Script updates vital for server security

securephp phpsecureinfoI know: "Brian sounds like a broken record here, doesn't he?  Blah blah security blah blah updates. Either he's paranoid, or he's vigilant."

OK, I'm not going to say I overly vigilant. But I am cautious when it comes to web server security. And even with my monitoring of installed scripts on the servers (automated and manual), some slip past.

And, when I don't find the exploit, the hackers/spammers will. Like last week.

Read more: Script updates vital for server security

Halloween Snow storm seems to mess with the phones

Looks like this Connecticut power outage did something to the phone lines. Luckily, I have power and web access (unlike many in CT), but I have noticed the phone service is intermittent. So, if you are having any issues calling, please try email, or the contact form on this site.

Importance of Active Security Watch

A website is not just 'build' and go, as many designers do. Newer websites use scripts, and basically any active program on a web server has potential to 'go bad'.  But too many designers quickly build with tools 'that work' for them, and move on.

Then the headlines read:

Zero-day Vulnerability Threatens Many WordPress Sites

Attackers are exploiting a widely used extension for the WordPress publishing platform to take control of vulnerable websites, one of the victims has warned.

The vulnerability affects virtually all websites that have an image-resizing utility called TimThumb running with WordPress, Mark Maunder, CEO of Seattle-based Feedjit, wrote in a post published Monday. The extension is “inherently insecure” because it makes it easy for hackers to execute malicious code on websites that use it. At least two websites have already been compromised, he reported.

Read more: Importance of Active Security Watch

Inaccuracies on the web

scattered_online_profilesOne of the best reasons to have a website for your business (or even yourself) is to ensure any info out there is accurate. Whether you like it or not, your name/business is out there in multiple directories on the web. And you have no control over that.

Occasionally we Google/Bing our names to see if we have popped up anywhere, and try to keep a list of the sites with profiles for Seven Sages Website Management.  And sometimes we find one that is incredibly inaccurate...

This morning, while double-checking online profiles for a client (Divorce Attorney Profiles) I decided to do a quick search for SevenSages.com to see if I had most of the links posted. And I found one that was way way out of touch.

Read more: Inaccuracies on the web

Large attack may be related to out-dated scripts.

As being reported more today, there is a large virus attack spreading across the internet. Unfortunately, the reporting appears to be on April Fool's Day, however it is not a joke.  The reports actually started earlier in the week.WebSenseSecLabsLogo

Websense Security Labs has updated its Tuesday alert concerning a malicious mass-injection scareware campaign it has dubbed LizaMoon -- an SQL injection attack that adds a line of JavaScript code to web pages that redirects users to a bogus web page that rotates on a periodic basis. Based on Google search results Thursday, more than 500,000 URLs had a script link to lizamoon.com, which has since been changed, Websense said.

"We have also been able to identify several other URLs that are injected in the exact same way, so the attack is even bigger than we originally thought," Websense security analysts wrote in a blog Thursday. "All in all, a Google search reveals over 1,500,000 URLs that have a link with the same URL structure as the initial attack."   --- reported on newsfactor.com -LizaMoon Pay-Up Scareware Spreads To 500,000 Sites - By Mark Long

The important thing to learn from this is that it is vital to update and patch your systems.

Outdated CMS and Blog systems?

Read more: Large attack may be related to out-dated scripts.

New Wave Of Spam Seems Personal

mailscanner-logo-75I know, you bore of all this spam news. I do too. But, volume has increased yet again and I'm not just seeing it on my own servers, but also with Google App's and Postini.

Following the wave last month using the familiar looking 'Delivery Status Notification' (DSN) faking a bounced message, the spammers new technique appears to be using more familiar messages like Amazon order confirmations that look a lot like real Amazon orders. But it's getting a little scarier...

Read more: New Wave Of Spam Seems Personal

Spam as spoofed Email Policy Violation

200px-No-spam.svgThese spammers are good, really. Not wholesome good, but good at what they do which is bad. They are using simple mind games to infect your computer. Like their recent vector of attack using DSN (Delivery Status Notification), they are preying on your fear of trouble. The lastest is "Email Policy Violation" coming from your host's mailer-daemon.

subject Email Policy Violation
The attached message contains content which violates our email policy. The message was not delivered.

Who wouldn't open it to see if it was an important message you sent?

Read more: Spam as spoofed Email Policy Violation

Spam as Delivery Status Notification (Failure)

spam using DSNThe newest wave of spam is quite clever. They are abusing the geek-sacred protocol of the DSN (Delivery Status Notification), adding an attached html file that is a script set to redirect to a distant website, maybe selling Viagra.

Delivery Status Notification (Failure)
This is an automatically generated Delivery Status Notification.
Delivery to the following recipients failed.

Look familiar? The standard, important notice that your email has bounced for some reason. Now it could be spam.

 

Read more: Spam as Delivery Status Notification (Failure)

Nothing is more expensive than trying to save a buck.