Category: research

Being a Bad BOT!

Paul7 Replies

badbot1

I had the strangest thing happen today, Seemed a Bad Bot was Crawling my pages. I was getting at least 60 page views an hour from this bad Bot!! The individual IP’s of this Bad Are:

65.208.151.112
65.208.151.113
65.208.151.114
65.208.151.115
65.208.151.116
65.208.151.117
65.208.151.118
65.208.151.119

[ad#ad2-right]After the first initial hour of this going on, I started wondering what this bot was doing.   I did some more research into this little bot.   I did find out it is owned by Kintiskton LLC.  (Twitter Search)

Anyways It bothers me that when you do a Google Search for this company, it comes back with no company.  Some people have already did there research and have come up with very little.

I dug even more and some are saying this might be Homeland Security, and I have my own thoughts on this.   I might be paranoid myself but if there is no company out there and the IP keeps coming back, I assume it is BAD mojo.  Some people worry that it is a hacker probing for vulnerabilities and that worried me.

I decided with the Help from Godaddy, to ban the lot of IPs.  I figure someone is trying to get information or trying something they shouldn’t, I’ll stop it myself.   If you have WordPress and are also having problems with this ip, you can ban it by adding this to your HtAccess file:

order allow,deny
deny from 65.208.151.112
deny from 65.208.151.113
deny from 65.208.151.114
deny from 65.208.151.115
deny from 65.208.151.116
deny from 65.208.151.117
deny from 65.208.151.118
deny from 65.208.151.119
allow from all

This is how you block those ip in the HtAccess file. Thanks to WordPress for showing me how.

Xbox Zune? or A Zune Phone?

Paul

Could Microsoft be planning to talk about the Zune.   Some blogs are talking about how this will be talked about in next month at CES.  According to some posts and I’ll quote:


The Tech Trader Daily column earlier this week on Barron’s reports that Global Equities Research analyst Trip Chowdhry predicts Microsoft will reveal a Zune phone next month at CES. Chowdry expects that much like Apple’s iPhone the device will combine music player capabilities with, he says, “some motion enhancement features.”


[Via 1UP]


Although this is a theory, and I can see this happening due to the fact that Microsoft has always like to tie together there products.    So what makes this even more tangible is the fact that Microsoft hinted about this in the past:

[ad#ad2-left]

Dated Dec 20, 2006

Xbox European boss Chris Lewis has admitted for the first time that Microsoft is considering games content for the recently released portable multimedia player Zune.

[via Gamasutra]

As you can see Microsoft did hint this and probably will be fact sooner or later.   Some sources are claiming they have this already in the works but it’s still a rumor.   I’ll let you decide for yourself.

Trojan.PWS.ChromeInject.A is not a Firefox plugin.

Paul

A new type of malware designed to harvest web passwords has been detected in-the-wild by BitDefender’s antivirus research labs. This latest e-threat – called Trojan.PWS.ChromeInject.A – is intended to be delivered onto a compromised computer system by other malware for subsequent download into Mozilla Firefox’s Plugin folder. Once installed it gets to work every time Firefox is started.

[Via Bitdefender]

[ad#ad2-right]So having seen this I thought I’d come up with ways around this to better protect yourself.  One way to prevent this from getting your sensitive data is to get a program like Sandboxie.   You could stop using Firefox that would be silly, because right now Firefox is more secure than Chrome and Internet Explorer.   I’d also suggest checking out my Anti-spyware page and Anti-Virus page and get some more protection.

The key to this virus protection is just be cautious of where you go and keep all you system update to date to prevent all this from happening.  It is also advisable to not have your passwords saved on Firefox, you should use something like Roboform, it is free  to download and try.  It will encrypt your passwords so if they don’t know the master password then they are out of luck.  Roboform is also good for coming up with some strong passwords.  Just some suggestions to prevent from people seeing your sensitive data, you don’t want anyone to get that data.

Some program Vulnebilities Detected!!

Paul

Just got done looking at some of my security sites and according to SecuriTeam there are are several programs that have vulnerabilities. here are the Ones that I’ve found:

Google chrome is vulnerable to URI Obfuscation vulnerability.
An attacker can easily perform malicious redirection by manipulating the browser functionality. The link can not be traversed properly in status address bar.This could facilitate the impersonation of legitimate web sites in order to steal sensitive information from unsuspecting users. The URI specified with @ character with or without NULL character causes the vulnerability.

[ad#ad2-right]iPhone Configuration Web Utility for Windows Directory Traversal
iPhone Configuration Web Utility lets “you easily create, sign and distribute configuration profiles using a web browser”. A vulnerability in iPhone Configuration Web Utility allows remote attackers to access files that reside outside the bounding root directory of the program’s files folder.

Streamripper Multiple Buffer Overflows
Streamripper “records Shoutcast and Live365 MP3 streams to a hard disk, creating separate files for each track. Runs under Unix and Windows.” Secunia Research has discovered some vulnerabilities in Streamripper, which can be exploited by malicious people to compromise a user’s system.

Amaya URL Bar Stack Overflow Vulnerability
A vulnerability in Amaya browser allows remote attackers to cause it to overflow an internal buffer which in turn can be leveraged to execute arbitrary code.

These are the ones that I found and wanted to let you know about these so you can make your system even more secure.   if I find any others I’ll let you know!!!

A good free VPN Client — OpenVPN & more

Paul

I’ve been doing some research on what might be good to use in case, I was away from my home network.  I was thinking how safe am I at Starbucks or other places that I might doing my web.  So I did a little looking around to see which one I liked and I came to the conclusions that only one I need right now is:

openvpn

The nice thing about this was the simple installation of the software and how easy it was to set it up. This service is in beta but seems to be really well done with regards to the end users. When you install this software and want to connect it uses the OpenVPN software with there configurations. OpenVPN, is a open sourced SSL VPN solution and is free to use. The way this this free is of Ad Supported banners. Now it is cheaper than paying monthly for a VPN service. The ones I’ve found so far are these few:

  • OpenVPN (FREE)(*advertisement)(Linux, and Windows)

  • Always VPN (Prepay) (5 GB to 80 GB limit) (Linux, Mac and Windows)*Out of Beta

  • Hotspot Shield (FREE) (*advertisement) (Windows) (3 gig Cap)

  • WiTopia (40$/ Year) (Mac, Linux, and Windows)

[ad]There is of course others out that but these are just a few that I saw that looks like the cheapest there is.  Others I’ve seen cost 40 to 50 dollars a month.   If you have any other ones that are free or cheap let me know.  I don’t think we need to pay a lot just to have security on an open network. I’m certain that they’re more out there but will keep looking for more later on. I did my initial research and will come back and find more.

*Update Feb 8, 2009*

As of recent a friend emailed me saying telling me to check the site out again and I did.  Not sure when they went out of Beta because I’ve not been using Always VPN lately due to my Broadband Cricket Prepay Internet.  I just checked and yes they are charging here’s the break down:

  • 5GB – USD 8.50

  • 10GB – USD 15.00

  • 20GB – USD 26.00

  • 40GB – USD 33.00

  • 80GB – USD 47.00

So I must ask why they didn’t just keep the 5 GB limit with the Advertising, I do not know but  I did want to let people know that it is no longer free and no longer in Beta.  I went from Always to OpenVPN which still works despite the fact they are using Always VPN back client.   It’s open source so it will probably change to something else sooner or later.   If you see it changes let me know, I will update more when I find out more!!