Safe Handling Instructions.

After some checking I determined the email to be real. That is not to say the email you get is the real thing as yours could be a ploy made to look like this exact email. I have determined the safe way of handling this. Here goes…

1. Do not click the link.

2. Instead, go directly to Twitter.com

3. Type in your username and password

4. If it fails (which it will if the email was real), click on the “forgot” link

5. Enter your email and click “Send Instructions”

6. You will get an email in a short time with the link to reset your password.

7. Click that link and reset your password.

This method ensures that you are dealing with Twitter.com and not some phishing ploy. It is slower than clicking on the first email, but this way YOU KNOW you generated the email for the reset, and do not need to trust some random email allegedly from Twitter.

Or… you can just click the link in the first email and hope for the best!

IMHO

*******************************************************************

The body of the email:

Hey there.

Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset. Please create a new password by opening this link in your browser:

http://twitter.com/account/password_reset?email=corewebsolutions@gmail.com&token=114469c2aed674b1a2514e2e496ce6e7-1271373406-agent

This will reset your password. Remember to choose a strong password that is a combination of letters, numbers, and symbols. Do not reuse your old password.

As a reminder, you should be extraordinarily suspicious of any third party that offers to artificially inflate your follower count. We do not endorse any of these sites.

Please make sure to:

• Scan your computers for viruses / malware, especially if unauthorized tweets continue to be posted in your accounts even after you’ve changed the password.
• Check the Connections page at http://twitter.com/account/connections and revoke the access privileges of any third party applications that you do not recognize.
• Avoid providing your username and/or e-mail and password to untrusted third-party sites.
• Remove any updates that you did not post personally.

You can also visit our help page for hacked or compromised accounts

The Twitter Team

Please do not reply to this message; it was sent from an unmonitored email address. This message is a service email related to your use of Twitter. For general inquiries or to request support with your Twitter account, please visit us at Twitter Support.

I have always been reluctant to add CAPTCHA to anything since it is over used and very annoying sometimes, but I get the point. It is supposed to stop automated bots from dumping their spam into web forms. Some work well, some don’t. The main problem is that it is almost always an inconvenience to the innocent users, having to type in some distorted characters just to send the form. If they get it wrong, the form may clear, or partially clear, and they have to re-enter information and try again. After about two tries, if they still get it wrong, they will probably leave.

This works differently. It is a cooperative plugin with “Akismet”, the standard anti-spam plugin that comes with every WordPress installation. Basically, if Akismet thinks that the comment being submitted is spam, it brings up a CAPTCHA form and asks the user to enter the code. I actually use the re-CAPTCHA version which is a whole other story. Anyway, if they pass the test, the comment goes through and still can be moderated. If they fail, the comment is discarded… end of story. The best part is that if the comment is legitimate, which Akismet determines quite accurately, the real person does not have to deal with the CAPTCHA at all. They just submit the comment. This is truly fantastic in my opinion.

The system keeps a running tab of how many spam comments it has blocked using this gadget. So far, the one site I have it set up on has blocked 45 spam comments in the past 4 days. I have zero spam comments in my queue and only legit comments have come through. Does it get any better?

The plugin can be found here. You will need to get an account with re-CAPTCHA and download some keys to get it work best. But I recommend this to anyone. This post is actually a pure unsolicited recommendation. I get no compensation for writing or linking to this. So, take it for what its worth.

related article: http://www.the42ndestate.com/comment-captcha-fail/

I run a small dedicated or VPS server with limited clientele and know for sure that NONE of them are spamming anyone. Because I had just leased a new server on a new network, the new IP seemed to be on many SBLs. One by one with the help of the parent hosting company, we got my IP block removed from all but one SBL… which one? You guessed it… MIPspace.

I went to their website, MIPspace.com and read through their concept. I was struck by the notion that they deem almost every commercial business as spammers essentially. If I send a monthly newsletter (which I don’t) to my customers or contacts, I am spamming people? Really? Most sane people don’t consider a newsletter from a company for which they have some relationship with as spam. But MIPspace doesn’t care. They tout 60% block rates for unwanted email spam. What they don’t tell you is a good number of those are false-positives; email from legitimate businesses just trying to communication with their customers.

I don’t spam anyone, and none of my web hosting clients do either. If you read this blog you will be keenly aware that I am against spam as much as anyone could be. But still, MIPspace blocks my email. How do they do that? They just block the whole IP block… which could be hundreds or thousands of IP addresses and tens of thousands of websites. This is a completely asinine system that just blocks thousands of websites based on one bad IP in a block. It is akin to blocking an entire area code just because one telemarketer was calling from that area code. Stupid!

The funny thing is they are very proud of their system. However, it is a classic case of throwing the baby out with the bathwater. You must realize that a spammer could spoof an IP address that is otherwise totally innocent, and cause an entire C-class to get blocked. It is beyond absurd, and they are going to find that their “block everything” system will eventually land them in serious legal problems as business owners sue them for lost business.

I am all for anti-spam ideas and new and better systems for fighting spam, but creating a punitive system that punishes innocent businesses without cause is a bit over zealous. MIPspace is an example of everything wrong with the anti-spam effort. ISP’s should wake up and stop using Magic Mail with the MIPspace block list. It is just a big lawsuit waiting to happen. Avoid MIPspace at all costs.

NOTE: I would publish their email, phone or mailing address, but the cowards don’t even publish any of those contacts on their website. What a joke!

Related Blog Posts:

http://www.pdxtc.com/wpblog/spam-prevention/email-fascism-by-linux-magic-wizard-tower-technoservices/

http://ianjuby.org/newsletter/?p=134

The interesting thing is that these are mostly SEO black hats that were hired by unsuspecting customers who just want to do well in the search engines. So I post the website they are optimizing and note it with my own comment about how the owner of that website basically hired a criminal to do their SEO. If they care anything about their business, they should fire them immediately. Google penalization and banning is not a myth. It is very real, and when more sites like mine post the bad apples, Google will be made aware of whats going on. However, the most common way your site will get the attention of Google is from your competitors reporting you because they see what you are doing. THey basically rat you out, and that’s a good thing because you are cheating.

Bottom line is to hire a reputable SEO that doesn’t do this nonsense and violate other websites for your temporary benefit. Yeah, I’m one of those reputable SEOs that does not cheat. Contact me if you want the real deal.

Comments welcome!

Some people do this unaware that they are actually stealing, others do it to save their own bandwidth when their site gets busy. Either way, it is a real crappy thing to do. Its like running a secret wire from your neighbor’s house to run YOUR electric stuff. Which also happened to me!

My solution? The old switcheroo! If I find a image being linked from my site, I just replace that image on my server with something that the thief would not want on their site. Its kinda funny and it works to get them off your server.

The other option is to prevent “hotlinking” via .htaccess. This is fine, but its not nearly as fun! To all you bandwidth thieves.. enjoy the new pics!

So for all you knuckleheads that blindly jump on every Internet novelty that comes along, enjoy your never ending flow of new and exciting spam!

For more information on this visit http://www.webpronews.com/topnews/2009/05/11/spammers-may-have-another-trick-in-twitter