You are currently browsing posts tagged “Internet”

WordPress Brute Force Attacks on non-WordPress Sites

December 1, 2017 // Posted in Computer Tips, General, Main, Tips and Tricks (Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , ) |  No Comments

There are more and more would-be hackers out there that are trying to attack WordPress Sites via a brute force attack on the wp-login.php file that is used on worpress sites to log in to the site.

The problem is that they do not know what are WordPress Sites and what are not so they try connecting to a wp-login.php file on almost every site. This can lead to hundreds of attempts on your non-wordpress by these hackers trying to find a wp-login.php file on your server. Check your server log and you will see all these attempts.

Now if as many people as possible added a wp-login.php to their non-wordpress site re-directing any call to that page back to the IP address that attempted to find it, then these idiots would perform a DOS attack on their own PC,
and stop them sending any more requests.

Here’s how to do it:

Create a file called wp-login.php in your non-wordpress site’s root folder with the following text in it (Your server must be php enabled):

 

 

 

 

Let’s hit back at these idiots together.
Steve

Norton have got it very wrong with WS.Reputation.1 detection

April 15, 2017 // Posted in General, Main, Uncategorized (Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ) |  No Comments

Norton's WS.Reputation.1 detection Notice

Norton’s WS.Reputation.1 detection Notice

The way Norton’s WS.Reputation.1 detection works is the most ridiculous thing I have ever seen in an anti-virus protection program.

 

If someone creates a new program or a new update to an existing program, and only a few people that use Norton have the file or it has only just been built, then Norton immediately deletes it and reports it as a threat without any checks on the file for malware.

Now if that isn’t ridiculous then I don’t know what is. It means that every new program that is first added to a user’s PC that is running Norton gets flagged as a threat for no reason at all.

Here is an extract from Norton’s write-up:

“WS.Reputation.1 is a detection for files that have a low reputation score based on analyzing data from Symantec’s community of users and therefore are likely to be security risks. Detections of this type are based on Symantec’s reputation-based security technology. Because this detection is based on a reputation score, it does not represent a specific class of threat like adware or spyware, but instead applies to all threat categories. 

The reputation-based system uses “the wisdom of crowds” (Symantec’s tens of millions of end users) connected to cloud-based intelligence to compute a reputation score for an application, and in the process identify malicious software in an entirely new way beyond traditional signatures and behavior-based detection techniques.”

They themselves say that Because this detection is based on a reputation score, it does not represent a specific class of threat , So they think that the file is not necessarily a threat, but delete it any way, just in case! DUH!  That IMO, is not the way antivirus protection should work. It should only identify a real threat that can be proven as a threat, that’s how all other antivirus programs work.

So it sees how many Norton users are using the file and when it was created to make it’s decission? DUH! That means that as it is deleted immediately by Norton, the number of Norton users will never increase so the ‘Reputation’ score will never change. So how can you increase the reputation score?

I myself have recently created a new small program and had this situation with users and have had to refund their purchases because Norton says my installer is a threat. My software is checked by an independent source before distribution with 61 different anti-virus engines and all report they are CLEAN. I have been developing small software applications for 25 years and have never had any issues with my programs they are all malware free and to have Norton now start saying they are a threat is deformation of my character and must be illegal to falsely claim a developer’s products are malicious.

This ridiculous identification is ruining the reputation of small developers as every new program they develop and set up on a PC running Norton, is immediately deleted and flagged as being a threat, when there is no threat at all. Most users will believe Norton and then never take the steps (which are not simple) to get around the Norton false detection.

This needs to be addressed by Norton Now! It is ruining the good reputation of small developers because Norton is saying their software is a risk when it is perfectly safe and no risk at all.

If you are experiencing these issues with Norton please comment below.

regards

Steve

The 1st anniversary of Windows 10

July 30, 2016 // Posted in General, Main (Tags: , , , , , , , , , , , , , , , , , , , , , , ) |  1 Comment

It’s the 1st anniversary of Windows 10

How are you getting on with windows 10?

 

 

Here are a few of my observations:

  • Too many ads, you can’t even play solitaire now without getting bombarded with Microsoft Ads. When you are paying for a system such as Windows 10 you should NOT be bombarded with ads IMO.
  • Too memory hungry, constant hangs whilst windows swaps to disk swap file as memory is always full.
  • Start up time is longer than XP and 7.
  • Many more ‘program is not responding’ messages and then after several minutes the message disappears and the program continues, probably linked to my second point.
  • AVG and Windows 10 between them lock up the PC whilst any updates or scans are running. Doesn’t happen on 7 or XP.
  • I have had to disable active tiles to help speed up Win 10, and disable various other items or Windows 10 runs very slow even on my Quad Core Processor running at 3.0GHz on each core.
  • I still feel that Windows 7 is the best version of windows to date.

Please comment to add your findings.

regards

Steve

WARNING – Domain Renewals

July 30, 2016 // Posted in General, Main (Tags: , , , , , , , , , , , ) |  No Comments

WARNING! If you get an email about your Domain Renewal that looks something like this below, Ignore it. It Is a Scam. It has nothing to do with your domain expiring or the renewal of it but is a scam to get you to pay for SEO services that will never be provided. Only respond to domain renewal notices from your Domain Host.
These people monitor when domains are expiring and send this notice that looks like it is to do with your domain renewal in the hope that you fall for it and pay them your money.

regards
Steve

PayPal Security changes September 2016

March 25, 2016 // Posted in General, Main, Tips and Tricks (Tags: , , , , , , , , , , , , , , , , , , , , , , ) |  No Comments

Important PayPal changes you need to be aware of if you are using PayPal on your site:

 

PayPal are updating their Merchant security in September 2016, and it means that when sending transaction data to an IPN etc it will only communicate with secure connections (https://).

This means that you will need to update any scripts that currently use a non-encrypted connection such as IPN’s and will need to install an SSL on your server, if you do not already have one.

You need to also check that your php server supports HTTP1.1 and OpenSSL1.0.1 or higher:

You can check this using phpinfo:

I hope you find this useful,

regards

Steve

Bye Bye Internet Explorer 8, 9, and 10 next Tuesday

January 7, 2016 // Posted in General, Main (Tags: , , , , , , , , , , , , , , , , , , , , ) |  No Comments

ieMicrosoft is ending it’s support for Internet Explorer 8, 9, and 10 next week on January 12th.

Microsoft will be releasing a final patch and encouraging users to upgrade to one of the company’s more recent browsers (11 or Edge).

The end of support means that these older versions of Internet Explorer will no longer receive security updates or technical support, making anyone who uses them much more vulnerable to hackers.

The last patch will deliver a few bug fixes, as well as announcing the  “End of Life” notification telling users to upgrade to IE 11 or Microsoft Edge. But Windows XP and Vista users will not be able to upgrade to either as they will not work with XP or Vista, more incentive to upgrade XP and Vista installations which have already seen ‘End of Life”.

There are thought to still be several hundred million users using soon to be obsolete versions of Internet Explorer. Those users are about to put their systems into security risk state.

Ransomware Operation Taken Down by Cisco

October 7, 2015 // Posted in General, Main (Tags: , , , , , , , , , , , , , , , , , , , , , , , ) |  No Comments

Computer Hi-Jacked?

Computer Hi-Jacked?

A ransomware operation that it is estimated netted $30million a year by installing ransom software on unsuspecting users computers has been disrupted by security researches at Cisco.

The Angler Exploit kit, also known as the hack-by-numbers tool is sold in underground crime forums to people who don’t want to go through the hassle of developing and testing exploits themselves. Angler has the ability to successfully infect an estimated 40 percent of the end users it targets using attack code that surreptitiously exploits vulnerabilities in browsers and browser plugins. In many cases, the security flaws have already been patched, but, in some cases the kits exploit zero-day vulnerabilities for which there is no currently available fix.

A large number of infected users were connecting to servers operated by service provider Limestone Networks. With the co-operation of Limestone and examining some of the servers they found that the single operation was targeting as many as 90,000 users a day.

“This is a significant blow to the emerging hacker economy where ransomware and the black market sale of stolen IP, credit card info and personally identifiable information  are generating hundreds of millions of dollars annually, Talos researchers wrote in a eport about the takedown.

More information at http://talosintel.com/angler-exposed/

My Experiences of Windows 10 and Privacy Issues

August 14, 2015 // Posted in Computer Tips, General, Main (Tags: , , , , , , , , , , , , , , , , , , , , , , , ) |  No Comments

The best one yet

‘The best one yet’??

 

Ok, so I have been using Windows 10 for several days now and here are some of the issues I have found.

First of all there is the Windows Updates: When Windows 10 performs updates on close down, you do not get the old familiar Windows 7 messages “Installing Update x of xx, do not switch off your PC”, instead you just get a Black Screen with continuous hard drive activity, and it is easy to just hit the power switch thinking nothing is happening.

Then theres the Memory issues: One of which cause images to become just Black Squares in apps and thumbnails and icons, some browsers just go black when there a lot of images on a page. Now whether this is a Video Card Driver that Win 10 installed, or a memory management problem in Windows 10, I have yet to ascertain,  but I keep getting an error on shutdown that is something like “Access Violation, Memory error, windows is trying to access an invalid memory location”, which I never got on Windows 7.

Then there’s the Privacy Issues:  Some Windows 10 features, such as Cortana and Bing search, continue sending data to Microsoft, even when they are turned off. Some apps and services will communicate with the Microsoft servers, even when you tell them not to by the individual software’s privacy settings.

For example: Windows 10 will periodically send data, purported to be used for OneDrive,  for reasons unknown, even on a local account that isn’t connected to a Microsoft account. Why it is being sent is a mystery.

In at least one case, it has been found that information that can identify the user is also sent.

Cortana, will send data to Microsoft, even if it is disabled, and that data contains a computer ID that allows Microsoft to determine all the Cortana requests from the same computer.

And what’s more some of these connections would connect to Microsoft’s servers through unencrypted channels.

IMO, If you disable these services as you don’t want to use them, then that should really disable them and any data they would transmit.

My Experience of Windows 10 – Part 2

August 8, 2015 // Posted in Computer Tips, General, Main (Tags: , , , , , , , , , , , , , , , , , , , , , ) |  No Comments

 Logging Into Windows 10, Updates and Memory

One thing I do not like about Windows 10, is that many functions require you to be logged into windows using an online Microsoft Account.

  1. I do not want to log in to windows using an Internet based Account.
  2. I do NOT want my personal data stored on a ‘Cloud’ based server.
  3. What happens if it is set to an online account to login and there is no Internet connection.
  4. Why can’t it just log in to the online account just to use that function such as Cortana, which has to have login via the online account?
  5. So Cortana is useless if you have no Internet connection?
  6. There are too many security issues logging in via an online account.
  7. I prefer to log in locally where my data is secure.

Windows 10 is also very memory hungry compared to Win 7, and even with my 4GB USB Ramdisk, is constantly buffering memory to a hard disk cache and has made some apps very slow because of this.

Windows 10 did an update Friday without asking, and I did a reboot of the machine, (that’s how I noticed it was doing something), there was no information that it was happening and on shutdown the screen went black although the hard disk was going crazy, so it was doing something. I left it for 3 hours and the hard drive had stopped being used but the screen was still black, and took a chance and switched off the machine and back on, then I got an opening message ‘Windows is configuring Updates 10%..’ etc and after another hours or so I got the welcome screen. I checked the windows update area and it says all updates were successful.

Not as clean and informative as Win 7.

More to follow

Slow Internet and Jerky Flash Videos in 7?

May 21, 2014 // Posted in Computer Tips, Main, Tips and Tricks (Tags: , , , , , , , , , , , , , , , , , , , , , , ) |  No Comments

Slow PC?

Slow Internet?

Do you have a DSL or Fiber connection advertised as fast but still getting slow responses in 7 and particularly jerky flash videos?

If the answer is yes, then here is something to try. It worked for me.

First of all check the state of your TCP/IP. To do this open a command prompt at Administrator Level.

To check the current state,

Type at the command prompt:

netsh int tcp show global

and Press Enter

and you will see something like (Save a copy of your details so you can revert to the original settings if required):

origtcp

We need to get that so it reads :

getto

 

So let’s enforce any user-set TCP Window auto-tunning level by typing netsh int tcp set heuristics disabled at the command prompt and press Enter. You should get an OK message.

Next let’s disable the auto-tuning level by typing

netsh int tcp set global autotuninglevel=disabled

at the command prompt and again press Enter. You should once again get an OK message.

Now we will improve the throughput setting by enabling CTCP, type

netsh int tcp set global congestionprovider=ctcp

at the command prompt and press Enter. Check you get an OK message again.

Now we will change the ECN (Explicit Congestion Notification) by typing

netsh int tcp set global ecncapability=default

at the command prompt and press Enter. You should get an OK message again.

Next we will change the receive-side scaling setting by typing

netsh int tcp set global rss=enabled

at the command prompt and press Enter.

Then we set the TCP Chimney Offload: by typing

netsh int tcp set global chimney=enabled

at the command prompt and press Enter.

Finally we set the Direct Cache Access (DCA) by typing

netsh int tcp set global dca=enabled

at the command prompt and press Enter.

Check the new settings by again typing

netsh int tcp show global

and press Enter  and you should now see:

getto

Close the command prompt by typing Exit and press Enter.

It may take a little while for the changes to take effect if you do not re-start your computer.

Here are a few notes on each section should you wish to revert ti your original settings.

Windows Scaling heuristics

Windows 7 has the ability to automatically change its own TCP Window auto-tuning behavior to a more conservative state regardless of any user settings. It is possible for Windows to override the autotuninlevel even after an user sets their custom TCP auto-tuning level.

possible settings are: disabled,enabled,default (sets to the Windows default state)
recommended: disabled (to retain user-set auto-tuning level)

TCP Auto-Tuning

The default auto-tuning level is “normal”, and the possible settings for the above command are:

disabled: uses a fixed value for the tcp receive window. Limits it to 64KB (limited at 65535).
highlyrestricted: allows the receive window to grow beyond its default value, very conservatively
restricted: somewhat restricted growth of the tcp receive window beyond its default value
normal: default value, allows the receive window to grow to accommodate most conditions
experimental: allows the receive window to grow to accommodate extreme scenarios (not recommended, it can degrade performance in common scenarios, only intended for research purposes. It enables RWIN values of over 16 MB)

Compound TCP – Improve throughput
Add-On Congestion Control Provider

The traditional slow-start and congestion avoidance algorithms in TCP help avoid network congestion by gradually increasing the TCP window at the beginning of transfers until the TCP Receive Window boundary is reached, or packet loss occurs. For broadband internet connections that combine high TCP Window with higher latency (high BDP), these algorithms do not increase the TCP windows fast enough to fully utilize the bandwidth of the connection.

Compound TCP (CTCP) is a newer method, available in 7. CTCP increases the TCP send window more aggressively for broadband connections (with large RWIN and BDP). CTCP attempts to maximize throughput by monitoring delay variations and >packet loss. It also ensures that its behavior does not impact other TCP connections negatively.

By default, Windows 7 has CTCP turned off, it is only on by default under Server 2008. Turning this option on can significantly increase throughput and packet loss recovery.

Possible options are:  ctcp, none, default (restores the system default value).

ECN Capability

ECN (Explicit Congestion Notification, RFC 3168) is a mechanism that provides routers with an alternate method of communicating network congestion. It is aimed to decrease retransmissions. In essence, ECN assumes that the cause of any packet loss is router congestion. It allows routers experiencing congestion to mark packets and allow clients to automatically lower their transfer rate to prevent further packet loss. Traditionally, TCP/IP networks signal congestion by dropping packets. When ECN is successfully negotiated, an ECN-aware router may set a bit in the IP header (in the DiffServ field) instead of dropping a packet in order to signal congestion. The receiver echoes the congestion indication to the sender, which must react as though a packet drop were detected.

ECN is disabled by default in 7 and other modern TCP/IP implementations, as it is possible that it may cause problems with some outdated routers that drop packets with the ECN bit set, rather than ignoring the bit. To check whether your router supports ECN, you can use the Microsoft Internet Connectivity Evaluation Tool. The results will be displayed under “Traffic Congestion Test”.
Possible settings are: enabled, disabled, default (restores the state to the system default).
The default state is: disabled
Recommendation: enabled (only for short-lived, interactive connections and HTTP requests with routers that support it, in the presense of congestion/packet loss), disabled otherwise (for pure bulk throughput with large TCP Window, no regular congestion/packet loss, or outdated routers without ECN support).

 

RSS – Receive-side Scaling

The receive-side scaling setting enables parallelized processing of received packets on multiple processors, while avoiding packet reordering. It avoids packet reordering separating packets into “flows”, and using a single processor for processing all the packets for a given flow. Packets are separated into flows by computing a hash value based on specific fields in each packet, and the resulting hash values are used to select a processor for processing the flow. This approach ensures that all packets belonging to a given TCP connection will be queued to the same processor, in the same order that they were received by the network adapter.

Possible rss settings are: disabled, enabled, default (restores rss state to the system default).
Default state is: enabled
Recommended: enabled (if you have 2 or more processor cores and a NIC that can handle RSS)

TCP Chimney Offload

TCP chimney offload enables Windows to offload all TCP processing for a connection to a network adapter. Offloads are initiated on a per-connection basis. Compared to task offload, TCP chimney offload further reduces networking-related CPU overhead, enabling better overall system performance by freeing up CPU time for other tasks.

The possible states are disabled, enabled,  automatic (only Windows 7 and 2008 Server) as follows:
automatic – This default setting is only available under Windows 7 and 2008 Server. It offloads if the connection is 10 GbE, has a RTT < 20ms, and the connection has exchanged at least 130KB of data. The device driver must also have TCP Chimney enabled.
default – this setting restores chimney offload to the system default. Setting this “default” state under Windows 7 and 2008 Server is possible, but it sets the system to the “automatic” mode described above.
disabled – this setting is maually configured as disabled.
enabled – this setting is manually configured as enabled.

I hope you find this useful.

Steve

 

%d bloggers like this: