• Posted on 2013/01/05 15:01

    In recent months I have had to clean up my hosted WordPress sites due to scareware by javascript injections.  In so doing, it occurred to me that most people don’t keep up with the world of WordPress in the way I do, and so have not seen nearly as many hack attempts. So I figured I’d post contributions, and show people how to find hidden backdoors when cleaning up their hacked sites. Non-technical savvy users can safely ignore this post. However it wouldn't hurt to see if this helps in any way, learn. What’s a backdoor? Well, when somebody gets into your site, the very first thing that happens is that a backdoor is uploaded and installed. These are designed to allow the hacker to regain access after you find and remove him. Done craftily, these backdoors will often survive an upgrade as well, meaning that you stay vulnerable forever,

  • Posted on 2013/01/02 14:00

    The hole trick How Skype & Co. get round firewalls Peer-to-peer software applications are a network administrator's nightmare. In order to be able to exchange packets with their counterpart as directly as possible they use subtle tricks to punch holes in firewalls, which shouldn't actually be letting in packets from the outside world. Increasingly, computers are positioned behind firewalls to protect systems from internet threats. Ideally, the firewall function will be performed by a router, which also translates the PC's local network address to the public IP address (Network Address Translation, or NAT). This means an attacker cannot directly adress the PC from the outside - connections have to be established from the inside. This is of course a problem when two computers behind NAT firewalls require to talk directly to each other - if, for example, their users want to call each other using Voice over IP (VoIP). The

  • Posted on 2013/01/01 12:41

    Blogging for Money - A Passive Income? Last year two posts popped up in my RSS feeds with the words ‘passive income’ in their headings. BJ asked - So Where’s the Passive Income? and Dave writes about Growing a blog or blogs as a source of passive income. The idea of passive income is obviously one that many people strive for - and it’s a term that I’ve heard used many times to describe online income streams - including blogging. Unfortunately I wouldn’t use the term passive income to describe blogging for money. While there are a few aspects which could be described as passive - the overall experience that I’ve had is anything but passive. Where is Blogging for Money ‘Passive’? Archives - Perhaps the main area of where blogging has an element of ‘passivity’ to it in how it can earn an income is when it comes to

  • Posted on 2012/12/31 17:53

    1. Breaking a Post Down into a List In case you don’t remember, I wrote a post not too long ago about why the masses enjoy lists so much. That was obviously a sarcastic article, but the basic principle that people like lists is true. Lists are concise, they keep the writer on point which in turn helps readers follow along much more easily, and they can be skimmed and dissected. If you doubt the power of lists even for a second, you should head over to the king of lists’ blog and check out how effective they are. Darren is a great blogger, and he embraces the list more than anyone I know. You should also keep in mind that there are emerging more and more list aggregators that serve the sole purpose of linking to list posts (example). Usually these automated sites are worthless for authority links, but

  • Posted on 2012/12/30 20:00

    Description: An encoded javascript (or a redirection to it) was detected, leading browsers to the Blackhole Exploit kit (v1.x). It attempts to exploit the browser of anyone visiting the site using a combination of multiple vulnerabilities (Java, Adobe PDF, Flash and others). This is one of the most common type of malware we are seeing on web sites lately (2012/Mar). Note that any PHP, JS or .htaccess could be compromised by this type of malware. Affecting: Any web site. Often on outdated WordPress, Joomla and osCommerce sites.   Tech Note:  We have been dealing with this malware spreading onto our Shared-hosting WordPress sites.  After discovering this has spread through a end-user, we were able to pinpoint the cause.  We have since "Hardened" most of our WordPress installations since September 2012.  We still see the spread of this malware through the use of JavaScript holes within plug-ins. Part of preventing this malware from spreading onto your site

  • Posted on 2012/12/30 14:01

    As an official patch is yet to become available, Microsoft has released a temporary Fix-it tool to close a critical security hole in its Internet Explorer web browser. According to a blog post by Yunsun Wee, Trustworthy Computing Director at Microsoft, the company plans to distribute a cumulative update to address the vulnerability through Windows Update on Friday 21 September. As the flaw is already being actively exploited by cyber criminals to infect computers with malware, all users that rely on Internet Explorer are advised not to wait for the patch to be released and to use the Fix-it solution to protect their systems as soon as possible. Alternatively, users can of course simply switch to an alternative web browser, as recommended by Germany's Federal Office for Information Security (BSI) earlier this week. The problem affects versions 6 to 9 of Internet Explorer on all currently supported versions of Windows; IE

  • Posted on 2012/12/30 12:30

    Stopping Spambots with hashes and honeypots Spam sucks. Any site which allows unauthenticated users to submit forms will have a problem with spamming software (spambots) submitting junk content. A common technique to prevent spambots is CAPTCHA, which requires people to perform a task (usually noisy text recognition) that would be extremely difficult to do with software. But CAPTCHAs annoy users, and are becoming more difficult even for people to get right. Rather than stopping bots by having people identify themselves, we can stop the bots by making it difficult for them to make a successful post, or by having them inadvertently identify themselves as bots. This removes the burden from people, and leaves the comment form free of visible anti-spam measures. This technique is how I prevent spambots on this site. It works. The method described here doesn't look at the content at all. It can be augmented with content-based

  • Posted on 2012/12/30 11:00

    Critical zero-day hole in Internet Explorer - Update While analysing a compromised web page, security experts from FireEye discovered malware that exploits a previously unknown security hole in Internet Explorer. The hole allows attackers to inject malicious code into the Internet Explorer user's system when a specially crafted web page is visited. All versions up to and including IE version 8 are vulnerable; currently available information suggests that later versions are not affected. The researchers from FireEye report that the attackers first used a Flash applet to deploy shell code in RAM by means of heap spraying, and that they then managed to execute the code via the zero-day hole in IE. The hole involves a use-after-free issue with CDwnBindInfo within IE. The security hole the researchers found was exploited to inject a DLL into the system but they have yet to comment on the library's purpose. The report states

  • Posted on 2012/12/29 23:39

    This past two weeks I’ve been talking about how to make your RSS feed ‘Pop’ - to stand out from the crowd a little - however covering this topic has caused a few readers to ask RSS related questions that don’t necessarily relate to improving your feed but which are worth covering. One of the questions I’ve been asked numerous times is: How do I get People to Subscribe to my RSS feed? It’s a good question and one that I have a few ideas on (but which it’d be great to get some discussion going on in comments). Of course the first question I ask people saying they want more subscribers is ‘do you have content worth subscribing to?’ Without something worthwhile on your blog the rest of this post will be meaningless. But once you are pumping out quality content here are a few tips on how to

  • Posted on 2011/11/29 06:36

    Many users are already familiar with Outlook and its wide range of features, but Outlook really comes alive when it’s used with Microsoft Exchange Server services. Though many use the terms interchangeably, Outlook and Exchange serve different purposes. Here are some features that you get only when you use Outlook with an Exchange Server (sometimes called an Outlook Exchange Server).

  • Posted on 2011/10/29 06:35

    Online Backup is a pioneer and technology leader in online backup. Established in 2001, is one of the largest worldwide providers of online backup for consumers, small and medium businesses and IT/managed service providers.