You are currently browsing posts tagged “site”

WordPress Brute Force Attacks on non-WordPress Sites

December 1, 2017 // Posted in Computer Tips, General, Main, Tips and Tricks (Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , ) |  No Comments

There are more and more would-be hackers out there that are trying to attack WordPress Sites via a brute force attack on the wp-login.php file that is used on worpress sites to log in to the site.

The problem is that they do not know what are WordPress Sites and what are not so they try connecting to a wp-login.php file on almost every site. This can lead to hundreds of attempts on your non-wordpress by these hackers trying to find a wp-login.php file on your server. Check your server log and you will see all these attempts.

Now if as many people as possible added a wp-login.php to their non-wordpress site re-directing any call to that page back to the IP address that attempted to find it, then these idiots would perform a DOS attack on their own PC,
and stop them sending any more requests.

Here’s how to do it:

Create a file called wp-login.php in your non-wordpress site’s root folder with the following text in it (Your server must be php enabled):

 

 

 

 

Let’s hit back at these idiots together.
Steve

Norton have got it very wrong with WS.Reputation.1 detection

April 15, 2017 // Posted in General, Main, Uncategorized (Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ) |  No Comments

Norton's WS.Reputation.1 detection Notice

Norton’s WS.Reputation.1 detection Notice

The way Norton’s WS.Reputation.1 detection works is the most ridiculous thing I have ever seen in an anti-virus protection program.

 

If someone creates a new program or a new update to an existing program, and only a few people that use Norton have the file or it has only just been built, then Norton immediately deletes it and reports it as a threat without any checks on the file for malware.

Now if that isn’t ridiculous then I don’t know what is. It means that every new program that is first added to a user’s PC that is running Norton gets flagged as a threat for no reason at all.

Here is an extract from Norton’s write-up:

“WS.Reputation.1 is a detection for files that have a low reputation score based on analyzing data from Symantec’s community of users and therefore are likely to be security risks. Detections of this type are based on Symantec’s reputation-based security technology. Because this detection is based on a reputation score, it does not represent a specific class of threat like adware or spyware, but instead applies to all threat categories. 

The reputation-based system uses “the wisdom of crowds” (Symantec’s tens of millions of end users) connected to cloud-based intelligence to compute a reputation score for an application, and in the process identify malicious software in an entirely new way beyond traditional signatures and behavior-based detection techniques.”

They themselves say that Because this detection is based on a reputation score, it does not represent a specific class of threat , So they think that the file is not necessarily a threat, but delete it any way, just in case! DUH!  That IMO, is not the way antivirus protection should work. It should only identify a real threat that can be proven as a threat, that’s how all other antivirus programs work.

So it sees how many Norton users are using the file and when it was created to make it’s decission? DUH! That means that as it is deleted immediately by Norton, the number of Norton users will never increase so the ‘Reputation’ score will never change. So how can you increase the reputation score?

I myself have recently created a new small program and had this situation with users and have had to refund their purchases because Norton says my installer is a threat. My software is checked by an independent source before distribution with 61 different anti-virus engines and all report they are CLEAN. I have been developing small software applications for 25 years and have never had any issues with my programs they are all malware free and to have Norton now start saying they are a threat is deformation of my character and must be illegal to falsely claim a developer’s products are malicious.

This ridiculous identification is ruining the reputation of small developers as every new program they develop and set up on a PC running Norton, is immediately deleted and flagged as being a threat, when there is no threat at all. Most users will believe Norton and then never take the steps (which are not simple) to get around the Norton false detection.

This needs to be addressed by Norton Now! It is ruining the good reputation of small developers because Norton is saying their software is a risk when it is perfectly safe and no risk at all.

If you are experiencing these issues with Norton please comment below.

regards

Steve

PayPal Security changes September 2016

March 25, 2016 // Posted in General, Main, Tips and Tricks (Tags: , , , , , , , , , , , , , , , , , , , , , , ) |  No Comments

Important PayPal changes you need to be aware of if you are using PayPal on your site:

 

PayPal are updating their Merchant security in September 2016, and it means that when sending transaction data to an IPN etc it will only communicate with secure connections (https://).

This means that you will need to update any scripts that currently use a non-encrypted connection such as IPN’s and will need to install an SSL on your server, if you do not already have one.

You need to also check that your php server supports HTTP1.1 and OpenSSL1.0.1 or higher:

You can check this using phpinfo:

I hope you find this useful,

regards

Steve

Ransomware Operation Taken Down by Cisco

October 7, 2015 // Posted in General, Main (Tags: , , , , , , , , , , , , , , , , , , , , , , , ) |  No Comments

Computer Hi-Jacked?

Computer Hi-Jacked?

A ransomware operation that it is estimated netted $30million a year by installing ransom software on unsuspecting users computers has been disrupted by security researches at Cisco.

The Angler Exploit kit, also known as the hack-by-numbers tool is sold in underground crime forums to people who don’t want to go through the hassle of developing and testing exploits themselves. Angler has the ability to successfully infect an estimated 40 percent of the end users it targets using attack code that surreptitiously exploits vulnerabilities in browsers and browser plugins. In many cases, the security flaws have already been patched, but, in some cases the kits exploit zero-day vulnerabilities for which there is no currently available fix.

A large number of infected users were connecting to servers operated by service provider Limestone Networks. With the co-operation of Limestone and examining some of the servers they found that the single operation was targeting as many as 90,000 users a day.

“This is a significant blow to the emerging hacker economy where ransomware and the black market sale of stolen IP, credit card info and personally identifiable information  are generating hundreds of millions of dollars annually, Talos researchers wrote in a eport about the takedown.

More information at http://talosintel.com/angler-exposed/

Upgrading Windows 7 to Windows 10

July 31, 2015 // Posted in Computer Tips, General, Main (Tags: , , , , , , , , , , , , , , , , , , , , , , , , , ) |  1 Comment

The best one yet

‘The best one yet’??

My experience of upgrading from Win 7 to Windows 10:

 

‘The Best One Yet’ is Microsoft’s claim but is that really true?

Well I was all excited when I received my ‘Update is ready to Install’ message and had already read some of the claims for this important day.

  • Takes about 1 hour to update.
  • Get Cortana for Windows.
  • All your software will be available.
  • We will automatically update your Antivirus Software.
  • The best one yet.

But the problems started well before this day, as Microsoft said you will get an icon in your taskbar to claim and install your free upgrade if your current version is a legal version.

Well that failed straight away as I didn’t get my icon in the task bar. So after some checking, it appeared you had to install an Optional Update from Windows Update, (they said it was automatic), and you had to be running IE 11, mine was IE10, so that wasn’t mentioned. When I installed the optional update and IE11 I did eventually get my update icon in the taskbar. On clicking it said your computer is compatible with Windows 10 and all your software will run with Windows 10. That sounded positive.

Ok the ‘Your Upload is Ready’ button appeared, so I restarted windows to begin the install. After about 30 minutes of no apparent progress, the PC re-booted and there it was, Windows 7, as it was before. That was not expected, I expected a nice new Windows 10.

OK let’s try again.

In order to start again it had to re-download the update files (why, when it already had them), so a 2+ hour wait while it downloaded the 2+GB of files, and the ‘Your Update is ready to install’ again. So off we go.

Again after 30 minutes of what appeared to be doing nothing (but the hard drive light was going crazy), and the PC rebooted and hooray, Windows 7 again.

OK let’s check the update status, “Update failed error code –    failed code 80240020

What is this mysterious error code 80240020 (Why can’t make error messages meaningful, like ‘Could not do this or that’ instead of error Code 80240020?

Ok so it seems an issue with Windows Update so the solution might be to reset Windows Update:

So:

  • went to C:\Windows\SoftwareDistribution\Download and deleted everything in the folder (not the folder).
  • open a command prompt with run as administrator and type wuauclt.exe /updatenow and hit enter, then type exit and hit enter again.
  • Go to windows update and The Windows 10 update is downloading again!! Another two hours.

After the download, the ‘Your update is ready’ message again, so another re-boot, 30 minutes of hard drive activity, but this time a message saying ‘Windows is configuring your updates 5%….’ etc. Perhaps this is a good sign?

After about 1 hour (remember Microsoft claiming the Update will take approx 1 hour’? Well we are at about 7 hours now already, and it isn’t because I have a slow machine, I have a Intel quad core processor with each processor running at up to 3.2GHz), another auto reboot and a new screen, looks like we are getting somewhere now, a big circle in the middle of the screen shows the current progress, this stayed on 1% for over 20 minutes. Almost 3 hours and 4 reboots  later 100%, Yay ..

Another re-boot and a new welcome screen, logged in and, and, and just a black screen, better not do anything as the hard drive is doing something, goodness knows what. One hour later windows started (perhaps this is the One Hour Microsoft was talking about?

Then another message ‘We are updating some settings and apps for you’, after another 40 minutes ‘This is taking a little longer than usual – please wait’ , eventually the message changed to ‘Almost there now’ , wait, wait, wait.

Eventually a bright new windows 10 interface. (Looks pretty similar to Win 7, with a few display enhancements, perhaps that was why 7 could be upgraded and not a new install?).

Now the fun begins, remember Microsoft said , we will set up your programs for you and update your current anti-virus software? And they said my programs were all compatible with Win 10. Nuh. Windows 10 removed my antivirus software (AVG) and PC TuneUp (AVG) completely.

Tried a repair on them as they both still appeared in the Add/Remove programs, and although they both said successful, they both failed. So uninstalled both and re-installed, and eventually they are working.

I haven’t yet checked all programs, to see if they are all there, not very confident that they will be.

Ah Hah, just remembered, let’s try out Cortana or whatever it’s called, they say you must have an English System (Check), your region must be set to Uk,US etc (Check set to UK), try to access Cortana, message “You cannot use Cortana in your Region”), I live in Thailand., but my region is set to UK as is my language, and these are the requirements Microsoft says, so it looks as though it looks at your IP address and blocks it on that. So does that mean that if you have active Cortana in the UK if you take a trip to another unsupported region (by IP address) Cortana doesn’t come with you?

Then there’s the new Edge Shop – Can’t get that to work for love nor money, for free items, just keeps saying try again later.

It’s not going well is it?

Then there’s the unconfigurable display interface, the squared forms with no borders etc that are not very elegant or appealing, IMO, and no way to change them like in 7 and earlier versions.

There was another claim about Windows 10 that Microsoft made, ‘it’s Faster’ – Sorry Microsoft – I have to disagree there, it is much slower starting up that Win 7, programs load slower, Win 10 uses much more memory (and 32 bit still not able to use more than 4GB), which means the disk cache is used more and again slows things down.

So I am not that impressed as yet, and certainly think the “The best Yet’ is not a totally true statement.

I will now have a play for a few days and post again once I have fully tested it. Watch this Space!

Steve

 

 

 

 

 

SEO Principles

May 24, 2014 // Posted in General, Main, Tips and Tricks (Tags: , , , , , , , , , , , , , , , , , , , , , , , , ) |  No Comments

Google

Google

Search Engine Optimisation is key to your site being found on the Internet.

SEO is your way of improving your website’s ranking in Google, Yahoo, and Bing. The more time and possibly money (if employing an external management  company) you spend on SEO, the more chance you will have of being the first search result listed by Google – which is the ultimate goal of any website and to be easily found by your potential customers.

The simplest technique is by altering the text, or ‘content’ on your website. To do this you must first understand your website’s target audience, who are they and what words will they type into Google when they are looking for this particular service or product?  There are of course many possibilities, and it is important to investigate those options and compile a list of your best appropriate keywords and phrases.

Once your keywords and phrases have been researched, your content can then be re-structured effectively so that it is ‘optimized’ and SEO friendly. You can have professional help with this, so talk to an SEO specialist company about what they would recommend. Other important actions include linking, (both internally – from your own site, and externally – other websites providing good linksto yours preferably from PR3 or higher sites) and implementing meta-tags, sub-headings, and website descriptions on all of your web pages. Content is king, so your success will be determined by the quality and relevance of your page content.

Important SEO principles  like ‘Black Hat’ and ‘White Hat’ SEO strategies. These two are very different  and it helps to understand the differences between them before talking to an SEO company about tactics for your website so you can make the right decisions.

‘White Hat’ SEO companies will use or recommend good design, good relevant content and appropriate linking. These will achieve longer lasting results and ranking.

‘Black Hat’ SEO companies, on the other hand will use underhand and inappropriate tactics to get fast results but at the expense of long term strategies and a sustainable website. They will hide bulk keyword text by using a background colour the same as the text so the text doesn’t display, or use font-colours to do the same or very small font sixes so that the text is not readable by humans. This will result in an immediate increase in ranking initially in some cases, but it won’t be very long before the search engines start imposing penalties on those sites and may even remove them from their search results completely.

So if you choose to use an external SEO company, be aware of these two types of SEO companies and ensure you choose the right one.

Keep up to date with what search engines are considering when ranking web site pages and adjust your content accordingly regularly to keep your site high in the rankings.

Also make sure you re-submit your site map to search engines regularly, and every time you make major changes to your site to keep your search results accurate and not link to now non-existing pages or content.

 

 

Time to think differently with facebook likes and shares

April 23, 2014 // Posted in General, Main (Tags: , , , , , , , , , , , , , , , , , , , , , ) |  No Comments

#facebook

#facebook

Apart from the obvious visual changes in facebook, some of which, in my opinion have not improved the facebook experience, facebook are changing some of the processes around sharing and liking.

 

If you have an online marketing strategy,you may want to start rethinking how you use Facebook in light of the recent announcement from the company about business spam.

Facebook, like Google, is making changes to its algorithm to ensure users get the best content – most relevant, newest and most original. That bit makes sense.

 

Facebook, however, isn’t just thinking about the content – it also wants to be highly profitable. There philosophy is ‘Why give away free advertising to businesses when you can charge them for it?”

Facebook feels that if they restrict the free visibility they give to businesses, that businesses will pay to get it back.

So what is facebook changing?

1. Asking for Likes, Shares and Comments

 

People and businesses asking for likes, shares and comments in order to promote products is commonplace and expected. Increasing likes, shares and comments, posts appear in many newsfeeds, increasing brand and product visibility – without the company having to pay for it.

Facebook, however, is now calling this common practice,  “like-baiting.” And if you do it, the chances are that your business or website will now be prevented from appearing in users newsfeeds. This means that in future it will be much more difficult to get your ‘organic’ posts to appear in users newsfeeds.

Facebook,  want to crack down on this ‘like-baiting’ practice in order to provide users with, what they say is, ‘a more relevant experience’. After all they want users to find content that matters to them. Otherwise what’s the point and they won’t make any money out of organic posts.

 

2. Frequently Re-Circulating Content

 

In addition to “like-baiting,” Facebook is now making efforts to limit the amount of content that is being re-circulated on News Feeds. Going viral used to be a golden egg search marketers could hope for. Now it holds much less power.

 

Before when content would go viral, it would often happen in waves. Every few months, it would go viral again. Facebook considers this content less relevant to users. According to Facebook, users are complaining about re-circulated content.

 

They’re also complaining about content that isn’t going viral, but is being re-posted by the Pages. Taking the same content and re-posting it will now get you off the News Feeds. Testing so far has shown users are hiding 10% fewer stories from Pages when this update is in place.

 

3. Spamming Links

 

Spamming links come in many forms. Some posts have confusing formatting, and users are “tricked” into clicking on a link. Others say they link to something of relevance, such as a photo album, but when users click on the link, they end up on a website chocked full of ads.

 

How is Facebook determining which links are spammy? They’re tracking the frequency of how often the original post is liked or shared with friends after the links have been clicked. And this can be a problem.

 

If businesses are posting legit content, but it’s just not getting the number of likes or shares it needs, it could end up being flagged by Facebook. What is a business to do? Ask users to like and share their posts – exactly what Facebook is saying they no longer want businesses to do.

So what are you to do to promote your business on facebook?

1. Don’t ask for likes, comments or shares.

2. Don’t re-post items over and over again.

3. Don’t post misleading links.

4. Last resort, pay for advertising.

 

Did you Know that the Internet is Controlled by 14 People with 7 Keys?

March 3, 2014 // Posted in General, Main (Tags: , , , , , , , , , , , , , , , , , , , , , , , ) |  No Comments

Keys to the internet

Keys to the internet

From a report by Business Insider.

The Internet Is Actually Controlled By 14 People Who Hold 7 Secret Keys

 

 

This sounds like something out of a James Bond Movie, but it isn’t: The whole Internet is controlled by seven actual, physical keys.

 

It all happens at a ‘Key Ceremony’.

The people conducting the ceremony are part of an organization called the Internet Corporation for Assigned Names and Numbers (ICANN). ICANN is responsible for assigning numerical Internet addresses to websites and computers and translating them into the normal web addresses that people type into their browsers.

 

For instance, type 64.27.101.155 into your browser, and you’ll be taken to Business Insider’s web page. But www.businessinsider.com is easier for people to remember. ICANN maps the numbers (easier for computers to use) with words (easier for humans to use).

 

If someone were to gain control of ICANN’s database, that person would control the Internet. For instance, the person could send people to fake bank websites instead of real bank websites.

 

On the other hand, if a calamity happened, the ICANN database could need to be rebuilt. So ICANN came up with a way to do that without entrusting too much control to any one person. It selected seven people as key holders and gave each one an actual key to the Internet. It selected seven more people to be backup keyholders: 14 people in all.

 

The physical keys unlock safety deposit boxes stashed around the world. Inside those boxes are smart keycards. Put the seven smartcards together and you have the “master key.” The master key is really some computer code, a password of sorts, that can access the ICANN database.

 

Four times a year since 2010 the seven keyholders meet for the key ceremony where they generate a new master key, i.e. a new password.

 

The security to be admitted to the ceremony is intense, and involves passing through a series of locked doors using key codes and hand scanners, until entering a room so secure that no electronic communications can escape it.

 

The group conducts the ritual, then each person files out of the room one by one, and then they all head to a restaurant and party.

See the latest ceremony here: Link to video: Who holds the seven keys to the internet?

How to get a specific image, title and detail to display in the facebook share on facebook when someone clicks the share button on your page

February 28, 2014 // Posted in Computer Tips, General, Main, Tips and Tricks (Tags: , , , , , , , , , , , , , , , , , , , ) |  No Comments

 

#facebook

Facebook have recently removed some functionality from the sharer.php and share.php, so that you can no longer send customised parameters to the sharer such as images, title and detail description.

You now have to either create an app or you can use the Open Graph tags.

The open graph tags are used in the following way:

Add the following to the head section of your page, either in an html fragment or directly into the page HTML:
<meta property="og:title" content="My Web Site Title" />
<meta property="og:type" content="website" />
url" content="http://www.mysite.co.uk" />
<meta property="og:image" content="http://www.mysite.co.uk/images/myimage.jpg" />
<meta property="og:site_name" content="My Site" />
<meta property="og:description" content="Here would go the details about your site that you would like to appear in the description area." />
<meta property="fb:admins" content="1996403603" />

Replace the highlighted areas with your own details.

The fb:admins is the id of the user that manages your facebook pages, here’s how to find it: Go to 

https://developers.facebook.com/tools/explorer/  (While you are logged into facebook)

You will see the following:

The highlighted number will be your fb:admins ID. 

Then add your share button, image or text and add a hyperlink like:

http://www.facebook.com/sharer.php?u=http://www.mysite.co.uk/index.html

Set the target to New Window

Add an an onclick event to the hyperlink by adding the following over the __AddCode=”Here” tag of the hyperlink in the attach HTML.

onclick="var w = window.open(this.href,'_blank','width=600,height=400,left=20, top=20, menubar=no,resizable=no, scrollbars=yes,status=no,toolbar=no'); if( w != null ){ w.focus(); }; return false;"

The onclick event will open the sharer page in a pop-up window so that the user doesn’t leave your site to share the page.

Ok so far so good, but if you click your share button now, it will not pick up the details in the OG tags but will try and find an image on the page and use the page title, it will also try to find some text on the page to use as a description.

The reason is that facebook needs to ‘scrape’ your page first to store the details in the OG tag. So we need to force facebook to ‘scrape’ your page. To do this go to  https://developers.facebook.com/tools/debug/ and enter your full page URL in the box and click Debug:

You should get a result something like the one below with no errors:

Now reload your page and click your share button, it should now show the Title, description and image you set in the OG tags.

Your share pop-up should then look something like:

 

Facebook will re-scrape your page every 24 hours, so if you make changes to your OG tags it may take 24 hours for them to change when you click your share button. If you need any changes to take effect immediately, then just go to the OG debug page and re-debug your OG tags on the page again.

 

 

 

Facebook Shares not working correctly any more?

February 26, 2014 // Posted in General, Main (Tags: , , , , , , , , , , , ) |  No Comments

#facebook

Just in case you have wondered why your facebook share buttons may be not working as you expected, Facebook have switched off some of the features of their sharer.php. So if you had share buttons that passed custom variables to the facebook sharer.php something like:

http://www.facebook.com/share.php?s=100&p%5Btitle%5D=This%20is%20a%20test&p%5Burl%5D=http://www.richosoft.co.uk&p%5Bimages%5D%5B0%5D=http://www.richosoft.co.uk/rsimages/myimage.png&p%5Bsummary%5D=This%20is%20a%20test%20message

These will no longer work, but instead they will pick up the Page Title and description for the title and description of the share. If you do not have active accurate OG tags, the custom image in the link will no longer display. If you have an active og:image link that image will display in the share, and if you have an active og:title and/or descriptions it will pick them up instead (once facebook has scraped your page that is).

It appears that if you now want to use a custom share on facebook you have to create an app, get it approved and then use one of the SDK’s to create custom ‘Stories’ and shares etc. or use the OG tags to create the content for the share, which facebook will re-scrape a max of once per 24 hours, so not much use if you have dynamic content for the share
There is several posts on the facebook developer forum, but facebook appear to be ignoring any requests to re-instate what was an easy to use and important feature for websites.

New Facebook share button docs here: https://developers.facebook.com/docs…s/share-button

regards

Steve

%d bloggers like this: