - but be warned, with each update can come changes that might not sit so well with some of the custom features you may have on your own website - so it's usually best to check with your developers before upgrading.

Keep a tight control over access to your site:
  • be very careful with your admin passwords and the number of users who have admin access.
  • remove access for anyone who leaves the company, or who should no longer have direct access to your site. This also includes third parties who are no longer contributing or maintaining the site.
  • use secure passwords that can't be guessed easily. Do not use the name of your company, service or website. 
  • passwords should ideally be 8+ characters long and include upper case characters and numbers.
  • try to change your passwords on a regular basis - but at least once a year.

What else you need to do:

Consider taking up a maintenance package for your site which includes regular security checks and daily backups. The exact services will depend on the package you choose, but extended contracts can include 24/7 monitoring for any file changes and suspicious activity, verifying new CMS or plugin updates, and archiving monthly backups for two years so that any attack can be fully investigated. Our hosting partner, Didgeroo, also offers maintenance packages, including high-speed dedicated web servers with daily backups, monthly archives, website security updates and 24/7 monitoring.

And of course, we're also here to help, so if you're looking for an audit of your current website, to refresh it or redevelop it completely, get in touch.

We're certainly a little wiser now and will be adding additional security systems into every website we create (large or small). Unfortunately, that also means admin passwords will now be both long, complicated and difficult to remember - there's always a down-side!

PR that Matters


view the website here: www.matterpr.com

You may have noticed in the press (wink wink!) that we recently created a logo, graphic language and website for the newly established communications agency Matter PR.

Matter PR was started by David Reid, who we’ve worked with before on various projects, so when he left to start his own thing, he naturally came back to us to help give his agency an identity.

“I had worked with tothepoint on projects at EPSRC and the Institute of Physics and was impressed by the extra effort they put into understanding their clients. They have a great knowledge of the science and engineering sector, having recently rebranded the British Science Association and The Physiological Society, and always deliver creative ideas that really resonate with your audience," says David Reid.


Whilst our starting point for the identity was ‘A PR agency that is more than public relations’, we also knew that the identity needed to resonate with science and engineering organisations.

Working with David, we chose the name ‘Matter PR’. As a word it not only suggests something of importance but also pays a nod to the science industry, as matter is the physical substance of everything. It implies that this agency creates work of substance and importance, that communication matters (clever word play, eh!).



Using the Periodic Table as our main influence, we created a logo by taking the square containing Pr, and re-appropriating it to mean public relations (Pr is actually the element Praseodymium but we don’t think they’ll mind us borrowing it…). Across the identity and the collateral, we also subtly use the common three states of matter (solid, liquid and gas) through photography, which adds vibrancy to the agency’s collateral.

By using graphics that embody and emphasise the agency’s expertise in the science sectors, we are able to give a newly established agency a bold, instantly recognisable marque.


The logo has been applied to basic stationery and promotional material, along with the website we designed and built. We used open source CMS to allow the site to be easily updated, whilst the free flowing imagery and subtle hierarchy on the homepage gives the site a more bespoke feel.

David has let us know he's received great feedback so far from his clients, and has even picked a theme song for the agency in the form of "The Elements" by Tom Lehrer.

The concept of a cube

Toasting the success of The Concept Cube

The Concept Cube is a consultancy set up to help entrepreneurs and businesses lift themselves to the next level. The company approached us for a logo and brand identity, and very much wanted the thinking behind the name of the company to be part of this. The ‘cube’ represents the multi-dimensional nature of starting and running a successful business, with each side representing The Concept Cube’s expertise in areas such as investment, marketing and management to help grow these businesses and bring their ideas to life.

Now, as we all know the cube is a very popular logo (a simple Google search will bring up pages, some exciting and innovative, some… not so much and others we’ve seen a thousand times before). So, the challenge was to create a 3D shape that was fresh, engaging and modern.

We chose a hexagon with each face comprising different shades of purple, and using the technique of trompe l’oeil to create the illusion of a 3D cube. The grey type of The Concept Cube acts as an intriguing contrast to the vibrant purple of the hexagon. Along with the purple master logo, we created a number of divisional logos in other bright hues using the same tints, but in red, blue, green and orange.







It's been an interesting project to work on, and we've had some lovely feedback from The Concept Cube, who had this to say:

"Our business is about finding the appropriate partners that can be brought together to bring a concept or business plan to life for everyone's mutual benefit. Our work with TTP achieved this as well as reflected our business ethics which are to be fair and have fun. It has been a very satisfying relationship so far and we hope to be able to work together as successfully hereon."

The Concept Cube is now open for business and has started work on its first project, which looks set to be a fantastic success...and not just because we’re also working on it! The company is developing New Zealand’s first 100% Blue Agave (that’s Tequila to the uninitiated, but like Champagne and the French, ‘Tequila’ belongs solely to Mexico.) Now, we’ve tried a sample of ‘Te Kiwi’ (the project’s working title) and we were seriously impressed with its quality, smoothness and flavour. It slipped down a treat!

We’re working with The Concept Cube and Echo Brand Design on the branding and packaging for the official launch, which is set for next year, so watch this space!

Toasting the success of The Concept Cube

Wednesday, 27 February 2013

Stretching our creative muscle


Flo in action...

Last month we offered to take you up The Shard in exchange for your feedback on our e-news. Call it what you will; valued client reward scheme, clever marketing or just plain bribery, but it seems many of you couldn’t resist the temptation.

Congratulations to John Mitchell from Cushman & Wakefield, who is our lucky winner. We hope you and your lucky guest enjoy the view!

Over all we had an amazing response, so thank you to everyone who left their comments. You have spoken and we will listen! Expect a few changes over the coming months as we take on board what you’ve all said and make our e-news the best it can possibly be.

One thing you wanted was more of an insight into our personality, therefore we thought we would share our Friday Yoga lesson with you, Downward Dog and all (be careful what you wish for next time!).

Always keen to try new things, we invited Katie’s yoga teacher into the studio to loosen up our rickety bones and pull us away from our desks for an hour - Katie had been singing her praises so we couldn’t resist.

Flo is an experienced Vinyasa Flow yoga teacher who runs her aptly named Flo Yoga lessons in and around London. She has a mix of studio and private lessons where she offers her students a thorough workout (as we discovered the next day as we struggled to lift a cup of coffee!).

The guys in action...Can you spot the difference?

Before Flo arrived, Katie told us to check out one of her online workouts, and regaled us with tales of how she makes yoga fun and accessible to all levels. We would later realize that Katie had been lulling us into a false sense of security…although we can confirm Flo was lovely.

As the clock struck 12.30 we all changed into our most yoga appropriate outfits, pushed the sofas aside and prepared to awaken our inner gods and goddesses by getting in touch with our chakras…or something like that anyway!

Glenn admiring Ben's downward dog...

Flo got us started with a few gentler moves where we stretched our arms and warmed up our spines, it was all very calming. However, it seems this wasn’t our actual workout and Flo soon moved us on to the Sun Salutations. For any none Yoga readers, this is a series of lunges, planks and other stretches guaranteed to make you huff and puff with the best of us! We of course managed to keep our composure throughout...


Flo demonstrates the next move, however the group don't seem to notice...

Flo demonstrated each pose, giving us plenty of instruction and guidance to improve each move, and offered variations for those more or less experienced. Whilst the yoga newbies threw themselves into it, there was no chance of us getting our own legs as high above our head as Flo’s, and thankfully there was no pressure to do so! She also explained the thinking behind some of the moves, and the benefits of doing yoga, especially if you spend all day at a desk.

Even though it was tougher than most of the office expected it was great fun, I think we saw each other in a different light (some more favorable than others depending on the angle…), but we’ll definitely be seeing Flo for some more Eka Pada Rajakapotasana or pigeon pose for those whose Sanskrit is a little rusty. And of course we offset all this goodness with Friday Beers a few hours later…

Our end goal.

A little info on the lovely Flo in case you’re interested! She teaches at Embody Wellness in Vauxhall, as well as some Virgin Active and Gymbox branches. If you’d like to find out a little more or fancy seeing if she can teach at your offices then feel free to drop her a line, we’d highly recommend her!

floyoga.mail@gmail.com
Facebook Flo Yoga
Twitter @floyoga
floyoga.tumblr.com

Monday, 11 February 2013

Our type of romance


January is over in the blink of an eye and we’re already knee deep in February, or as it’s better know “The month of lurve”.

So with love, romance and general wooing in mind (well, apart from any Valentine cynics out there), we thought we’d help spread the warm, fuzzy feeling. We’ve produced a collection of cards for that special someone, all featuring a witty play on graphic terminology (if we do say so ourselves!).



All you need to do is print out your favourite, fold, cut and present with a flurry of doves*! And, if the butterflies from our Make Your Own Luck calendar have made you lucky in love, then this is definitely a better alternative to a petrol station card at 5pm on the 14th. After all, nothing says love more than “home made”…

» Get the full collection here (10 x cards - PDF)




*flurry of doves is a suggestion only, other flurries are available.