Free Sucuri SiteCheck – Find Out If Your Site Has Been Hacked

I recently posted a piece – Webmasters Struggle With Hacked Sites – A Commtouch, StopBadware Report – which read in part: “Recent statistics indicate (surprise, surprise) – cybercriminals are increasing their targeting of websites for identity theft, virus distribution, and spamming.

And, according to a newly released survey (Compromised Websites: An Owner’s Perspective), from Commtouch and StopBadware – in which webmasters were queried on their fight against hacking – almost half of the survey participants (who had been hacked), had no idea until they received a warning from their own computer’s protection technology.”

Since I use WordPress as my blogging platform, I rely on the security apparatus WordPress has in place to protect me from the various cyber criminal attack schemes currently in play. Still, I would be more than a little naive if I didn’t  consider the possibility that WordPress’ site security is vulnerable to hacking.

If a security developer’s web site can be hacked – and, many have been in the last year – including Panda Security in just the past few days*, it lends credence to the suggestion that any site can be hacked.

*Late Tuesday night, at least 35 public facing websites belonging to Panda Security were hacked and defaced by the LulzSec and Anonymous hacking groups. The defacement also posted multiple usernames and passwords associated with Panda Security employees.

Frankly, it absolutely infuriates me when I consider that the 4 years plus that I’ve put into writing and maintaining this Blog could, in little more than a moment, be destroyed by a single act of a cyber criminal. In my weaker moments, I have visions of lining these creeps up against the wall and being done with them.

But, the reality is much different, of course. So, it’s incumbent upon me to ensure that visitors to this site are protected (imperfect as that might be), from the nasties which cybercriminals can load onto a site.

There’s no foolproof solution but, one measure which I employ frequently is taking advantage of a free service offered by Sucuri Security – which, quickly scans for the most common threats as illustrated in the following screen capture.

Additionally, all links within the site are scanned. The following screen shot shows a small representation of the hundreds of links which were scanned.

If you’re a blogger or a site owner, I suggest that you take advantage of this free service so that you can check if your site has been compromised. It’s one more tool in the fight against the increasing threats posed by cyber criminal gangs.

Scan your website free.

Can’t Load A Site? “Down For Everyone or Just Me?” Helps Solve The Puzzle

Here it is late on Thursday night, and it’s time for one last check on my email and sundry other Net tasks I need to get at – before it’s lights out time. On launching Firefox, I’ve got an immediate problem – MSN.ca (my home page), is nowhere to be seen. Instead, I get that dreaded tough luck message – can’t open the website unable to locate.

Earlier in the evening, I had performed some network maintenance – adding and removing network connections – and since I’m a “worse case scenario” thinker, my overly anxious first response was – you dummy, you screwed up your Internet connection (or, another network connection) somehow. I now had visions of having to do some heavy lifting before I pulled the blankets over my head.

It was just a fleeting thought, since there were any number of reasons (other than me screwing up), which could push out the “nowhere to be found” message. I then turned to the web site, Down for everyone or just me? – which would let me know in seconds if it was just me, or, if the site was really down.

I must admit to breathing a sigh of relief when it turned out that MSN.ca was down – first time I can remember that happening.

It’s unlikely you’ll need this tool very often, but it will definitely come in handy.  When this sort of thing happens, it’s good to know what’s really going on.

Down for everyone or just me? – couldn’t be any easier to use. Just enter the address of the website you can’t reach, click on the “just me?” button, and you’ll have the answer instantly.

The following screen shots illustrate the process.

Add Down for everyone or just me? to you Bookmarks, and you’ll be ready for the inevitable.

Additional services which you might find useful for site checking.

Host-Tracker

DownRightNow

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Who’s Tracking Your Internet Browsing? – Find Out With Ghostery

Picture this – you’re at your favorite grocery store and you can’t help but notice – no matter which aisle you’re in, you’re actions are being observed surreptitiously by a herd of people.

Each one carries a clipboard, in order to keep track of everything you throw into your grocery cart. On top of that, every grocery product you look at is noted and written down. Sound a little farfetched?

Alright, then try this – you’re cruising on CNET’s (download.com) Windows home page, and your every action is being observed – every action you take, every motion you make,  is noted and written down. Sound a little farfetched?

While the first scenario is just my imagination in overdrive, the second  certainly isn’t.

If you had Ghostery, the Firefox and Chrome add-on (which is designed to protect your privacy, by identifying who’s tracking your browsing) installed, you’d have access to the following information.

Screen shot of the trackers on CNET’s Windows home page.

Screen shot of the CBS Interactive individual links.

I’m not focusing on CNET particularly – you can expect to encounter this type of tracking on virtually every Web site you visit. This intrusive behavior is common, and should be expected.

It shouldn’t be common, but with little resistance being offered by the “sheeple”,  and a failure by regulatory authorities to enact appropriate consumer protection laws, we can expect privacy intrusions , like this, to accelerate. How sad is that?

If you object to this type of intrusion into your privacy, then consider installing Ghostery, and give these intrusive jerks the heave-ho. It may not be a perfect solution but, it’s a step in the right direction.

Fast facts:

DETECT – Ghostery sees the “invisible” web, detecting trackers, web bugs, pixels, and beacons placed on web pages by Facebook, Google Analytics, and over 400 other ad networks, behavioral data providers, web publishers – all companies interested in your activity.

LEARN – After showing you who operates behind the scenes, Ghostery also gives you the opportunity to learn more about each company it identifies, including links to their privacy policy and opt-out options.

CONTROL – Ghostery allows you to block scripts from companies that you don’t trust, delete local shared objects, and even block images and iframes.

Download for Firefox at: Mozilla.

Download for Chrome at: – Google.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

WordPress Screwed Up – Big Time!

Yesterday, many of you might have seen the following when you attempted to connect to Tech Thoughts. WordPress had archived or suspended, my blog for a violation of their Terms of Service.

I’m sure that this notice left you with questions – chief amongst them might have been, “I wonder what Bill did to incur the wrath of WordPress”. As my Australian friends might say, “that’s fair dinkum”. But, I can assure you, I did nothing wrong – nothing that justified the removal of my site.

I’m fully aware of the WordPress “Conditions of Service”, and I adhere to them scrupulously. Despite that, this is the second time in the last two years that I’ve gone through this “suspended” scenario. Both times, it turns out, WordPress has encountered a system glitch as the email (received this morning), and shown in the following screen capture, indicates.

As a technologist, I’m more than aware that automated systems are prone to glitches – nothing is perfect. Nevertheless, I have strong objections as to how WordPress handled this.

It seems like a pretty heavy handed way to deal with an issue – giving no warning, and not being specific about the supposed transgression. REALLY heavy handed, given that my Blog is one of their top sites. Hell, it’s one of the top sites on the Internet.

From what I read in the forums on this, a common reason for suspension could be as simple as linking to a site they don’t like. Really! Once a suspension is in effect, there is NO appeal. Your site is gone, and WordPress will not allow you to recover your content. I kid you not! The only set of circumstances under which a site is reactivated is, as in my case, if WordPress has made an error.

Imagine getting fired for breaking a company rule you weren’t aware of, and when you queried your boss as to which rule, you were told – “Well, it’s my interpretation of a rule, and you no have choice but to accept it”.

In an adult world, I can’t imagine broad scale acceptance of that type of behavior. But, apparently in the world of WordPress, you’re expected to meekly accept some nameless, faceless person’s decision that you’ve broken a rule, and then go away!

At a minimum, WordPress needs to seriously review and then revamp their whole approach to the question of perceived violations of their Conditions of Service. In the meantime, if you blog on WordPress, it’s imperative that you backup your content religiously. If this can happen to me – it can happen to you. If it should, you may well be one of the thousands who did not get their site back.

Finally, I spent most of last night replying to the hundreds of regular readers who emailed me wondering what was going on. In virtually every case, those readers were astonished that WordPress had suspended my site. I trust that this article has answered your questions, and you have my appreciation for showing your concern, and loyalty.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Can’t Load A Site? Maybe It’s Not Just You

It’s Sunday morning (like this morning), and you want to read your local newspaper online (as I do), but it’s a “no go”. You watch, (like I’m watching), and you wait, as the load icon spins helplessly out of control – but no joy; the site refuses to load.

Now, if you’ve just completed an OS reinstall, as I did just a few days ago, you might wonder if you’ve forgotten to reset, one or more, Internet settings, or perhaps your filters need adjusting. But, before you start to do all that heavy lifting, there’s a tool that will tell you if the site is actually unavailable, or if it’s happening to just you.

The web site, Down for everyone or just me? – will let you know in seconds if it is just you, or, if the site is really unavailable. Enter the address of the website you can’t reach, click on the “just me?” button, and you’ll have the answer instantly.

The following screen shots illustrate the process.

It’s unlikely you’ll need this tool very often, but it will definitely come in handy when the inevitable happens. For example, WordPress.com has been off the air, for an extended period of time, at least three times so far this year. When this sort of thing happens, it’s good to know what’s really going on.

Add Down for everyone or just me? to you Bookmarks, and you’ll be ready for the inevitable.

Update: October 4, 2010. Steve, from Sanesecurity, has suggested the following services which you will find useful for site checking. Thanks Steve!

Host-Tracker

DownRightNow

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Iranian Surfers Downloading Anonymous Surfing Tools

Over the years I have written a number of articles on anonymous surfing and the applications, generally free, that make that possible. I’ve noted, over that time, that the majority of readers seem to come from countries that have restrictive human rights policies which I found intriguing, but not particularly surprising.

The recent, and continuing turmoil in Iran, has led to a major increase in readership on this site from Iran on my anonymous surfing articles, and application download links. Small wonder, when one considers the human rights violations committed by this regime – which includes such abhorrent practices as hanging teenage girls and homosexuals.

For our friends in Iran the following is a repost of a recent article “OperaTor and XeroBank – Anonymous Surfing Tools”.

There are numerous reasons why someone would want to surf anonymously: to ensure protection from snooping web sites, annoying advertisers, employers, or curious family members.

Additional good reasons for anonymous surfing include, surfing in internet cafes, at public terminals in libraries, or hotel business centers.

In fact, you may want to surf anonymously on any PC where you don’t want to leave traces of your private surfing activities.

Interestingly, previous reviews of anonymous surfing applications on this site, have been read disproportionately by readers from Middle Eastern countries. Perhaps, there are more reasons to surf anonymously in these countries, than in others.

Most typical PC users are amazed at the amount of information their browser provides to web sites they visit. For example, the information below is available to every web site I visit. I have X’d out certain parameters for privacy purposes only.

Your computer is connecting to the internet at xxxxxxx, xxxx, in the xxxx, with an IP address of 24.xxx.xxx.142

Your User Agent is being reported as: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: 1.8.1.12) Gecko/20080201 Firefox/2.0.0.12

Your Referrer is being reported as:

http://www.google.ca/search?hl=en&client= ient=firefox-a&rls=org.mozilla:en

Your IP Address is 24.xxx.xxx.142

Your Host Name is d235- xxx.xxx.home1.cable.net

A trace to your phone comes back with an area code of: 0

The objective of anonymous surfing then, is to conceal this information from web sites and other computers, and typically you would use an anonymous proxy server between you and the web site to accomplish this.

When surfing anonymously, your web browser talks to the proxy server; the proxy server talks to the web site. Effectively this means, the web site does not know you; it knows only the anonymous proxy server.

You have a number of choices when it comes to anonymous surfing. You can use a free proxy server service; not my personal first choice – but that’s fodder for another article!

More reliable and safer, in my view, is to download and install a client application which manages the details of anonymous surfing for you.

One such application is OperaTor, a free utility that includes the Opera browser, the Privoxy Web proxy , and The Onion Router, which is a method used for anonymous Internet communication. All components launch simultaneously.

OperaTor, and the component pieces, does not require an installer and the utility can be installed and launched from a USB flash drive. This makes it ideal for surfing at public computers.

Download at: Download.com

A second free utility, XeroBank Browser, is a special version of FireFox that runs in conjunction with the free Tor anonymizer service and that can also run directly from a USB flash drive. Just plug in your USB stick to any PC with a USB port and FireFox V2 is automatically launched and set up for secure and private surfing.

TorPark creates a secure encrypted connection between the PC you are using and the first Tor server. This allows you to safely transmit information without fear of local interception. This makes it ideal for surfing on open Wi-Fi networks.

Download at: Download.com (30-day trial)

One caveat you should take note of however; since all transmissions are encrypted and transmitted across many nodes, anonymous surfing can be very slow.

OperaTor and XeroBank – Anonymous Surfing Tools

There are numerous reasons why someone would want to surf anonymously: to ensure protection from snooping web sites, annoying advertisers, employers, or curious family members.

Additional good reasons for anonymous surfing include, surfing in internet cafes, at public terminals in libraries, or hotel business centers.

In fact, you may want to surf anonymously on any PC where you don’t want to leave traces of your private surfing activities.

Interestingly, previous reviews of anonymous surfing applications on this site, have been read disproportionately by readers from Middle Eastern countries. Perhaps, there are more reasons to surf anonymously in these countries, than in others.

Most typical PC users are amazed at the amount of information their browser provides to web sites they visit. For example, the information below is available to every web site I visit. I have X’d out certain parameters for privacy purposes only.

Your computer is connecting to the internet at xxxxxxx, xxxx, in the xxxx, with an IP address of 24.xxx.xxx.142

Your User Agent is being reported as: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: 1.8.1.12) Gecko/20080201 Firefox/2.0.0.12

Your Referrer is being reported as:

http://www.google.ca/search?hl=en&client= ient=firefox-a&rls=org.mozilla:en

Your IP Address is 24.xxx.xxx.142

Your Host Name is d235- xxx.xxx.home1.cable.net

A trace to your phone comes back with an area code of: 0

The objective of anonymous surfing then, is to conceal this information from web sites and other computers, and typically you would use an anonymous proxy server between you and the web site to accomplish this.

When surfing anonymously, your web browser talks to the proxy server; the proxy server talks to the web site. Effectively this means, the web site does not know you; it knows only the anonymous proxy server.

You have a number of choices when it comes to anonymous surfing. You can use a free proxy server service; not my personal first choice – but that’s fodder for another article!

More reliable and safer, in my view, is to download and install a client application which manages the details of anonymous surfing for you.

One such application is OperaTor, a free utility that includes the Opera browser, the Privoxy Web proxy , and The Onion Router, which is a method used for anonymous Internet communication. All components launch simultaneously.

OperaTor, and the component pieces, does not require an installer and the utility can be installed and launched from a USB flash drive. This makes it ideal for surfing at public computers.

Download at: Download.com

A second free utility is XeroBank Browser, a special version of FireFox that runs in conjunction with the free Tor anonymizer service and that can also run directly from a USB flash drive. Just plug in your USB stick to any PC with a USB port and FireFox V2 is automatically launched and set up for secure and private surfing.

TorPark creates a secure encrypted connection between the PC you are using and the first Tor server. This allows you to safely transmit information without fear of local interception. This makes it ideal for surfing on open Wi-Fi networks.

Download at: Download.com (30-day trial)

One caveat you should take note of however; since all transmissions are encrypted and transmitted across many nodes, anonymous surfing can be very slow.

Great News for WOT Lovers – Monty Widenius Now Onboard

Monty Widenius is quite literally onboard with WOT. Widenius, well known in the tech community as the founder of MySQL, has invested in WOT – Web of Trust, and as part of that process will take a seat on the company’s Board of Directors.

“For Web of Trust this new injection of expertise and capital will help us to expedite our growth and take the company to the next level,” said CEO Esa Suurio.

Regular readers of this site are well aware that I write regularly on the importance of Internet browser protection, and how strongly I recommend Web of Trust. It’s no surprise, given WOT’s strong presence, that Widenius sees the opportunity to expand WOT’s reach and impact in the browser protection market.

When addressing this issue Widenius stated “When I first learned about WOT, I was intrigued because it answers the common question Internet users have – Can I trust this website? – by uniquely combining a community-driven approach, Internet resources and browser technology.

The growth and success of MySQL was in many aspects due to our active user community. WOT’s big and active community shows a similar strength, and I like the fact that through WOT we are helping making the Internet a better and safer place”.

WOT in action:

The immediate future promises to be an exciting time for WOT and its 3 million users, and we can all look forward to continued improvement in an already “best of breed”, indispensable security application.

For additional information and download links, please read “WOT (Web of Trust) – Participate in Your Own Internet Security”, on this site.

Public Proxy Server Danger – Web Site Spoofing

In the article immediately following this article, “OperaTor and XeroBank – Surf the Internet Anonymously”, I stated, “You have a number of choices when it comes to anonymous surfing. You can use a free proxy server service; not my personal first choice – but that’s fodder for another article!”

Well, there’s no time like the present, so here is that article.

In some cases public proxy DNS’s, the database that associates numeric IP addresses, e.g. (206.4.XX.XXX) with URLs, have been known to have been modified.

The modification consists of changing the legitimate association for a fraudulent one, so that when users type a specific URL, they are redirected to a fraudulent page. For example, if users try to log onto their banking web site, the server could redirect them to a phishing site which resembles the legitimate page, but which is designed to steal their bank details.

The following graphic shows a spoofed banking site.

(Click pic for larger)

The danger of this type of attack is – even users with malware-free, up-to-date computers with a good firewall, etc. could easily fall victim to these attacks.

To reduce the risk of phishing attacks it’s important not to use anonymizer services if you’re accessing sites on which confidential data (e.g. online banks, pay platforms, etc.), is being transmitted.

It’s equally as important that you use a browser add-on such as WOT (Web of Trust), so that you have a first line of defense against this type of attack. I strongly recommend that you use WOT as your primary Internet Browser protection. For more information, read “Love WOT And It Will Love You Right Back!” on this site.

If you’re interested in learning more about web spoofing, there is an excellent article at Princeton University’s web site entitled Web Spoofing: An Internet Con Game.

OperaTor and XeroBank – Surf the Internet Anonymously

Surfing anonymously on the Internet seems to be more popular than ever; and why not? Anonymous surfing offers protection against snooping web sites, annoying advertisers, employers, or curious family members.

More obvious reasons for anonymous surfing include, surfing in internet cafes, public terminals in libraries, or hotel business centers.

The truth is, you may want to surf anonymously on any PC where you don’t want to leave traces of your private surfing activities.

Most typical PC users are amazed at the amount of information their browser provides to web sites they visit. For example, the information below is available to every web site I visit. I have X’d out certain parameters for privacy purposes only.

Your computer is connecting to the internet at xxxxxxx, xxxx, in the xxxx, with an IP address of 24.xxx.xxx.142

Your User Agent is being reported as: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: 1.8.1.12) Gecko/20080201 Firefox/3.0.5

Your Referrer is being reported as:

http://www.google.ca/search?hl=en&client= ient=firefox-a&rls=org.mozilla:en

Your IP Address is 24.xxx.xxx.142

Your Host Name is d235- xxx.xxx.home1.cable.net

The objective of anonymous surfing then, is to conceal this information, and more, from web sites and other computers, and typically you would use an anonymous proxy server between you and the web site to accomplish this.

When surfing anonymously, your web browser talks to the proxy server; the proxy server talks to the web site. Effectively, this means the web site does not know you; it knows only the anonymous proxy server.

You have a number of choices when it comes to anonymous surfing. You can use a free proxy server service; some of which are quite good and up to the task. not my personal first choice – but that’s fodder for another article!

More reliable and safer, in my view, is to download and install a client application which manages the details of anonymous surfing for you.

(Click pic for larger)

One such application is OperaTor, a free utility that includes the Opera browser, the Privoxy Web proxy , and The Onion Router, which is a method used for anonymous Internet communication. All components launch simultaneously.

OperaTor, and the component pieces, does not require an installer and the utility can be installed and launched from a USB flash drive. This makes it ideal for surfing at public computers.

Download at: Download.com

(Click pic for larger)

A second utility (free for 30 days), is XeroBank Browser, a special version of FireFox that runs in conjunction with the free Tor anonymizer service and that can also run directly from a USB flash drive. Just plug in your USB stick to any PC with a USB port and FireFox is automatically launched and set up for secure and private surfing.

TorPark creates a secure encrypted connection between the PC you are using, and the first Tor server. This allows you to safely transmit information without fear of local interception. This makes it ideal for surfing on open Wi-Fi networks.

Download at: Download.com

One caveat you should take note of however; since all transmissions are encrypted and transmitted across many nodes, anonymous surfing can be very slow.