Administrative assistant needed by Powell Exotic Furniture,Good pay and flexible hours, see attached pdf for more info or sign up via www.pefurniture.net/careers.php

Here’s a new website spoof scam – take the website of a perfectly respectable, American furniture company – Nichols & Stone and copy it. Then substitute the new name ‘Powell Exotic Furniture’ and register a domain name – PEFURNITURE.NET

Here’s the domain name details  – complete rubbish as usual – created in February, updated today.

complete Domain Name: PEFURNITURE.NET
   Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
   Referral URL: http://www.PublicDomainRegistry.com
   Creation Date: 06-feb-2010
   Last update of whois database: Tue, 11 May 2010 21:47:04 UTC <<<

Registration Service Provided By: HIGH HOSTING ENTERPRISES, INC
Contact: +001.8503682092

Registrant:
    PHYLLIS THOMPSON
    William Ace        (surveyciti@rocketmail.com)
    21 E. Penn St
    Mundeline    IL,60060    US
    Tel. +1.2066664204

Obviously this is a scam. do not go there or give any of your details – you have been warned

My answer is ‘Almost‘!

These sites (and there are plenty of copycats) appear to operate as eBay-type auctions, but they have several important unlike eBay, when the auction ends, it doesn’t!

These are not real, fair auctions like you’d expect – you bid in tiny increments, say a penny – but, every penny costs you around 60 cents (or equivalent local currency) and every bid costs money so the more bids, the more money the ‘house’ gets.

It’s obvious;y a huge money spinner – a few ordinary goods seem to be going for $5, when in reality they can be paid for many times over by the losing-but-paying other bidders.

This system and the interminable nature of these auctions (the clock gets reset every time a new bid is received) means that the end result is a lottery. This is a fact that these sites want very much to suppress as the legal rules change a great deal if this is the case, but the fact remains that any logical examination of the system points to a lottery or some other form of gambling.

I tried this out for a day, lost $50 and helped the profits of Swoopo incrementally. I’m sure there are plenty of people who have the time and money and persistence (and luck) to actually snag one of those HDTVs for $20, but they are very much in the minority.

My advice? Avoid these sites like the plague that they are – if you want to gamble, buy a lottery ticket or play online poker, just don’t waste your time and money on Swoopo!

There are a lot of smart people out there who know way too much about computers and software and stuff, like this guy: ‘Perishable Press‘. So, can someone clever please tell me why this simple url hangs up a bunch of seemingly dissimilar web servers:

My banana was once part of a bunch very similar to this one

Here’s the deal – when someone asks for a webpage on Scamdex that doesn’t exist, it shoots me a quick email to tell me about it. That way I can see if anything is broken and if anyone is trying to hack my site. My normal response to obviousl hack-attempts  is to block the IP address or use .htaccess rewrite rules to send them to an oh-so-friendly  ‘go away page‘ .

In this case, the URL carries a payload that is itself a  link to a file on a remote site, which it hopes I will allow to run on my server. The code (which is reproduced in it’s entirety here) will, if allowed to run, return the word ‘FeelCoMz’ to the ’sKriptKiDee’, aka ‘Wanker’  on the sending end.

<?php /* Fx29ID */ echo("FeeL"."CoMz"); die("FeeL"."CoMz"); /* Fx29ID */ ?>

So… it didn’t work, I trapped it and it raised a red flag, but then why, when I try the URL does it make a browser stand blinking like a deer in the proverbial headlights for 120 seconds before falling flat on it’s back?

Analyzing the url gets me to this reduction of required parts:

* any .php file path.
* any query string, that contains a ‘http://’ in
* must have a file extension such as txt, gif, png etc.
* must have the trailing ‘?’

will cause the same problem on an awful lot of famous name servers. For example, including mine: scamdex.com, uniplex.com, google.com, microsoft.com, amazon.com etc etc.

For example, in the following link, everything except ‘www.amazon.com’ is made up

http://www.amazon.com/a.php?b=http://c.gif?

but it still exhibits the same behaviour – WTF is going on?

and why, oh why can’t I detect it in my .htaccess file?

First person to:
1. Tell me why it’s happening.
2. Tell me how to detect it and stop it happening.
3. Tell me why Google hates me.

gets a really major serious prize like my personal desktop banana, or this lovely (chipped) coffee mug with the name of a football club I don’t support on it – or even my second best earphones.

Good luck!

_________________________________

Still no replies and it’s still happening…. where have all the gurus gone?

In my infrequent callouts to other websites that  (like Scamdex) were  created out of the blind fury experinced by seeing bad people taking money from good people, I have another site for you to take notice of.

But first, a recap:

When Scamdex started in 2004, there were very few sites about scams and Internet fraud; we felt there was a need to educate people and, using the power of Search Engines, set out to make it easy to check on emails and websites.

Since then, the field has  grown – lots of Government-funded sites have sprung up, large Internet organizations  have (finally) acknowledged that fraud does happen and now devote precious pages to warning their customers  “it’s not our fault, please don’t bother trying to sue us” “there are unscrupulous people out there so please don’t use Western Union to but Laptops from Nigeria” etc…

But still Scamdex and the many other privately run websites continue in their (often one-manned) struggle against the odds and so to one of these: ‘BobBear’

Bob Bear Website Logo

Bobbear.co.uk is a voluntary, non-profit site dedicated to providing information on fake companies offering part-time, work from home job scams, in particular money mule or money transfer fraud, aka ‘payment transfer agent’ scams and the related reshipping fraud or ‘parcels agent’ scams. They also provide victim advice and support. If you receive a suspect spam offering you a job or find a website offering fraud jobs then please send them (and us) a copy.

Please support them – you know it makes sense!

Cyber Security Tip ST06-008        Safeguarding Your Data

When there are multiple people using your computer and/or you store  sensitive personal and work-related data on your computer, it is especially important to take extra security precautions.

Why isn’t “more” better?

Maybe there is an extra software program included with a program you bought. Or perhaps you found a free download online. You may be tempted to install   the programs just because you can, or because you think you might use them   later. However, even if the source and the software are legitimate, there  may  be hidden risks. And if other people use your computer, there are  additional risks.

These risks become especially important if you use your computer to manage  your personal finances (banking, taxes, online bill payment, etc.), store   sensitive personal data, or perform work-related activities away from the   office. However, there are steps you can take to protect yourself.

How can you protect both your personal and work-related data?

1. Use and maintain anti-virus software and a firewall – Protect yourself against viruses and Trojan horses that may steal or modify the data on  your own computer and leave you vulnerable by using anti-virus software and a firewall (see Understanding Anti-Virus Software and Understanding  Firewalls  for  more  information).  Make  sure to keep your virus definitions up to date.

2. Regularly scan your computer for spyware – Spyware or adware hidden in software programs may affect the performance of your computer and give  attackers access to your data. Use a legitimate anti-spyware program to   scan your computer and remove any of these files (see Recognizing and Avoiding Spyware for more information). Many anti-virus products have incorporated spyware detection.

3.  Keep software up to date – Install software patches so that attackers       cannot  take  advantage  of known problems or vulnerabilities (see       Understanding Patches for more information). Many operating systems  offer automatic updates. If this option is available, you should turn it on.

4.  Evaluate  your  software’s settings – The default settings of most       software enable all available functionality. However, attackers may be able to take advantage of this functionality to access your computer. It is especially important to check the settings for software that connects to the internet (browsers, email clients, etc.). Apply the highest level  of security available that still gives you the functionality you need.

5.  Avoid unused software programs – Do not clutter your computer with       unnecessary software programs. If you have programs on your computer       that  you  do  not use, consider uninstalling them. In addition to       consuming system resources, these programs may contain vulnerabilities       that, if not patched, may allow an attacker to access your computer.

6.  Consider creating separate user accounts – If there are other people       using  your  computer,  you  may  be worried that someone else may       accidentally access, modify, and/or delete your files. Most operating       systems (including Windows XP and Vista, Mac OS X, and Linux) give you       the option of creating a different user account for each user, and you       can set the amount of access and privileges for each account. You may       also  choose  to have separate accounts for your work and personal
purposes. While this approach will not completely isolate each area, it       does offer some additional protection. However, it will not protect your       computer against vulnerabilities that give an attacker administrative       privileges. Ideally, you will have separate computers for work and       personal use; this will offer a different type of protection.

7.  Establish guidelines for computer use – If there are multiple people       using your computer, especially children, make sure they understand how       to  use  the  computer and internet safely. Setting boundaries and       guidelines will help to protect your data (see Keeping Children Safe       Online for more information).

8.  Use passwords and encrypt sensitive files – Passwords and other security       features add layers of protection if used appropriately (see Choosing       and  Protecting  Passwords  and  Supplementing  Passwords for more       information). By encrypting files, you ensure that unauthorized people
can’t view data even if they can physically access it. You may also want       to consider options for full disk encryption, which prevents a thief       from  even starting your laptop without a passphrase. When you use       encryption, it is important to remember your passwords and passphrases;       if you forget or lose them, you may lose your data.

9. Follow  corporate  policies  for handling and storing work-related       information – If you use your computer for work-related purposes, make       sure to follow any corporate policies for handling and storing the       information.  These  policies  were  likely established to protect       proprietary information and customer data, as well as to protect you and       the company from liability. Even if it is not explicitly stated in your       corporate policy, you should avoid allowing other people, including       family members, to use a computer that contains corporate data.

10. Dispose of sensitive information properly – Simply deleting a file does       not completely erase it. To ensure that an attacker cannot access these       files,  make  sure  that you adequately erase sensitive files (see       Effectively Erasing Files for more information).

11. Follow good security habits – Review other security tips for ways to       protect yourself and your data.
_________________________________________________________________
Author: Mindi McDowell   Produced 2006 by US-CERT, a government organization.
<http://www.us-cert.gov/cas/tips/ST06-008.html>

Sooooo I went to the ZZN.com website, a free email service provider – it’s been around for years and does not seem to be going anywhere soon – and created a SCAMDEX.ZZN.COM email service – so you can go there and get a mystoopidname@scamdex.zzn.com email address to use and abuse as you wish.

Great if you want to contact someone but don’t want the relationship to continue…. not sure if you’re being scammed? create a new email address, give that out and if it all turns cruddy, just walk away. The accounts are removed after 30 days of no-use so you can forget all about it.

Beloved of scammers the world over (and especially popular in some of the more western partsof the African subcontinent), the free email address allows the freedom to communicate with no strings attached. it’s nice to be able to put it to a new use. (kind of like a disposable razor).

Anywa, go ahead, get a new email address – don’t go sending any 5 megapixel photos there though, it’s only got 3MB quota!

One word of warning – ZZN are quite happy to pass on details to law enforcement officials so no scamming please!

I am an old Unix dude, I have installed more different versions of Unix than most people – Everything from Sco Xenix/286 thru to Centos5.2 and I don’t usually have much problems – but as time wears on, my brainDisk is starting to squeal and it’s not as fast at random access as it used to be so I was really happy when I rented a server with Cpanel/WHM installed on it.
For those who don’t know, Cpanel is the web-based interface to everything you will never learn on a Unix server – plus, the WHM super system allows you to carve off a chunk and sell it or give it away to your pals, reasonably confident that they won’t/can’t screw it up.
Add in virtual web/mail/log server management and lots of useful pre-installed tools and you have a system where you rarely have to get your hands dirty under the #hood.

Well, I love Cpanel now and I have grown to rely on it (curses!) so when it comes to creating my own server, so I can save money on a dedicated one I find I need it to get things done (and my old stuff transferred.

The problem with CP is that it costs $$money. between $30 and $48/month. and. I. just. don’t. want. to. pay. that. any. more….. so….

Piracy is out – mainly because you need to register the license with CP and also because that’s bad!:’(

Perhaps I could install it, setup my system the way I want and then after a month or so, hand it back??

well, no apparently – most people (Including themselves) seem to be of the opinion that to uninstall CP, you should really re-install Linux…. kind of defeats my object here!

so…. alternatives, anyone?

There are a few – some other commercial (pay $$ for) such as DirectAdmin and some Public Domain ones (Web-CP, WebMin/VirtualMin). So I started evaluating these free Cpanel Alternatives ….

1. WebMin/VirtualMin

Looks like it will do the job – only one of the alts that I’ve heard of and actually used before. Installs easily enough and looks nice – has a fine range of functionality but what lets it down is it’s non-simplicity. Cpanel’s approach is to show you a bunch of things that you may want to do and asks sensible questions (with usually relevant tooltips close by) so help you accomplish your requirements.  WebMin takes the ‘I’ll help you to write the configuration files correctly’ approach – you really have to know what you’re doing and in a lot of cases, the input fields are just blank with no clue as to what to put there.

WebMin Configuring Backup Example Screenshot

This probably highlights the major difference between CPanel/WHM and the rest of the Server Admin systems out there – CP/WHM does some pretty radical things to your server when you install it and this is why it’s so hard to uninstall. The other systems kind of leave things as they are and just act as configuration helpers. As an example, see the two screenshots of the ‘backup’ functions.

Cpanel Domain Owner Backup Page

2. Web-CP

Much, much, harder to install and harder to find the installation instructions too. but seems pretty good so far.

I had problems with the PHP startup scripts being written with DOS line endings which confused the life out of me for a while until I found it.  Still not able to start the system up but suspect it’s something to do with the line that reads:

$args = trim(next($HTTP_SERVER_VARS["argv"]));

# Shouldn’t that just be ARGV for shell scripts?)

… I’ll continue and let you know how I get on.

This is a notice that you should send to your family and friends, (especially the ’silver surfers’) and maybe even stick on the ‘fridge door and on the side of your monitor, just so you remember. Help make this a Scam-Free Christmas!

US-CERT Issues Warning about Cyber Shopping

Online shopping has become a popular way to purchase items without the hassles of traffic and crowds. However, the Internet has unique risks, so it is important to take steps to protect yourself when shopping online.

Why do online shoppers have to take special precautions?

The Internet offers a convenience that is not available from any other shopping outlet. From the comfort of your home, you can search for items from countless vendors, compare prices with a few simple mouse clicks, and make purchases without waiting in line. However, the Internet is also convenient for attackers, giving them multiple ways to access the personal and financial information of unsuspecting shoppers.  Attackers who are able to obtain this information may use it for their own financial gain, either by making purchases themselves or by selling the information to someone else.

How do attackers target online shoppers?

There are three common ways that attackers can take advantage of online shoppers:

• Targeting vulnerable computers – If you do not take steps to protect your computer from viruses or other malicious code, an attacker may be able to gain access to your computer and all of the information on it. It is also important for vendors to protect their computers to prevent attackers from accessing customer databases.
• Creating fraudulent sites and email messages – Unlike traditional shopping, where you know that a store is actually the store it claims to be, attackers can create malicious web sites that mimic legitimate ones or create email messages that appear to have been sent from a legitimate source. Charities may also be misrepresented in this way, especially after natural disasters or during holiday seasons. Attackers create these malicious sites and email messages to try to convince you to supply personal and financial information.
• Intercepting insecure transactions – If a vendor does not use encryption, an attacker may be able to intercept your information as it is being transmitted.

How can you protect yourself?

• Use and maintain anti-virus software, a firewall, and anti-spyware software – Protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer and leave you vulnerable by using anti-virus software and a firewall (see Understanding Anti-Virus Software and Understanding Firewalls for more information). Make sure to keep your virus definitions up to date. Spyware or adware hidden in software programs may also give attackers access to your data, so use a legitimate anti-spyware program to scan your computer and remove any of these files.
• Keep software, particularly your web browser, up to date – Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it.
• Evaluate your software’s settings – The default settings of most software enable all available functionality. However, attackers may be able to take advantage of this functionality to access your computer. It is especially important to check the settings for software that connects to the Internet (browsers, email clients, etc.). Apply the highest level of security available that still gives you the functionality you need.
• Do business with reputable vendors – Before providing any personal or financial information, make sure that you are interacting with a reputable, established vendor. Some attackers may try to trick you by creating malicious web sites that appear to be legitimate, so you should verify the legitimacy before supplying any information . Locate and note phone numbers and physical addresses of vendors in case there is a problem with your transaction or your bill.
• Take advantage of security features – Passwords and other security features add layers of protection if used appropriately.
• Be wary of emails requesting information – Attackers may attempt to gather information by sending emails requesting that you confirm purchase or account information . Legitimate businesses will not solicit this type of information through email.
• Check privacy policies – Before providing personal or financial information, check the web site’s privacy policy. Make sure you understand how your information will be stored and used.
• Make sure your information is being encrypted – Many sites use SSL, or secure sockets layer, to encrypt information. Indications that your information will be encrypted include a URL that begins with “https:” instead of “http:” and a lock icon in the bottom right corner of the window.
• Use a credit card – Unlike debit cards, credit cards may have a limit on the monetary amount you will be responsible for paying if your information is stolen and used by someone else. You can
  further minimize damage by using a single credit card with a low credit line for all of your online purchases.
• Check your statements – Keep a record of your purchases and copies of confirmation pages, and compare them to your bank statements. If there is a discrepancy, report it immediately.

This document can also be found at  on the US-CERT Website, HERE

The DNS Route to Scam Protection Online.

When you type in ‘www.scammingsite.com’ on your browser, a lookup is performed to translate the domain name into a unique address (IP Address) that all networked computers understand and which contains the path to the right server.


Your ISP will have given you two longish ‘numbers-separated-by-dots’ (eg. 207.44.123.28) to type in to your Network Settings. These are the Domain Name Servers (DNS) that your computer will use whenever you ask to go to a domain name.

Right? Well, never mind, just trust me on this one.

Wouldn’t it be great if, when you did the lookup/translate part, the result was filtered for Scams/Profanity/Pornography/Crime/Violence etc etc?

Well, by changing the DNS servers you use, you can have this great feature – for free, I may ad – and you (and your children/employees) can surf a little easier. No software to download, no subscriptions, no spam – it couldn’t be easier. Free, simple to do, free, great protection …. what more can I say other than if you don’t believe me, Click this button to find out why you need to change your DNS servers NOW!

(or, you can just change your DNS servers to 208.67.222.222 and 208.67.220.220 and get on with your life)

BTW, the same people who run OpenDNS.com also run an Anti-Phishing site called, amusingly, PhishTank