Recently one of my customers site was spiking in traffic and blowing the bandwidth. The first day I increased the bandwidth. But it blew it the next day. Seemed a bit fishy to me. I thought I would investigate the matter and when I logged into the FTP program I saw a folder called blog that was installed a few months ago. It had about 10000 files! All spammy pages selling viagra or canadian pharmacy products.

While having a chat with my hosting support one of the things I was told could happen was – if you had a malware or virus on your local hard drive and if you uploaded a file through FTP the malware could install a billion files on your remote server. WOW!  This was news to me. Yuk. It took me an hour to delete the files from the server.

I have started scanning my PC every night for Malware now.  I use Pareto Logic’s virus & malware checker . It seems to do the job well.

So if you have a website and you upload files please keep your PC scanned and cleaned regularly to avoid any nasty viruses.

On that note I read a funny bit today. The tech review site Gizmodo got caught themselves. (funny) They were advertising spammy antivirus on their site. These software come in disguise and actually install real viruses on your hard drive.

This time one of my sites that makes me money got hacked. It is a pretty large site with hundreds of products. Gets only natural traffic. Yesterday I went to check on the site and found my index file had been defaced. These are the steps I took

• I logged in to my FTP program (Filezilla) and blew the site
• Went to my backup folder on my computer and uploaded all the files.
• I got it back to where it was 98%. (Some links are broken)
• It is up and running again. It took me 20 minutes to do this.

What I did not do was to check if only my index file was defaced or Iframe was injected. I learnt about Iframe only this morning. It is something very nasty.
“After they put the iframe code into that person’s pages, anyone visiting that site will be redirected to the hackers infection site, where the person’s computer will be injected and infected. The hackers are depending on site owners not knowing their sites have been hacked so that the number of hacked sites will grow (as they have starting in Italy) into the tens of thousands… Please don’t think you can depend solely on your antivirus software to protect your computer. It more than likely won’t help you. For $1000 dollars, the russian hacking bulletin boards are offering Mpack with 1 year support and a GUARANTEE that virus programs will not catch the keyloggers. SO, keep your virus program updated, but don’t depend on it completely!”  – This is from a digitalpoint thread.
Solution
If you are facing this problem and your administrator says it is only your account, just change the FTP password and it will stop. Just changing password is not complete solution but is the first step.

What next?  Your password is leaked that means your computer is sending out the passwords, so I would suggest you to do a clean format first and then install any antivirus of spyware which you think could block it. But the best solution is to clean format the computer.
Just do these two things:

1) Change the FTP or root password of server
2) Clean and format the PC

Things to do

• Always backup your files to local hard drive. (saves you a lot of pain)
• Keep your antivirus up to date.
• Use password generator and change password often and don’t use the same password for all sites
• Keep password secure

I use Roboform and Pareto antivirus to keep me up to date and I still got hacked! Got to step up my security.

I get a lot of junk in my mailbox everyday. Today the count was like 294. Most of them I know is junk from the subject line. The usual viagra, canadian pharmacy you have won the euro lottery, my south american inheritance.

Once in a while I will get the Bank of America ones telling me to update my details blah.

The ones that stump me are the ones that sneak into my inbox somehow and where I have a legit account. They will have the same colour as the real company. The logo will be perfect. The format will be exact as the ones you get in the mail. The link will even go to the fake site that looks like the real site.

I almost replied to one a few months ago. Something made me stop. I remembered vaguely reading the important information in the security section of the real site.

It went something like this

• We will never send you an email asking for your personal information
• We will never ask your for you log in information in an email
• We will always address you with your full name (registered name) and nothing else

Ah ha! this email said dear valued customer! can you reset your log in password as we have had some tech difficulties blah blah.

Don’t be fooled by the look and feel of these type of emails . By rule never give out personal information in email especially log in password or bank account details.

Online theft costs $1 trillion a year, the number of attacks is rising sharply and too many people do not know how to protect themselves say the experts.

• Set your passwords to real difficult
• Don’t have the same password across board
• Change your passwords frequently
• Have good security programs on the computer that you login to your bank account.

To change your password frequently and finding a difficult password is tedious. I use Roboform to generate random passwords for me in a second.

I know I have written about this topic many times before. A story I read today reminded me not to take this subject lightly.

I was just now reading a blogger’s post about ” How he fell for a phishing attack and the response or no response from Google.

Mark Gosh is a blogger and has a community in Orkut with a following of 25k. He fell for a phishing attack and his profile was taken over by the hackers. He also uses Gmail to store a lot of stuff. (Don’t ask me why people do this kind of silly stuff – really!) He had the same login password for both (Duh!)
He changed his log in password for both his accounts. But the hackers managed to play hell with his Orkut community. Here is why it was happening.
“The Orkut application stores cookies in such a way that if your cookie is ever recreated by someone else or transmitted to someone else, they can use that cookie to log in to Orkut as you. forever. No matter how you change your credentials, you have no recourse of regaining control. So if you ever get caught in a phishing scam that sends your password to someone else and they recreate your orkut_state cookie, they can login as you forever.”

He states that is spite of ringing,emailing Orkut help and Google he got no where. Looks like Google does not want to know about him. What do you do? I personally feel he got himself into this mess.

The most important rule of online activity is not to have a common login password. That way you can cut your losses if something like this happens. Have long difficult passwords and keep changing them often. This can be a tedious job if you do it manually.

I use Roboform to generate random passwords for me in a second.
But it is also sad that big companies do not care about you when you get into a kind of soup. In the past I have had some troubles with Google and no they did not want to know about me.

“More than 3 million PCs affected by a worm”. This was the news headline a couple of days ago.

latest security updates is posing a growing threat to users.
The malicious program, known as Conficker, Downadup, or Kido was first discovered in October 2008. Although Microsoft released a patch, it has gone on to infect 3.5m machines.
Experts warn this figure could be far higher and say users should have up-to-date anti-virus software and install Microsoft’s MS08-067 patch.
Once the worm is up and running, it creates an HTTP server, resets a machine’s System Restore point (making it far harder to recover the infected system) and then downloads files from the hacker’s web site.

Uusally the hackers websites can be easily traced and shut down. Apparently this worm works in a different way.

Anti-virus firm F-Secure says that the worm uses a complicated algorithm to generate hundreds of different domain names every day. The domains look like those unpronounceable ones that you see in your spam box.

The way it spreads includes USB sticks, so if someone got an infection from one company and then takes his USB stick to another firm, it could infect that network too. It also downloads lots of content creating new variants though this mechanism.”

The message is clear. Use a good antivirus program. Never accept USB sticks from others. Especially people you do not know. I  usually carry a couple in bag always. The other trick I learnt is if you have to grab a file from another computer. creat an email. Attach the file and save as a draft. Come home and download the file. Your antivirus will scan and let you know if it safe.
But bottom line is have a good antivurus program installed in your computer like Pareto logic’s Antivirus program to catch all those nasty worms.

I read a news article today about how online crime will flourish in economic downturn.

The reason given is – crime tends to go up when unemployment rises. Makes a lot of sense to me. When people are desperate for some money they will try all means to get the money. People these days are computer literate.

Layoffs of many people familiar with net technology may tempt more into crime, simply because their chances of being caught are slim. Equally, the punishments for those that are caught are not harsh.
Those that do not turn to hi-tech crime would find,an underground service economy that will sell them all the bits they need to get started as a net criminal.

Card Games
Online fraud will increase a lot in 2009 according to online security firms. Stealing credit card numbers is getting easier. It’s a lucrative area and it’s relatively easy to do.
Those unwilling to become spammers or phishers, might well be a tempted into low-grade fraud – especially if they have lost their job or are struggling to make ends meet.

Gambling tends to go up when economies are down,This might make people more willing to work alongside web criminals and act as money launderers or mules. Online Experts say.

On the whole if you shop online or spend time browsing chatting or anything else make sure your comoputer is protected from viruses and trojans and all the other gazillion malicious programs on the some of the sites you visit. Most of the time you will not even know your computer has been compromised till something serious happens like you lose all you precious photos stored on your hard drive or you see some suspicious activity on your credit card.

Change your password regularly and make it a very difficult one. These things do matter. Every little bit helps. I run a business from home. I take computer security very seriously. I have many programs protecting my computer including firewalls etc..
I use

Roboform to create long hard passwords and keep it updated regularly to avoid passwords for important programs and on line activities

I also use Antivirus program lik Pareto Logic Antivirus Pro to keep off the nasties.

Don’t get caught with a virus or some password stealing trojan and regret later on.

Happy browsing.

I was talking to a friend of mine a couple of days ago. She has been running up high phone bills over the weekend. The reason – She entered the green card lottery online. Before she paid by credit card she checked out the website thoroughly made sure it looked legit. The site was well designed had contact email etc.
Her family and friends told her to beware of scam sites. So she went to the US govt website which warned her that there were many companies scamming people for the lottery. She had to run around ringing the Better Business Bureau and few others. As she still was not sure if the company was legit she cancelled her credit card. She also found out even if the card is cancelled it can be charged here in New Zealand. The banks do not protect you against this!

The point I am making is however careful you are sometimes slips happen. Some tips when dealing online.

• Make sure the site you are making payment looks legit.
• There are contact details like telephone, Physical address etc
• At the bottom look for privacy policy, non disclosure etc.
• Try to avoid suspicious looking sites
• Avoid sites with popup windows popping constantly

Even then you can get scammed. The other scarier side is identity theft. Once they have your details they can assume your identity and rack up debt and your credit ratings can go down. It takes a long time to undo this.

Some tips to avoid online problems

• Keep your passwords strong and long.
• Don’t have one password for all your accounts
• Change your password often. (keep a spreadsheet to avoid confusion)
• Use a program like Roboform to do this.

Have a good antivirus program installed in your computer. Even then at times your hard drive can be compromised. I use antivirus plus by Pareto Logic and so far have not had a problem.
A good antivirus program should also detect viruses, spyware, adware, rootkits, ID-theft, keyloggers, Trojan horses and drive-by downloads. Sometimes without your knowing you can download malware from a site you visit. A program like antivirus plus will stop that from happening. I will post more about identity theft in the next couple of days.

Continuing from my post yesterday, the hacking problem has been resolved by Hostagator. This is one of the reasons I love Hostgator. They are so quick to resolve problems.

There were two spamming scripts installed on the website server. Even after deleting all the files these spamming scripts could not be deleted. It was finally deleted by Hostgator after a few emails back and forth.

I have been recommending Roboform in couple of posts. There a free version and a Pro version. The Pro version has more functions and I purchased it couple of months. I did try the free version before I purchased.

image by Declan TM

I have changed the passwords of all my sites after this experience.  Just to be on the safe side. I will be paying special attention to online security from now on.  If this had not been detected and fixed the domain could have been de listed. Then it is a bit of a time & process to get it listed again. I would not want this to happen to a large site that produces income for me.

I wrote a post about password security yesterday. The importance of having a strong password. Today I get an email from Hostgator my hosting company which says one of my sites is sending out more than 500 emails an hour and they have suspended that account! And I thought I had a strong password. The domain does not have much in it. I have used it in the past to experiment some content management systems.

This was a bit of a shock. What did I do?

• I deleted all the files on the server
• I uninstalled the CMS
• Deleted all email addresses
• Pointed the domain to my domain registrar, Godaddy

That was easy as it was not a domain with a large website. I also contacted Hostgator to identify the security breach and keep me in the loop. The email samples they sent me was definetley spam.

If after all these precautions my domain was hacked into, imagine what can happen if you have a weak password. Please take this seriously and change your passwords to really strong one. Get a software like

Roboform to generate your passwords and change them often to save yourself a lot of trouble.