Posted by ljmacphee on May 26, 2008 under things you should know | 
I try to clean up and update my websites once a year but that doesn’t always happen. Sometimes life just gets too busy.
But since I had to move everything to new servers I’ve been making time this week to dust off the sites.
1) Check your images directory - remove unused images, and look for hidden files or html files. Often hackers use these directories to store phishing scams when your site gets hacked. The less images in a directory the quicker the server can find and load up the image your page is requesting. Keep it lean. Break up your image directory into smaller directories if you have lots of images.
2) Proof read old pages and posts. No matter how many times I reread old posts I usually find typos or better ways to word my posts. You are getting new visitors to those old pages every day. Dust them off. Your site’s come a long way make sure those early pages reflect that.
3) Run a link checker and make sure pages you linked to a year or more ago still exist. Often they don’t.
4) Update your pages. Maybe you’ve learned more about a subject or found better tools for doing something. Keep those resources current and cutting edge and you’ll get more visitors.
Then back it up - to your server and to your home computer and to an usb key. You can’t have too many copies of your website if a problem appears.
Posted by ljmacphee on April 21, 2008 under blogging, things you should know |
Hosting companies seem to attract more fly by night businesses than just about anything else online and its hard to find a hosting company you can stay with for any length of time. I’ve moved to my fifth hosting company in 10 years and here’s what I’ve learned along the way.
The first hosting company I had was and still is an excellent hosting company. Problem is they didn’t keep up with the times on the tools and services they offered. I was with them for about 8 years.
Then I converted my old website to blogs and moved to Blogger. While an excellent free service, the servers would be flakey a couple days a month, the same days every month, and it is extremely limited in what you can host and do there. I lasted nine months there. Wordpress.com hosting is nice but also extremely limited.
So on to the next hosting company, GoDaddy. While popular and offering more tools than my original hosting company, the servers are not the speediest. It’s a good starting jump for a first website, but not a good hosting company if you run multiple websites and like to get in and play with everything. I was with them about a half a year.
Notice the times with each company seem to be shrinking?
Then I looked at a company that offered cPanel. The tools were excellent, they weren’t. They lasted a week.
Now I’m on yet another company. This one also offers cPanel, the servers scream ( at least so far ) and all is well. At least for this week. I’m seriously hoping it’ll stay good for several years. Time will tell.
It is almost impossible to find accurate information about which hosting companies are good and reliable and which are fly by nights. Since many of them now use cPanel, moving when times get bad should be easier. Less things should get lost and need re-configuring.
If you are switching hosting companies here are a few tips:
1) Don’t prepay until you know you the company is reliable. Start out month by month and if they do well, they pay for longer times to get the discounts. If they turn out not to be a fly by night, or the service is not good, you’ll never see your pre-paid fees again.
2) Do not let a hosting company register a free domain name for you. If you find out you don’t like them, they will be holding your domain name hostage. Register your own domains and keep them safe somewhere else.
3) Backup, backup, backup. To your home computer not to the hosting company server.
4) No matter how careful you are you will find missing things. Do not delete or close your old account until you’ve checked and re-checked your new hosting setup. Give it a week, there’ll almost always be something you forgot to backup.
5) When choosing a hosting company give preference to ones with cPanel. It makes ongoing maintenance of your sites and relocating ( if needed ) much easier.
Posted by ljmacphee on April 18, 2008 under security, things you should know |
TimesToCome is my personal website. It has been online since 1997. Not once has it been hacked or compromised in over ten years. Not a single website of dozens I’ve put up has been compromised in ten years.
Today TimesToCome was totally taken down and compromised by the evil robot Cuill Twiceler Bot. A quick Google search will show you I’m not the only webmaster who’s had problems with Cuill.
It totally hammered TimesToCome, rapidly downloading over 1600 files before crashing the website. ( It’s a small website, I don’t know how they found that many combinations of pages to download. ) And when all was said and done four directories, two Coppermine and two Wordpress were totally compromised with all *php files converted to 0777 permissions.
I strongly recommend you block this robot in your .htaccess file.
I was lucky and discovered the problem less than an hour after it was compromised. Cuill Twiceler answered my email stating they will not hit my website’s IP again. I don’t trust anyone who doesn’t know what his robot has been up to. So I will be blocking them anyhow using .htaccess files.
*** Follow up ***
More details emerge.
Some unknown ( except for ip number ) entity uploaded some php files hidden in a *.jpg file to the albums/userpics directories in Coppermine.
When Cuill-Twiceler stomped all over my site like Godzilla does to Toyko it tripped that file. Even though the exploit did not work as planned it converted the image file extension to a *zip file extension, then ran a function int that file that converted all the php, htm and html files to 777 permissions in all directories on the website. It failed to create an iframe in the Coppermine files directing it to some porn site because the wonderful people at my hosting company don’t let their servers run files with world permissions.
Since there were not links to the compromised file the robot never should have found them and triggered them. The robot is badly broken.
I strongly urge anyone using Coppermine to upgrade. The upgrade was painless.
As always keep an eye on any image directories you have on a website. Those seem to be where most exploits park themselves. Any program that allows the general public to upload an image or zip file to your server without verifying what’s in it makes you vulnerable. The person who uploaded the file or a crazy robot can then trigger the script that is inside the file.
See also:
I don’t like spiders and bots
What everyone ought to know about bots
More information:
Cuill banned from over 10,000 websites
Digital Point: Several webmasters banning Cuill for bad behavior
Twiceler banned across server farm
Twiceler sucking up bandwidth
Twiceler needs to be reined in
Guards out for Twiceler
Evil entity Twiceler
How to stop Twiceler
Posted by ljmacphee on March 31, 2008 under things you should know |
So what happens when a spammer spoofs your email address and you start getting complaints from your not so techy relatives? Or your ‘catch all’ email address has a zillion bounces?
If it is a friend or relative, first have them forward you the email with full headers. Have you been spoofed or have you been hacked? Check the IP address. If you are using gmail, click the little tiny arrow next to ‘Reply’ and select ‘Show Original’. It is usually clearer on other email platforms. You will see several ‘Received: by followed by information. The bottom one is where the email was originally sent from. Are any of them your website IP? If so you need to get on the phone with your hosting company and secure your ( or their ) email server. Make sure your SMTP server requires authentication.
Most likely it did not originate on your server. Most likely it is the IP address from some spammer or some poor soul whose machine has been hacked. You may or may not get useful information by using Arin to find out who the offending IP belongs to. Each IP is a bounce that email went through on its way to the final recipient. Sometimes useful information can be gleaned from doing reverse IP searches on the bounces. Perhaps it left a home IP address from a IP pool but bounced off the work server of the person doing the spamming. So check out each and every one.
More often than not you will find a relative’s IP number whose computer is riddled with viruses, or find nothing useful at all. If it is a friend or relative’s IP number, offer to go clean out their computer. You can find your friends and relatives IP addresses in the header information of emails they have sent to you.
A ‘catch all’ email is one you set up with your hosting company. All emails improperly addressed to your domain end up in the catch all email. This is a useful tool for finding out that a domain of yours is being spoofed. It is not an email address you want downloading to your phone or home computer. It can get busy.
There is little to nothing you can do unless you are very lucky finding the source of the spoofed emails.
More information:
100 email bouncebacks? You’ve been backscattered
Spoofed/Forged email ( Cert.org)