Technical Tidbits™

The stupidity of some people never cease to amaze me! And particularly, spammers and hackers.

I have two epic fails to tell you about.

1. The stupid spammer/phisher.

If you’re going to spam or phish, learn how to spell! Do you honestly think I’m going to jump on opening this email?

Phishing Email Subject

(Click the image to see the full size)

What the hell is a Paypal Warnung?  It must have been one of those fat finger mistakes since the i is next to the u on the keyboard.

But that’s alright. Gmail actually marked it as spam anyway.

2.  The stupid hacker.

Okay, look. I teach security – from beginners to professionals. I teach here on my website and for Education to Go, a division of Cengage Learning.  This is college level folks. You don’t believe me? Check it out yourself!

Intro to PC Security (The image is a link)

Advanced PC Security (The image is a link)

I am not saying this to boast, I’m just letting you know that I’m not your average blogger or website owner. I do not have the average installation of a WordPress blog here. I have some handy little scripts I’ve installed here and on my entire website that logs certain activities.

So, hackers who do stupid things, deserve to get called out for their stupidity – as well blocked from my website.

Rule number 1 in hacking is HIDE YOUR FOOTPRINT! So I teach the security professionals how hackers try to hide their footprint and how to find it.  So wouldn’t it stand to reason that I’d have certain things set in place to protect myself and log footprints of would-be-hackers?

To the hacker who resides at the IP address in Bosnia and Herzegovina – more specifically, Sarajevo at the IP  77.78.239.49, this is the last time you will attempt to hack my training site.  For the third time in less than 2 weeks, I’ve received notification of failed logins by the User: admin with your IP address.

Here’s a copy of the email I received in case there is any doubt:

(Click the image to see the full size)

And that’s only one of the methods I have in place to find out who’s trying to hack my site.

Now, if your country or your ISP gave a rats ass about the unethical behavior of its users, I’d file a complaint and have you thrown off your ISP. However, I know they don’t care and will continue to allow you to attempt to hack to your hearts content.

In the meantime, and for right now, I’ve got your IP blocked.  And if you try again with another IP address, I’ll just block that one, and the next, and the next until the entire country has been banned.

I’m not challenging you. I’m just telling you that I’m NOT stupid and I highly resent you assuming I am.

And for anyone else out there who thinks that they are getting away with something, be forewarned. I have your IP address too.  I have my own version of “Trip Wire” installed here and I know where you’ve been and what you’ve been doing.  Keep it up and you’ll be banned too.

Needless to say, I’ve had enough!

If you’ve had enough too and want your site secure, contact me and I’ll send you my rate information.  For as little as $50, I’ll secure your blog.  But you can pay me now, or pay me more later after you’ve been hacked.  It doesn’t matter to me.  Although this may sound very callous, I’m done trying to tell you folks that you need to worry about this.  You’re not listening.  Eventually, you will! Because if Mr. or Ms. Bosnia is trolling my site, he/she is trolling yours!

In the last edition of the Technical Tidbits™ Newsletter, I promised to explain why my blog structure suddenly appeared exposed prompting readers to ask me, “Was your blog hacked?”

First of all, no, my blog was not hacked. Although I must tell you that many have tried and continue to try!

As my students have learned, exposing the structure of a website – as in what happened to my blog recently – is a big security hazard. That’s why I’m really upset with how it happened and more notably, who did it!

When you host your domain with a shared hosting server, you are limited under the terms of your paid service as to how much draw or resources can be used by your site. If you go over the amount of “demand” that the hosting company feels you should be draining from them for a long period of time, they will do whatever they need to do to stop the drain.

In LunarPages defense – and any web hosting company for that matter – it is unfair to have one person draining the resources of a server causing others sharing their service to suffer a loss.

What I take exception to in this case, is that LunarPages didn’t warn me, they just disabled the front page of my blog – the index.php page. They just renamed it to something else to stop the draw, which resulted in my entire blog installation – folders, files and all – being exposed to the public.

Why is this bad?

The short version is, if a hacker or person with malicious intent sees the structure of the server, the person can then determine the operating system that the server is using. Once that’s determined, the person can look for a known vulnerability on the server to use as a method of attack.

Seeing my folder structure also indicates an “unsecure” site, which then prompts a malicious user to search even harder to find a way in.

As soon as I found that my front page (index.php) had been disabled, I discovered that something on my front page was pulling too many resources from the server prompting the shut down of my blogs front page.

Two plug-ins could have possibly been the culprit and I disabled them immediately and put the page back in place. The two extremely active plug-ins that day were the Facebook Connect, and GDI Star Rating plug-ins.

So, I confirmed with the LunarPages engineers that my site was no longer drawing excess resources, they monitored it for three days to make sure it had stopped, and all is back to normal.

Now, notice I said the “engineers” were monitoring my site? Herein lies the problem with this event. Engineers are very good at what they do but they had no clue why I was so upset about the disabling of my front page. They did not understand the security risk they had put me in!

In turn, I vowed that this would NOT happen again so in order to monitor what activity was taking place on and within my blog I installed a special little script. This script actually surprised me with how well it worked! I have over 3000 lines of information with some very interesting data! But I will explain that in an upcoming newsletter. I want my newsletter subscribers to hear about this first!

This also prompted me to think about how many of you that are running WP blog sites and are clueless to marginally clueless about your WP security.

So, I decided to create a Mother’s Day offer, or sale, if you will. For one week only from May 9, 2010 (Mother’s Day) through 11:59:59 PM CDT on Saturday, May 15, 2010, I will secure your WordPress Blog for $50. And that will include installing my nifty new script and I’ll tell you how to read the results if needed.

What does it include?

• Removal of your default admin account – if you have it and replace it with a proper, secure login.
• Check out the security settings within your site and your database and make adjustments as needed.
• Install the basic security plugins that you should have installed.
• Check your users for a hidden admin account.
• Check your database for malware code.
• Install my script and accompanying file to monitor all activity on your site.
• Teach you how to read the results – if necessary.
• And if you require upgrading at all, I will back-up everything and install your upgrades.

Now if that’s not an offer you can’t refuse, I don’t know what is!  I normally charge $99 just to secure a site and it doesn’t include all these extras. So, if you’ve been thinking you need to do something about your security, now’s the time to do it!

Once I’ve received your payment, I will contact you to get your site information. Do not send any identifying blog logins or passwords into the payment order form or on this site! I will get them from you securely.

Make your choice of paying by Paypal or Google Checkout and get peace of mind today!

I would like to extend an invitation to all my readers to join me in the discussion of this very important topic on Frontline Results with Louise Barnes-Johnston.

As Louise states on her BlogTalk Radio page for the radio show Monday, 10 AM CDT (4 PM BST):

Would you know what to do if it happened to you? Do you have a WordPress website? If your business depends on getting enquiries or sales through your website then people being warned not to visit could have serious consequences – to put it mildly! This show is about what happened when my friend and colleague Sam McArthur of Forty First Internet Marketing suffered this awful experience. I’ll be speaking with Sam (in the UK) and with PC Security expert Debbie Mahler of MICE Technology & Training (in the USA) to find out what steps they took to resolve the problems and secure the site again. Join us if you want to avoid being a victim of hacking.

As you may remember, I’ve discussed this hack with you on this blog before.  First in the post: WP Blog Owners! Check Your .htaccess Files! and then again in a follow-up post: Follow-up on WP .htaccess Hack.

If you have a WP blog site, or know someone who does, I really recommend that you join Louise, Sam, and myself by calling into the show (347) 202-0208 or listening online live at the show page on BlogTalk Radio by clicking here.  Remember, it’s 10 AM Central Daylight Time (Chicago Time) or 4 PM British Standard Time on Monday, March 29.

If you call in or chat live, you can ask questions! Now’s your chance to get your WP security questions answered!

Again, the show page is: http://www.blogtalkradio.com/louisebj/2010/03/29/flr-48–help–my-website-has-been-hacked