It’s Never All About That Base: Three Non-Firewall Add-ons You Should Have For Website Security

Web application firewall
SiteLock prevents harmful visitors and malicious attacks on your website.

Viruses used to be the only cyber security issue that companies worried about. With cyber threats increasing in variety, protecting your website is no longer about installing a basic firewall. You also need to consider all the right add-ons in all the right places to develop a multi-layered security plan.

To help you start your own deployment, below are three non-firewall add-ons that you should have in order to develop a comprehensive website security plan.

  1.      DDoS Attack Protection

Will your customers blame their slow internet connection when they have to wait 10 seconds for a page to load on your website? They might, but chances are they’ll also blame you. Long loading times are one of the major issues that turn customers away from a website. Recent research by Kissmetrics revealed that even a one second page delay could potentially cost businesses $2.5 million in sales each year. Simply upgrading your server may not be enough – instead, a slow website may be the result of a DDoS attack, which is executed by having multiple computers on multiple networks sending large amounts of requests to your website simultaneously, in an attempt to crash it.

Although DDoS attacks are hard to prevent, there are still solutions to mitigate the threat. One effective tool is the SiteLock TrueShieldTM Web Application Firewall. It offers the most comprehensive DDoS protection solution in the industry. This tool can target vital components of comprehensive DDoS attacks by providing application level, infrastructure and DNS protection, adding multiple security layers to your online business.

  1.      CDN Deployment

A DDoS solution will protect you from malicious attacks, but what about the large traffic that comes from actual legitimate users? Unexpected large traffic, no matter where it comes from, can compromise your website and leave it vulnerable to attacks, which may cost you millions in lost revenue.

One thing you can do to improve the speed of your website under peak traffic is to deploy a Content Delivery Network that can deliver cached web content to users based on their locations, through a network of servers located globally.  To help you with your own deployment,  SiteLock offers the TrueSpeed CDN. It dynamically caches content every five minutes and is effective in increasing website speed by an average of 50% to maximize its performance.

  1.      Website Scanner

Now that you have your external security layers for speed optimization and protection ready, you should start monitoring your website 24/7 and make sure that all customer activities happening there are also secure. One of the most effective and efficient ways to achieve this goal is by employing a website scanner that runs in the background and can immediately identify and remove malware and vulnerabilities. A good website scanner can also ensure network security by monitoring FTP and file exchange, protecting your database from SQL injections, and checking ports on your server to make sure only appropriate visitors gain access to your website.

If you are expecting a comprehensive website scanner that integrates both detection and removal functionality, Sitelock INFINITY will be a good choice. It provides well-designed and continuous scanning, including 24/7 monitoring, automatic detection and automatic removal. It will help mitigate cyber attacks, and more importantly, protect your customer’s valuable data 24/7.

Virus is no longer the only cybersecurity issue that companies worry about. The recent Kaspersky Lab cyber attack, the major OPM data breach and the government’s new policies on fortifying cyber security protocol at workplace all push the corporate IT team to develop a more comprehensive security plan to protect proprietary data from threats coming both from the inside and the outside. It’s time to have something beyond the base, for this is the best way to counter increasingly rampant cyber attacks in this dangerous cyberspace.

Cybersecurity Report: July 28, 2015

malware surgesUCLA Health Hacked, 4.5 Million Victims

Last week, hackers broke into UCLA Health, the hospital network of the University of California, Los Angeles,acquiring access to database with sensitive records of 4.5 million people and potentially affecting four hospitals and 150 offices across Southern California. According to the university, the potential breached information included names, medical information, SSN, Medicare numbers, health plan IDs, birthdays and physical addresses.The network made this announcement two months after the data breach was discovered. The hospital group is now offering affected staffs and patients one year of identity theft recovery services.

National Security Agency Teaches Students Ethical Hacking, Cybersecurity

The National Security Agency is offering middle- and high school students in the United States the opportunity to learn cracking secured passwords. The agency supports dozens of free summer camps nationwide, named GenCyber summer camp, educating young students about entry-level knowledge on responsible hacking, cracking and cyberspace defense. According to a report from The New York Times, over 1,400 young students chose to join the dozens of free NSA-supported overnight and day camps nationwide. The goal of the camp is to lure potential recruits and trigger interests in the field of cybersecurity. NSA officials stated that developing the future cyberspace workforce is a national security concern.

Israel and U.S. Issue Joint Statement on Cybersecurity Coordination

Last week, Alejandro Mayorkas, the U.S. Deputy Secretary of Homeland Security, traveled to Israel to meet with Israeli Minister of Public Security Gilad Erdan and representatives from other department to discuss the cybersecurity challenges facing both countries. They specifically discussed opportunities for joint investment in cybersecurity and signed a joint statement confirming their commitment to promoting cooperation and information sharing on cybersecurity and cyber research and development.

Cybersecurity Intern Accused in Huge Hacking Bust

Last Wednesday, the U.S. Justice Department announced a massive international bust of Darkode, an online black market for hackers. Morgan Culbertson, a 20-year-old sophomore at Carnegie Mellon University from Pittsburgh, was accused of creating a malicious malware that infects Android phones, steals data and controls the device. According to federal investigators, Culbertson was the creator of the infamous “Dendroid” malware that allows anyone who pay the fee — $300 — could turn any legitimate Android app into malware and allowed hackers to remotely take screenshots, photos, videos and audio recordings.

Canadian Government Assigns $142M to National Cybersecurity Program

According to Steven Blaney, Public Safety Minister of Canada, the Canadian Federal Government has allocated over $142 million in new funding for national cybersecurity programs. The money will be added to the previously budgeted funds for use against data breaches, website hacks, and online fraud targeting non-federal government systems deemed essential. This government release refers to the economic cost of cybercrime, which includes $29 million from only fraud in 2013. The funds also increase the total cybersecurity investment by the Canadian government by $142.6 million from $94.4 million to $237 million over the next five years.

Cybersecurity Report: July 21, 2015

Website SecurityOPM Director Katherine Archuleta Steps Down

Office of Personnel Management Director Katherine Archuleta resigned last Friday, a day after revealing that the recent data breach of employee information was much larger than originally thought and had probably affected 22.1 million current, former and prospective US government employees and their family members. Archuleta’s departure has been confirmed in an email she sent to OPM staff. Beth Cobert, previously the U.S. chief performance officer and a deputy director at OPM, has taken over as the acting director of OPM since last Saturday.

Army National Guard Struck by Data Breach

Last Friday, officials of Army National Guard alerted its current and former members that a data breach might have exposed private information of members since 2004 because files containing personal information was inadvertently transferred to a non-DoD-accredited data center by a contract employee. The breach may have leaked members’ names, full Social Security addresses, dates of birth and home addresses. According to National Guard, there was little evidence that the incident was related to cybercrime. The National Guard Bureau has set up a website and a call center for members who are worrying about their information following the breach.

The Latest Security Law Illustrates The Chinese Government’s Love-Hate Relationship with The Internet

Last week,Chinese government published the latest People’s Republic of China Cybersecurity Law, which directs a number of decrees at entitles providing “critical information infrastructure.” The term is likely to refer to any technology company that is in a certain scale and with a certain amount of user data, such as big tech companies like Apple, Baidu and Huawei. Many of the provisions in the law, also has yet to be formally pass, requires tech companies to provide basic protections for users, such as not selling user data to third parties without permissions. Other sections reflects the government’s focus on tightening policies for China’s internet companies. These policies include measures that allow state to cut off the internet to “protect national security,” and measures that require users to use their real names to register for certain services.

Boston to Beef Up Cybersecurity Measures

Boston is now developing a next-generation firewall to protect the Hub from cyberattacks, which is a part of an effort to spend $3.5 millions through 2020 to beef up cybersecurity in the coming years. The new firewall will add to the city’s existing cybersecurity tools and is expected to be fully operational by the end of the year. The rest of the money will be partially used to improve the network’s ability to continue operating in the event of an outage or a glitch. Although Boston hasn’t had any breaches it is aware of, but there are third parties constantly scanning the city’s networks looking for vulnerabilities. The city’s million-dollar plan aims at protecting Boston from cyber attacks of all sizes coming from any place.

Facebook Program Inspires Young Girls to Try Cybersecurity Careers

Partnering with San Jose State University’s Jay Pinson STEM Education program and CyberGirlz, Facebook created an after-school program and specialized camps to provide underserved female students  with support, encouragement and baseline understanding of security principles, hoping to inspire more girls to pursue a career in cybersecurity sphere before they get into high school. Each of the 38 girls participated in the camp received free blue Facebook HP computers to make sure that they were able to continue their coding work after the camp. Alex Stamos, Facebook’s Chief Security Officer, shared with the participants on how the cybersecurity area is hoping to welcome more female professionals and encouraged students to participate in bug bounty programs to get practices.Members from the Girls Who Code group also participated in the camp.

Cybersecurity Report: July 15, 2015

Website protection
Protect your website from hackers and cybercrime.

Hacktivist Group AnonOpsIndia Hacks BSNL Website, Days After Hacking Nation’s PAN Database

As a protest against the Indian government’s recent push on net neutrality and Digital India, AnonOpsIndia, a hacktivist group, compromised BSNL (Bharat Sanchar Nigam Limited) Telecommunications’ websites on Friday. Prior to the BSNL hack, AnonOpsIndia, usually referred as “Anonymous India,” has already compromised the nation’s PAN database and a coal-sector website last week. In the BSNL attack, the group replicated the entire database of the organization which had sensitive information of over 30 million users. The group described the main purpose of the attack as below, “When the government stops listening to the people, it’s time to wake them up. There will be no #DigitalIndia until and unless government of India stops their surveillance projects & make their systems secure.”

Mastercard Testing Facial Recognition Security App

Mastercard is testing a smartphone app that uses facial recognition to verify online purchases. Users can hold their phones up to the face level to approve transactions. This is not the first time facial recognition was used in verification of online purchases. When Google first tried this technique on Android phones, problems were quickly surfaced. For example, people could simply take a photo of somebody else and present it to the camera to unlock the phone. Although Mastercard’s app requires users to blink to prove that they are human, people could still spoof this by animating photographs. Until now, Mastercard’s facial recognition trial has involved 500 users in U.S.. Security experts think that the facial recognition technique should to be an extra layer of security, such as a companion with a PIN, instead of the only security guard of online transactions.

WikiLeaks: US Spy Agency Targeted Top Brazilian Officials

WikiLeaks, the whistleblowing website, published a National Security Agency list of 29 Brazilian government phone numbers that the American spy group monitored. Aside from the list of numbers, which included the number of Brazilian President Dilma Rousseff, NSA was also found to have been targeting top political and financial officials. According to The Intercept, the publication that first reported the WikiLeaks data, the surveillance was alleged to start no later than 2011 and there was no indication that the eavesdropping had stopped. This latest WikiLeaks disclosure was followed by the website’s recent releases about the surveillance of U.S. on German and French government officials.

Cyber Attack on Edinburgh City Council

It was recently released that the database of Edinburgh City Council was compromised in a malicious cyber attack happened at the end of June. More than 13,000 email addresses were stolen. The council assured those affected that no other personal data were accessed, but there would be a potential increase in spam or phishing emails. The incident was reported to both the Information Commissioner and the UK Government’s Computer Emergency Response Team. According to a council spokesman, preventative measures have been taken by the web service providers to make sure that the risks associated with attacks are carefully dealt with.

Outages at NYSE, United Airlines, Expose Digital Vulnerabilities

On Wednesday morning, the New York Stock Exchange suddently halted all trading due to unexplained technical problems, United Airlines grounded all 4,900 worldwide flights, and the returned a 504 error indicating some systematic error on tne news organization’s servers. Operations at, United and NYSE were all back to normal in a couple of hours. None of the officials from these three organizations, neither does White House Press Secretary Josh Earnest, has acclaimed that the outage was part of a cyber attack. NYSE officials have been working with the Department of Homeland security, the Securities and Exchange Commission and the Treasury Department to resolve the situation.


How VPS Hosting Can Help Secure Your Website

pciHosting your website on a Virtual Private Server (VPS) can be a great way to improve your website’s security when compared to shared hosting. Why?

Think of shared hosting as sharing an apartment – it’s economical, but roommates can often bring on unnecessary trouble. If a thief steals some of your roommate’s belongings, chances are they’ll steal yours as well. Similarly, if a hacker injects website malware into another website on the same server as yours, it can affect your website as well.

With a VPS, your website has its own partitioned space, operating system and (usually) unique IP address, isolating it from cyber attacks. A VPS also provides access to the console, something that shared hosting usually doesn’t allow, which can be helpful when removing malware.

Neill Feather, President of SiteLock, has written a blog post explaining more security benefits of a VPS and website firewall on IT Toolbox – you can read it by clicking here.

Cybersecurity Report: July 7, 2015


Screen shot 2015-04-14 at 12.19.10 AMGAO Sees Room for Improvement in Bank Cyber Security Exams

A new report from the U.S. Government Accountability Office (GAO) suggests that U.S. banking regulators must hire and train more examiners with technology expertise to give more useful cyber security recommendations to small and mid-sized banks. According to GAO, many U.S. credit unions are vulnerable to cyber threats from outside vendors that help run their businesses, because their overseer, the National Credit Union Administration (NCUA) lacks authority to review technology practices of those companies. It is reported that GAO has long been pushing to expand the NCUA’s authority, but credit unions themselves and their vendors have been resistant to the idea, calling it a regulatory overreach.

ATF Executive Investigated for Possible Employee Data Breach

Scott Sweetow, a deputy assistant director for strategic intelligence and information at Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) headquarters in Washington, is under investigation for allegedly sending employee information to his personal email account. It was not immediately clear how many employees were affected by the possible breach. Sweetow stated that this allegation was the result of an intentional damage to his reputation and he was very guarded about any work products he may be working. Besides, ATF would not discuss specific personnel issues, actions, or the existence of ongoing investigations.

FFIEC Cybersecurity Assessment ‘Tool’ Goes Live

On Tuesday, the Federal Financial Institutions Examination Council (FFIEC) released a new tool to help financial institutions identify their level of risk to a cyber-attack and also gauge their ability to manage and control their own specific threat levels. The two-part tool is a user’s guide that leads institutions through the self-assessment procedure. The first part is the “Inherent Risk Profile,” which catalogues an institution’s technology and connection types and other facets of its risk characteristics. The second part is the assessment on the institution’s cyber risk management, threat intelligence and how it would respond to a cyber-attack.

Ireland Gears Up for Cyber War – New Strategy to Protect Critical Infrastructure

The government of Ireland has published the country’s National Cybersecurity Strategy that outlines how Ireland will defend its computer networks and sensitive infrastructure (such as water and electricity) in the event of a cyberattack. The strategy acknowledges that on a national level, Ireland faces a more complex set of risks than other countries due to the presence of a large number of data-centric companies, including Amazon, Google, Facebook, Microsoft, Apple, IBM and others. These companies have many data centers that are already in Ireland or are expecting to be deployed in Ireland in the near future.To address the concern of cybersecurity, the Irish government has established the National Cybersecurity Center(NCSC) within the Department of Communications. This center will be in charge of securing government networks and critical national infrastructure, such as electricity, water, transportation, telecoms, commerce and health.

‘Digital Amnesia’ Growing Among Americans

In a recent Kaspersky Lab survey of 1,000 Americans aged 16 or older, the researcher found that people are increasingly relying on their devices for many things, and seem lost without a digital assistant. This “symptom” is referred to as “digital amnesia” or “Google effect,” which has resulted in a dependence on digital devices connected to the internet, with most people unable to commit simple information to memory. About 91% of respondents said that they used the Internet as an online extension of their brain. A researcher from this study said that the digital amnesia is likely to extend beyond online facts to include personal information, such as the parents’ number, the siblings’ numbers, etc.

Cybersecurity Report: June 29, 2015

prevent data breachHackers Ground Polish LOT Airline Flights

LOT, the Polish national airline, announced on Sunday that it cancelled 10 flights due to the cyber attack towards its ground computer systems at Warsaw’s Okecie airport. The cyber attack took down LOT’s ground computer systems for 5 hours during which time 10 flights were cancelled impacting over 1,400 passengers who had planned to travel to Dusseldorf, Hamburg, Copenhagen, and some internal flights within Poland.  LOT stated that no ongoing flights or other airport computer systems were affected and the flights already in the air to scheduled to land at Warsaw were at no risk.

US to Raise Breach of Government Records at Talks with China

This Monday, The United States began the annual security talks with China and an official said that the US government representative would raise directly the major data breach at OPM during the discussion. Prior to the talk, China had openly denied involvement in the break-in, but Obama administration officials had said that they are increasingly confident that China’s government, instead of hackers, was responsible. The annual talk was around topics including cyber security, maritime security, military relations, missile defence, nuclear policy and space security. This talk was followed by a two-day Cabinet-level discussion on security and economy starting on Tuesday.

Popular Security Software Came Under Relentless NSA and GCHQ Attacks

According to Edward Snowden, the National Security Agency and the British Government Communications Headquarters have worked to subvert anti-virus and other security software to track users and infiltrate networks. These two agencies were alleged to have reverse engineered software products and monitored web and email traffic to carefully thwart anti-virus software and obtain information about security software and their users. The Moscow-based security solution provider Kaspersky Lab received especially careful examination. Both NSA and the British agency have studied Kaspersky Lab’s software for weaknesses and obtaining sensitive customer information by monitoring software activities.

WikiLeaks: NSA Snooped on French Leaders

According to Wikileaks, the whistleblower website,the US National Security Agency (NSA) has been spying on French President Jacques Chirac, Nicolas Sarkozy and Francois Hollande in 2006-2012, Wikileaks says. Wikileaks began to publish the files under the heading “Espionnage Elysee” on Tuesday. These files were said to derive from directly targeted NSA surveillance of the communications of multiple French leaders. It is unclear whether the material comes from data stolen from former NSA contractor Edward Snowden.Wikileaks carried a statement by its founder, Julian Assange, who said: “The French people have a right to know that their elected government is subject to hostile surveillance from a supposed ally.”

Almost Half of Leading Websites Fail Security and Privacy Tests

The non-profit organization Online Trust Alliance conducted a study that audited 1,000 websites, including websites of 50 leading Internet of Things device makers and other leading retailers, banks, social media, news and government bodies. According to the survey, 46% of the respondents were found vulnerable to known online security threats, 76% failed the security assessment, while only 20% scored highly enough to qualify for the OTA’s Online Trust Honor Roll. The OTA evaluated these websites based on criteria in mainly three categories: consumer protection, privacy and security. According to the result of the study, Twitter topped the overall ratings three years in a run.

Cybersecurity Report: June 23, 2015

Screen shot 2015-04-14 at 12.19.10 AMCybersecurity Pros Warn Against Insider Threats

A recently released Insider Threat Report collected data from over 500 cybersecurity professionals to examine industrial efforts against insider threats. According to the report, although there has been a rise of insider threats over the last 12 months, organizations are not fully prepared for it yet. The report also examined which user categories showed the largest threat, the most vulnerable applications and data, common launch points for attacks, budget trends and more.

White House pushes ‘30-day Cybersecurity Sprint’ after massive breaches

Last Friday, the White House launched a new security program, dubbed the “30-day Cybersecurity Sprint”, to fortify cyber security protocol across the government and encourage agencies to take specific initiatives over the next month to beef up the protection of proprietary information and prevent future hacking towards federal systems. These initiatives include: fixing cybersecurity vulnerabilities, tightening policies and practices for privileged users, implementing multi-factor authentication procedures and so on.

Cybersecurity Threats Plague Energy Groups

On the energy conference by Wyoming Infrastructure Authority, Michael Bobbitt, a supervisory special agent with the FBI, stated that the energy industry is facing significant threats from hackers, groups that intended to steal proprietary information and even terrorists. Energy industry should pay special attentions to hackers who were especially interested in stealing intellectual property, such as a proprietary way to drill a well. Besides, hackers could also manipulate corporate equipment remotely and lead to real-world physical damages. To prevent this, energy companies should take more efforts in protecting data security both from external threats and from internal threats.

Cardinals Investigated for Hacking Into Astros’ Database

Employees of the St. Louis Cardinals are under investigation by FBI and Justice Department due to the allegation of hacking into databases of Houston Astros to steal player information and track player development. The subpoenas have been issued on the Cardinals and Major League Baseball for electronic correspondence. This attack would be the first known case of corporate espionage in which a professional sports team hacked the network of another.

Uber’s Petition Website Hacked To Redirect To Lyft Homepage

Over the weekend, cyber security research Austin Epperson exploited a vulnerability in Uber’s petition website and leveraged it to change the content of some petitions and redirect visitors to Lyft’s homepage. The researcher then warned the company to be more cautious when using petition websites since they might be vulnerable to malicious hackers. Both Uber and Epperson stated that the customer information was never at risk.



Cybersecurity Report: June 16, 2015

Screen shot 2015-04-14 at 12.19.10 AMSenate Rejects Measure to Strengthen Cybersecurity

Several days after a major breach of the personal information of federal employees, the Senate rejected a cyber security measure on Thursday. The rejected bill would encourage private companies to voluntarily share information about hack attacks with the federal government to prevent future data breaches. The vote was 56-40, four votes short of the 60 needed to move ahead on the legislation. Many Democrats voted against the bill, mainly because it was tacked to a sweeping defence bill, which many Democrats oppose and President Obama has threatened to veto.

None of US is Safe: Major Cybersecurity Company Hacked

Moscow-based cyber security company Kaspersky Lab announced on Wednesday that its systems had been attacked, most likely by hackers working on behalf of a country. The company didn’t name the country that it thought carried out the attack, but didn’t deny the possibility that the hackers were from Israel, United Kingdom or United States. The attack mainly focused on Kaspersky’s own systems and intellectual property, so its user information were all safe. Kaspersky has already fixed the hole that allowed for the attack and released an explanation on its website to answer questions regarding the reason of the attack, techniques used by hackers and others.

Cybersecurity Spending Set to Explode

According to a new report from MarketsandMarkets, given the increasing need for the cybersecurity services, the value of this market will be propelled to $170 billion by 2020. This increase will be mainly driven by the increasing use of mobile devices, web, social media, Internet of Things and more. The increasing popularity of BYOD policies is also a major factor that drives companies to improve its security deployment. In the future, companies are looking for integrated solutions that are customized for clients’ specific needs.

Hospital Drug Pumps are Hackable, Experts Warn

According to cybersecurity experts, hospital drug pumps produced by Hospira, a leading medical supplier under Pfizer, could be hacked because of security vulnerabilities. Although the company stated that it had been working with Department of Homeland Security and Food and Drug Administration to investigate into this issue, there were still flaws left in Hospira’s information system. The major vulnerability of the system was caused by Hospira using outdated software and having identical encryption certificates, private keys and service credentials for many of its products.

Syrian Group Claims Responsibility For Hack of U.S. Army Website

Hackers with the Syrian Electronic Army (SEA) claimed that they hacked the official website of the U.S. Army on Monday and posted a message saying “Your commanders admit they are training the people they have sent you to die fighting”. The Army website was then taken down temporarily to prevent further data breach. This was not the first ime SEA hacked US websites. It shut down the Washington Post’s mobile site briefly earlier this year and hacked the twitter account of AP to announce that the White House had been hacked.


Don’t you love the feeling of customer inquiries in your morning inbox? So much interest in your site! You look closer at the emails and find they’re all from Michael – Michael Jordan, Michael Kors, Michael Vuitton – well, Louis Vuitton, but you get the point. Somehow, spambots found your form and blindly barraged your inbox with handbag and sneaker spam, or worse, adult content. How do you, a busy business owner, stop the spam while allowing legitimate requests? The good news is that you have a couple options – one is easy and the other, even easier.

The first is to implement a CAPTCHA on the form. A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a small test that is simple for humans to pass yet difficult for computers. Google’s reCAPTCHA is a popular option, takes little coding and helps digitize books in the process.

Google's reCAPTCHA
Google’s reCAPTCHA

If you run a WordPress site, Really Simple CAPTCHA, from the author of Contact Form 7, is a popular option. It takes a bit of configuration, so it may not be ideal for all users. Another option for WordPress users is Fast Secure Contact Form. This is an integrated contact form with CAPTCHA plugin that makes securing a contact or request form possible with just a few clicks.

Fast Secure Contact Form
Fast Secure Contact Form

Of course the simplest (and most comprehensive) option of all is deploying a web application firewall such as the SiteLock® TrueShieldTM. With TrueShield, spambots are stopped in their tracks as it analyzes requests to your site and stops malicious submissions before they reach your inbox.

People sometimes argue the efficiency of the CAPTCHA (e.g. “you’re hindering legitimate traffic from accessing my website.”). While there is no doubt a CAPTCHA can help curb spam, used in conjunction with the SiteLock TrueShield firewall, getting the right people to your inbox while blocking threats is as easy as ever.


Get every new post delivered to your Inbox.

Join 58 other followers

%d bloggers like this: