Account – Paul's Tech Talk

WordPress Security Tips — For the untrained :

PaulJune 10, 2009

I was reading over at Malware Diaries, about a hacker that doesn’t secure his exploits. What gets me is that I am so surprised that he did that, then I thought about it and I read what Trend Micro had to say about it:

Creating a website is indeed a big task but, considering the present threat landscape, monitoring it and keeping it secure from attacks is a bigger one.
Website administrators have the responsibility to keep their systems malware free, secure web server files from unauthorized access, and keep their website clean of malicious codes, for their own sake and most especially, their visitors’.

[via Trend Micro blog]

[ad]Now admittedly Trend talks about the [intlink id=”3578″ type=”post”]Gumblar[/intlink] and how they compromise websites with either a FTP password stealer or and SQL Injection. These are a common practice with hackers and thief to get the credentials to use your server for their means. So I wanted to talk about some things you can do to better protect your WordPress blog. Since I have a WordPress Blog this was something I know about.

WordPress Security Scan — This is a great plugin to help you identify and also suggests how you can fix them to prevent a hacker from getting in the first place.

Block Wp-Folders from being Indexed — This can be done by going to your robots.txt file and making sure it says:

Disallow: /wp-*

Protect your Wp-admins folder — Attackers can use brute force attacks to without much waiting to get access to your Wp-admin page so you should:

Login Logger Plugin — This is good to see if anyone is trying to login and keeps a log for those instances where you might need to block a certain IP in the .httpaccess file section.

Limit Login Attempts plugin — This has a set amount of login before that IP is locked out for a certain amount of time. You can have it set to what you want an hour or more, it just depends on your preference.

Bad Behavior — This is a good little plugin to help with spam such as referral spam and comment spam. I’ve been using it for the past few months and my referral spam has dropped drastically to almost Zero.

These are just a few things I’ve done to help protect my blog and protect my community and users. I will not disclose everything because I have to keep those bad guys from getting in but I have I hope started you in the right direction. I would also suggest using something like [intlink id=”2646″ type=”post”]Roboform[/intlink] that comes with a password generator to use that with your wordpress login password. This will also help prevent from gaining access easily.

Not so, Realbabesonline on Twitter! Twitter do something about this!

PaulMay 1, 2009

I posted a blog about the NSFW spam. This happened to be coming from a domain realbabesonline.com and when you visit this site you see:

As you can see it will say “Hi, I am single girl living in [your Local area].” That was the tip off, since I am on a rotating IP and visiting the site tells me that it puts in the ip location where you are. Seems this has been created on Aug 22, 2008 and probably this started the last few weeks. Some of the more common tweets are:
[ad#cricket-right-ez]

is desperate and dateless! Pics (NSFW) and profile here ->[Insert Tinyurl] for anyone interested!

Finally gave in and joined a dating site [Insert Tinyurl] Pics (NSFW) in my profile under [Twitter name]

Uploaded some new NSFW pics to my AM profile here ->[Insert Tinyurl] My username is [Twitter Name].Let me know what you think:)

[intlink id=”3434″ type=”post”]My Previous article : “See the NSFW pics twitter deleted from my profile here [Insert Tinyurl]- My username [Twitter account]”[/intlink]

I would bet This type of spam would of been easily filtered if Twitter would just automatically suspend the account if they tweet these. I wouldn’t want my Son or daughter to go to this site. No age protection or anything. This looks to be a site that has put up a pic of a girl.

Twitter would you please do something about these tweets, anyone can find them if they search for NSFW. They are constantly being tweeted on new accounts.

Twitter Spam attempt: “See the NSFW pics twitter deleted from my profile here”

PaulMay 1, 2009

Looks like this might have been a improper adult content or maybe a Malware attack:

[ad#cricket-right-ez]If people are wonder what NSFW means:

Not suitable/safe for work (NSFW), not work-suitable/safe (NWS), or not school-suitable (NSS) is Internet slang or shorthand. Typically, the NSFW tag is used in E-mail, movies (such as on Youtube) and on interactive discussion areas (such as internet forums, blogs and community websites) to mark URLs or hyperlinks which may be sexually explicit or include audio containing profanity, helping the reader avoid potentially objectionable content.
[via Wikipedia]

It looks like this was done with using Tinyurl and has been flagged for either Spam, Fraud, Malware, or Any other use that is illegal. I am glad Tinyurl did catch this and stop it. If you see something that say NSFW in your twitter account your best bet is to delete it and go on with your life. I am sure it is something your should not go to probably because it was a malicious way to get your to go to the link. If you want to preview the urls that are used by Tinyurl, just visit the preview feature. If anyone else hears of some kind of Twitter attempt let me know and I’ll blog about it. This would be the best time to install [intlink id=”2205″ type=”page”]Free Anti-virus and Free Firewalls[/intlink] to help prevent from getting Viruses or Malware.

Hijacked Accounts being used to spam

PaulApril 29, 2009

I just read this from Security Fix and Thought I should talk about it some to better help people fix this:

Dear Friend,

New shopping new life!

How are u doing these days?Yesterday I found a web of a large trading company from china,which is an agent of all the well-known digital product factories,and facing to both wholesalers,retailsalers,and personal customer all over the world. They export all kinds of digital products and offer most competitive and reasonable price and high quality goods for our clients,so i think we you make a big profit if we do business with them.And they promise they will provide the best after-sales-service.In my opinion we can make a trial order to test that.

Look forward to your early reply!

According to Security, they are advertising the Easylifeing.com domain and have compromised GMAIL and Yahoo Mail. This resembles the ones that happen to some other Accounts. Check [intlink id=”3330″ type=”post”]Yahoo article[/intlink] and the [intlink id=”3233″ type=”post”]Hotmail Article[/intlink] for other example of compromised accounts.

I must keep reminding people that you shouldn’t have a easy password for those account it shouldn’t be anything someone can guess like a name or place or even a word. It should be something with Letters and Number, both lower and higher case. You should also consider not writing it down where people can see it just in case you have visitors. Probably best to use a [intlink id=”2646″ type=”post”]password manager[/intlink] to keep your passwords from prying eyes.

We know that this all comes down to either a dictionary attack or a phishing attack. You can decide which, but I am going to assume it was someone Phishing for your password. If you only use one password for several accounts that can be very dangerous, you should not keep the same password for each account. Just like people phishing for your [intlink id=”2650″ type=”post”]Twitter account[/intlink] or your [intlink id=”3008″ type=”post”]Facebook account[/intlink], if you use one password for all then he has that password for every account.

I can see why spammers are going to be using this heavily in the the coming months to years because these will not be thrown into the spam folder, being that you know the person or persons sending the email. You probably have it set up to not put it in the spam. The more eyes who see this more chance that they will get someone to buy something, and the more people who see it the more money they make.

Your best bet is if you see someone doing something like this you should contact them by phone if possible, or you should email them back and tell them to change there password. This I am sure will be an even harder job for the IT guys because they will have to start monitoring this type of traffic more often then not. Although it isn’t a bad idea to have a[intlink id=”2205″ type=”page”] Free anti-virus or a Free Firewall[/intlink] installed just to be on the safe side.

Suicide Threat Prompts Twitter users to Respond

PaulApril 21, 2009

I saw this and had to talk a little about it:

As you can see people would worried about the Twitter Liquidwings, and I don’t blame them. According to his post:

[ad#cricket-right-ez]As you cans see is tweets (1,2,3,4,5,6, and 7) was posted on twitter and people responded with the reqeust to find this person and try to help. I hope more people do this if they find that someone is wanting to kill them or talks about killing people.

we should all be watching for that kinda of talk online and offline. Although this isn’t really Security related this is a very important subject.

Please report any thing you think is real to @twitter And hopefully they will create an account for just that. I would hope that people who thinking of suicide or killing will find professional help. Although that is up to them to do ultimately. I just have to say to the people who responded, Thank you for help this one person!! Keep it up.