You are currently browsing posts tagged “pc”

WordPress Brute Force Attacks on non-WordPress Sites

December 1, 2017 // Posted in Computer Tips, General, Main, Tips and Tricks (Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , ) |  No Comments

There are more and more would-be hackers out there that are trying to attack WordPress Sites via a brute force attack on the wp-login.php file that is used on worpress sites to log in to the site.

The problem is that they do not know what are WordPress Sites and what are not so they try connecting to a wp-login.php file on almost every site. This can lead to hundreds of attempts on your non-wordpress by these hackers trying to find a wp-login.php file on your server. Check your server log and you will see all these attempts.

Now if as many people as possible added a wp-login.php to their non-wordpress site re-directing any call to that page back to the IP address that attempted to find it, then these idiots would perform a DOS attack on their own PC,
and stop them sending any more requests.

Here’s how to do it:

Create a file called wp-login.php in your non-wordpress site’s root folder with the following text in it (Your server must be php enabled):

 

 

 

 

Let’s hit back at these idiots together.
Steve

Norton have got it very wrong with WS.Reputation.1 detection

April 15, 2017 // Posted in General, Main, Uncategorized (Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ) |  No Comments

Norton's WS.Reputation.1 detection Notice

Norton’s WS.Reputation.1 detection Notice

The way Norton’s WS.Reputation.1 detection works is the most ridiculous thing I have ever seen in an anti-virus protection program.

 

If someone creates a new program or a new update to an existing program, and only a few people that use Norton have the file or it has only just been built, then Norton immediately deletes it and reports it as a threat without any checks on the file for malware.

Now if that isn’t ridiculous then I don’t know what is. It means that every new program that is first added to a user’s PC that is running Norton gets flagged as a threat for no reason at all.

Here is an extract from Norton’s write-up:

“WS.Reputation.1 is a detection for files that have a low reputation score based on analyzing data from Symantec’s community of users and therefore are likely to be security risks. Detections of this type are based on Symantec’s reputation-based security technology. Because this detection is based on a reputation score, it does not represent a specific class of threat like adware or spyware, but instead applies to all threat categories. 

The reputation-based system uses “the wisdom of crowds” (Symantec’s tens of millions of end users) connected to cloud-based intelligence to compute a reputation score for an application, and in the process identify malicious software in an entirely new way beyond traditional signatures and behavior-based detection techniques.”

They themselves say that Because this detection is based on a reputation score, it does not represent a specific class of threat , So they think that the file is not necessarily a threat, but delete it any way, just in case! DUH!  That IMO, is not the way antivirus protection should work. It should only identify a real threat that can be proven as a threat, that’s how all other antivirus programs work.

So it sees how many Norton users are using the file and when it was created to make it’s decission? DUH! That means that as it is deleted immediately by Norton, the number of Norton users will never increase so the ‘Reputation’ score will never change. So how can you increase the reputation score?

I myself have recently created a new small program and had this situation with users and have had to refund their purchases because Norton says my installer is a threat. My software is checked by an independent source before distribution with 61 different anti-virus engines and all report they are CLEAN. I have been developing small software applications for 25 years and have never had any issues with my programs they are all malware free and to have Norton now start saying they are a threat is deformation of my character and must be illegal to falsely claim a developer’s products are malicious.

This ridiculous identification is ruining the reputation of small developers as every new program they develop and set up on a PC running Norton, is immediately deleted and flagged as being a threat, when there is no threat at all. Most users will believe Norton and then never take the steps (which are not simple) to get around the Norton false detection.

This needs to be addressed by Norton Now! It is ruining the good reputation of small developers because Norton is saying their software is a risk when it is perfectly safe and no risk at all.

If you are experiencing these issues with Norton please comment below.

regards

Steve

PayPal Security changes September 2016

March 25, 2016 // Posted in General, Main, Tips and Tricks (Tags: , , , , , , , , , , , , , , , , , , , , , , ) |  No Comments

Important PayPal changes you need to be aware of if you are using PayPal on your site:

 

PayPal are updating their Merchant security in September 2016, and it means that when sending transaction data to an IPN etc it will only communicate with secure connections (https://).

This means that you will need to update any scripts that currently use a non-encrypted connection such as IPN’s and will need to install an SSL on your server, if you do not already have one.

You need to also check that your php server supports HTTP1.1 and OpenSSL1.0.1 or higher:

You can check this using phpinfo:

I hope you find this useful,

regards

Steve

Ransomware Operation Taken Down by Cisco

October 7, 2015 // Posted in General, Main (Tags: , , , , , , , , , , , , , , , , , , , , , , , ) |  No Comments

Computer Hi-Jacked?

Computer Hi-Jacked?

A ransomware operation that it is estimated netted $30million a year by installing ransom software on unsuspecting users computers has been disrupted by security researches at Cisco.

The Angler Exploit kit, also known as the hack-by-numbers tool is sold in underground crime forums to people who don’t want to go through the hassle of developing and testing exploits themselves. Angler has the ability to successfully infect an estimated 40 percent of the end users it targets using attack code that surreptitiously exploits vulnerabilities in browsers and browser plugins. In many cases, the security flaws have already been patched, but, in some cases the kits exploit zero-day vulnerabilities for which there is no currently available fix.

A large number of infected users were connecting to servers operated by service provider Limestone Networks. With the co-operation of Limestone and examining some of the servers they found that the single operation was targeting as many as 90,000 users a day.

“This is a significant blow to the emerging hacker economy where ransomware and the black market sale of stolen IP, credit card info and personally identifiable information  are generating hundreds of millions of dollars annually, Talos researchers wrote in a eport about the takedown.

More information at http://talosintel.com/angler-exposed/

My Experiences of Windows 10 and Privacy Issues

August 14, 2015 // Posted in Computer Tips, General, Main (Tags: , , , , , , , , , , , , , , , , , , , , , , , ) |  No Comments

The best one yet

‘The best one yet’??

 

Ok, so I have been using Windows 10 for several days now and here are some of the issues I have found.

First of all there is the Windows Updates: When Windows 10 performs updates on close down, you do not get the old familiar Windows 7 messages “Installing Update x of xx, do not switch off your PC”, instead you just get a Black Screen with continuous hard drive activity, and it is easy to just hit the power switch thinking nothing is happening.

Then theres the Memory issues: One of which cause images to become just Black Squares in apps and thumbnails and icons, some browsers just go black when there a lot of images on a page. Now whether this is a Video Card Driver that Win 10 installed, or a memory management problem in Windows 10, I have yet to ascertain,  but I keep getting an error on shutdown that is something like “Access Violation, Memory error, windows is trying to access an invalid memory location”, which I never got on Windows 7.

Then there’s the Privacy Issues:  Some Windows 10 features, such as Cortana and Bing search, continue sending data to Microsoft, even when they are turned off. Some apps and services will communicate with the Microsoft servers, even when you tell them not to by the individual software’s privacy settings.

For example: Windows 10 will periodically send data, purported to be used for OneDrive,  for reasons unknown, even on a local account that isn’t connected to a Microsoft account. Why it is being sent is a mystery.

In at least one case, it has been found that information that can identify the user is also sent.

Cortana, will send data to Microsoft, even if it is disabled, and that data contains a computer ID that allows Microsoft to determine all the Cortana requests from the same computer.

And what’s more some of these connections would connect to Microsoft’s servers through unencrypted channels.

IMO, If you disable these services as you don’t want to use them, then that should really disable them and any data they would transmit.

My Experience of Windows 10 – Part 2

August 8, 2015 // Posted in Computer Tips, General, Main (Tags: , , , , , , , , , , , , , , , , , , , , , ) |  No Comments

 Logging Into Windows 10, Updates and Memory

One thing I do not like about Windows 10, is that many functions require you to be logged into windows using an online Microsoft Account.

  1. I do not want to log in to windows using an Internet based Account.
  2. I do NOT want my personal data stored on a ‘Cloud’ based server.
  3. What happens if it is set to an online account to login and there is no Internet connection.
  4. Why can’t it just log in to the online account just to use that function such as Cortana, which has to have login via the online account?
  5. So Cortana is useless if you have no Internet connection?
  6. There are too many security issues logging in via an online account.
  7. I prefer to log in locally where my data is secure.

Windows 10 is also very memory hungry compared to Win 7, and even with my 4GB USB Ramdisk, is constantly buffering memory to a hard disk cache and has made some apps very slow because of this.

Windows 10 did an update Friday without asking, and I did a reboot of the machine, (that’s how I noticed it was doing something), there was no information that it was happening and on shutdown the screen went black although the hard disk was going crazy, so it was doing something. I left it for 3 hours and the hard drive had stopped being used but the screen was still black, and took a chance and switched off the machine and back on, then I got an opening message ‘Windows is configuring Updates 10%..’ etc and after another hours or so I got the welcome screen. I checked the windows update area and it says all updates were successful.

Not as clean and informative as Win 7.

More to follow

Santa has been and gone and you have a new device.

January 2, 2014 // Posted in Computer Tips, General, Main (Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ) |  No Comments

santagiftsYes Santa has been and gone and the festivities are now over.

 

You may have gotten a new device from Santa, but he forgot to include some very important items.

So if you did get a new device, a laptop, home PC, tablet, phone or other mobile device don’t forget to add the following important items:

  • Set up a master pin code or password so that if your device gets stolen or lost, the person that currently has it in their possession cannot use it easily.
  • Install anti-virus and anti-spam software to protect your device. I have tried many different AV programs over the years and I have found the best to be AVG Total Internet Security, it doesn’t add too much overhead to your system, always appears to install correctly first time, is updated automatically very regularly to keep you protected, and gives full protection. On Mobile devices the AVG solution is also very effective and adds additional feature which I will cover a little later.
  • If your new device is a mobile one with GPS, install location software, AVG’s mobile solution has this facility and will allow you to find out where your device is if it is lost or stolen.
  • Again if your device is mobile install remote wiping and locking software, so if your device goes missing you can set it to sound alarms if  someone attempts to use it, you can lock the device and even delete everything on it by issuing a command over the internet. These features are also available in AVG’s mobile solutions.
  • Many mobile devices allow purchase within Apps, make sure you turn these off so that you do not accidentally make purchases.
  • Check your privacy settings in all devices, laptops,PC’s and mobile devices, and make sure you are not sharing something you do not want to.

Protect yourself, as your device will not do it for you without the right additions.

Happy New Year and enjoy your new device safely.

Steve

 

 

How to speed up a slow PC

May 24, 2013 // Posted in Computer Tips (Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , ) |  No Comments

Slow PC?

Slow PC?

We have all had the problem that as your PC gets older and you install more and more programs your PC gets slower and slower. So what can you do to speed it up again? Here are five things that you can do:

De-fragment
This goes without saying, it is an essential regular maintenance job, however, I am surprised at how few people regularly do this if you ask them. Do You do this regularly? — Once a month is a good interval. It doesn’t matter which Windows OS you use, make sure you either manually de-fragment or set the machine up to automatically de-fragment at least once a month. When your PC’s files get very fragmented, they suffer serious performance issues. The built-in Windows de-fragmenter works just fine, but if you are looking for something a little better, there are many Free and Commercial products available

Clean up the hard drive
Have you ever filled up a hard drive? If this hard drive contains both your OS and your data files, your machine is going to die! This is often a major cause of slow running PC’s. You need at least 10-15% free on your hard drive for your PC to work, creating temporary working files. If  you haven’t got at least 20% free space, I would recommend you to start a clean up. The built in Windows Disk Clean Up utility quickly clears out all temp files for you, in various categories such as Internet Temporary Files, temporary download files, windows temp directory and more. Access it by right clicking the drive in MyComputer and click Tools > Disk Clean Up. Once you’ve done that, check your pictures, music and videos, as these are usually quite large files. Delete the ones you no longer need or copy them to an external drive or CD/DVD’s. Then check all your document files, delete those no longer needed and back up those you want to archive to another drive or DVD/CD. Once you have sorted those out, you can remove old Restore Points and Shadow copies (from the System Restore Utility) .Then check your installed programs, Do you need them all? There is probably some that you haven’t used for years, get rid of them using the Add/Remove Programs in Control Panel. After you have done all this Empty the re-cycle bin, and check your Drive Space again. Right click the drive in MyComputer and click properties.

Now it’s time to clean up the registry
Errors in the registry cause major slowing down of the PC, and can cause it to stop altogether. Modifying the registry is not something the novice or inexperienced user should attempt on their own, as incorrect changes to the registry can prevent your computer from even starting up. Before you make any modifications to the registry, either manually or using a professional tool, ALWAYS backup the registry first, then you can always restore it if something goes wrong. There are many software tools available, some free and some commercial. Most of them will find many errors in your registry, it’s not always something you’ve done, over time removing programs, upgrades and driver changes will leave remnants in the registry that should not be there. Run a registry fix tool and let it fix the errors it finds. Reboot to confirm your PC still works, (Most registry fixes will make a backup of anything they change, so that you can restore them in safe mode if something goes wrong, but that doesn’t happen very often if you pick a good tool.) After the re-boot run the registry fix again, as some more errors will be found, that do not become apparent until some of the first ones removed have taken effect. Re-boot again and Run the tool again, repeat the process until no errors are found.

Remove spyware/malware
If you are using Windows you MUST have an anti-malware program installed or your machine is guaranteed to get infected with spyware, which will gradually make your PC slower and slower, not to mention the potential privacy and security issues. Malwarebytes is good for this, although most anti-virus packages have anti-malware included, they do not always find all of it. Malwarebytes, is good and there are free and commercial versions available. I have found, that this usually finds anything that my anti-virus package misses (I’ve tried various anti-virus packages and Mawarebytes always finds something that each one of them didn’t). Get free program updates regularly and run it at least once a week. You can even trigger it to start at a specific time and day each week using the Windows Scheduled Tasks facility.

Check the hard drive for errors
After long periods of use the hard drive develops ‘Bad Sectors’, fragments of files get left behind in the indexes and other information in the file descriptors etc. can become corrupt. To fix it, you’ll need to check the drive for errors. Right click the drive in MyComputer and click Properties > Tools > Check Now >  Check the options to Automatically fix file system errors and also to scan and attempt recovery of bad sectors, then click start. If this is your Windows drive, or contains files that windows needs to operate (e.g.Swap file, system files and some drivers), you will be told that Windows needs exclusive access to this drive, so cannot perform the check now, and then asks you if you want to schedule the check when Windows next starts. Click Yes and reboot. The Disk check will start before windows does when you restart. This may take some time as it will check every piece of the drive surface, every file,folder, descriptor table etc. You can also get third party disk checkers, but the built in windows one seems to work just fine.

%d bloggers like this: