Category Archives: Security Updates and Warnings

Froling.bee.pl Hack Warning – this can destroy your seo and credibility with out you even knowing

I am highlighting today a very naughty but very genius hack I have found on one of my clients accounts. Its genius in the fact that it totally bypasses any client side malware detection scripts and naughty in the fact that it can:

  • destroy any seo you have done on your site
  • steals your clients by sending them to a possible “drive by install” site
  • reduce your sites credibility to rubble

All of this without you or your webmaster or seo dude/dudess being aware of it.

FYI: any linux server that I run, I run linux malware detect which is without a doubt a brilliant tool for spotting hacked files and without it, I probably would have never even found this hack.

Today I received a maldet report which showed one of my clients accounts as being compromised with some base64 code. Base64 code is not necessarily malicious, but, some investigation should be merited because it can contain dodgy code with a hidden agenda.

Here is a part of the maldet report I received today.

So the first thing I did was visit the clients site by typing their domain name into my browser and then doing “view source”, in order to see within the code of the site if there was any javascript injections, which is usually a sign that the site has been hacked in some way. I did not see any malicious code at all.

I then opened up the hacked files in notepad to discover some bas64 code had been inserted into every single php file on the clients site (not only wordpress files, even non wordpress files too) and its only then the situation has unravelled itself.

Next thing I did in order to test if this hack was working/real/functional, was to type into google search bar, site:clientsdomain.com, this then brings up all the listings that google has for this web site, allowing me to test the code.

I then clicked on one of the listing and lo and behold was auto redirected to a coupon site, not my clients site. I then tried it again with a different google link and I was redirected to a bing lookalike site. This is obviously very bad in the fact that normal visitors to your site will not see anything or be affected at all but anyone coming from bing, yahoo, facebook and google will simply be redirected, meaning any seo you have done in order to boost your serps get blown out of the water…not good.

So obviously as every single php file was infected, editing each file would prove to be futile, we simply restored the site from a backup and then investigated as to how the hacker has gotten in and found it was due to some permission issues with the clients account.

It does highlight a few things though in terms of how you could unwittingly be a victim of a hack and not even know it.

Apple Releases iPhone OS 2.2 and iPhone OS for iPod touch 2.2

Apple has now released OS 2.2 for the iPhone and iPod touch to address multiple security vulnerabilities.

These vulnerabilities affect CoreGraphics, ImageIO, Networking, Office Viewer, Password Lock, Safari, and Webkit.

Please review the Apple Article HT3318 for more information and apply any necessary updates to your devices.

Apple Article HT3318

What are the benefits of an inverse email hunt?

While it may be easy to understand what an email inverse hunt is, many people wonder why they may need to perform such a task.

The answer simply is that an inverse email hunt may allow you to prevent not only spam, but slanderous materials and eliminate the threat of infectious emails.

Regardless of how you are being threatened in your email inbox, the only way you can prevent it is by finding out who is responsible for the harmful emails in the first place.

If you are still confused about how an inverse email hunt can help you, here are a few of the more popular circumstances that you may find yourself in.

Be aware however, that most of the time you will have to be a web professional or hire one to perform an inverse email hunt because it can be hard to backtrack through email without prior knowledge and training.

One of the most common reasons you may want to conduct an inverse email hunt is if you are receiving threatening emails that deface your character.

Since social networking is so popular now, an old acquaintance of business competitor may be trying to defame your character by altering content that contains your picture and mass emailing it.

The only way to contain the harm this can hold against you and the slanderous conduct in general, is to find who is behind it.

Another reason you may want to perform an inverse email hunt is if you keep receiving confidential work related material that is fake or misleading. In this case, you may be the target of a co-worker who is trying to discredit and humiliate you, so you will want to place a face to the individual behind this quickly before it affects your work image.

Additionally, somebody who wishes to be destructive may continually be sending you email that contains viruses one after another.

Eventually a virus will slip through the email filter so you want to stop an individual who is infecting your computer repeatedly before any permanent damage is created.

Avoid Online Fraud, a Few Tips to Help Make your Shopping Experience Fruitful

Many people who enjoy shopping have turned online for all their shopping needs because the Internet can offer much more diversity and lower prices.

In fact, since you can do anything online now, from renewing magazine subscriptions, transferring money, purchasing mp3s, and even more, there is no reason to every shop for in store items again.

However, while the Internet may offer you many ways to save money, it also can offer you a gate to online fraud unless you are careful.

One of the best ways to protect yourself from online fraud is to know the warning signs that may tip you off to a scam before you get involved.

First of all, if it sounds too good to be true, it probably is. Thus if you find a wonderful deal for a high ticket item that seems out of this world, it probably is so navigate away before you throw your money out the door.

When dealing internationally you should always double check all the verifications a merchant offers, and it never hurts to check up on the sources they say they work with before shelling out your money.

After all, waiting a few days to receive confirmation email is not going to hurt you if in exchange you receive comfort of mind that you are not going to lose hundreds of dollars.

Finally, you should read the testimonies of other people before you choose to use a merchant you are unfamiliar with yourself.

The best way to know if a source is legitimate is to read about other people’s experiences. Simply double checking the actual existence of people who left positive comments can help put your mind at rest.

Also, remember, sometimes the best ways to find a review of a site is outside of the actual webpage, since the content is not going to be controlled by a one sided party.

Make Sure you are Safe in the Growing Social Network Climate

Social networking has mixed reviews among many people.

Typically the people who are deeply involved in the social networking scene feel that MySpace, the Facebook, and the dozens others are perfectly safe.

On the other hand, many parents and people who do not visit these websites seem to think they are nothing but a load of trouble that aims to trick children and adults into dangerous situations.

However, simply saying that social networking sites would be similar to saying you should never meet anyone new in your life because talking to strangers is dangerous.

At some point in your life you learn to use discretion and wisdom when approaching people who may help benefit your future, you simply have to learn how to do the same thing online.

After all, you cannot stay shut inside your whole life communicating with your family, and you will not be able to reap the benefits of Internet networking if you refuse to use any social networking websites.

To clarify, avoiding social networking is like avoiding driving, simply never getting behind the wheel does not guarantee you will never get in a car accident, but it will make your hard a whole lot harder.

Therefore, the trick to staying safe while using social networks is just to use common sense and know your limits online about what information you should divulge and what information you should keep to yourself.

For instance, it may be ok to tell people what state you are from, but posting your address or phone number is only going to lead to trouble, and is information nobody needs to know about you.

Additionally, giving out your first name only will also keep you out of trouble, since it is hard to find you without the knowledge of a last name.

Be Extremely Wary of this Nigerian Inheritance Scam

One popular wire transfer scheme that is picking up steam in America and Europe is an urgent email that you receive from Nigeria telling you that you are entitled to a large amount of money.

Usually they will reference a relative or friend that you may have known in passing and then go on to detail what a great person they were and how much they contributed to the Nigerian society.

After they finish patting you and your friend or relative on the back, they will tell you that you are entitled to a large sum of money either because of inheritance or some other tax law.

One thing they will emphasise is that you have a limited amount of time to claim this large sum of money and so have to act fast and provide your bank account so that they can transfer the money.

Most of the time people are fooled because they will send you a large amount of notarised forms, and even ask you to give them a couple making the effort on your side seem balanced as well.

These people are looking for a large sum of money to steal from you, so they have taken the time to make everything appear as legitimate and fool proof as possible.

The downside, after you complete all this paperwork, you will not receive any amount in your bank account, but have simply given them all the information they need to withdraw a large sum of money from yours.

If you want to avoid getting scammed you should be wary of anything that comes your way from Nigeria.

Second, in general since there are sure to be copycat scams from other sources soon, you should never give out your banking information unless you are absolutely sure you know the source in question.

7 Warning Signals for a Paypal Identity Theft Scam

Paypal is a virtual payment processor which has really become popular these days.  Internet users now prefer paypal over other processors for their online transactions.

The Reason? Obviously, it is easier and safer to process payment with a merchant website like paypal.

You can also use credit cards for electronic payments via paypal. But, despite all the security and flexibility, unfortunately, scams do happen with a website like paypal.

So, if you are using a paypal account, then you must take proper care of your account. The only thing you need for this is to remain constantly alert to the threat of identity theft, which is becoming more and more common place these days.

You can easily identify any scam with a little information and some common sense.

Here are 7 warning signs of scams that are more likely to happen online:

Warning sign 1
Quite often you may get emails from paypal asking you to verify your account or, asking you to provide some personal information. This is the first warning signal of Identity theft scam. Never, ever provide any information, because paypal will never request for any personal information from you.

Warning sign 2
The email for account verification, which you get in the name of paypal, will be sent to an email ID which is not in the paypal files.

Warning sign 3
The email uses forged headers. Forged headers are not easy to detect. Check if your email provider has options for blocking forged headers. If not, then ask them if its possible to do so.

Warning sign 4
Paypal will never greet you with ‘Dear Paypal Member’ or ‘Dear Paypal User’. It will always greet you with your name that is registered on the paypal account.

Warning sign 5
The fifth warning sign is the threatening email which might be informing you that paypal is going to suspend your account.

Warning sign 6
Do not click on a link that leads to a non-secure page, with no https and no secured browser, without a padlock in its lower left hand corner.

Warning sign 7
The seventh sign is bad English. Paypal will never use a bad english for communication.

If you observe any of these signs, then beware. It’s quite possible it’s a scam. If you have any kind of suspicion, then contact paypal for assistance.

The only person who you can balme for identity theft is yourself, so make sure that you are “street wise” in terms of online fraud and identity theft.

Bank Acquisitions and Phishing Scams

There are public reports of phishing scams related to recent bank acquisitions. Due to an increase in this activity, we would like to remind users to remain cautious when receiving unsolicited email that could be a potential phishing scam.

Phishing scams may appear as requests for users to verify personal and bank account information, enroll in additional bank services, or activate new security features.

The email messages may contain a link that, when clicked, will take the user to a fraudulent web site that appears to be a legitimate bank web site.

The users may be asked to provide personal information or that can further expose them to future compromises.

Additionally, these fraudulent web sites may contain malicious code.

Users are encouraged to take the following measures to protect themselves from phishing scams:

– Do not follow unsolicited web links received in email messages.

– Install anti-virus software, and keep its virus signature files up-to-date.

– Avoid Social Engineering Techniques as described here

Keep Private Data Secure in Internet Cafés

Internet cafés are helpful for people who often work on the road. They also provide a change of scenery or working environment for your tired eyes.

However, in today’s Web 2.0 environment, it becomes difficult to guard your privacy as billions of data are shared among computers over the Internet.

Thus, it has become a must to have at least a working knowledge of Internet security, especially if your access point is a public place like an Internet café.

Below are some tips to make your Internet café experience productive and safe.

1. Only updated antivirus software actually does something. You might already be doing this, which is good. However, there are other settings and functions that aren’t turned on by default. The most common features deactivated by default include Spam Filters, Email Security Options, and Internet Threat Alerts. It is important to know exactly what your antivirus can do, and how you can customize its functions so that you can maximize the protection it offers.

2. Firewall: ON. Most reputable Internet cafés are expected to have their own firewalls up. However, this does not protect your laptop from the other computers using the same router. Windows and Macs provide easy steps for you to follow when setting up your firewall. After setting it up, you will always have the option to tweak your firewall settings to suit your needs.

3. Say No to “Remember me on this computer.” Even if you are using your own laptop and not a public computer, it is unsafe to have your system remember all your usernames and passwords, especially for email accounts and online banking accounts. Besides being susceptible to external attacks over the Internet, there is a possibility that your laptop may be stolen, along with the important information stored in it.

4. Lock it. When using your laptop over public Internet access, it is never a good idea to leave your laptop on when you need to stand, even if you’re just getting something from the next table. Change the settings of your screensaver so that it would prompt for a password before it clears away. Another option could be locking your computer every time you need to leave it for a few seconds. However, going to the restroom is another story. It is strongly recommended that you bring your laptop with you. For public desktop computers, make sure you log out completely before leaving the terminal.

5. Recommended
Internet cafés. Before your trip, it is a good idea to research on the Internet cafés within the area. Friends and colleagues could give you an idea which ones have good and reliable service and which ones to avoid. You can also list down each recommended café’s operating hours and whether or not they are open during the weekends. This way, you minimize interruptions in your work schedule.

How to Avoid eBay Fraud

eBay is a fast and convenient way to find good deals and unique items. Although, there are always risks attached to online transactions, eBay realizes these dangers and they are doing all they can to protect buyers and sellers from fraud.

However, there are still some that are able to make use of eBay’s extensive features to broker fraudulent deals for the purpose of scamming or phishing. Below are some tips on how you can protect yourself from the most common eBay frauds.

Spoofing
Some emails sent to you pretend to be official emails from eBay. These mails provide you a link to follow, directing you to a website the looks very similar to that of eBay.

The sender will pretend to want to check the validity of your account or to track an item for you, instructing you to log into your eBay Account.

Many unsuspectingly fall into this trap and they end up giving away personal information such as credit card details, passwords, and Social Security numbers.

Most spoofs are executed very well, making them impossible to detect. eBay strongly recommends that you download the eBay Toolbar equipped with Account Guard.

Having this feature will let you know whether or not the eBay or PayPal site you are on is real. eBay also has a tutorial section on spoof protection that you can access anytime. Also, eBay never asks for sensitive information via email.

Seller feedback
The Seller Feedback feature allows potential buyers to check a seller’s reputation within the marketplace.

Both positive and negative feedbacks are opportunities for a buyer to fully understand how the seller tends to operate and whether or not the seller’s preferences suit yours.

It is not enough to judge a seller based on the total score and percent positive. Details like unique positive and negative feedback can also help.

There could be sellers that give themselves positive feedbacks thereby increasing overall positive count. Competitors on the other hand may give a number of negative feedbacks to discourage potential buyers from a particular seller.

Checking out the comments after negative feedbacks may also help you gauge the seller’s reputation.

Check out my own ebay profile and you will see that I am a very reputable buyer/seller and I usually deal with sellers who have a vary good feedback rating

http://feedback.ebay.com/ws/eBayISAPI.dll?ViewFeedback2&userid=craigedmonds&ftab=AllFeedback

Credit card and only
Be wary of sellers who do not accept PayPal and who prefer money transfers instead.

Complete your transactions with credit cards.

Because eBay also owns PayPal, you will be able to get help as either buyer or seller when things don’t go well.

Also, this method will allow you to maximize the security provided by your credit card company.

Read item descriptions well
Carefully reading item descriptions is the easiest way to avoid eBay fraud.

Bold claims could mean danger.

If it’s too good to be true, chances are, it is too good to be true.

A number of spelling or grammatical errors could mean that the description is making an attempt to avoid detection.

Be extra careful when making overseas transactions.

The items could be counterfeit, and customs cost and shipping cost could more than triple the price of the item.