Tag Archives: websites

Top 5 Tips to Keep Your Website And Network Secure

imageEvery day, innocent websites are compromised by malicious hackers. Google identifies almost 10,000 malware-infected websites each day, and half of those are genuine websites belonging to legitimate companies. These companies haven’t done anything wrong, but they find themselves blacklisted by Google, and that’s only the edge of the brutal iceberg.

Hackers inject vicious malware into these sites to infect visitors. They confuse and lure users to dodgy websites and they break in and steal important and often sensitive customer information.

It’s a real and constant problem, but there are easy and simple steps you can take to guard against these attacks and keep your site, your network, and your customers safe and sound.

1. Use strong passwords, keep them secure and change them frequently

We all know that we should choose complex passwords, but sometimes laziness takes over and we slack off. This is a crucial mistake. Obviously, you want to choose exceptionally strong passwords for your server and website admin area, because a vulnerable password here is a free ticket for hackers to cripple your site and do untold amounts of damage.

It can be inconvenient to remember frequently changing passwords, but in the end, it’s a simple solution that can save a lot of headaches in the future. It’s also imperative that you enforce good password practices for your users.

Compromised user accounts are a special hell of their own. Demanding that minimum password requirements are met for registration will force users to make smart choices. Insist on eight characters, at least an uppercase letter and a number or special character. It’s a bit of a hassle, but it’s worth it.

Make sure that any passwords are stored as encrypted values. Ideally, you’ll use a one way hashing algorithm like SHA. This method means that during authentication, only encrypted values are ever compared. In a worst-case scenario, if someone hacks in and steals passwords, this will limit the damage.

They can’t decrypt them, and they will be reduced to attempting dictionary or brute force attacks, trying every single combination until a match comes up. It’s time consuming and computationally expensive and just not worth the effort for most people.

Your wireless network password should be seriously strong, and the network should be protected by Wi-Fi Protected Access 2 (WPA2) rather than WEP (Wired Equivalent Privacy). WEP encryption is brittle and hackable in minutes these days and should never be relied upon.

It’s also imperative to ensure that your PCs are well protected against viruses at all times to prevent password theft.

2. Be discreet with your error messages

Make sure your error messages aren’t giving away too much information. If your website requires a login, you should pay attention to how your error messages deliver the message that their login attempt has failed. A quick-and-simple, very generic message such as “incorrect login information” is your best bet.

It doesn’t tell the user if half the query is right (especially not which half!) When a hacker is attempting brute force attacks to gain access to usernames and passwords and the error message identifies one field as correct, that’s valuable information for him. He then knows that he’s halfway there and can concentrate all his attention and effort on the remaining field. Don’t make it easy for them!

3. Keep software up to date

Make sure that you’re consistently and quickly applying security updates to all of your software. From your personal PC’s virus protection, to your server operating system, and website software like content management systems, blogging, forums, and blogging platforms.

Hackers are quick to exploit any known holes and bugs, and you want to get there first. Sign up to the mailing lists and RSS feeds of all your software vendors. They’ll be the first to alert you to any security issues and their solutions. Find out and follow it up.

4. Limit Use of your Administrator Account

Keep your computer’s admin account for installing updates and software, or for reconfiguring the host when you have to. Don’t go online while logged into your admin account. Non-privileged user accounts are not just for guests and visitors: you should have one yourself for everyday use. If you browse the web and read your email with an admin account, you leave yourself open for an attacker to gain entry and access to your host.

5. Ask the experts

You don’t have to do it all on your own. There are good tools out there for monitoring your own website, but not everyone has the time or inclination to stay on top of security 24/7.

It’s possible to find monitoring services for very reasonable prices. These companies will check for malicious activity, give you an alert if your website shows up on a blacklist, scan your site for vulnerabilities, and be there for support and repairs if you do fall prey to a hack.

If you’re dealing with databases of sensitive customer information that are attached to your site, it’s probably worth it to get an expert in from the start, sweeping your code for bugs and building in extra lines of defense from the ground up. For small businesses, companies such as SiteLock and Stop the Hacker offer packages for under $100 a year.

This guest post was provided by Amanda Gareis on behalf of Drexel University Online. Drexel expanded into the online learning sector in 1996 and now offers its recognized curricula to a worldwide audience. Drexel Online offers degrees in Information Science, Information Technology, and Computing and Security Technology. The university also provides an Information Technology Career and Salary Guide resource for those looking to enter the industry.

2 Comments

Filed under Cyber Crime, Education, Guest Writers, Internet Safety

PC Tools Exposes “Harry Potter and the Deathly Hallows Part 2” Cyber Threat

imageThe waiting game is almost over for Harry Potter fans who are hungry to feast their eyes on the much-anticipated final chapter in the Harry Potter franchise – Harry Potter and the Deathly Hallows Part 2.

There are always those of course who won’t wait – in this case until July 15. You know the type – the buttinskis who push ahead of you in line, or cut you off on the expressway – the ones you’d like to clunk upside the head.

Unfortunately, the obnoxious dimwits who behave in this way, tend to repeat this behavior across a broad range of personal activity, and I suspect, that the niceties of copyright law is well below their personal radar horizon.

The reigning experts in social engineering – cybercriminals (who, in my view, could teach “legitimate social engineering experts” a thing or two), are well aware of the “can’t wait buttinskis”, and in a perfect replay of the old “there’s no honor amongst thieves”, have made available through free torrent downloads –Harry Potter and the Deathly Hallows Part 2, except

ExceptPC Tools, the company which brings you PC Tools Firewall Plus (free), ThreatFire (free), and of course a complete line of award-winning commercial grade security offerings, has discovered that these free torrent downloads are nothing more than a new online malicious scam. Gotta admit – I love Karma payback!

I’m posting the bulletin PC Tools sent me yesterday on this, since it’s very instructive in terms of just how much effort cybercriminals will go through, in order to penetrate a target’s computer.

It’s not often possible to capture an online attack as it occurs, but in this case, PC Tools managed to do just that – see images and links listed below.

Here’s how the malicious scam works:

  • First, a user searches torrents for free downloads of the final Harry Potter movie
  • Results claiming to offer a free download of the new movie appear
  • Once users download the file, .RAR file and password.txt downloads appear
  • Users receive a message saying, “This video is password protected to stop automated leeching and detection. To get your password, please visit:
  • Here, users are taken through a series of instructions to obtain their password.

One of which is choosing a link for a special offer while the site “verifies” the password

  • Once users click on an offer, a new tab and pop-up open, asking users to save what seems to be a legitimate file
  • After saving the file, cybercriminals have access to your computer—and the movie, of course, never appears on the screen

Harry Potter Threat  Exposed

Here’s what victims find while searching for the Harry Potter and the Deathly Hallows Part 2 movie or videos:

image

Users can discover apparently ripped versions of the new Harry Potter movie on file-sharing websites.

image

It looks like the movie is being downloaded on the victim’s computer.

image

The victim is instructed to decompress the archive.

image

RAR and password.txt files suddenly appear.

image

User is told to visit separate website by password.txt file.

image

The victim then sees this screenshot, claiming to be MovieYT.com.

image

User follows 3-step instructions, which takes them to a verification code check.

image

User clicks on VLC Player and a new tab is opened.

image

When hovering over the download button, the download executable file looks real.

image

Once the user clicks on the file, they are prompted to save it – this, of course, contains malware.

image

While all this is happening, the user is still waiting for the “Verification Check” from MovieYT – but the cybercriminals now have access to the victim’s computer. They have your password and other personal information that they can use to further attack you, your finances, your friends and social networks.

Worth repeating: Consider the trade-offs, and the very real risks involved with Peer to Peer and Torrent applications.

Privacy: When you are connected to file-sharing programs, you may unintentionally allow others to copy confidential files you did not intend to share. So be sure to setup the file-sharing software very carefully.

If you don’t check the proper settings when you install the software, you could allow access not just to the files you intend to share, but also to other information on your hard drive, such as your tax returns, email messages, medical records, photos, and other personal and financial documents.

It’s extremely important to be aware of the files that you place in, or download to, your shared folder. Don’t put information in your shared folder that you don’t want to share with others. Your shared folder is the folder that is shared automatically with others on peer to peer file sharing networks.

Copyright Issues: You may knowingly, or otherwise, download material that is protected by copyright laws and find yourself caught up in legal issues. Copyright infringement can result in significant monetary damages, fines, and even criminal penalties.

Some statistics suggest as many as 70% of young people between the ages of 9 – 14, regularly download copyrighted digital music. If you are a parent, you bear the ultimate responsibility for this illegal activity.

Adult Content: Again, if you are a parent you may not be aware that their children have downloaded file-sharing software on the family computer, and that they may have exchanged games, videos, music, pornography, or other material that may be unsuitable for them. It’s not unusual for other peoples’ files to be mislabeled and you or your children can unintentionally download these files.

Spyware: There’s a good chance that the file-sharing program you’re using has installed other software known as spyware to your computer’s operating system. Spyware monitors a user’s browsing habits and then sends that data to third parties. Frequently the user gets ads based on the information that the spyware has collected and forwarded to these third parties.

I can assure you that spyware can be difficult to detect and remove. Before you use any file-sharing program, you should buy, or download free software, that can help prevent the downloading or installation of spyware, or help to detect it on your hard drive if it has been installed.

Viruses: Use and update your anti-virus software regularly. Files you download could be mislabeled, hiding a virus or other unwanted content. Use anti-virus software to protect your computer from viruses you might pick up from other users through the file-sharing program.

Generally, your virus filter should prevent your computer from receiving possibly destructive files. While downloading, you should avoid files with extensions such as .exe, .scr, .lnk, .bat, .vbs, .dll, .bin, and .cmd.

Default Closing Behavior: It is critical that you close your connection after you have finished using the software. In some instances, closing the file-sharing program window does not actually close your connection to the network. That allows file-sharing to continue and will increase your security risk. Be sure to turn off this feature in the programs “preferences” setting.

What’s more, some file-sharing programs automatically run every time you turn on your computer. As a preventive measure, you should adjust the file-sharing program’s controls to prevent the file-sharing program from automatically starting.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

10 Comments

Filed under Cyber Crime, Cyber Criminals, Don't Get Scammed, Don't Get Hacked, internet scams, Internet Security Alerts, Malware Advisories, Online Safety, PC Tools, Peer to Peer, System Security, Windows Tips and Tools

Free G Data CloudSecurity – Blocks Known Malware And Phishing Websites

As we reported several days ago in Search Engine Results – More Malware Surprises Than Ever!, poisoned search engine results have proven to be a gold mine for the bad guys who, naturally, continue to be unrelenting in their chase to infect web searches.

Since drive-by downloads, which don’t require user action to create an infection, are resident on many of these compromised sites, this is unhappy news for the unwary Internet user.

To reduce the chances that you will be victimized by malicious search engine results, you should consider installing an appropriate Browser add-on, or if necessary, add-ons, to increase your safety margin. A list of recommended add-ons follows later in this article. But first, take a look at a new Firefox/Internet Explorer add-on, G Data CloudSecurity – passed on by regular reader Charlie L.

According to G Data, the plugin “effectively blocks access to known malware distribution and phishing websites – in real time. The plugin can be used alongside any other installed security suite and is ready for action after installing; no additional configuring required.”

Taking advantage of this service couldn’t be easier. Simply download the setup application, and execute. Following installation, you’ll notice a new icon in your browser which indicates  G Data CloudSecurity is up and running.

image

Clicking on the icon opens a dropdown menu which provides access to a number of functions.

image

The screen capture below shows G Data CloudSecurity in action – blocking a suspicious, or dangerous Web site.

image

Fast facts:

Compatible with all other security products

Prevents access to malware and phishing websites

Install once – no updates required

PC performance remains unaffected

Download at: Developer’s site. (G Data)

Additional Internet Browser Protection:

It’s not prudent to rely on only one form of protection, it seems to me, so take a look at the following browser security add-ons that are noted for their effectiveness.

It’s important to recognize that cyber-criminals are crafty, and there are no perfect solutions.

Web of Trust (WOT) WOT is a free Internet Browser add-on (my personal favorite), that has established an impressive and well deserved reputation. WOT tests web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams, helping you avoid unsafe web sites. (installed on my computer)

Search Engine Security – Search Engine Security turns the table on the bad guys by using using a technique familiar to most hackers – appearing to be something you’re not. Or, more properly, appearing to come from a location you’re not really at. (installed on my computer)

Basically, the add-on changes the HTTP referrer (selectable by you), in the search string so that when you click on a returned link it appears to the link site that you have not arrived from Bing, Google, or Yahoo.

McAfee SiteAdvisor A free browser add-on that adds small site rating icons to your search results as well as a browser button and optional search box. Together, these alert you to potentially risky sites and help you find safer alternatives. These site ratings are based on tests conducted by McAfee using an army of computers that look for all kinds of threats.

ThreatExpert Browser Defender – The Browser Defender toolbar allows you to surf safely by displaying site ratings as you browse the Internet. When you visit a site its address will be checked by our servers and a rating shown in the toolbar based on any malicious behavior or threats we have found associated with the site. The toolbar also integrates with the search results provided by popular search engines such as Google and Yahoo! so you can see if, in our view, it is safe to continue before you visit a site.

AVG Security Toolbar Free Edition AVG’s unique Search-Shield, available with the AVG Security Toolbar Free Edition, marks all web pages which are infected by zero day exploits and drive-by downloads. This powerful LinkScanner based technology works in real-time to provide comprehensive protection. Other programs rely on static databases and cannot protect you at the only time that matters – the time you click on a link.

TrendProtect – TrendProtect is a free browser plug-in that helps you avoid Web pages with unwanted content and hidden threats. TrendProtect rates the current page and pages listed in Google, MSN, and Yahoo search results. You can use the rating to decide if you want to visit or avoid a given Web page. To rate Web pages, TrendProtect refers to an extensive database that covers billions of Web pages.

Bottom line:

While G Data CloudSecurity does what it says it will do, my personal preference is unchanged. WOT (Web of Trust), backed up by Search Engine Security, is a more appropriates solution.

I’ve reviewed and recommended a bag full of Browser security add-ons in the past few months, or so. No disrespect intended to those developers who have the public’s interest at heart when they develop Browser security add-ons, but…..

Am I the only one who thinks that building protection into my Brower in this potluck fashion, has reached the height of ridiculousness?

Isn’t it long past the time, when a Browsers should be built with the most appropriate form of protection already on board?

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

7 Comments

Filed under Anti-Malware Tools, Browser add-ons, Browser Plug-ins, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Firefox Add-ons, Freeware, Internet Explorer Add-ons, Malware Protection, Search Engines, Software, Windows Tips and Tools

Comment Spam Is Dangerous BS!

imageIf you’ve ever wondered why comments on this site, and many other sites for that matter, are held for moderation by a site administrator, the simple answer is – comment spam, and the need to control it.

Without a doubt, comments are an important part of the mix for a technology site. Comments can spark discussion (always a good thing), allow a reader to present his/her point of view, share tech wisdom, or spread the word on a unique piece of software.

But, comments are not without their share of issues; with comment Spam, in my view, being a significant problem. Spam is virtually everywhere on the Internet. In your inbox, on Twitter and Facebook and other social networks, and so it’s not surprising that you’ll find Spam comments. Recently however, I’ve seen a major increase in the amount of comment Spam.

The following comment spam (full of praise – like many are), is just a small example of the type of nonsense Spam I deal with daily. (click on the screen capture to expand to original size – 1280 x 589).

image

Take a look at this one, and try to imagine the type of creep who would submit this as a comment.

image

Hard as it is to believe, there are many sites that rely only on a Spam filter to sort out the wheat from the chaff. Unfortunately, this complacency can lead to the posting of comment Spam that contains dangerous links. Links, which if followed, can lead to a malware site – guaranteeing a very painful experience. The comment shown above, for example, contains a number of malicious links.

Some advice:

Be cautious when following links contained in comments on any web site.

Be particularly cautious of comments, on any web site, where the writer is describing a problem with recommended software and offers a link to alternative software.  This is a favorite technique employed by cyber-criminals.

Be cautious when following any link contained in any web site, since the latest reports indicate there are 5.8 million individual web pages infected across 640,000 compromised websites. Cyber-criminals are finding it easier than ever to inject malicious content into legitimate sites.

Be cautious following links on web forums. Forums can often be a source of dangerous links.

Since the majority of infected sites are infected with Java based scripts, consider using Firefox with the NoScript add-on active. NoScript offers superior protection.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/Firefox add-on, that offers substantial protection against questionable, or unsafe websites.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

7 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Freeware, Interconnectivity, Internet Security Alerts, Malware Advisories, Online Safety, Software, spam, Windows Tips and Tools, WOT (Web of Trust)

Follow the Link and You “Takes Your Chances”

image Regular readers on this site are aware, that virtually all downloads I recommend, are linked to CNET (download.com).

There is good reason for this – CNET scrupulously audits hosted downloads and linked sites, to ensure they are not contaminated by malware.

But links on Blogs can be a special problem for surfers – particularly links contained in comments. Don’t get me wrong –  comments are an important part of the blogging mix.

Amongst other things, comments can spark discussion (always a good thing), allow a reader to present his/her point of view, share tech wisdom, or spread the word on a unique piece of software.

But, Blog comments are not without their share of issues; with comment Spam (some containing malicious links), being the leading problem.

Spam is virtually everywhere on the Internet. In your inbox, on Twitter and Facebook, and other social networks, and so it’s not surprising that you’ll find Spam Blog comments.

WordPress, on which this Blog is hosted, has a Spam plug-in filter, Akismet, which does a good job of catching comment spam. Akismet automatically analyzes comments and flags for review, those it considers Spam.

On this Blog, Akismet routinely captures about 90% of spam comments, according to my blog stats. In real number terms, Akismet has captured in excess of 60,000 spam comments here, in the past two years. But what about the other 10%? – some of which will contain malicious links?

As a matter of policy, I test every allowed link included in a comment, for safety.

Regretfully, there are Bloggers who are fairly complacent and who rely only on a Spam filter to do this job. In doing so, they miss the reality: Spam filters can often miss comment spam, some of which are highly dangerous.

While comment Spam is a pain for the Blogger, a reader who follows a link in a malicious Blog comment, which leads to a malware site, is in for a very painful experience.

Here’s a case in point – any time I write on registry cleaners I can expect the following comment, (shown in the following screen capture), or one like it, to show up.

This comment included a link, to a free application, which supposedly is superior to the free application I recommended in the article.

Spam Comment

The comment itself looks harmless, but if I’d allowed this comment to be posted (and I’ve seen this comment published many times over, on many other sites), a reader who followed the link would have become infected simply by visiting the site.

Don’t think that this is an unusual set of circumstances – it’s not. On an average day, here on Tech Thoughts, 10 or more comments (thankfully picked up by Akismet), contain malicious, or dangerous links.

Some advice:

Be cautious when following links contained in comments on any web site – not just Blogs.

Be particularly cautious of comments, on any web site, where the writer is describing a problem with recommended software and offers a link to alternative software.  This is a favorite technique employed by cyber-criminals. All software reviewed on this site, for example, has been thoroughly tested, by me, for usability. If a reader has a problem with recommended software, it’s generally a machine specific problem.

Be cautious when following any link contained in any web page. Recent reports indicate there are 5.8 million individual web pages infected across 640,000 compromised websites. Cyber-criminals are finding it easier than ever to inject malicious content into legitimate sites.

Since the majority of infected sites are infected with Java based scripts, consider using Firefox with the NoScript add-on. NoScript offers superior protection.

Install an Internet Browser add-on that provides protection against questionable, or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/Firefox add-on, that offers substantial protection against questionable, or unsafe websites.

Use Norton DNS as an added safety precaution.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

15 Comments

Filed under Anti-Malware Tools, Browser add-ons, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Firefox Add-ons, Freeware, Internet Explorer Add-ons, Internet Safety Tools, Internet Security Alerts, Online Safety, Safe Surfing, Software, spam, Windows Tips and Tools, WOT (Web of Trust)

Cloud Hosting vs. Dedicated Hosting

A primer, by guest writer Charles Homes, on how choosing the right hosting plan can significantly impact your business.

image There are quite a variety of hosting plans for businesses to pick from, with the “best choice” being entirely dependent on how your business is set up.

When it comes to companies who perform the vast majority – if not the entirety – of their business online, there are two main alternatives to investing in, and setting up, in-house servers.

For businesses that are already well established and stable, dedicated hosting would likely be the choice that makes more sense. However, for newer companies that are still in the process of starting up, cloud hosting is the better choice.

Let’s take a good look at the differences between these two kinds of hosting, and the reasons your online business should rely on either one, or the other.

Cloud Hosting

Essentially, if you are a start-up that (1) relies heavily on its web-based technology, (2) currently lacks the resources necessary to invest heavily in on-site hosting, but (3) plans to undergo quite a few significant growth spurts in the very near future, then your business would benefit greatly from cloud hosting.

Since your business is primarily web-based, you really cannot afford to experience a significant amount of down-time, but at the same time you have the need to be very frugal with your funds since, as a start-up, you can’t really afford to invest too much in one area when such funds could be better invested elsewhere.

Cloud hosting is a very flexible option, allowing you to adjust your hosting plan quickly and easily in response to your changing needs. This kind of hosting lets a business rent a virtual server, which can be scaled as the need arises.

Many cloud hosting providers also grant you the choice of which operating system to use (Windows or Linux), will provide you the self-service flexibility offered through dedicated hosting, flexible billing, and an API or web-based interface, to configure your server on the fly.

Overall, your business can save money by only paying for what you need when you need it, while at the same time benefiting from a reliable, stable hosting plan. That kind of scalability is ideal for a start-up web-based company that does not have the resources or need to commit to something as comprehensive as a dedicated hosting package.

Granted, this all means that your IT department will likely have to be spending a great deal of its time managing your server configuration. With your traffic and userbase always in a state of flux, your server’s configuration will not remain static. Then again, your techs would likely be busy doing that anyway.

Dedicated Hosting

Dedicated hosting works in an entirely different way. Whereas with cloud hosting you are only buying part of a server’s space (and possibly sharing that server with other businesses), with a dedicated hosting plan a company leases one or more servers and has complete control over that (or those) server(s).

A dedicated hosting plan has three distinct advantages. Firstly, a dedicated sever is located in a secure and stable data center, meaning that your business does not have to spend anything in investing in any hardware or infrastructure (such as redundant power systems), or the additional space that is needed when you have your servers on-site.

Secondly, a dedicated hosting plan means that the server in question is completely dedicated to your business’s applications, websites, and platforms. Unlike shared hosting, your company’s websites, et cetera, enjoys the full and complete power and bandwidth of the servers they are hosted on, and nothing should affect those servers’ performances (such as load times), unless you choose to let it.

Finally, with a dedicated hosting plan, your IT department has full reign and is able to fully customize server performance to perfectly suit the needs of your business.

So, who is dedicated hosting right for? The answer is, essentially, large and stable business which relies very heavily on its online presence (and therefore its hosting) to survive and make money.

If your business fits that description, then this is likely the kind of hosting that you are looking for. As a web-based company cannot do business without having a strong online presence, it needs its sites and applications to run smoothly so your customers and access them at any time and buy that company’s products or services.

An example of such a company is a large online retailer, which manages a significantly large inventory through a custom CMS. A retailer like that would be processing thousands of queries a minute, which means that every minute lost to downtime, could mean losses of hundreds of thousands of dollars in revenue.

Another example is, an online advertising network. Such a business would have an ad platform consisting of hundreds or thousands of ad campaigns, spread across thousands of domains for dozens of advertisers. If that business were to experience downtime and those banners would not render, clients would not have to pay them, and publishers, and if seeing this as a recurring event, would stop working with them. Therefore, maximum bandwidth and up-time is essential to the survival of that business.

Choosing a Business Hosting Provider

After deciding which kind of hosting is best for your business, the next step, choosing the right provider, can be very tricky. After all, while some hosting providers may excel at providing cloud hosting services, their dedicated hosting plans may not be that great or vice versa.

Start by looking for reviews that address how the provider handles the specific kind of hosting your looking for, not just about the provider in general. After you have a list, involve your IT team in the decision making progress. They are the ones that will be configuring your servers, so they’re in the best position to accurately evaluate a potential host’s technology and help you make the decision that’s best for your company.

Article by Charles Homes who is a consultant at Hosting.com, for more info check out their Dedicated Server Hosting.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

9 Comments

Filed under Business Applications, Guest Writers, Interconnectivity, Networking, Recommended Web Sites, Web Hosting

A Message for Spam Commenters – WTF!

image For many Bloggers, particularly technology Bloggers, comments are an important part of the mix. Amongst other things, comments can spark discussion (always a good thing), allow a reader to present his/her point of view, share tech wisdom, or spread the word on a unique piece of software.

But, Blog comments are not without their share of issues; with comment Spam, in my view, being the leading problem. Spam is virtually everywhere on the Internet. In your inbox, on Twitter and Facebook and other social networks, and so it’s not surprising that you’ll find Spam Blog comments.

Let me throw some numbers at you. In the roughly two years I have been writing this Blog, there have been 67,000+ comments of which 59,000 +  have been Spam. In other words only 8,000 (approximately), have been legitimate comments.

WordPress, on which this Blog is hosted, has a Spam plug-in filter, Akismet, which does a reasonable job of catching comment spam. Akismet automatically analyzes comments and flags for review, those it considers Spam. This is not as effective as it once was, since it’s now much harder to distinguish Spam comments from legitimate comments.

Except of course, for comments that look like these two examples from this morning:

Itboibltlx – fAHU7K kfyvjnunmugw, [url=http://avfqgyvilzvj.com/]avfqgyvilzvj[/url], [link=http://jlroercbkvod.com/]jlroercbkvod[/link], http://sjxsnveldoke.com/

Rzjulixnne – JvgMqE sakykccvvzrv, [url=http://dpbvrodxgikt.com/]dpbvrodxgikt[/url], [link=http://tiewycygcttc.com/]tiewycygcttc[/link], http://etukxnfppged.com/

When you see this type of comment, you have to wonder about these morons.

image

Since it takes time and effort to manually cull comments so that they are  relevant and Spam free, there are Bloggers who are fairly complacent and who rely only on a Spam filter to do this job. In doing so, they miss the reality: Spam filters can often miss comment spam, some of which is highly dangerous.

While comment Spam is a pain for the Blogger, a reader who follows a link in a malicious Blog comment, which leads to a malware site, is in for a very painful experience.

Here’s a case in point – just this past week (and not for the first time), a site which is renown as a site that specializes in malicious content, left a comment which was not filtered by Akismet. This comment included a link, to a free application, which supposedly was superior to the free application I recommended in the article.

Spam Comment

The comment itself looks harmless – but you pay me to be careful – right?

If I’d allowed this comment to be posted (and I’ve seen this comment published many times, on many other sites), a reader who followed the link would have become infected simply by visiting the site.

Don’t think that this is an unusual set of circumstances – it’s not. On an average day, 10 or more comments (thankfully picked up by Akismet), contain malicious or dangerous links.

Some advice:

Be cautious when following links contained in comments on any web site – not just Blogs.

Be particularly cautious of comments, on any web site, where the writer is describing a problem with recommended software and offers a link to alternative software.  This is a favorite technique employed by cyber-criminals. All software reviewed on this site, for example, has been thoroughly tested for usability. If a reader has a problem with recommended software, it’s generally a machine specific problem.

Be cautious when following any link contained in any web site, since the latest reports indicate there are 5.8 million individual web pages infected across 640,000 compromised websites. Cyber-criminals are finding it easier than ever to inject malicious content into legitimate sites.

Since the majority of infected sites are infected with Java based scripts, consider using Firefox with the NoScript add-on active. NoScript offers superior protection.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable, or unsafe websites.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

11 Comments

Filed under Browser add-ons, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Internet Safety, Malware Advisories, Online Safety, spam, Windows Tips and Tools