I was one of the early adopters of what is now known as Google G Suite and have been using since it was launched back in 2006 when it was originally called Google Apps.
Like most early adopters, I started with the free Google Apps account, which was open to anyone and was originally intended for personal use. Like most people, I got it just so I could use my own domain name with Gmail. A few years later I upgraded to the paid plan, which then became Google Apps for Business and then G Suite basic.
Over the years many things have changed, including the name, rules and policies and new features have been added, not all of them positive and many of them infuriating.
One of the big changes is that G Suite is now intrinsically linked with your Google account, which you use for many other apps and services, including Single Sign On.
G Suite is now for business use only, not personal use, and as such they have intentionally crippled it so that it only works with the core G Suite services and you are not allowed or able to use any of the other useful services that regular Google users enjoy, such as Google families.
I have even discovered that I am no longer able to leave reviews for apps on the play store via my G Suite account, which has been a long-running complaint on the forums as this is the only way to contact the developers or get support for many apps.
Basically Google are treating their G Suite customers like second class citizens and seem to be punishing us at every opportunity simply for being a paying customer and having a G Suite account. Many customers, myself included, are feeling very alienated by this as it seems we would be better off using a free gmail account instead.
The other big change/annoyance is that Google now has an age limit. You are required to be 13+ years old in order to even have a Google account and use any Google services at all, even a free gmail account.
If Google finds out that a user is under 13 years old, they will permanently suspend that users account and will never ever reactivate or give that user or you (the parent) access to that account ever again, no matter the reason.
All these changes are a major problem for parents like myself, who used the original Google Apps for personal use. Like many, I used my Google Apps domain for my entire family and gave all my kids an account so that I could centrally manage their Android devices and permissions.
Under Google’s new rules, this is no longer allowed, so if your kids are under 13 and have a Google account of any type, they are at risk of having their Google account suspended and deleted, which has now happened to me twice.
In both cases the cause of the suspension was Google+. Everything was fine until they tried to use something which prompted them to setup a Google+ account. As soon as you enter your DOB on Google+, it suspends your account immediately if you are under 13.
This was a surprise to me since AFAIK Google+ was actually shut down last April. what I had not realised that they had only shut down the public (free) version but it will still active for G Suite customers.
The other ridiculous thing is that the age limit rule also means that your kids cannot use any Android device since this requires a Google account, which they are not allowed to have.
The only way around this is to use Google’s Family link, which again cannot be used with a G Suite account ( I tried), which is a real shame as it seems like it would be a really great app if I could actually use it.
You might think, ok, so I will just create another Google/gmail account and have that on my device alongside my g suite account and use that to manage family link. Nope, this is not possible either as Family link does not allow you to have 2 Google accounts on the same device, not even on the parent device.
So the only way you can use Family link is by having a 2nd phone just for this purpose. If you have an old Android phone lying about, then this may be a viable solution, but it needs to be Android 7 to work properly and use all the features. This wouldn’t, however, be viable if you want to use any of the other family services, which you would obviously want on your primary device.
As if this is not bad enough, when I realised that I could not use family link I had to delete my child’s Google account from their phone in an attempt to put it back to normal, this then completely bricked the device.
I was completely locked out of the device by family link due to it not liking me removing the child account, so a factory reset was the only option. But after a factory reset it wants me to login as the previous user, which fails every time. I have now bricked 2 old phones by attempting to use the family link so far.
Now I understand that Google has implemented these age limits in order to be compliant with COPPA, but they seem to gone completely OTT and heavy-handed with their approach and have further alienated a lot of their customers in the process.
I have become so frustrated and disappointed with Google over the last couple of years that am seriously considering cancelling my g suite account and moving my domain over to office365 or Zoho.
Recovering Data From a Suspended G Suite account
Your Google account has been suspended
As I mentioned above, I have been on the receiving end of Googles “no compromise” account suspension of my daughter’s account.
I pleaded with Google support just to unsuspend it for an hour so I could backup all her files from Google drive, but I was told by the agent that there was nothing he could do and the account could not be reactivated under any circumstances.
I asked if he could backup the files and send them to me, but the answer was also no, and I was told categorically that there was no workaround and no way I was ever going to get access to this account or the files.
So off the top of my head, I came up with a couple of workarounds, which surprisingly the support agent had never thought of, because it was not in his list of KB canned responses. Creative thinking doesn;t appear to be one of the skills of a Google support agent.
Rename the Account Despite what I was told, there is in fact 1 way to get an account reactivated, which is if the suspension was a mistake because you accidentally provided the wrong DOB and the user is in fact over 13. In which case you need to provide ID to prove your age and if accepted, the account will be re-activated. https://support.google.com/a/answer/1110339?hl=en
You will note in the above link it says there is supposed to be an option for the admin to change the users DOB, but this was not available to me, in fact I could not do anything with the account except delete it.
So I thought, what if I rename the account to be in my wife’s name, and then send them my wife’s ID as proof of age, thus getting the account reactivated.
Transfer files to another User When you delete a user from G Suite, it gives you the option to transfer all the files to another user. So I thought I could just create a new user for my daughter, delete the old user and transfer the files to the new user.
Option 2 was obviously the quickest and easiest solution, so that is what I decided to do, and it worked perfectly. Unfortunately, you cannot save the emails using this method, only the files, but this was not a problem for me.
I also then decided to re-create the original user, expecting this to not work because Google would know it was a previously suspended user. Surprisingly this also worked, the account was no longer suspended and worked fine. so I repeated the process, and deleted the NEW user, and transferred the files back to the original username.
Now let’s just hope that Google do not read this and decide to further screw us over by stopping us from performing either of the above workarounds.
I have been a BitDefender customer for many years, using it on all my devices, both personal and business and recommending it to friends and clients.
For business and personal use by adults, BitDefender is an excellent security product with lots of great features and one of the top scorers in the industry for malware detection. I regularly recommend gravity zone to clients and I run it on servers I manage through my MSP business.
But if you plan on using the home edition (family pack) for protecting your children, then be warned that BitDefender fails miserably in this dept and should be avoided as any kind of security or parental control solution on your kid’s devices.
I have previously reviewed the BitDefender parental controls, so I won’t go over that ground again. If you want to know about the parental control failures then please read my previous article.
The reason for this article is due to the most recent change BitDefender has made to their product, making it an even bigger security risk for your kids, which is their integrated VPN.
VPN allows your kids to bypass your security and access porn
In the most recent version of the Bitdefender mobile security app for Android (and probably iPhone too), they have decided to include VPN functionality, which used to be a separate app, but is now fully integrated.
This VPN can be enabled with a single click of a button, at which point your child will be able to bypass any network security you have in place, any DNS filtering and parental control apps too.
I run multiple layers of security and filtering in an effort to ensure my kid’s Internet access is as safe as possible.
DNS filtering, which is applied at the router and on mobile devices
Mobile provider moderation, which blocks adult websites over the mobile network.
Router built-in security/filtering
MMGuardian on all my kids mobile devices.
So I was rather surprised to get an alert from MMguardian, telling me that my 12 year old son had been accessing an adult website he shouldn’t have been able to.
When I asked him how, he told me he has used Bitdefender VPN. Now when I had originally installed the BitDefender total security app, the VPN was not integrated but was a separate app, so he wouldn’t have been able to do this. Obviously this has changed and VPN has now been integrated into a recent update.
I confirmed this was the culprit. I tried to visit an adult website, and it was blocked by my DNS filtering. I enabled BitDefender VPN, and it completely bypassed all security and allowed unfettered access to porn and other blocked sites.
I contacted Bitdefender support ( which is almost always a complete waste of time) and explained the issue, and asked if the VPN could be disabled, as I had found no way to do so.
Despite the fact that experience had already prepared me for the expected lack of any kind of useful or knowledgable advice from Bitdefender support, the completely apathetic response still left me rather gobsmacked.
It has a limit of 200MB/ device, that’s barely enough to access a porn website
Ioan Gioada / Bitdefender Customer Care
So what Ioan Gioada is basically saying here in his completely apathetic and irresponsible response, is that it is perfectly acceptable for kids to be able to access porn and other unsuitable content, because it is limited to only 200MB.
Incidentally, it is 200MB per day, not per device. While this may seem like a trivial amount, this is of course beside the point. The issue is that it is possible at all, and 200mb is still enough for your child to access pornographic content, malware, phishing sites, chat apps and all the other myriad of dodgy apps and content which is no longer being blocked, even if it is only for a few minutes per day.
This, unfortunately, is the final straw for me with Bitdefender, and I will now be cancelling my subscription and moving to an alternative solution with parental controls that work and NO VPN.
Most likely I will be going back to my previous solution, Kaspersky, which appears to have vastly superior parental controls and family features these days, watch this space.
Cloudflare is a free DNS proxy service and has become the ubiquitous solution for any small website/business (as well as hackers, warez, porn or any controversial blogger sites) that want to hide their IP address and by extension, their hosting provider by hiding behind a proxy server.
In addition to the anonymising proxy service, it also has a bunch of neat caching, website performance and security features and DDOS protection too which can be a super-easy way to improve the performance and security of your website with very little effort.
There is no denying that the free version of Cloudflare is a very useful service. It does what t says on the tin and best of all, the free plan is suitable for most small business websites.
The problem is that many folks only do the bare minimum when setting up Cloudflare, which is fine if all you want is the caching and performance features. But if you also want to reliably hide your IP/host and have the DDOS protection then additional steps are required, which many (I suspect most) folks do not take.
Bypassing Cloudflare
If the required steps have not been taken to correctly and a domain is not fully and securely setup behind Cloudflare, then it is surprisingly easy to find out the origin servers IP and access it directly, thus bypassing Cloudflare completely.
The FREE plan that most people use will only proxy http requests, so everything else such as FTP, email, SSH etc has to be set to not use the proxy, which is DNS only and signified by the grey cloud.
CloudFlare DNS settings
If any of those services/DNS records which are not using the proxy (grey cloud) are hosted on the same server as your website, then you have revealed your origin servers IP address.
Any malicious hacker can then easily access your origin server directly, completely bypassing the Cloudflare proxy. This is easily done simply by using your local hosts file.
If you are using shared hosting, then you usually have everything on the same server (mail, dns, ftp, web, cpanel etc) and thus all your DNS records point at the same IP.
Here are some of the common records people have pointing to the origin server, which cannot use the Cloudflare proxy either because they are not an http service or use a non-standard port (not 80 or 443).
ftp.domain.com
mail.domain.com
cpanel.domain.com
whm.domain.com
MX records (which point to mail record)
testing.domain.com
SPF record
And usually, a whole bunch more which are created by your control panel.
So if I were a hacker or person with malicious intent, all I need to do is run a few lookups to find out all your dns records, and then test the IP addresses I find to see if any of them are your websites origin server and if so, do a reverse DNS lookup on that IP to find the hosting provider.
But let’s say you have been a bit savvy and have taken appropriate steps to hid your origin server IP and have also proxied your MX records as well, then what else can I do?
Well, my next step would be to send an email to a non-existent address @ yourdomain.com, which will result in a bounce message. In the headers of that bounce message, will be the IP address of the email server.
So if your email is hosted on the same server as your website, which is usually the case with shared hosting, then the hacker now has your origin IP, and can access your website directly, bypassing Cloudflare.
Another option would be to simply fill in your contact form or subscribe to your newsletter. Both of which are going to send me a confirmation email, which will also likely reveal your origin server.
For other ways that hackers can find your origin IP, take a look at this article by Gwendal Le Coguic @ Detecify.
Why is bypassing CloudFlare a problem?
Don’t let those hackers find your origin IP
Again this rather depends on why you are using Cloudflare to begin with. If you are only using the caching/performance features and nothing else, then it probably will not matter to you much. But if you are using Cloudflare for security or anonymity, then you have now lost both of these.
Once a hacker knows your origin IP, they can bypass every single feature that Cloudflare is providing for you, E.G.
DDOS protection
Web Application Firewall
Access controls
IP restrictions
Page rules
SSL encryption
If you have sections of your site protected by CF access controls or IP restrictions (such as your WordPress admin), then the hacker can freely bypass this and access all pages on your site.
If you are using the WAF (Web Application Firewall) to protect your site from intrusions, malware and brute force attacks, then this can also be bypassed.
An attacker will be able to launch a full-scale DDOS attack on your server once they know your IP, which will not only affect you, but every other customer on that server and probably the host’s network.
If you are using Cloudflare to hide the identity of your hosting provider, so that disgruntled or malicious companies or individuals cannot harass your hosting provider to take your site down because they did not like something you posted on your blog.
Once your origin IP is known, you lose all of these things.
How to protect your origin server IP
Do not have any DNS records which point directly at your origin IP without being proxied.
For non-http services that cannot be proxied, such as FTP, then simply do not have a DNS entry at all (e.g. ftp.yourdoamin.com) and instead use the IP address directly to access FTP.
Proxy your email through a spam filtering service or use an external email solution instead, such as G Suite, Office 365, Zoho etc.
Do not send any outgoing mail from the shared hosting server. Either send through your external email provider or use an SMTP relay service such a Mailgun or sendgrid.
Disable XML-RPC Pingback on your website
If you have any sub-domains, make sure these are also proxied and apply the same rules. Unless of course they are hosted elsewhere and do not need protecting.
At the end of the day, even if you take all the steps possible to hide your origin, it is possible to bypass cloudflare, you are simply relying on the fact that nobody will find your IP.
If security is a major concern for you, then ideally you need to be looking at a dedicated hosting solution where you have direct firewall access and can restrict incoming requests and block anything not coming via cloudlfare.
How to prevent Cloudflare bypass on shared hosting
If you are using a shared hosting provider, you will likely find it impossible to hide your original IP for the reasons mentioned above, at least not without spending more money.
Here’s a alternative solution involving a Cloudflare Worker, a few .htaccess directives, and a Cloudflare Firewall Rule, which will help you better lock down your site to the cloudflare IP instead or or as well as hiding the origin IP.
With a very simple Cloudflare Worker, we can add a request header that Cloudflare will send from its edge to your origin, and therefore won’t be visible to site visitors. The word “edge” refers to any of Cloudflare’s over 200 datacenters, and “origin” to the server at your hosting provider where your website is located.
As long as you keep the header name and value secret, any request not coming through Cloudflare will trigger a rewrite condition at the origin server, and will be redirected back to, well, Cloudflare — where the Firewall Rule will block it.
addEventListener('fetch', event => {
event.respondWith(handleRequest(event.request))
})
/**
* Send header to origin, allowing for
* .htaccess to block requests
* not coming from Cloudflare
*/
async function handleRequest(request) {
// Make the headers mutable by re-constructing the Request.
request = new Request(request)
request.headers.set('Secret-Header', 'SeCrEt-k3y')
return await fetch(request)
}
Copy
The header name and value could be anything permissible under Apache’s specifications. But you should refrain from using non-alphanumeric characters, other than perhaps a dash or an underscore, as they may lead to parsing issues during the chain of events.
To confirm the Worker is working properly and sending the specified header you set on Cloudflare, you can add an .htaccess directive to make your origin server return that request headers back as a response header. So if you name your header “Secret-Header”, you can try adding this directive to your .htaccess file:
Header echo Secret-HeaderCopy
The above .htaccess directive takes no value, only the name of the header.
You can verify the presence of the header and value using your browser’s Developers Tools or similar web page inspection feature.
Once you are satisfied that the Worker is doing its job correctly, you should rename the header, and add the directives to your .htaccess file.
.htaccess
Place the following directives at the top of the.htaccess file.
# Route visitors not coming from Cloudflare to, well, Cloudflare
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
# Both the header and the value should be kept secret
RewriteCond "%{HTTP:Secret-Header}" "!SeCrEt-k3y"
# Uncomment and edit w/ IP of services such as certs, cron, Softaculous etc
# RewriteCond "%{REMOTE_HOST}" "!^xxx\.xxx\.xxx\.xxx$"
RewriteRule .* "accessdenied.php" [R,L]
</IfModule>Copy
These directives check every request to see if it comes with a request header named “Secret-Header” and if its value contains or not the string “SeCrEt-k3y”.
Requests coming from Cloudflare will have the proper header and key, and therefore will not be redirected.
But requests coming directly to the server, bypassing Cloudflare, will not have the header, or not have the key, and will be redirected to a non-existing file. You can call this file anything. It is named here accessdenied.php.
To verify that the .htaccess is working properly and is actively blocking attempts at reaching your site via IP address, you can use the following Curl command in your command line terminal:
# Replace example.com/1.2.3.4 with your domain and its IP address
curl -svo /dev/null https://example.com --connect-to ::1.2.3.4Copy
The response may contain lots of information on the SSL negotiation, but should also include the following lines, confirming the redirect to the accessdenied.php URL:
The name accessdenied.php points to a fictitious, non-existing file. You need to create a Firewall Rule so that Cloudflare blocks it should the bot follow the redirect set by the .htaccess directive above (not all bots follow redirects):
The reason we prefer to redirect these requests to Cloudflare instead blocking them at the origin is because a redirect consumes less bandwidth and CPU than a 403 error page. We could rewrite the 403 error page down to a few bytes, but we prefer to keep the site functional for legit visitors, and that includes meaningful error pages whenever they face one.
Blocking intruders at Cloudflare also sends the right signal to probing hackers, that your site has the right configuration in place.
One consequence of this approach is that if you monitor your origin server logs, you’ll find it may contain both regular 302s as well as 302s for the URLs the occasional bot may be trying to reach.
The Cloudflare Firewall Events log will then have the entries for the blocks executed for URL "/accessdenied.php".
Legit Bots, Cronjobs, Etc
After implementing this solution, you may find that there are 302s on your server log that have no match on the Firewall Events log. This is because bots may be programmed not to follow redirects.
Also, it’s important to note that legit bots may be accessing directly your site to provide services such as cronjobs, certificate renewals etc. For these situations, there’s a bypass rule on the .htaccess directives above. You just need to uncomment and edit it to include the service’s own IP address.
Cost Issues
Cloudflare Workers is a paid service, and it starts at $5/month for the first 10 million requests. If you exceed that limit, you’ll be charged $0.50 per up to 1 million additional requests.
While this setup was tested in a Cloudflare Workers “free tier”, it may not be ideal to use the free tier on a production website, as it has some limits. Those monthly and hourly limits, if reached, will make your site break and generate 1015/1025 error pages for the duration of the rate-limiting period — something about which site owners have no control. Feel free to try it though. Just because it didn’t work on my site it doesn’t mean it won’t work on yours.
Keep in mind that Cloudflare will count each request, not each visit. If one visitors goes to a landing page on your site, that page’s HTML will request many other URLs for the images, fonts, CSS and JavaScript files, and so on.
Though the header will only be sent when Cloudflare doesn’t have the requested file in its cache, the worker will run (and therefore count towards your monthly limit) every time a visitor navigates on your website.
As with any usage-based Cloudflare product, I strongly recommend that you set a notification to avoid billing surprises. When properly set, Cloudflare will notify you via email once a certain volume of Workers requests have run. You can set an email notification by visiting the Billing section of your account on the Cloudflare dashboard. Make sure you include an email that doesn’t have delivery issues. Instead of using, for instance, the standard admin email of your WordPress installation, perhaps you should use Gmail, Outlook, or any other trusted third-party email provider.
Did you know that most electronic devices and the majority of the Internet-connected devices (IOT) can be hacked?
In this article, we will look at some hacking statistics to illustrate the impact of hackers’ activities in modern society. Naturally, hacks are a great concern for website owners – but the truth is that all Web denizens are susceptible to hacking activity.
In the text below you will find some fantastic stats which will help us to find out:
Which is the biggest bank heist that was pulled off by cybercriminals?
Which is the most significant data breach of our time?
Are ATMs vulnerable to hacker attacks?
When did the first hack happen?
Also, we’ll visit the dark web’s markets to see how much it costs to buy a new identity.
Now let’s get started with some hacking stats.
There is a hacker attack every 39 seconds
Russian hackers are the fastest
300,000 new malwares are created every day
Multi-factor authentication and encryption are the biggest hacker obstacles
You can become an American citizen for $6,000
The cost of data breaches will increase to $2.1 trillion globally in 2019
The cybersecurity budget in the US is $14.98 billion
Sounds scary, doesn’t it? Let’s delve in deeper and find more details about each one.
Outrageous Hacking Statistics
Some of the cyber breaches are audacious, others outrageous, yet others simply stunning.
1. There is a hacker attack every 39 seconds.
(Source: Security magazine)
By the time the average person takes a selfie and uploads it to Instagram, the next hacker attack has already taken place.
2. Cybercrime is more profitable than the global illegal drug trade.
(Source: Cybersecurity Ventures)
The profit from the illegal drug industry amounts to around $400 billion annually. For comparison, cybercriminals have earned a total of around $600 billion in 2018.
3. Hackers steal 75 records every second.
(Source: Breach Level Index)
Cybersecurity facts show us the average number of record stolen per second. Breaches are actually a lot rarer than that – it’s just that each breach allows for a lot of records to be stolen.
4. 66% of businesses attacked by hackers weren’t confident they could recover.
(Source: Fortune)
Most businesses don’t really know if they’re prepared for a cyber attack. Actually, 75% of all businesses don’t even have a formal cyber attack response plan.
Cyber attacks statistics reveal that in 2018:
5. 73% of black hat hackers said traditional firewall and antivirus security is irrelevant or obsolete.
(Source: Thycotic.com)
According to the same survey, 80% of hackers say “humans are the most responsible for security breaches”.
6. The cybersecurity budget in the US is $14.98 billion in 2019.
(Source: Statista)
In just two years, the U.S. cybersecurity budget rose by almost 14%. It used to be just $13.15 billion in 2017.
Like everything, there’s a balance in the cyber-world as well. Hacking facts show that:
7. White hat hackers earned over $19 million in bounties in 2018.
(Source: HackerOne)
What’s interesting here is that 81% of them learned their craft mostly through blogs and educational materials online. Only 6% completed a formal class.
8. There are over 715,000 cybersecurity experts employed in the US alone.
(Source: Cyberseek)
There were 313,735 job openings for cybersecurity experts until August 2018. This number will continue to grow as we’ll see a bit later. Cybersecurity statistics assure us this will be one of the best paying jobs in the near future.
Are you learning stuff? Good, those stats are awesome. All these numbers look impressive, don’t they? There are more to come, but let’s pause for a second to see the world through hackers’ eyes.
For example – if you see new technology, the first logical question you may pose is – “What does it do?”
Hackers see it differently, though – their question is “What can I make it do?”
These statistics on hacking may not help us understand how a hacker thinks, but we can make some definitive conclusions about their nature.
First off, let me explain the difference between a black hat hacker, a white hat hacker, and grey hat hacker.
Black hat hackers are hackers with criminal intent.
White hat hackers are hired to test the security of a system. They have permission to do it.
Grey hat hackers don’t have criminal motives, but once they start exploiting a system, they can break some laws.
Now that we have the basics, let’s continue with some…
Stunning Hacker Statistics
The statements below are checked facts, not empty statements.
9. Russian hackers can infiltrate a computer network in 18 minutes.
(Source: Crowdstrike)
Want to reread the above stat? 18 minutes. I drink my morning coffee longer than that.
Russian hackers aren’t wasting any time when they put their mind to it. North Korean hackers need just under two and a half hours. Chinese ones take longer – about 4 hours.
10. Hackers are the average American’s biggest fear.
(Source: Statista)
1% of Americans are wary of hackers stealing their credit card or financial info. Considering how many cyber attacks happen per day in the US, we can understand why that is. US citizens also worry about the possibility of identity theft – 67%.
The possibility of being assaulted or killed by a co-worker where you work – 7%. I sure don’t want to go to their office.
11. You can purchase a consumer account for $1 on the dark market.
(Source: RSA)
You can buy a bus ticket for a dollar. Or you can buy a ticket to an eCommerce site. The choice is yours.
When looking at data breach statistics, we can see that billions of records have been stolen. This created an abundance of credentials for sale, which reflects on their price. Bank accounts still cost more – between $3 and $24 apiece. Most other online accounts cost $1 or less.
12. More than 6,000 online criminal marketplaces sell ransomware products and services.
(Source: McAfee)
A total of 45,000 products are on sale there. If we add all non-ransomware products and services, the number will easily exceed 1 million.
13. 444,259 ransomware attacks took place worldwide in 2018.
(Source: Statista)
Almost 1 in 4 (100,907) occurred within the consumer marketplace.
Hacking statistics for 2019 also show us that:
14. Hackers create 300,000 new pieces of malware daily.
(Source: McAfee)
I guess some people’s fingers never sleep. Let’s hope cybersecurity specialists are up to the task.
And speaking of cybersecurity specialists:
15. There will be 3.5 million cybersecurity jobs openings in 2021.
(Source: Cybersecurityventures)
There are almost 314,000 job openings for cybersecurity specialists in the US alone as of October 2018. Cybersecurity Ventures expects that cybercrime will more than triple the number of job openings over the next five years.
Now let’s have a break from the hacking statistics for a while.
See, hackers are like you and me in a way. They are curious about the world and themselves. Some of them describe hacking as an adrenaline rush. All people have “their thing” – some dance, some climb mountains and so on. Hackers exploit vulnerabilities. Come to think of it – it’s like a puzzle. Put all the right pieces together, and voila.
Now let’s imagine a situation. You are in a hotel. There is a TV in your room. What do you see? “A TV”, most of you would say. What does a hacker see? A gateway to the hotel’s network. It’s similar to any other target.
How and Why Were Companies Hacked in 2018
Businesses are deemed lucrative and often easy prey. So business owners must be ever vigilant, thus choosing a good hosting provider, such as Guru or GetFlywheel is an important step in the right direction.
16. 65% of companies have over 1,000 stale user accounts.
(Source: Varonis)
Stale accounts and outdated permissions are targets for exploitation and malicious use. Hackers desire data, and they can get it by hijacking an account.
While we’re on the topic:
17. 32% of black hat hackers admit privileged accounts are their number one way to hack systems.
(Source: Thycotic)
Seizing such an account could be pretty easy with a simple phishing attack.
18. 75% of all attacked business reported fraudulent emails.
(Source: Cyber Security Breaches Survey 2018)
Fraudulent emails as part of a phishing strategy are still a hacker’s favourite tool to obtain credentials.
Computer hacking statistics also show that:
19. 15% of UK businesses lost control over a network to a hacker.
(Source: Cyber Security Breaches Survey 2018)
Unauthorized use of systems, computers or servers from outside entities rose by 5% in 2018.
20. Companies protect only 3% of their folders.
(Source: Varonis)
And 88% of companies with over 1 million folders have over 100,000 folders open to everyone. Certainly makes a hacker’s job easier.
Lousy protection is one of the main reasons why…
21. 43% of UK businesses have reported breaches or attacks in the last 12 months.
(Source: Cyber Security Breaches Survey 2018)
Cyber attack statistics show 72% of large companies report such events.
22. Up until March 2019, more than 14 billion data records had been lost or stolen.
(Source: Breach Level Index)
The exact number as of March 27, 2019, is 14,717,618,286. Only 4% of these breaches were “Secure Breaches”, meaning the data was encrypted and therefore rendered useless.
So far we’ve looked at the possibilities for hackers to cause damage. Now let’s check out some examples of their handiwork:
How Giants Fall – Data Breach Statistics
The numbers in some of the biggest data breaches are stupefyingly big.
23. Yahoo’s data breach – 3 billion compromised accounts.
(Source: CSO)
It’s quite a story. In 2016 Yahoo admits the truth about the most significant data breach in history. They publicly state that 500 million users’ accounts were compromised in 2014.
Later the company declared there was another breach in 2013 with another 1 billion compromised accounts. Finally, in 2017, Yahoo said the whole truth – the attacks had compromised a total of 3 billion user accounts.
It is still the most significant data breach in history.
One of the recent big hacks happened in 2017, when…
24. 209,000 payment card numbers and expiration dates were stolen from Equifax.
(Source: Reuters)
146.6 million names, dates of birth and 145.5 million US social security numbers were taken as well from the credit monitoring firm.
25. Marriot International – 500 million users’ data stolen.
(Source: CSO)
In 2018 Marriot International discovered attackers, who had remained in the system since 2014. The hackers stole the credit card numbers and expiration dates of more than 100 million customers. The other 400 million lost “only” some part of their private info – names, passport numbers.
And here’s what the hacked companies will have to pay in 2019:
26. The cost of data breaches will increase to $2.1 trillion globally in 2019.
(Source: Juniper Research)
Well, that’s more than Italy’s GDP in 2018. Тhis number has increased almost four times since 2015.
Since we started talking about money, I want to ask you a question – where is the money?
Once upon a time, there were some people with lots of money. They had so much money, they had to build a house for their money. And that’s how banks appeared.
In the next section, we’ll take a look at the banks hacked in 2018. What do criminals do with banks? They rob them. Cybercriminals do the pretty much the same thing, in a more subtle way.
27. Hackers siphoned off $13.4 million from Cosmos Bank in India.
(Source: Hindustan Times)
In 2018 Cybercriminals hacked the bank’s servers on August 11 and 13. The culprits stole the card details of around 12,000 Visa cards.
Long story short – the hackers made it rain 15,000 transactions later.
The next one is really exciting. It makes Jesse James look like a harmless kid on the path of righteousness (his dad was a preacher).
One of the most interesting hacking facts online is that:
28. The Carbanak gang of hackers has stolen over $1 billion in total.
(Source: Kaspersky, Securelist)
We can’t classify this as the biggest bank robbery in history, but it sure is interesting. They targeted around 100 banks around the world, and it took 2-4 months to siphon the money out from each one. The losses per bank were up to $10 million each. The cybercriminals started to test the Carbanak malware in 2013, and it’s still on the loose.
The good news is in 2018 the authorities caught the mastermind in Spain.
These next few cyber hacking statistics visualize how much cybercrime can cost us.
29. Cybercrime cost the world almost $600 billion in 2018.
(Source: McAfee)
This number amounts to 0.8% of the global GDP.
To acquire such amounts of money, black hat hackers need specific tools. You can’t find most of them just anywhere. Where do they get them? Let’s find out.
Dark Market Stats
The dark web’s customers may find almost everything there. Thankfully the light side has some tricks prepared to change the cyber attacks statistics in 2019
30. 68% of black hat hackers say multi-factor authentication and encryption are the biggest hacker obstacles.
(Source: Thycotic)
Use 2FA whenever possible. Just a tip.
The dark web can’t help you much with 2FA, but there’s a lot of stuff you can buy if you have some Bitcoins ready.
31. For as low as $1.25 you can get a Netflix account.
(Source: Wondershare, dr.fone)
Netflix streaming is one of the standard hacking services and widely available. For a small fee, you’ll receive the email and password of someone’s Netflix account. Just imagine how many people’s credentials have been hacked or stolen for the price to get this low.
32. You can purchase the WinPot malware for 1 bitcoin.
(Source: Securelist)
Don’t know what WinPot does? Nothing much ? It only makes the ATMs by a popular ATM vendor dispense all the cash from their cassettes.
By the way, did you know that
33. 92% of ATMs are vulnerable to hacker attacks.
(Source: PTSecurity)
There are several ways to hack an ATM, but consider this – if your card data is stolen, then 100% of ATMs would be vulnerable to this kind of attack.
When talking about the dark web and hackers, a question arises – How many hackers are there?
No one knows.
But we can make an educated guess based on the following stat:
34. The Tor network had more than 2.2 million users in 2017.
(Source: Europol)
The dark web hosted almost 60,000 unique onion domains, and around 57% of them hosted illegal content.
And one more interesting fact for the dark market, before we move on:
35. You can become an American citizen for $6,000.
(Source: Blackhat)
You can also buy a fake passport + driving license + ID card from different countries if you can spare 700-900 euro. (approx. $787-$1010 at the exchange rate at the time of writing)
Let’s move on from the hacking statistics of 2018.
Hacking isn’t all about criminal masterminds and cybersecurity. Sometimes it’s fun, and I have a list for you.
Curious Hacks
Not all cyber attacks are malicious or vicious. Hackers have a wicked sense of humour.
36. Operation Cupcake
(Source: Washington Post)
In 2011 MI6 took down the instructions for bomb-making from an online al-Qaeda magazine and replaced them with recipes for cake. I guess the Taliban didn’t fall for it since there were no exploding muffins in the last eight years.
37. #Lil’ Trump
(Source: Eonline)
This is one of the hacking facts I’ll cherish in my memory. In 2013 Donald Trump’s Twitter account was hacked, and the hacker posted some Lil’ Wayne lyrics.
38. Thunderstruck
(Source: Daily Mail)
In 2012, Iran’s nuclear facilities were under cyberattack. The hackers forced workers at two of the nuclear facilities to listen to AC/DC’s Thunderstruck repeatedly at full volume. Even if you’re a fan, it can still annoy you at some point.
39. Friendless Samy
(Source: YouTube)
In 2005 Samy Kamkar took down MySpace. For our younger readers, MySpace was a social network like Facebook, only cooler. If someone shuts down Facebook now, it would be one of the biggest hacks of 2019. However, Samy didn’t want to shut down MySpace. All he wanted was…some friends. To achieve his dream he wrote a worm, exploiting a vulnerability in MySpace. Infected profiles became “friends” to Samy’s page. And then their friends as well and so on. It took Samy a day to get a million friends on his page. MySpace couldn’t take it.
40. The first hack
(Source: TheAtlantic)
In 1903 Guglielmo Marconi (the father of modern radio) was ready to transmit a message via the first wireless broadcasting technology. It used the same system as the telegraph. When he was prepared to send the message, the apparatus began to tap out a message in Morse code. The word was “RATS”, repeated over and over again. The first of the many hacking cases to come in history happened because the radio’s channel wasn’t as private as Marconi thought. More than a century later we still have the same problem.
Conclusion
Well, that’s all folks. I hope you found this article helpful and interesting. We learned some cool facts together and we saw the world of hackers is not just about money. Curiosity and ethics play a large role as well.
Deploying an effective parental control solution is hard, in fact it seems to be getting harder as technology in this area does not seem to be progressing to cope with the ever-growing number of internet-connected devices we have in our home.
In my house, we have over 25 internet-connected devices. Multiple Amazon fire devices, tablets, phones, games consoles, and PC’s. All of which I have to make sure are kid-safe by default.
In the case of my Fire TV/sticks, there is no simple solution, as there is no security apps to install, and even putting a pin on the devices does not stop any apps being installed (such as browsers or youtube) if they have been previously installed on ANY device in your amazon account.
As you will know if you have read my other articles on parental control, I have tried out quite a lot of products and services in my quest to find the perfect parental control solution.
I have tried several DNS content filtering services, including the popular OpenDNS. In most cases, they are either lacking n features, most commonly no way to lock down safe search or are corporate solutions and either was not suitable for parental controls or were prohibitively expensive.
Then I recently came across CleanBrowsing, which is specifically aimed at family filtering and at a reasonable price too. In my initial tests using the free service, it seemed like it was exactly what I was looking for, it had all the filters I needed, safe searching for google and youtube and custom profiles, so my hopes were high.
So based on my initial tests, I decided to upgrade to the paid service, naturally assuming this would be superior to the free service and the ability to create a separate profile for each child or device would give me everything I need.
Sadly this is where everything started to go downhill and the service did not perform as expected.
I created a default profile that would be applied to the router and thus used by all devices in my house by default. This profile would block everything not safe for kids, but alas this is where the problems started.
The primary devices I wanted to use the default profile were all the Amazon fire devices since they have no way to install the cleanbrowsing VPN and I had no way to lock down the DNS settings.
This is where I first noticed the issues. My kids were able to access sites and services via the FireTV which were supposed to be blocked as were some of the mobile devices. I even did a complete factory reset on a couple of old phones to test, and they also were able to access blocked services using the default profile.
I had also created separate profiles for my older kids, allowing them access to some of the blocked services, such as social media and youtube. In this case it was having the complete opposite issue. Services & sites which I had allowed, were still being blocked.
Sadly support were no help at all in resolving these issues. I exchanged dozens of emails trying to solve this but got nowhere. I seemed to spend far too much of my time going round n circles repeating information I had already provided and referring to previous emails and screenshots.
In the end they just gave up and said they had no idea why it was not working, and refunded me.
The only part that seemed to work properly was the VPN. So far I have not had any issues with the phones running the CleanBrowsing VPN app.
Although the one very annoying issue with the app is that it is not available on the Google Play, you have to disable security and allow external apps to be installed (not mentioned in the docs) and download it from their website.
There is no app available for iPhones, you have to perform a PITA manual DNS configuration that you must perform with a 3rd party app (DNS cloak), which frankly is likely going to be too difficult for any parents who are not very tech savvy. But then I do not recommend giving iPhones to kids anyway, due to the lack of security and parental control in general.
CleanBrowsing support claim that I am the only person ever to have these problems and that it works perfectly for everyone else. This smells like Deja-Moo to me (when you have smelt this Bullsh*t before) and I don’t believe this for a second.
I won’t say don’t use CleanBrowsing, as maybe the free service is sufficient for you, and that worked fine for me, as did the mobile VPN and you may find that you do not suffer from the same issues as me with the paid service.
However, given my experience, it is definitely not a set it and forget it service, and I would not trust CleanBrowsing to be doing its job unchecked and would recommend regular weekly checks of your devices to make sure the filtering rules are still being applied.
SafeDNS
At time of writing, I am currently using SafeDNS instead, which so far has been more reliable in restricting content. Sadly the free version does not include safe search and youtube restricted mode, but its only $20 per year for the pro version.
The setup for mobile devices is pretty awful, they do not have their own mobile app like Cleanbrowsing and instead rely on manual configuration using openVPN which is very clunky and might be a problem for non technical parents. I really hope they improve this and get their own simple mobile app developed.
UPDATE: SafeDNS does now have their own mobile app.
Almost all websites need to send out emails for one reason or another, whether you are sending out emails from WordPress or any other CMS system, the most common reason being your contact form, but there are plenty of other emails which website owners often do not consider when checking email deliverability, such as:-
Notifications to your blog or newsletter subscribers.
Plugin notifications
Notifications, warnings or reports from your security plugins
comments on blog posts
Register emails
Password reset emails
There are many issues which can affect your outgoing email deliverability and getting your website to send out emails reliably can sometimes be a problem.
Some of the common questions I see on my WordPress groups include:-
“why are emails from my website going into junk mail folder”
“I am not receiving emails from my contact form”
“emails from my website have vanished”
Here I will cover some of the things you need to check and configure to ensure that email from your website is sent reliably.
Check email FROM address
This is one of the most common causes I find when troubleshooting email issues for clients.
When you send out email from your website, you must make sure that the email is sent FROM your own domain, i.e. the domain of the website where the email is being sent from.
I will often find that clients have set their forms to use the email address of the person filling in the form. As a result, the email is going to fail any authentication checks and will be flagged as spam or blocked (see below).
If you want to be able to reply directly to the person who completed the form, then you should set their email as the REPLY-TO header instead. Most form plugins will allow you to do this.
Email Authentication
One of the key factors in making sure your email does not get flagged as spam and your domain does not get blacklisted is email authentication. There are multiple authentication methods available, which include SPF, DKIM and DMARC.
Getting all of this setup is referred to as domain alignment, and this is something most website designers and owners do not understand and do not do, and is thus the most common reason for emails being flagged as spam and also for emails being spoofed from your domain.
SPF is the most widely deployed solution and should suffice for the purpose of this article, so is the only one I will discuss here. However, I would suggest that you follow the links above and educate yourself on all the methods to further mitigate spam and blacklisting problems.
SPF (Sender Policy Framework)
What it is: SPF is an email authentication protocol that allows the owner of a domain to specify which mail servers they use to send mail from that domain.
How it works: Brands sending an email will publish SPF records in the Domain Name System (DNS). These records list which IP addresses (servers) are authorized to send email on behalf of their domains.
During an SPF check, email providers (MTA’s) verify the SPF record by looking up the domain name listed in the “envelope from” address in the DNS. If the IP address sending the email on behalf of the “envelope from” domain isn’t listed in that SPF record, the message fails SPF authentication and thus receive a spam score.
There are no specific rules about how to treat an email failing an spf check. Different providers (MTA’s) will apply different rules, some will just give it a spam score and some will reject the email altogether.
Why it matters: An SPF-protected domain is less attractive to phishers, and is, therefore, less likely to be blacklisted by spam filters, ensuring legitimate email from that domain is delivered.
Your SPF records must cover all servers/IP’s that will send mail for your domain. You can use the SPF wizard to create your SPF record.
Backlist Monitoring
Is your domain blacklisted?
Blacklists are another common issue that most website owners are not aware of. Server IP addresses and domain names often get blacklisted due to sending spam, which results in your emails being blocked.
If you have not done your domain alignment, anyone can spoof emails from your domain, this could be spam, phishing emails, scam emails etc.
Most mail servers (MTA) will be set to check a number of blacklists for each incoming email, and if either the sending MTA or domain is on any of those blacklists, this will increase the spam score. Different providers will use different blacklists and apply different scores.
This is a common problem for hosting providers, especially where everything related to your domain is hosted on the same server, which is the setup for most cpanel hosts.
So if any other customer on the same server is sending out spam, or their website gets hacked, then this will affect your domain reputation as well.
I recommend that you set up blacklist monitoring for your domain in order to keep tabs on this problem.
There are a ton of blacklist monitoring services out there, but the ones I use are MX Toolbox and Hetrix Tools.
This is one reason why I do not recommend to use your web server for sending email, instead use an external service (see below).
Use SMTP
The default when sending email is to use PHP Sendmail, this will result in emails being sent from the default server address instead of your own domain, which if you have done your domain alignment, which causes the emails to then fail authentication/alignment checks at the receiving MTA.
To ensure proper authentication of your outgoing mail and also for better reliability, you should send out emails using SMTP, from a mailbox setup specifically for this purpose. E.g. website@yourdomain.
Due to the reasons mentioned above, for the best reliability and business continuity, I generally recommend separating your email from your website hosting and using an external email provider such as Google G Suite or at the very least an SMTP relay service for your website email.
There are several SMTP plugins available for WordPress which make this extremely easy. I personally like to use WP Mail SMTP.
Gmail or G Suite
If you use Gmail or g suite, then you can use this account for relaying email from your website too. However you should be aware of the following caveats.
The Gmail sending limit is about 100-150 emails per day via SMTP. The limit via the Gmail interface is 500 per day.
The limit for Google Workspace accounts is 2000 emails per day, which is more than enough for most sites. See here for more details.
If you use your own email account to send smtp mail, remember that changing your email password will break outgoing email from your website, so you must remember to also change it on your website too. It is better to have a separate email account just for sending email from the website.
Setting up a dedicated mailbox will incur addiitonal cost as you will need to use up a workspace license.
If you are a G Suite customer, then you can also use their SMTP relay service instead, which would be preferable.
If you use WordPress then I suggest using the gmail-smtp plugin, which uses OAuth to send emails instead of authenticating with your username and password, however be aware that will still stop working if that user changes their password.
I use Mailersend these days, which has proved to be very reliable, gets blacklisted far less frequently than othe rI have used, and has a free plan with 120,000 emails per month.
You also get lots of advanced features with these services, such as mailing lists, tracking, bounce processing, logs, analytics and more.
As with any bulk email relay service, they are sending millions of emails per hour, and their IP’s do get blacklisted, which can cause some issues as they do not always do a brilliant job of monitoring the blacklists and getting IP’s removed.
However most do have the option of a dedicated IP address if you are willing to pay, which means you are the only domain sending email from that IP address, so the only person that can get you blacklisted is you.
Testing
Once you have everything setup, you then need to test your domain alignment and that emails sent from your website are not being flagged as spam.
This handy mail tester tool from Mailgenius makes that super easy.
If you need any help with email authentication, domain alignment, blacklist removal, mailing lists or anything mentioned here, feel free to get in touch.
There’s no doubt that using a password manager has saved me a lot of time and headaches – by remembering and filling passwords for me. But what many people do not realise is that password managers like 1Password, LastPass or Dashlane can be used for a lot more than just passwords.
There is lots of information besides passwords that most people need to access and use in their day-to-day life, online and offline. Whether you are booking your next family holiday, submitting forms online, or filling out a job application, there are all sorts of details that you need to have on hand, sometimes when you least expect it.
I will focus on LastPass in this article simple this is the password manager I use. There are however many other options available.
Why store more than passwords in your password manager?
With templates for many different types of information, my password manager is the perfect place for me to store all those other details. Rather than rifling through stacks of papers or worrying about losing or damaging important documents when I carry them in my bag, I can keep secure, digital records that go everywhere with me!
A few reasons I store digital records in LastPass:
No matter where I am or what device I’m using – from a computer to my laptop, tablet, or Android phone – I know I can always log in to LastPass to access information
Sensitive details are encrypted, so I know they’re safe
Even if I don’t have WiFi or a data connection, I can log in to LastPass offline and view the data I need
Because we both use LastPass, I can share everything with my wife in a Shared Folder so we both can access and use the stored records
What items to store in your vault
When it comes to organizing your important information, here’s what I recommend storing for extra convenience:
Passports
If you’re planning a trip, especially internationally, you’ll likely be asked for your passport information. Rather than searching through a file cabinet or stack of papers, having a digital record of it ensures you can quickly look up or copy-paste the details you need.
It is also useful to have a record of this information just in case you lose your passports.
In LastPass, you can use the “Passport” option to store each family member’s passport. You can even use upload a photocopy or picture of the passport as an “attachment” to the note. Other password managers also have similar.
Driver’s License
You may carry your driver’s license in your wallet, but there are other times besides driving where you may need to look up your license number. Filling out job applications, applying to rent an apartment, booking flights, or renting a car are all situations where your driver’s license may be requested. A quick search in the vault for your license ID is much more convenient.
In LastPass, use the “Driver’s License” option to store each family member’s license information. Again, you can upload a photocopy or picture of the license to the note,
Payment Cards
If you’re like me, you probably do more shopping online than you do in real life. When using a card for payment, every purchase requires entering your credit card and billing address. With those details saved in LastPass, it’s just a few clicks to complete the checkout process.
In LastPass, use the “Payment Card” option to store all debit cards or credit cards.
Social Security, NHS and other Numbers
It’s not often you’ll need to use your Social Security, NHS or national insurance number, but having it stored for every member of the family makes it easier on the rare occasions it does come up.
I have my own NI number memorized, of course, but haven’t memorized the numbers for my other family members and I have no idea what my NHS or driving license number are. When I need to reference it for signing into a financial account or filling out a form, it’s so much easier to look it up in LastPass than to try calling my wife or go hunting in our paper files.
In LastPass, you can use the “Social Security Number” option to store each family member’s SSN.
For other specific ID’s that do not have their own record type, I recommend using the custom template option to create a card to hold all desired ID details each person. I personally have a single custom type to hold ALL ID’s on a single card.
Insurance Cards
Though you may carry your medical, dental, and other insurance cards in your wallet, there may be other times when a digital record is handy. Having a record in LastPass makes it easier to copy-paste the ID number and other details if it’s requested on any forms.
In LastPass, use the “Health Insurance” option to store details on your insurance cards.
Using your password manager as a Convenient Vault for Everything Else
If you have other family members – or even roommates or friends – who may need access to those records, too, you can share them via all the popular password managers. In LastPass Families for example, a Shared Folder is a convenient way to share many records with others.
Of course, the list above is just a small sample of the types of information you can – and should! – store in LastPass for added convenience. Other pieces of information you may want to add to LastPass include: addresses (think billing and shipping), WiFi passwords, bank accounts, membership numbers, security questions and answers, prescriptions, and information for computers and important devices.
Your LastPass vault is the perfect place to store anything you may need to look up or want to ensure you have a secure digital record of. Set aside some time to add these important details to LastPass for added convenience and peace of mind going forward.
Other Solutions
Password managers like 1Password, LastPass or Dashlane is great for storing the things mentioned above but it is not the best tool for all your digital storage needs though.
For digital storage of receipts, and asset management, including my home contents, I use Evernote.
For general document storage, I use OneDrive, which is easily accessible via one drive and the one drive app for Android has a handy document scanner too.
Ever since Google updated its “find my device” page for Android a couple of years ago, it has not been working for us.
We would still get the old version of the page with a message saying “This page cannot load Google maps correctly”.
Google find my device page
Clicking on the “try the new and updated find my device” link, would just redirect back to this same page.
The issue only affected my g suite account but not my regular, free, gmail account.
I tried contacting Google support back when I first noticed the issue but did not get anywhere since this is not a supported service.
Today I thought I would give it another try, and this time I got through to an agent more willing to help, and finally, we solved the mystery.
In your Google g suite admin you need to enable the “user device wipe on android” option.
This can be found under Device Management -> Android Settings -> General settings.
Check this box and click save, and you should now be able to access the new “find my device” page.
This is obviously a rather cryptic setting, and there is no logical reason why not enabling this option should just keep redirecting you to the old and broken find my device page. However the Google support agent did say it was “intended behaviour”.
I have been using BitDefender Total Security for some years now and as a cybersecurity, anti-malware solution it is very good and I recommend it to all my clients. In fact, it is generally considered the #1 solution is all AV tests I have seen.
Sadly the same cannot be said for the parental control features they shoehorned into the product a few years ago. In fact, it is not actually part of the product, it is a completely separate installation that you have to initiate via the BitDefender Central portal.
I have tried out the parental control features multiple times since they were first released, on all my kids’ devices (4 pc’s, tablets and mobile phones), and have always had nothing but problems. I could never rely on it, so have always used solutions and have now given up it all together.
The Issues with BitDefender Parental Controls
Install Parental Controls
I have used the app on Windows PC’s, Android devices and an iPhone 6. On the iPhone the app does virtually nothing at almost all of the features are not supported on iPhones.
Getting it to actually install and activate in the first place might be the first challenge. You choose the “install parental control” option from the portal, and it will often do nothing or will say it is installed when it isn’t.
Quite often you will need to manually install the parental control app, completely reinstall BitDefender and remove/add your child from the portal. This process will be required every time the parental controls stop working too.
When you do manage to get the parental controls installed, good luck with getting/keeping it working. It will randomly stop working with no explanation and no warning, if you check under devices it will often say “disconnected”.
Actually getting the individual features working in the first place is also very hit and miss.
Activity reports do not work
So far, I have not seen the activity report actually work properly at all. It either reports completely incorrect activity or no activity at all.
The website allow/block list is completely arbitrary and unreliable. Sometimes it will block sites which should not be blocked, sometimes it will allow sites which should be blocked.
Same with the screentime, it is completely unreliable. It will either not work at all or will ignore your settings and just block or allow access arbitrarily.
Child location tracking is completely useless. It does not update reliably if at all, and if it does have a location, you have no idea how recent it is. You could be looking at a location from hours ago, days ago or even weeks ago.
Social activity monitoring, more of the same and completely useless. The only social network it seems to support is Facebook, and this requires a Facebook app to be installed in their Facebook account, which the child can easily remove.
BD support have now told me (presumably as a result of seeing this post) that social media monitoring requires another premium subscription, which they have never mentioned previously and is not mentioned anywhere in the app itself.
Anisoara Stefan Technical Support Engineer
I have seen no evidence of any monitoring for twitter, Instagram, snapchat, whatsapp or any of the other apps that kids are using.
Any change you make to the parental controls via the web-based portal, requires the child’s device to be rebooted before it takes effect. This is not a bug according to BitDefender support, it is intended behaviour.
This makes the whole remote management via the portal completely pointless, you may as well go back to making changes directly on the device since you are going to need access to it anyway.
BitDefender support is terrible
The most frustrating part is when you have to contact BitDefender support. this has to be initiated via the live chat, and when they cannot solve the problem (which is 99.9% of the time) they then escalate it and open a ticket.
You will always have to chase them for days, weeks or even months for replies via email.
The support team will constantly contradict each other. E.G. when I complained that changes I made were having no effect unless I rebooted, I was explicitly told by multiple agents that a reboot is indeed required after any changes are made, and that this is intended behaviour. I then received the following contradicting response this week.
Settings are implemented without rebooting the device. Parental Control updates at an interval of about 20 minutes, however, if the device is rebooted the settings are implemented immediately. This is so that the device does not keep pulling updates constantly every minute having to cause issues to the performance of the device.
Anisoara Stefan Technical Support Engineer
The live chat agents are generally not very helpful and have no idea how the parental controls work at all and the answers you get are equally as repetitive and useless. E.G.
it is a problem with the version of BitDefender you are using, please update. Which of course never helps.
you need to install Bitdefender first. This is especially moronic, as If you did not have Bitdefender installed on the device, then the device would not be showing in the portal for you to install parental controls onto in the first place.
You need to remove your child profile and re-add it
You need to reinstall BitDefender
Bizarrely they do not think this is an issue how often you need to delete your child profiles and reinstall the app.
Summary
Stay away.
I cannot recommend BitDefender parent controls at all. It does not do what it claims and is completely unreliable. I think it should be illegal for any company to claim their app will protect your kids when they are this useless and unreliable. There really needs to be some regulations on this type of app.
Does google live up to it’s own motto “Don’t be Evil”
Part of getting your business seen online is SEO, and an important part of this is getting your business registered with Google my business and Google maps.
Not only have I had to do this for my own business and my wife’s business but it is a service I provide to clients. When it works, this is a simple process, which involves Google sending a postcard to the business address with a code on it, which you then use to verify the business address.
However, sometimes the postcard doesn’t turn up, or some miscreant might report your listing and claim it is fraudulent or misleading and gets it suspended for review, at which point you have to contact Google my business support and request manual verification, which is where things get ridiculous.
You would be quite right to think, why on earth would Google discriminate against small businesses, this makes no sense and completely contradicts the whole purpose of Google my business.
Yet I have had this issue myself a few times now, and most recently when I changed my own listing to add my virtual office address.
According to Harisha at Google my business support, in order to pass the manual verification, every business must provide photos of their premises, must have their own dedicated entrance which is not shared with other businesses and must show signage with the company name in front of the building, WTF?
These requirements are clearly unfair, unethical and discriminate against every small to medium businesses in the world that uses shared/managed office spaces, people who work from home (including disabled people) or have virtual offices.
There are 125 million formal micro, small and midsize businesses in the world, including 89 million in emerging markets. How many of those do Google think have their own building, with their own entrance and signage?
What makes this even more illogical is how disparate this is from the automated postcard method. As long as you can receive that postcard with the verification code on it, then no other evidence is required, your office could literally be in your garden shed.
This means that most of the businesses already listed on Google (using the postcard method) do not meet these supposed requirements either, which I couldn’t actually find any mention of on the Google my business eligibility guidelines by the way.
Quite ironically, as I pointed out to Harisha, this also includes all the other business that reside at the same managed offices as myself.
So what’s the solution?
In the case of the postcard not turning up, I suggest trying a few more times before giving up. In my most recent attempt, I had to request the card 5 times before it finally arrived (thankfully bypassing this issue).
If you just cannot get that card or have your listing suspended for some other reason, and really have no other choice other than to comply with Google’s unfair demands, then Photoshop is your friend (nudge nudge, wink wink).
If you do not have the skills to manipulate images yourself, just pop along to fiverr.com and you will find someone willing to do some image manipulation for $20 or less 🙂
Recent Comments