• Posted on April 11, 2017 11:38 am
    Joseph Forbes
    No comments

    If your inbox is suddenly getting filled with emails from "mailer daemon", here's what you can do. To be clear, what's happening is (we'll go into more detail below): Email has been sent out and the recipient can't be found (or their inox is full) It's being returned to you because email systems think you sent it I Am Receiving Mailer Daemon Spam. What Should I Do Now? Can I Stop it? When you receive lots of delivery failure reports from mailer daemon, do the following: Scan your computer and devices for malware and viruses. Mailer daemon spam can be the result of an infection with malware (on one of your computers) that sends out emails using your address behind your back; best to rule out this case. Ideally, scan while disconnected from the Internet. If you found infections, do clean your machines and change all passwords, especially those to your email and social accounts. Report the mailer daemon spam as junk mail in your email program or service. This has the spam filter drop similar useless and annoying delivery failure emails in the future. If you feel uneasy about clicking "Spam" on what might train the spam filter to eliminate a kind of email you want to receive in the future—delivery failure reports from mailer daemon—, simply delete all the useless emails from mailer daemon. In addition, you can create a filter in your email program or service that automatically deletes all emails from the same mailer daemon address with the same subject. Now that you know what to do, let us find out how it can happen at all that you receive these puzzling messages. ​Why Does This Exist in the First Place? Mailer-daemon emails are normally harmless and helpful delivery reports, not spam at all. Let's find out how and when these mailer daemon messages are generated. When you send somebody a message and it fails to deliver, you'd want to know, right? Email is a system with many, many different players that works like a postal system: you hand one server (or "mailer daemon") your email, that server passes the message on to another and possibly more mailer daemons down the line until, finally, the message is delivered to the recipient's inbox folder. The whole process can take some time (though usually it is accomplished in seconds, of course), and only that last server knows whether the email could actually be delivered. How Mailer Daemon Delivery Reports Are Generated Since you, the sender, would want to know about the failed delivery, the mailer daemon tries to alert you. It does so using what a mailer daemon knows to do best: sending an email. ​So, a mailer daemon error message is generated: it states what happened—typically, that an email could not be delivered—, possibly a reason for the problem and whether the server will try to deliver the email again. This delivery report email is addressed and sent to the the original email's sender, of course. How the "original sender" is determined is a story of its own, and my guess is that your guess is wrong. If you are at all curious why mailer daemons do not use the "From:" line to determine an email's sender, do not skip the following sidebar. Sidebar: ​How the Recipient of a Delivery Report is Determined As you probably know, every email has both one or more recipients and a sender. Recipients go in the "To:", "Cc:" and "Bcc:" fields, and the email address of the sender appears in the "From:" line. Neither are used by mail servers to deliver email messages, and, in particular, the "From:" field does not determine the email sender—as used for delivery reports bounces, for example. Instead, when an email is initially sent, the sender and recipient are communicated separately from and before the email's content (which, for this purpose includes the From: and To: fields). Imagine me taking a letter to the post office for you. Of course, you have written the recipient's name and address on the envelope and jotted down your address as well. At the post office, I do not simply hand over the letter for delivery and let the envelope take over, however. I say "This is from Corey Davy at 70 Bowman St.", instead, and "Send it to Lindsay Page at 4 Goldfield Rd.; yeah, ignore what it says on the envelope." This is how email works. Before dropping the letter into the delivery basked, the post office clerk makes at a note at the back of the envelope: "Return to: Corey Davy, 70 Bowman St.". This, too, is roughly how email works. Any email will contain a header line (analogous to "From:" and "To:") called "Return-Path:" that contains the sender's address. This address is used to generate delivery failure reports—and mailer daemon spam. How Does Mailer Daemon Spam Start? For regular emails, all is fine. If one cannot be delivered—say, because you mistyped the address, or the recipient has not checked a free email account for years and the account expired—, the mailer daemon generates a delivery failure message to you, the original sender. For junk email, phishing attempts, and messages generated by worms and other malware, the process goes wrong… or, more precisely, the delivery failure is sent the wrong way. To find out why, we have to turn to the sender for a second. Every email needs to have a sender and From: address. This includes spam and emails that spread malware. Understandably, these senders do not want to use their own email address—or they would be receiving complaints, it would be easy to report them, and they would be inundated in mailer daemon… spam. To get an email delivered, it is good to have a real email address set as the sender. So, instead of just making up addresses, spammers and viruses will often look up random addresses in people's address books. Is Anything Being Done to Stop Mailer Daemon Spam? If email servers returned delivery reports to all these falsified "senders" when a junk email or malware email could not be delivered, the problem would be much worse than it is: spam is sent in the billions after all, to mostly non-existent addresses. Fortunately, email servers can take measures to limit the amount of useless delivery notifications they send: ​Mail servers will try to determine whether a return address has been forged before sending a delivery failure message; if the address is obviously not the real sender's, no error email is sent. They will also examine the message content closely to determine whether it is spam; if the message has a very high probability of being junk mail, the server may simply drop the email without sending a delivery failure—which itself would likely be regarded as nothing but mailer daemon spam. Email servers receiving large amounts of delivery failures for an address—typically with content that is either spam or malware—may either silently delete these messages or quarantine them in the email service's "Spam" folder.

    DATA, Emailed, Technicals
  • Posted on March 26, 2017 12:00 pm
    Joseph Forbes
    No comments

    This list describes common causes of slow Internet connections in homes. A poorly performing connection can be caused by broadband router configuration errors, wireless interference, or any of several other technical issues with your home network. Use these tips to not only diagnose but also fix the causes of slow Internet connections. Many of them apply to wireless hotspot connections, too. 1 Check Your Broadband Router Settings stefanamer/iStock As the centerpiece of a network, a broadband router can be responsible for slow Internet connections if configured improperly. For example, the MTU setting of your router will lead to performance issues if set too high or too low. Ensure your router's settings are all consistent with the manufacturer's and your Internet Service Provider (ISP) recommendations. Carefully record any changes you make to your router's configuration so that you can undo them later if necessary. 2 Avoid Wireless Signal Interference United States Radio Spectrum - Frequency Allocations. www.ntia.doc.gov Wi-Fi and other types of wireless connections may perform poorly due to signal interference, which requires computers to continually resend messages to overcome signal issues. Household appliances and even your neighbors' wireless networks can interfere with your computers. To avoid slow Internet connections due to signal interference, reposition your router for better performance and change your Wi-Fi channel number. 3 Beware of Worms... Internet Worms An Internet worm is a malicious software program that spreads from device to device through computer networks. If any of your computers are infected by an Internet worm, they may begin spontaneously generating network traffic without your knowledge, causing your Internet connection to appear slow. Keep up-to-date antivirus software running to catch and remove these worms from your devices. 4 Stop Network Applications Running in the Background Some software applications you install on a computer run as so-called background processes - hidden behind other apps or minimized to the system tray - quietly consuming network resources. Unlike worms, these applications are designed to do useful work and not the kind a person wishes to remove from their device normally. Games and programs that work with videos in particular can heavily utilize your network and cause connections to appear slow. It's easy to forget these applications are running. Always check computers for any programs running in the background when troubleshooting a slow network. 5 Isolate and Repair Faulty Network Equipment When routers, modems or cables malfunction, they won't properly support network traffic at full speeds. Certain technical glitches in network equipment negatively affect performance even though connections themselves can sometimes still be made. To troubleshoot potentially faulty equipment, temporarily re-arrange and re-configure your gear while experimenting with different configurations. Systematically try bypassing the router, swapping cables, and tests with multiple devices to isolate the slow performance to a specific component of the system. Then decide if it can somehow be upgraded or repaired... or if it needs to be replaced. 6 Work with Your Internet Service Provider (ISP) if Necessary Command Prompt - Ping - Unresponsive IP Address. Bradley Mitchell / About.com Internet speed ultimately depends on the service provider. Your ISP may change their network's configuration or suffer technical difficulties that inadvertently cause your Internet connection to run slowly. ISPs may also intentionally install filters or controls on the network that can lower your performance. Don't hesitate to contact your service provider if you suspect they are responsible for a slow Internet connection.

    Blog Entry, DATA, Internet
  • Posted on March 19, 2017 11:16 am
    Joseph Forbes
    No comments

    Websites getting blacklisted is a very extensive problem faced by businesses. When it happens, web masters panic and the vendors face an interruption in their daily business as they struggle to assist their concerned consumers to clean their websites and return online. It can happen due to a variety of reasons. Even Google may blacklist a website, and on an average, it's been estimated that about 10,000+ websites get blacklisted on a daily basis.​ Getting to Know about the Mishap Many businesses cannot afford to install costly monitoring programs or employ security experts and often take time to realize that their site has been blacklisted. Almost 50% of the business owners are warned about the compromised site by a search engine, browser or other alert when they try to visit their own site. Time is the biggest enemy of blacklisted websites as every minute that the site remains blocked is precious and leads to revenue losses due to the bad impact on its marketing activities and eventually sales and loss of the organization’s reputation. Be Prepared to Deal with the Problem It might take several hours or even days to get rid of the malware and protect a website based on the infection’s severity; it also depends on whether or not the website is secured by an effective and frequent backup regimen. The foremost part of the fix is eradication of the malware and restoration of the website. Even after this process, the web masters have to request Google to review the site before getting the block removed. Dealing with Black-listed Websites Web hosts find it to be a nightmare to handle blacklisted client websites, straining their operations and possibly weakening their credibility. Clients generally fail to understand the reason behind the blacklisting of their site and tend to unjustly put the blame on their host. Smart hosting vendors should extend assistance to their customers and help them get over the trouble at the earliest. Hosts that provide robust tools to solve the problem of their clients will finally instil a sense of loyalty and confidence in them. Vendors that lack these tools may waste considerable resources on remediation and in the process, even lose their valuable clients. Blacklist remediation will not be an extensive ordeal if the affected site owners have smart automatic backup regimen in place as they can restore the functionality and files of the affected site easily with the right tools. To help their clients, hosting vendors should be aware of the following remediation steps so that it can be implemented efficiently and quickly as soon as a client finds out that his website has been blacklisted. Look for Malware Check for malware by running efficient antivirus programs on all the computers used by an admin for logging into the website. Also, scrutinize the server logs for any activity by the admin whose computer is infected. Change the logins and passwords for all accounts, including those of database access, FTP, CMS accounts, and system administrator. Ensure that strong passwords are set. A sophisticated hosting provider should let their customers to make these changes easily on a dashboard interface. Let customers know how important it’s to install the latest editions of Operating Systems, apps, blogging platform, CMS, and plug-ins. Delete any new or modified file that has been added to the server after detection of the problem and execute a complete system restore. The restoration can be completed through a single click if you provide a cloud-oriented auto backup and disaster recovery services to your clients. If not, the clients will have to find the latest clean editions of each modified file and manually download them. Request Google to Review the Site and Remove the Blacklist This is the best way for hosting vendors to handle the remediation as soon as possible; just ensure that the tools required for getting a customer’s website back online are ready with you always.

    Blog Entry, DATA, Internet
  • Posted on March 14, 2017 11:45 am
    Joseph Forbes
    No comments

    Several small and midsize businesses are susceptible to Distributed Denial of Service (DDoS) attacks. What would be the best way for such businesses to handle this problem? Plan ahead – this is what security experts suggest based on their experiences in the past! A majority of the small businesses and start-ups have small teams with very little resources to defend DDoS attacks. As indicated by the name of the attack, it stops users from accessing the services and a site by hurling lot of data against the firm’s web and hosting services. If you are wondering if DDoS attacks are really so common that businesses need to be concerned about it, statistics indicate that around 2,000 such attacks happen on a daily basis costing a loss of revenue in the range of $5,000 - $40,000 per hour for businesses. Hackers can be fake vandalists, competitors, hactivists or extortionists. If your company isn’t equipped with professional network security experts, here are few things you can do to stay safe from DDoS attacks. Stay Prepared Every business should have a disaster recovery plan ready for DDoS attacks. Some of the best practices should include identifying the key employees who are given the responsibility. Establish the roles of every team member, their tasks and requirements. Give the team the needed practice on a mock basis so that those involved are aware of how to handle things when a disaster happens inevitably. Work with your internal PR and IT teams, ISP and hosting providers to recognize the susceptible aspects of failure, routes of escape and technical gaps. Understand DDoS Attack  There are many well-tested DDoS prevention programs that run advanced algorithms to identify various kinds of traffic. They try to sniff out, identify and filter different kinds of benign and malevolent bots and allow only legitimate traffic. It’s not easy to judge from just one instance if the hack is just amateurish or professional, though it’s fairly assumed that any network attack that crosses 50 Gbps is likely to be professional. Mostly multiplied under the inoffensive category of 'network security programs,' few of the very common hack devices are called stressors or booters. As implied by the name, these devices intensify and focus the payload of DDoS. Be Ready to Respond with Your Guns As in all cases of disaster reaction, stay calm without panicking. Ensure that your services are up and running; give your customers a brief. Your team can respond readily only if you’ve prepared properly. Co-ordinate with your team members and optimize the tactics for the disaster response. Once the attack is mitigated by your tech team, ensure that the communication team is ready to reveal the details to the press and legal team is prepared to handle the possible regulatory and compliance part. If you are asked to pay the attacker a ransom, don’t do it as this will only mark your organization and they may return for more. Once you are identified this way, other hackers may also sense it and come your way. Learn and Implement Once the attack subsides, try to learn things from the attack. Analyse strongly as to what went right and what went wrong.  Ensure that your legal and IT teams collect the required forensic information. Create a communication protocol to deal with the internal team queries, your clients and the press. Try to detect the network holdups from the attack and select an infrastructure with inherent resiliency. Analysis and communication are the two aspects that will go a long way in preparing for the next attack and enhance your team morale. And, you should be wary of the latest threats emerging in the cyber world such as the latest DDoS Extortion Attack.

    Blog Entry, DATA, Hacking
  • Posted on March 10, 2017 12:02 pm
    Joseph Forbes
    No comments

    The term Denial of Service (DoS) refers to events that render systems on a computer network temporarily unusable.  Denials of service can happen accidentally as the result of actions taken by network users or administrators, but often they are malicious DoS attacks. One of the more recent DDoS attacks (more on these below) occurred on Friday, October 21, 2016, and rendered many popular websites completely unusable for most of the day. Denial of Service Attacks DoS attacks exploit various weaknesses in computer network technologies. They may target servers, network routers, or network communication links. They can cause computers and routers to shut down ("crash") and links to bog down. They usually do not cause permanent damage. Perhaps the most famous DoS technique is Ping of Death. The Ping of Death attack works by generating and sending special network messages (specifically, ICMP packets of non-standard sizes) that cause problems for systems that receive them. In the early days of the Web, this attack could cause unprotected Internet servers to crash quickly. Modern Web sites have generally all been safeguarded against DoS attacks but they're certainly not immune. Ping of Death is one kind of buffer overflow attack. These attacks overrun a target computer's memory and break its programming logic by sending things of larger sizes than it was designed to handle. Other basic types of DoS attacks involve flooding a network with useless activity so that genuine traffic cannot get through. The TCP/IP SYN and smurf  attacks are two common examples. remotely overloading a system's CPU so that valid requests cannot be processed. changing permissions or breaking authorization logic to prevent users from logging into a system. One common example involves triggering a rapid series of false login attempts that lock out accounts from being able to log in. deleting or interfering with specific critical applications or services to prevent their normal operation (even if the system and network overall are functional). DoS attacks are most common against Web sites that provide controversial information or services. The financial cost of these attacks can be very large. Those involved in planning or executing attacks are subject to criminal prosecution as in the case of Jake Davis (pictured) of the hacking group Lulzsec. DDoS - Distributed Denial of Service Traditional denial of service attacks are triggered by just one person or computer. In comparison, a distributed denial of service (DDoS) attack involves multiple parties. Malicious DDoS attacks on the Internet, for example, organize large numbers of computers into a coordinated group called a botnet that are then capable of flooding a target site with immense amounts of network traffic. Accidental DoS Denials of service can also be triggered unintentionally in several ways: many users suddenly trying to access a network or server at the same time, such as visiting a public Web site where a major social event is happening network administrators accidentally unplugging a cable, or incorrectly configuring routers a system becoming infected with a computer virus or worm

    Blog Entry, DATA, KnowledgeBase (KB)