Category Archives: Scams and alerts

Always double-check URL links

A reminder to always check – and double-check – the URL of any page that requests your username and password.

One of our clients received a typical spam email today that appeared to be coming from Bluehost.

The text read: “Your account contains more than 6729 directories and may pose a potential performance risk to the server. Please reduce the number of directories for your account to prevent possible account deactivation.”

Naturally the client was alarmed, and he clicked what appeared to be a URL link to Bluehost in the email.

However, when clicked, the URL link changed to the address of a Russian spammer (.ru), as you can see in the image below. The Russian spam site is a perfect duplicate of the Bluehost login page. If he had entered his username and password, he would likely have lost his site in one way or another, and been subjected to no end of trouble. Only by double-checking the URL is it obvious the email did not come from Bluehost.

ALWAYS ALWAYS ALWAYS double-check site links before entering any text on a website! And if you’re not sure, please forward any email requests you receive and we’ll be happy to advise you at no charge.

russian-spam

Chinese domain name scam

cnThe “Chinese domain name scam” is a common problem for site owners. Typically the emails pretend to be from a company in China that registers domain names (web site addresses). They write to inform you that someone in China wishes to register the name of your company with a .cn (China) extension.

This can make some domain name owners pretty angry and frustrated because they think they already own the name. The truth is that you have registered for the first part of the name, and probably one or two extensions like .com or .ca if you live in Canada. But there are hundreds of other possible extensions for your domain name – among them .org, .net, .info, .biz, .us, .tv – with dozens more being approved all the time.

A list of domain name extensions can be found on Wikipedia at http://en.wikipedia.org/wiki/List_of_Internet_top-level_domains.

It would be impossible for you to register all of them. In fact, unless you’re a resident of a country, most countries will not allow you to register a domain name with their country extension. For example, if you’re not a resident of Canada, you can’t register a .ca extension.

However, the point of the email scam is not really to involve you in the domain name dispute. Rather it is a starting point for drawing you into fraudulent activity by getting you to reply.

Do not answer any emails asking you to buy another version of your domain name. If you reply, you will confirm your email is live, and any information you provide – such as your name and contact information – can be sold. At some point, you may be sent an invoice to purchase the .cn version. If you do buy the name, you will never see your money again. If you complain, you may receive increasingly aggressive responses.

For more information and to report these sorts of nuisance communications, please see:

http://www.keepalert.com/Experts-opinions/scam-to-register-asian-domain-names.html

http://www.insercorp.com/blog/index/view/id/7

7 ways to recognize spam comments

spamCan you tell a real comment from a fake one? WordPress sites attract spammers who try to attach comments to your pages, links and images. They want your approval so they gain links to their own sites, which in many cases are sources of malware. Learn to recognize these 7 types of spam comments so you don’t create opportunities for them to use your site for devious purposes.

Login to your WordPress Dashboard and locate Comments in the left side menu. Click to open. To remove the ones sent by spammers, select the boxes beside them, then do a Bulk Action to remove them to the Trash. See the screenshot at the end for details on removing them.

Seven common types of spam comments:

1. Comments with email addresses that have a series of numbers and/or letters, such as:
533.4.fd2d@gmail.com

2. Any comments with email address or web links that are unusually long, like:
http://www.purevolume.com/listeners1/stakingportal5061/posts/411904/
Spyro+The+Dragon+Game+Series+For+Playstation+One

3. Unless you are Asian and expect people to make comments in a foreign alphabet, you can expect all comments with Asian characters in the email address or links are spam. For example:
バーバリブラックレーベル

4. All comments that direct you to link to another URL are spam. For example:
I have discovered website which offer to dramatically increase traffic to your blog http://insane-webs-traffic.com

5. All comments that use words or phrases with no proper message, such as:
%titlet% lunettes carrera pas cher lunettes carrera raye ban lunettes

6. All comments from people you don’t know who make very general comments about your site are spam. Comments should make specific reference to something you say on your page or post. Typical spam comments:
Hey this is a actual cool web site
You write the best posts ever.
Can you tell me how do you make your design so good.

7. All comments that don’t make sense are spam. These are auto-generated using English words to imitate the English language. Two examples:
It really is hardly ever slash and dry on what water will do.
What are the results that will archives any time a wordpress living space modernize expires?

comments

Who’s attacking your website?

Areas of the world experiencing Denial of Service attacks at the time of this posting, August 26, 2013

Areas of the world under attack at the time of this posting, August 26, 2013

Some of our clients have been experiencing problems connecting to their WordPress sites in recent months. This is an ongoing problem for us because we want to feel confident about the hosts and servers we recommend. If your site is not available when you want it to be, it can be very frustrating.

Connection problems can happen at many points between your computer and the host computer. The biggest problem however are DDoS attacks, or Denial of Service attacks. You can view a real-time map showing attacks currently underway across the globe at www.akamai.com (then click the “Attacks” button to reveal areas currently under attack).

Denial of Service happens when a server receives thousands, possibly tens of thousands, of “fake” connection requests simultaneously. These situations are caused by people who deliberately attack servers through tools like botnets. As a result, the servers are overwhelmed and cannot deliver your website files to you.

One recent analysis revealed the origin of attacks as China (39.08 % of attacks), Mexico (27.32 %), Russia (7.58 %), Korea (7.29 %) and France (6.50 %). Another source claims China 41%, followed by Mexico, Germany and Iran. Several weeks ago, we experienced a Friday morning when almost a third of servers in North America were affected at the same time.

The origin of the attacks shifts constantly and Denial of Service attacks grow more and more complex in scope. It is the largest issue currently facing the Internet today. It particularly affects countries like the United States that have extensive network infrastructures, and particularly the West Coast of North America. These areas are typically more susceptible to being selected as targets by malicious groups who seek the unauthorized use and abuse of those network resources.

Why do people launch these attacks? The people behind them include crime gangs, extortion groups, groups disguising other crimes, hacker groups, vandals and mischief makers. One type of attack, known as cyber “hacktivism”, involves attacks by people against certain banks, ecommerce and government sites and corporate sites just because the sites don’t serve their political, religious or ideological values.

Websites may be remembered one day as a luxury of the early 21st century. Denial of Service has been described as an “arms race” between the hackers and the companies trying to solve the issues.

Resources

http://copperegg.com/ddos-attacks-quicker-and-more-frequent/

http://siliconangle.com/blog/2013/08/26/5-notorious-ddos-attacks-in-2013-big-problem-for-the-internet-of-things/

Why your emails get blocked

If your emails are getting blocked or sent to a junk folder, the problem is not with your server. The problem is with the restrictive controls of the recipients’ email programs.

Email programs will typically block email for the following reasons.

– Restricting email addresses that start with a recognizable name, like “pam” or “mary” or “peter”. This indicates a setting in the mail program that is more restrictive than normal.

– Restricting the sender’s domain. The domain name itself may be banned, so any mail coming from “mycompany.com” will be marked as junk or spam.

– Rejecting mail from non-existent domain addresses

– Accepting mail from trusted networks only – for example, mail from “info@petsRus.com” may be accepted but mail from “www.girlsRus.com” may not be, if “www.girlsRus.com” is on a list of networks your mail server doesn’t trust.

– Rejecting mail because of unrecognized attachments

– Rejecting mail because of attachments that are too large – typically, images over 2 or 3 MB might be rejected. Images over 7 MB will likely not even leave the sender’s mail box.

Because there are so many email programs, there is not much you can do about your emails getting junked. They all have different settings and different standards for what they accept and what they don’t accept.

Check your Junk mail as often as you check your Inbox, and mark each blocked email with your approval.

Different email programs have different ways of handling approvals. If I want to approve a sender I find in my junk mail in Windows Live Email, I right-click the sender’s email, select “Junk mail” from the pop-up menu, then select “Add sender to safe sender list”. If I expect to receive more mail from the same domain (like from other people at the same company), I’ll select “Add sender’s domain to safe sender’s list”.

Encourage your recipients to do the same with your own messages. If your emails don’t get answered, try giving them a phone call and see if it’s in their Junk, then explain how they can mark it safe for the future.

More information on sizing images for email

Be wary of emails from “Faceboook”

CAPTCHA-solving sweatshops

I get pretty bristly when I think about people being paid to make annoying stupid and illiterate comments on blogs. They do this in the hope you will approve their comments, which will give them a link from your site to theirs.

Most comments are not sent to your site by individuals, however. They arrive as a result of automated spambots. A company selling Viagra, for example, might write a general comment that can be sent to any site, such as, “I love your site so much, you are the best writer”. Somewhere in the comment there will also be a link to a site selling Viagra. If you approve the comment, which many people do because they are flattered and don’t notice the link, they now have a link from your site to theirs, which helps increase their page rank in Google. (Many people don’t even approve their comments. Their WordPress sites are left open to accept unapproved comments from anyone.)

However, before that comment can be submitted to you, the sender of the comment has to read and re-type the CAPTCHA code – that series of squiggly letters and numbers just above the “Submit” button. Since most comment spam is automated, and since automated spambots cannot read or re-type CAPTCHA codes, these companies use the services of other companies who hire real humans to decipher CAPTCHA codes. Once they have deciphered the code on your site, your site becomes one of thousands that can be re-sold in packets.

All over the world, especially in India, Malaysia, China and Russia, there are tens of thousands of non-English speaking workers hired for a pennies a day to decipher the CAPTCHA codes on WordPress comment forms.

With the going rate ranging from 80 cents to $1.20 for each 1,000 deciphered CAPTCHAs, a really fast worker can make $2 to $3 a day. Imagine deciphering 1,000 CAPTCHAs in one day, then doing it again for the next 365 days. International CAPTCHA-solving teams are effectively sweatshop labor, where people — especially young children — will just sit and be given these images to solve and will type them in all day.

In India, major CAPTCHA-solving companies openly advertise that they can crack CAPTCHA codes. They sell their services in turn to companies selling not only drugs like Viagra but search engine optimization (SEO) sites, sites selling vitamins, cosmetics and shoes, and hundreds of other types of businesses who can profit from getting their web link on your site.

Typical newspaper ads in India read:

I have 40 PCs and 55 Persons working in my office for data entry work. As 1 person can do 800 captcha entry per hour. We can deliver you good quantity with quality

Hello Sir, I will kindly introduce myself.. This is Shivakumar. We have a team to type capcthas 24/7 and we can type more than 200k captchas per day

WE ARE PROFESSIONAL CAPCHA ENTRY OPEATORS AND WE CAN DO EVEN 25000 ENTRIES PER DAY AS MY COMPANY IS A 25 SEATER FIRM SPEALISED IN DATA ENTRY

In Bangladesh at this very minute, a team of international workers is actively soliciting deals for breaking Craigslist, Gmail, Yahoo, MySpace, YouTube and Facebook’s CAPTCHA scripts, promising to deliver 250k solved CAPTCHAs per day on a “$2 for a 1000 solved CAPTCHAs” basis.

It’s a losing battle for the well-intentioned WordPress sites of the world. The only protection is to ensure you have checked off “Administrator must always approve comments” under Discussion in your General Settings. Then check your Comments regularly and immediately delete any spam comments that appear.

Sources:

http://www.zdnet.com/blog/security/inside-indias-captcha-solving-economy/1835

http://www.nytimes.com/2010/04/26/technology/26captcha.html?src=me&ref=technology

http://www.npr.org/templates/story/story.php?storyId=130594039

Nasty Facebook notifications

Some days I feel like I’m walking through a minefield.

No sooner had I posted a blog piece about WordPress comment spam today (see Caution: WordPress Comments), I noticed an email message from someone who had commented on my Facebook wall.

It was a weird comment, which should have warned me. After the fact, I also saw the tell-tale row of multiple O’s in the sender’s address, from comments@faceboook.com

But at the time, I was seduced into logging on to my Facebook account then clicking the link with a message from “Amanda Phillips” in my email program. At a quick glance it looked like any of the legitimate Facebook notifications I receive every day. (Without the swearing of course. In fact that was part of what intrigued me: Why was someone so mad at us?)

Curiosity almost killed the cat. I was immediately blasted by my Avast anti-virus/anti-malware protection which announced it had blocked an executable Trojan horse, a split second after clicking the link and a hair before it initiated.

Close, very close.

[BTW If you don’t have an anti-virus program, I urge you to stop now and download Avast here. http://www.avast.com/en-ca/index You will be very glad you did. Avast is also available for the Mac at http://www.avast.com/free-antivirus-mac As the market share for Mac grows, viruses are an increasing threat for people on Macs.]

What does a Trojan horse do? A Trojan horse is a program that gives a hacker power over your computer. It can provide the attacker with unauthorized remote access to a your files, infect your files and damage the system, carry additional dangerous parasites, and steal sensitive information. Trojans delivered to your computer through email can be are set in action when you click an infected link, play an infected video or click on an infected image. Without protection, they can wipe out your harddrive and all your programs and files.

More information about Trojan Horses can be found at Wikipedia

Read more about Facebook scams and spams at http://www.theregister.co.uk/2012/05/06/social_network_spam/

If you fall for one of these notifications like I did, I hope you have as excellent malware protection in place as I did.

Caution: WordPress comments

Think twice about accepting comments on your blog. Most WordPress comments are spam. Disguised as notes of appreciation, millions of spam comments are sent every day to WordPress blogs like yours and mine.

Most comments are innocuous, like the one above. Typically they read as a variation of:

“Great article. Keep up the great work.”
“You are very astute to write about this matter.”
“Spot on with this write-up, I truly think this fabulous website needs considerably more consideration.”

The goal of most of these senders is to have you approve their comments so they increase the number of links to their own sites. The scammers who generate these comments (by the thousands) are happy if only a fraction are accepted. But by approving them, you can be allowing potentially dangerous links to be created between their site and yours.

The more dangerous comments contain links to malware/virus/phishing sites, but you may not be able to tell by the email of the sender or other clues. Not only can you infect your own computer by accepting them, but the computers of your own visitors who may clicks on a malware link.

Other comments are much more damaging. Approving them can corrupt all the files on your site, including your design and all the posts you have made. You can lose everything. In a particularly brutal example, this morning someone contacted our company for help because he had approved a comment on his site which turned out to be malware. By approving it, it wrote malware into every .php file in his installation, installed someone else as the admin, and changed the admin e-mail address to their own. Basically he lost his entire site. He is on a server that does not do backups. This is one of the worst cases we’ve heard of.

Following are the absolute least, the most basic things you must do to protect yourself.

1. In the Discussion settings of your blog, check An administrator must approve comments.

2. Click the Comment Author Must Fill Out Name And E-mail box, which forces anyone making a comment to provide the necessary information. Some spammers might be deterred by this extra step.

3. Vigilantly check your comments by logging in to your dashboard, and trash all spam. Your speedy response can help diminish further comments from the same source.

4. Install a CAPTCHA script to ensure anyone leaving a comment has to type in the extra code. Automated spam cannot do this.

5. Never, ever approve a comment unless the writer has made a specific reference to something in your post. If the comment could have been made about any of your posts, or any other post, trash it.

6. Check the email of the sender. Trash it if the comment sender’s emails contains strange characters (like %/solarsp0), an exceptionally long address (like businessseomaster.com/index.php?main_page=product.Gravitt295@yahoomail.com), or comes from a company that sounds odd or too generic (like hotbraininsights, xxxlivecam or bestvaluerugs).

7. Never, ever upload an html page from another site. If you copy a photo from another site, be sure to rename it rather than using the entire http:// link. You never want to take the chance that malicious code from another site can infect your own.

In general, unless you have very strong reasons to believe the sender is genuine – for example, they made a comment that includes information that could only have been obtained from reading and thinking about your post, or if you visit the website associated with the email address and decide you do want to be associated with it – I recommend that you do not accept any comments at all.

It is much better to be safe than sorry.

For more information, please refer to these articles.

The Never-Ending Battle Against Comment Spam
http://www.wpsecuritylock.com/battle-against-comment-spam/

Comment Spam
http://codex.wordpress.org/Comment_Spam

Removing Malware from a WordPress Site
http://pengbos.com/blog/removing-malware-from-a-wordpress-site

Note: Be particularly careful if you’re on a Mac. Mac users do not tend to protect themselves adequately, in part because of a false sense of security caused by the company’s advertising. One study found that only 26% of Mac users have installed anti-malware software, as opposed to 92% of PC users. Read more

How to keep people from stealing your images

Unfortunately this is a difficult topic without a solution. Anyone can copy any image from any site if they know how. Without really disfiguring your images quite badly, there is no way to prevent them. Personally, if I want a copy of an image on the web, I have many ways of copying it, and I’m certainly not alone in my skills.

Most watermarks only cover a small part of the picture. People can still see the image perfectly and copy it if they want. A little photoshopping can easily remove most traces of a watermark – often it is only a line of text along the top or bottom. A larger watermark that disfigures the images looks unprofessional and amateur. And people can still copy the idea.

You can add a “right-click disabled” to your images, but thieves can easily do a screenshot then cut the image out. They would have the same image as they would if they copied it in the first place. There is no way to disable a screenshot.

On the plus side, there isn’t much anyone can do with a copied image. The resolution of a web image is only 72 pixels an inch, while print resolution is 300 pixels an inch. This means that printed pictures are four times more detailed than web images (they have four times the resolution). Images from the web cannot be used for reproductions such as prints or postcards (they will be useless and fuzzy), unless the image size on the web is extremely large.

Example: A 600-pixel wide image produces an 8 inch print, but the lower resolution of only 72 pixels/inch will make the image unsuitable for most printing purposes. If it was converted to 300 pixels per inch, the image would be only about 2 inches big.

Unfortunately people with blogs are not usually in the habit of re-sizing their images before they upload them. I see a lot of WordPress sites with direct click-throughs from small images to large, full screen beauties that could easily be converted to 300 pixels per inch. These are prime targets for image stealing.

If you’re a blogger and you’re in the habit of uploading photos without re-sizing them, be aware that you’re making them available for people to copy and re-use in printed materials. If you don’t want this to happen, you need to pre-size any pictures you put online to a much smaller size (for example, 600 pixels wide). This is the most effective thing you can do to protect your images.

There are a couple of ways you can find out if someone has already copied one of your pictures. Use the Google tool as described on http://www.kitsmedia.ca/galleries/find-out-if-your-image-has-been-copied/

Or try linking to www.tineye.com and follow the directions. I personally haven’t  found either of these tools work very well for slightly modified images, but if someone has copied your image intact, it will show duplicates.

If you find that your image has been copied, you should first attempt to contact the site owner. You can also contact the host of the site and let them know about the copyright infringement. If you’re an artist represented by a gallery, have the gallery owner contact the thief.

It definitely helps to have a digital copyright (this is information about the image that is “hidden” in the code) in the case of disputes. However, in most cases direct contact by email or phone with the site owner or website developer will result in the copied image being removed.

Website developers usually add a link to their own company in either the footer or the source code. Since web developers are equally liable if a site uses a copyrighted image without permission, the developer is more likely to remove it or bring it to the attention of the site owner.

Otherwise you must be prepared to invest a great deal of time, money and energy following through. And if it’s the ”idea” you don’t want anyone to copy, it’s best not to show your work anywhere at any time, because there will always be someone who will copy your style, composition, colours, brushwork, themes or ideas.

It is very disheartening when this happens. When I was a painter, I frequently saw copies of my work. Once I walked into Malaspina College and saw a large, perfect duplicate of one of my paintings hanging in a graduate show. It had been used on a Bau-Xi exhibit invitation and I later saw it copied on two other occasions. A couple of years ago I put some small, decorative canvasses for sale on Etsy. Within only 48 hours, exact duplicates of my paintings were reproduced verbatim by another artist, right to the last detail. The only recourse offered by Etsy was to contact a lawyer. 

For many, many years I have had the same thing happen to my writing, especially my reviews of gallery shows. My art writing is frequently copied intact and used by artists on their websites as their own statements. My reviews for Preview Magazine have even been returned to me as “press releases” from galleries for their subsequent shows. Strangely, artists and galleries are usually offended when I contact them.

Either there are a lot of otherwise intelligent people who really believe that images and writing found on the Web are up for grabs, or they just don’t care.

Note: If you’re wondering whether your writing has been copied, try Copyscape, Plagiarism Checker or the plagiarism checker at Small SEO Tools.

Invasion of privacy online

I know I’m not the only one having trouble with the rapidly increasing assault on my privacy while I use the Internet. It’s getting downright creepy.

A couple of weeks ago I was looking at a weekender bag on Roots. The next day it was featured in an ad on another site I was browsing.

“Hey look – there’s the bag I want!” I said. “That’s so funny it’s in an ad!”

A few days later it wasn’t very funny anymore. The Roots bag began to stalk me as I moved from site to site, regardless of the site I was on. It got to the point where I really didn’t want the bag anymore because it was so popular and over-exposed.

Of course, that wasn’t really the case at all. Roots had left a little script behind on my own computer in the first place. This “cookie” continued to neatly insert the image of the bag at every opportunity it could find over the next few days. They obviously weren’t going to let me forget about it.

I soon noticed my Facebook ads were getting rather pointed as well. A certain (ahem) health product I had been researching began popping up in numerous guises – and from a variety of companies – in the right side column. I assured myself that of course no one else knew the topic of my search – unless they happened to use my computer. But tonight while on Facebook I noticed the names of two people I do know, who must have clicked on an Ikea ad in Facebook. Or perhaps they visited www.ikea.ca and picked up a third-party cookie (scripts placed on other websites to track your browsing information).

No offense to Cate and Brian, but I really don’t want to know that! I don’t want ANYONE to know if I visited Ikea, and I don’t want to know who else did!

It’s not that there’s anything wrong with Ikea, and I’ve long ago given up the idea of personal privacy in many aspects of my life. There’s just something very doppelganger about these little scripts tip-toeing around after me and other people I know, and waving to everyone else to announce everything we do. It’s…  weird. It’s also completely relentless.

Recently a friend posted an article from the San Francisco Chronicle about social reader apps. It outlines how Facebook’s idea of “frictionless sharing” has grown. “No activity is too big or too small to share,” Facebook claims. I guess that includes my search for a small nameless health product. (Heck – wait a minute – you’ve probably already know what it was!)

And the whole thing is utterly pervasive. The Washington Post Social Reader gets your name, profile picture, gender, user ID, friends list, the networks you’ve joined and anything you’ve posted publicly. Under the default setting, it can also post every article you read through the app, the people you’ve “liked” and more. Yahoo’s social reader gets most of that, plus your e-mail address, birthday and permission to post the videos you watch. Google has dedicated itself to capturing every site you visit and letting your friends know if you “plussed” it. In 2011, Google Buzz drew criticism for violating user privacy because it automatically allowed Gmail users’ contacts to view their other contacts. In February this year, Google announced it will now combine user data across all of its services –  including search, Gmail, YouTube, Google+ and Google Docs.

How can these companies proceed as if nothing is wrong?! A post on Venture Beat  confirms the worst:  One in every 10 US consumers has now been victimized by identity theft. Online public data can be used to predict the full 9-digit social security numbers of nearly 5 million people.  More than 900,000  sites employ Facebook “Like” buttons, feeding yet more information directly into Facebook. Both Google and Facebook are currently facing 20 years of privacy audits, but they keep rolling out information I really don’t want to know, and show no signs of slowing down.

I digress. I am currently online at a news site that is displaying ads for malware, dog heartworm medicine and bicycle panniers – all topics I’ve researched in the past couple of days. While it is heartening to know that Google slowly “fades” cookies from its history of me over two or three weeks, I have a feeling this says more about Google not wanting to get too bunged up with data about my searches than it does about giving me some breathing room.

Logging off here.