I have been receiving several fake emails from Newegg.com that look like the real thing. The email appears to be a purchase confirmation but I have not ordered anything from Newegg.com recently AND it claimed it was done on an credit card that I don’t even have. The problem is the links in the email lead to some sort of phishing site or worse; I really don’t know since I did not click them. But, it is likely dangerous and should be deleted immediately if you get one of these in your inbox. I copied the body of the email below and changed the links to a blank # link so as to not propagate this. I received this in HTML format that looks EXACTLY like a real newegg.com order confirmation; I only copied the main text.

————————————–

Dear Customer,
Thank you for shopping at Newegg.com.

We are happy to inform you that your order (Sales Order Number: 94432775) has been successfully charged to your VISA and order verification is now complete.

If you have any questions, please use our LiveChat function or visit our Contact Us Page.

Once You Know, You Newegg.

Your Newegg.com Customer Service Team

I recently had to change servers and so I had to add a new org and email configuration in Postini. I did that without issue. After some time passed and all accounts were successfully moved to the new server, it was time to delete the old configuration and org. I ran into some bumps but figured it out eventually. I could not find a simple set of instructions which would have saved me some time, so I decided to write them down here and help others.

Instructions for deleting an Org and Email Configuration in Postini Service Provider Edition SPE

1. Select the ORG you want to delete from the dropdown list.

2. Select any SUB-ORG that is under the ORG your are deleting and make sure there are no USERS or DOMAINs listed. All should be moved to the new ORG or deleted if not in use anymore.

3. Once the SUB-ORG is clear of any USERs or DOMAINs, delete the SUB-ORG by selecting it in the dropdown list, then click “delete org” link along the top of the table. Confirm your deletion. Done.

4. Now you want to delete the Email Config ORG that you created. This is where it gets tricky. — Since you deleted all the SUB-ORGs and USERS and DOMAINS there should not be anything in the ORG; but there is ONE last thing that needs to be removed. THE SPOOL ALLOCATION.  This is the backup system when your mail-server becomes unavailable. It stores the incoming email and then sends it later when the server comes back online.

a. To remove the SPOOL-ALLOCATION go to the dropdown list of accounts and orgs and select the ACCOUNT (Not the ORG).

b. Then select the INBOUND SERVERS tab – here you will see the SPOOL-ALLOCATION for all your ORGS.

c. Click EDIT link on the line where it names your account (next to View)

d. From the allocation list add the amount of allocated space to the ORG that your are keeping, then make the ORG that you are deleting ZERO (0).  For example if you have 2 orgs and each gets 512MB of allocation, change the ORG that you are keeping to 1024MB and make the one your are deleting 0. Click Submit, and your are done!

5. Click  ORGS and USERS tab and then select the ORG your deleting from the drop-down list.

6. Click the link DELETE EMAIL CONFIG from the top of table, then confirm your intentions to delete.

And you’re done!

Hope this helped. Any feedback or questions, please comment below.

Sending your data to a cloud system can be a convenient way to use remote servers for your files. This service can free up space on your own systems, and allow multiple users to have access to the files for convenience or different points of access through a variety of devices.

You may want to review aspects of security with these systems as you make decisions on which service to use. Keep in mind that you are ultimately responsible for the security of your computer data even as you use a cloud hosting service and send files for remote storage to an off-site server. You may want to ask different cloud companies about the details of their security measures to provide for a secure transfer. This can help you to gain a better understanding on what exactly each cloud host offers for overseeing and securing your files on the servers.

You also may want to know the location for the cloud servers. Privacy laws can vary in different jurisdictions. You can ask services whether there are any major differences in privacy laws where the server is in relation to your own location that would affect your data storage. Ask for copies of the company’s external audits and security reviews or certifications. Learning more about the company’s controls or policies concerning business ethics may factor into your final selection of which service you trust to handle your computer files. Although you will be using virtual private servers, you also are sharing the space with other customers. You may want to know what type of encryption exists to maintain privacy of your data, depending on your needs. Make sure the encryption offered is compatible with your own system to reduce the risk of files becoming corrupted or blocked from opening.

You also can check to see what type of protection exists for the servers themselves in terms of secured buildings or on-site monitoring. In a perfect world, the cloud servers you choose will always be up and running. However, you may want to know details of the company’s disaster recovery plan. This plan can include methods of retrieving files and any safeguards that are in place, such as periodic backups or archiving of your data. This plan can be crucial to you in terms of recovering your data if servers go down.

When entering an agreement with a cloud storage provider, make sure the terms cover all aspects of your requirements for remote data storage. These terms can cover privacy, encryption and any legal requirements, such as policies for handling the return or disposal of your files if you decide to terminate the cloud agreement. Cloud computing may work for you as a convenient off-site storage option for your data files. Make sure you understand your cloud provider’s security policies so that you can have peace of mind about your files. Sending your files to a cloud may be just the storage solution that is right for you.

WordPress, without argument, is the most popular blog and cms software available. Its well-coded, easy to set up and use, and heck — its a lot of fun! However, not all is peaches and cream. Because of its massive popularity, WordPress suffers from ETS or  exploit-target-syndrome. Popular software inevitably becomes a major target for hackers to find exploits and other underworld activity.

Common attacks include various injection attacks that attempt to hijack the blog and deface the website by posting ads and links to porn and other objectionable content. Others even more sinister, change the administrator access so the owner gets locked out completely. Less obvious, but still insidious, are comment spam injections where spammers learn to inject SQL statements that drop comments and URLs directly into the database therefore bypassing all anti-spam security measures. All of these can be dangerous, or just annoying. The good news is you can minimize the potential of these attacks by hardening your WordPress installation.

1. Properly name your Database and Tables: This should be done during installation and you should never just allow the default installation settings to take hold. If you use Fantastico or Scriptaculous for example, they create database names and table prefixes that start with wp or wp_. This is not wise to install this way and will lead to being vulnerable to hacks and  injections.  The better way is to name your database something unguessable. Like, t100wp or bfdwp99 . Its probably wise to put “WP” in the name, but not in the beginning. This just helps you remember its a WordPress database. For the table prefix, again use something unguessable, like djj88_  – this could be anything and should be like a short password. Whatever you do, don’t use the default wp_ or no prefix at all. Both of those options create a vulnerable database.

If its too late and you already have a blog with default table prefixes, its a bit of a pain to go back and change it. But worthwhile. Its very tricky to do correctly without breaking your WordPress install, so this should probably be handled by a pro. I can help, you can contact me here.

2. Increase Anti-Spam Security for Comments: Comment spam is a big problem. Some blogs are wide open to total nonsense appearing in the comments, while others have to manually read and prune their comments to prevent this comment spam from getting on the site. If you are serious about solving the Comment spam problem, the first step is to make sure ALL comments require approval – this can be found in the general settings of your WordPress dashboard. Some may say, “but I want an open free-flowing discussion”, I say, great! Please post your phone number below. Allowing anyone to comment without some sort of filter is just plain stupid. The Internet is full of nefarious characters looking to exploit your blog. Why make it easy? Most of the comments you get are garbage anyway.

3. Only use well-reviewed and highly rated Plugins found on the WordPress.org site: Using plugins found on random sites found in a search is dangerous. If you limit usage to only plugins available on WordPress.org you will find a bit more security. However, its not automatic. Look at the reviews and ratings. If a plugin has a lot of bad reviews in relation to good ones, don’t use it. If it has a low rating don’t use it. If it has very few reviews and few ratings (even if very positive) don’t use it. Only use plugins that are well-established with decent ratings, and decent reviews over a significant period of time. Unless you are an adventuresome web-geek that likes to test things and know how to recover from a WordPress disaster, stay away from questionable plugins.

4. Delete the user Admin and Create your Own administrator: Never use Admin as the username for your WordPress blog. This leaves it open to attacks. Create a administrative user that is hard to guess and delete the default user “Admin”. You can also create your own user upon installation, and never even create Admin as a user.

5. Make your administrative user password difficult to guess: As with any web password you should never use simple passwords. Many web hosting companies put minimal requirements on passwords nowadays so simple passwords may be a thing of the past. But in my experience people still use them. The basic idea here is to:
A. Never use a proper name or any word that can be found in a standard dictionary.
B. Mix case letters always (uppercase lowercase)
C. Use numbers mixed in with your letters
D. Use punctuation or special characters if allowed.

Applying these tactics make password cracking very hard for the hacker.  A password like suzy123 can be cracked very easily with simple password cracking software; however, Su7y!23 is way more complex and cannot be cracked easily if at all.

There are many more ways to secure your WordPress installation and make your site a hard-target for the script-kiddies who like to play with vulnerable sites. These 5 ways will help move you in the right direction. If you want a professional to help you lock down your site, please contact my office here.

WARNING: If you get an email with subject “Rejected Federal Tax transfer”  its bogus and contains an .exe file hidden in a .pdf file name. Delete delete delete!!

“Your Tax transaction (ID:xxxxxxxxxxx), recently sent from your checking account was canceled by the The Electronic Federal Tax Payment System.”

UPDATE: Another email going around with the subject: “Federal Tax payment canceled” – same thing as above.

I received an email today from Best Buy (supposedly) alerting me to a security breach involving a company they used for email marketing. These sort of emails always raise red flags. I checked out the headers on DNSstuff.com and everything checked out ok. I see some other web postings about it but I am still not confident its legit.

Here is the body of the email:

Dear Valued Best Buy Customer,
We have discovered that a former business partner’s files containing the email addresses of some Best Buy customers were accessed without authorization. For your security, we wanted to call this matter to your attention.

We believe the only information taken was your email address, and that no other information was accessed. We do not believe that Best Buy was specifically targeted in this breach. We are continuing to investigate the situation, and are working closely with the appropriate officials to explore all possibilities.

We ask that you remain alert to incoming emails. Please be very cautious when opening links or attachments, even if they seem to come from legitimate sources. If you hover your cursor over a hotlink in an email and the URL that pops up makes you uncomfortable, it’s probably best not to click on that site. We encourage you to visit www.ftc.gov/idtheft or www.staysafeonline.org for additional information about how to safeguard your personal data.

Remember: Best Buy will never ask you to provide or confirm any information, including credit card numbers, unless you are on our secure e-commerce site, www.bestbuy.com, or call us directly to place an order. If you receive an email asking for personal information, delete it. It did not come from Best Buy.

We take your privacy very seriously, and we will continue to work diligently to protect your personal information and improve our data security procedures on an ongoing basis. If you have concerns, please contact Best Buy at privacymanager@bestbuy.com.

Sincerely,

Barry Judge
Executive Vice President & Chief Marketing Officer
Best Buy

Comment below if yo know anything more about this. Thanks!

I received an email today supposedly from Twitter.com claiming that my account may have been hacked or a victim of phishing. I was skeptical of the email. The irony is that even if this email was from Twitter, it is exactly what an email phishing bait looks like. It appears to be from Twitter, it has  a link to reset your password and if you are dumb enough to click the link, it could go to some clone site that steals your information.

I have been testing a new plugin (new to me at least) to try and stem the tide of comment spam on one of the WordPress blogs I manage. Its called Conditional CAPTCHA plugin, and its working extremely well!

I have always been reluctant to add CAPTCHA to anything since it is over used and very annoying sometimes, but I get the point. It is supposed to stop automated bots from dumping their spam into web forms.

I have been having trouble communicating with several clients and potential clients in my local area. I checked my mail-server error log and found the problem. A local ISP warwick.net uses “Magic Mail” which in turn uses MIPspace block list (black list) as an email filter.

I run a small dedicated or VPS server with limited clientele and know for sure that NONE of them are spamming anyone. Because I had just leased a new server on a new network, the new IP seemed to be on many SBLs. One by one with the help of the parent hosting company, we got my IP block removed from all but one SBL… which one? You guessed it… MIPspace.

I went to their website, MIPspace.com and read through their concept. I was struck by the notion that they deem almost every commercial business as spammers essentially. If I send a monthly newsletter (which I don’t) to my customers or contacts, I am spamming people? Really? Most sane people don’t consider a newsletter from a company for which they have some relationship with as spam. But MIPspace doesn’t care. They tout 60% block rates for unwanted email spam. What they don’t tell you is a good number of those are false-positives; email from legitimate businesses just trying to communication with their customers.

I don’t spam anyone, and none of my web hosting clients do either. If you read this blog you will be keenly aware that I am against spam as much as anyone could be. But still, MIPspace blocks my email. How do they do that? They just block the whole IP block… which could be hundreds or thousands of IP addresses and tens of thousands of websites. This is a completely asinine system that just blocks thousands of websites based on one bad IP in a block. It is akin to blocking an entire area code just because one telemarketer was calling from that area code. Stupid!

The funny thing is they are very proud of their system. However, it is a classic case of throwing the baby out with the bathwater. You must realize that a spammer could spoof an IP address that is otherwise totally innocent, and cause an entire C-class to get blocked. It is beyond absurd, and they are going to find that their “block everything” system will eventually land them in serious legal problems as business owners sue them for lost business.

I am all for anti-spam ideas and new and better systems for fighting spam, but creating a punitive system that punishes innocent businesses without cause is a bit over zealous. MIPspace is an example of everything wrong with the anti-spam effort. ISP’s should wake up and stop using Magic Mail with the MIPspace block list. It is just a big lawsuit waiting to happen. Avoid MIPspace at all costs.

NOTE: I would publish their email, phone or mailing address, but the cowards don’t even publish any of those contacts on their website. What a joke!

Related Blog Posts:

http://www.pdxtc.com/wpblog/spam-prevention/email-fascism-by-linux-magic-wizard-tower-technoservices/

http://ianjuby.org/newsletter/?p=134

I started publishing the culprits of spam on my spammer-log page. It started with email spam that was getting through my Postini filters. However, Postini is so good, there is hardly any spam to report from my email. But my blog is getting spammed now through the back channels. I don’t know how they do it; my blog only allows comments from registered users. Somehow these jokers submit comments without registering by some hack method. That method, whatever it is, is an illicit act since the spammers are hacking my blog to post their crap.

The interesting thing is that these are mostly SEO black hats that were hired by unsuspecting customers who just want to do well in the search engines. So I post the website they are optimizing and note it with my own comment about how the owner of that website basically hired a criminal to do their SEO. If they care anything about their business, they should fire them immediately. Google penalization and banning is not a myth. It is very real, and when more sites like mine post the bad apples, Google will be made aware of whats going on. However, the most common way your site will get the attention of Google is from your competitors reporting you because they see what you are doing. THey basically rat you out, and that’s a good thing because you are cheating.

Bottom line is to hire a reputable SEO that doesn’t do this nonsense and violate other websites for your temporary benefit. Yeah, I’m one of those reputable SEOs that does not cheat. Contact me if you want the real deal.