Skip to content

Comments With Links To Chinese IP Addresses

Friday, April 11, 2008

I received several blog comments overnight that included links to Chinese IP addresses. All of them were in perfect English. Some were complimentary, some were insulting.

While they were quite comprehensive, none of them had anything to do with the content of the blog post.

Therefore all of them were spam. I also suspect that the links included point to sites which, if visited, would do things to your computer that you’d rather not have happen.

These comments are making it past my Akismet filters (although they will be reported to Akismet) and I have my blogs set up as follows:

* No registration required, but you must have at least one approved comment before your comments will be automatically approved (in other words, all of your comments will be held for moderation until I approve at least one).

* I receive email notification (to my main account) of any comments awaiting approval, as well as any approved / pre-approved comments.

I strongly recommend that you configure your blogs to do the same. I did have “registration required” and “moderate all comments” at one point, but that tends to cut down on the number of comments you receive.

Each email you receive (if you follow this system) will show you the IP address and domain name that the link points to. In this case, the “.cn” at the end of each link set off alarm bells. When I saw how good the English was and how off-base the rather verbose comments were, my suspicions were aroused even more.

They are spam. They could point to malicious websites.

While I’m not in a position to tell you how to manage your blog, please keep this in mind: Any link on your website is a link that one of your website visitors could click on. Do you want to send them to sites that could trash their computer? I say that it’s in your best interests to help protect your customers’ computers by providing as safe a site as possible.

So please; consider saying “no” to these links and report them to Akismet as spam.

Thanks,
Tom

P.S. — While all of the comments thus far have pointed to Chinese IP addresses, I suspect that I’ll soon start seeing such comments pointing to IP addresses from other countries. It’s not JUST a “Chinese Thing”…!

Filed in News, tips | Comments (0)

Can You Still Get Product Launch Formula 2? Maybe!

Wednesday, April 2, 2008

Can you still get a copy of Product Launch Formula 2? Maybe.

To find out if you can, click on this link (don’t wait; access is limited):

http://www.tdbx.com/r/plf/

Jeff Walker is going to re-release Product Launch Formula 2 at noon Eastern Time on Wednesday, April 2, 2008. It’s going to be a limited re-release.

Why? Because unlike Product Launch Formula 1, Version 2 is going to be different.

(Incidentally, Jeff just announced that he’s adding a “streamlined” version of Product Launch Formula 1 as a bonus for purchasers of Version 2.)

Each Monday, Jeff is going to upload a video for owners to watch. This will be followed with a LIVE teleconference where owners will be able to ask questions (if you have to miss it, don’t worry; Jeff will record it). And knowing Jeff, he’ll stay on the phone until every question is answered.

Jeff is also going to be running surveys and soliciting feedback to ensure that every owners’ questions are answered and that they get the help they need.

Add that to some of other incredible bonuses that he’s giving away and Product Launch Formula 2 turns out to be an incredible value.

As an owner of Product Launch Formula 1 and 2, I’d also like to add that Jeff really does value his customers. He’s personally answered several emails from me and has been known to host private receptions for his product owners at live events (I’ve attended one of them). I also sat next to him at dinner once and received quite an education! Jeff’s not going to run and hide somewhere; he’s accessible and truly does want to hear from his customers.

So enough already; since Jeff is running this version as a live training course, he’s only selling a limited number of seats for this course. So to make sure that you get one of them, head over to this link NOW (even if it is before noon; you can sign up for a reminder email, and Jeff doesn’t spam!):

http://www.tdbx.com/r/plf/

Thanks for listening,
Tom

Filed in Uncategorized | Comments (0)

Email Problem On My Web Server, Part 1

Thursday, March 13, 2008

Last night I was working on updating a web site that I’ve neglected for quite some time. While working on it, I noticed that the links on that site’s blog were redirecting to a domain that had hosted my redirects at one point, but I later decided to use it for something else and deleted the redirects (not a good idea, by the way!). That “something else” got started several months ago and fell off the proverbial plate.

In other words, I had *two* neglected sites!

Since the redirects on that blog no longer worked (and might have been costing me lost commissions) I decided to go for the easy fix: simply upload a PHP-based redirect to the “project” domain. I fired up my FTP client and went to upload the redirect.

I couldn’t create a directory, nor could I upload the file.

To make a long story short, I had forgotten to set up the email on that domain so that anything not addressed to a specific account got bounced back to the sender. And there were over 16,000 spam messages in the catch-all Inbox — messages which I had to delete — and which had taken the disk utilization to 100%.

I couldn’t add a single thing to the web site.

I’ll get into the “how to prevent this” in a future post, but first I want to tell you how I fixed the problem.

I first started to simply delete the messages in the web-based email client provided by my web hosting company. But at 100 messages per screen, it would have taken over 160 screens worth of deleting… Plus I did not have a “Trash” folder to send the messages to (you have to create it yourself in this application), and with all available disk space used, I couldn’t create it!

In other words, that method didn’t work.

The next method was to go to my FTP client, go into the “mail/new” directory, and delete them manually. But my FTP client only retrieves 2,000 files in a directory listing at a time — and deletes them by issuing a “delete” command for each file. It would have taken forever!

The solution? I was able to use Putty, a secure shell client, to connect to my web server and do the actions from a command prompt. This requires a knowledge of Unix, of course, and probably isn’t a viable solution for most. I managed an entire network of Unix boxes at one point in the past, so this is not a problem for me.

I was able to go from 100 megabytes to about 3 megabytes of disk space used in about five minutes.

Coming soon: How the problem happened in the first place and how I fixed it.

Stay safe,
Tom

Filed in News, tips | Comments (0)

JVAlert: Skip The Lecture, Let’s Make A Product!

Sunday, February 10, 2008

Here’s an email I just sent as a test to a couple of safelists. It was sent to a total of 10,000 opt-in email recipients; I’m curious as to how many sales it will generate.

I don’t have a lot of faith in safelists, but I have made a few dollars from them by promoting quality products, so we’ll see how this one goes.

I’m using a special tracking link for this (it’s not the one in this post, although the link here works).

I’ll report back after several days to let you know how it goes.

And check out the product yourself; I think it’s a great value.

Thanks for listening,
Tom

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

What do you get when you cross 72 Joint Venture (JV) experts with a speaker cancellation?

A product, of course! :)

http://www.tdbx.com/r/ijvsb

Ever hear the saying, “My Dime, Your Time”?

Would you give up a thin dime — just ten cents — to get a tip from a JV expert?

Are you willing to give up 70 dimes to get a product created “live” by 72 JV experts?

As I write this, JVAlert Orlando is wrapping up. One of the speakers (Joel Comm) got sick, but instead of just cancelling that session or filling it with useless filler, they decided to create a brand-new product.

Of course, with a room full of JV experts, what type of product would you expect?

If you said, “An ebook full of JV tips — 51, to be exact.”, you’d be correct!

And that’s not all; there are 42 bonus links on the download page as I write this (ignore the number in the sales letter; I don’t think they can keep up with the influx of bonuses being offered!).

Oh, and it all comes to about $0.1372 per tip, so it’s not a question of not being able to afford it; the question is if you can afford to IGNORE it. And there’s zero risk; they offer a 100% guarantee.

Want to know more? If so, head to this link (and beat the crowd; this is a 100% commission product!):

http://www.tdbx.com/r/ijvsb

Thanks for listening,
Tom

Filed in News, Safelists | Comments (0)

The Hacked WordPress Blog, Part 1

Friday, February 8, 2008

I’ve heard too many horror stories about hacked WordPress blogs lately. There are a lot of reasons why these blogs were left vulnerable and open to exploitation:

  • Some of them did not have the latest version of WordPress installed.
  • Others had improper configurations.
  • Yet others had stuff available (plug-ins and themes) that weren’t necessary.
  • And some even had zero precautions in place to protect the list of plug-ins they were running!

There are a lot of simple steps you can take to better protect your WordPress blogs and it’s never been easier to keep your blogs protected.

WordPress released a new version of WordPress earlier this week. With the system I have in place, I was able to upgrade 10 blogs in less than 30 minutes — and I have a dialup connection to the Internet — while a 20 month old toddler tried to keep me from working (she was sitting on my lap). And I built that system using tools that didn’t cost me a cent.

The days of excuses are gone.

I’m going to be talking about some of these problems in the days and weeks to come and will be offering solutions to some of the more common problems.

Thanks for listening,
Tom

Filed in WordPress, tips | Comments (1)

The Warrior Forum Hack: My Analysis

Tuesday, February 5, 2008

There has been news floating around that The Warrior Forum (a popular forum for online entrepreneurs and a lot of people who want to try to make money online) was hacked. I decided to look into it.

First, I logged in to the forum and could find no posts that would indicate that the forum had been hacked other than that the normal category descriptions were not quite as they were a few days ago. Nevertheless, that’s enough to show me that some major changes had taken place lately, and from past experience, such little things are the last to be restored after a security breach. So while it doesn’t say “yes”, it does say that something happened that required some major restoration work.

Next, I simply searched for “warrior forum hack” and found this very helpful post on the affhelper.com blog (my apologies; I don’t know your name… and if you’ll leave a comment with an email address that only I’ll see, I’ll contact you about something I saw on your blog). The great thing about affhelper is that he captured a screen shot of the hack (there’s a link to the screenshot in his blog post; I won’t link directly to it).

So I did a bit of digging on Snitz Forums, which is the software used to run the forum.

What I found leads me to this conclusion: If you are going to use Snitz Forums software in a business situation, you need to have a system for supporting that software. Here’s why:

Snitz Forums is Open Source software and is covered by the GPL. Now don’t get me wrong; I love Open Source / free software, I use Open Source / free software, and will soon be releasing some Open Source / free software training courses myself. And Snitz Forums seems to be a very vibrant community that’s filled with people who really want to make the software the best it can be. But as I’ve mentioned in the past, if you are using open source / free software, YOU MUST HAVE A PLAN IN PLACE FOR WHEN YOU NEED HELP FIVE MINUTES AGO. Asking for help with a problem on a support forum when your money-making forum has been hacked isn’t going to cut it.

Another problem (which is actually also a blessing) is that the source code is open source and available to anybody who wants it. It’s very easy for anybody (with programming knowledge, of course) to go through the code, discover vulnerabilities, and do something with them. Responsible people report them and create fixes, making the software even better. Miscreants and criminals keep this information to themselves and use it for their own selfish purposes. So while it’s much easier to discover vulnerabilities and exploit them, it’s also easier to discover vulnerabilities and patch them — hence the mixed blessing.

The question, therefore, is this: Who is going to find the vulnerability first? Quite simply, it’s going to be the person with the most motivation. In some cases, it’s criminals looking for new ways to take over boxes, but (thankfully!) there are also lots of good, qualified people who dedicate their spare time to poring over open source software source code, looking for holes. While we owe a debt to them, we also don’t have the right to expect them to be 100% vigilant. In that regard, they are “undependable” from the standpoint that they, not you, get to set their priorities. You have no right to expect them to rearrange their life to solve your problem (at least for free).

The bottom line is that, if you are going to use open source software to operate your Business, you need to have a plan in place to support that software. This is something you can easily get in most cases with commercial software and, if not, you can pay the vendor extra for a support contract. In some cases, you can find somebody who will do the same for open source software. The bottom line is that regardless of the type of software you use, you’d better have somebody to call when something goes wrong that results in your cash flow getting turned off!

There is, however, one huge advantage to open source software: licensing issues. Trying to keep track of licenses for your commercial software can be problematic; with open source, as long as you’re not modifying it and trying to protect your modifications and/or sell it, you’re not going to experience any problems (this is simply my ignorant, uninformed opinion; talk to your lawyer to get the truth…!).

So there it is. The Warrior Forum isn’t going away, and it isn’t going to move away from Snitz Forums, either (sorry, imsimple, you got that one wrong, in my opinion — but it would be nice to move it off the Microsoft platform!). The owner of the Warrior Forum probably has the resources available to fix problems like this — plus he has already made a considerable investment in this software and built a community using it. Changing it now would hurt him. A lot. I don’t think he’ll change it.

So before you decide to use Snitz Forums and “be like the Warriors”, make sure that you do your homework and ensure that the costs you’ll incur to maintain it and keep it secure are costs that you can afford.

Thanks for listening,
Tom

Filed in Incidents, News | Comments (3)

Take Action TODAY To Protect Your Website Logs

Wednesday, January 30, 2008

My cPanel configuration gives me the option to save my websites’ raw action logs at the end of every month. It saves them in a folder in a non-publicly accessible part of my web server.

Setting this up is quite simple; you simply log in to your cPanel, click on the “Raw Access Logs” link, and there should be an option to automatically archive your logs at the end of every month.

[CORRECTION: If you are using cPanel 10, you'll need to click on the "Raw Log Manager" link to set this up; the "Raw Access Logs" will only allow you to download the raw access log for the current month, up to the current time. If you are using cPanel 11, you can do both from the "Raw Access Logs" link. --Tom]

With this option, all you need to do is create a procedure to log in to your account once a month (perhaps the 2nd or 3rd day of the following month) and download the logs. If you do this, you can also check the box to delete old logs when new ones are archived (although I recommend that you NOT check that box and simply delete the logs manually once you’ve downloaded them).

You can also keep them on your web server if space isn’t an issue. In fact, if possible, keep a copy on your web server AND download a copy; backups are a good thing… :)

Why should you do this? Because most web hosting companies only keep a few days worth of raw access logs. If you don’t save them, nobody will…

Aside from what you can do with these logs for tracking, testing, and statistical purposes, they may be worth their weight in gold should some type of security incident take place on your web server.

So check those boxes and start saving your logs.

And one more thing: today is January 30th, so if you don’t take action today or tomorrow, you’ll lose January’s raw access logs (assuming your web hosting company is like mine; my assumption is that most of them are).

Thanks for listening,
Tom

Filed in News, Tools, tips | Comments (0)

One Way To Better Protect Your Website’s Files

Friday, January 18, 2008

I’m a member over at The Internet Marketing Inner Circle (TIMIC), which was created and is run by Willie Crawford. I help Willie moderate the forum and he’s become a good friend and mentor over the past couple of years.

Willie, Will Bontrager, and Patrick Pretty — all TIMIC members — got together to create and market a system that helps protect the files on your website, such as graphics and ebooks. The name of the system is Hot Link Alarm. I was able to purchase a copy before the public release (as a member of TIMIC) and played with it a bit. It’s going to help a lot of people who decide to become owners of this system.

I imagine that I could find some holes in it if I looked hard enough (and the instructions do mention some possible scenarios where this system would be ineffective), but all in all, it’s a pretty good package. It does what it says it’s going to do, and from what I could tell, it looks like it would take direct access to the web server account to seriously dilute its effectiveness.

The one thing I’d like to see is better instructions and perhaps some training videos (it’s also possible that I somehow missed them; the product team is pretty thorough in its approach, and if you really get stuck, help is available). Even without that, I was still able to set up and successfully test a site with the software.

If you go to a sample blog post that I set up for this test (at http://www.7simpletips.com/funny-error-message/, you’ll see that I have a graphic there. That particular graphic is protected using the Hot Link Alarm system. Note that it shows up just fine on this website. Also notice that if you do a “View Source”, you won’t find the graphic name. I did find one way to save the image to my computer, which I won’t disclose here.

Next, click on this link to see me try to steal that image, which is protected with Hot Link Alarm. You’ll notice the “Graphics Piracy Detected” image in spite of what I put in the source code (go ahead, take a look at it; you’ll see that I tried to directly hot link to the image on the 7 Simple Tips blog. Keep in mind that, with this system, your website visitors won’t see the direct link to the image in the source code). What you won’t see is the email that will hit my Inbox telling me that this Tom Brownsword guy is an image and bandwidth thief… :)

The system helps prevent theft of your intellectual property and bandwidth, and with the email alerts you receive (you have to set it up first), you’ll have enough information to contact the thief or their hosting company to complain about the theft.

There are many other alerting and “theft busting” options that I haven’t explored yet.

All in all, it’s a solid package and a solid system. It’s a low-cost control that can help reduce your risk of intellectual property and bandwidth theft.

You can learn more about Hot Link Alarm by clicking on this link.

Thanks for listening,
Tom

P.S. — If you have signed up for the blog announcement list, I apologize for the broken links. I just realized that I never uploaded the “thanks” and “confirm” files. I’ll take care of that shortly.

Filed in News, Tools | Comments (0)

Last Night’s Teleseminar

Thursday, January 17, 2008

The teleseminar with Willie Crawford went, in my opinion, quite well. We covered a lot of ground and discussed a lot of things.

If you weren’t able to attend the teleseminar live, I’m working with Willie to make the recording available.

If you have already subscribed to my blog announcement list, you received a link to the “Resources” page that was given out on the call last night, even if you did not attend. You can review the rough outline of things we discussed, view a video about a “footprint” that WordPress leaves that makes it easy for miscreants to determine your version of WordPress (and what to do about it), along with a few other recommendations.

If you haven’t subscribed, don’t wait. I like to reward those who allow me to occupy precious space in their Inbox with occasion free “extras”. Subscribers also get the best available discount on new products for 24 hours when they are launched.

To subscribe, simply fill out the form at the top left of the main blog page, then confirm your request by clicking on the link in the email you’ll receive. If you don’t see the sign up form, click on the big banner at the top of this page; it will take you to the main blog page, where you will see the form.

Thanks for listening,
Tom

Filed in News | Comments (0)

Free Computer Security Teleseminar With Willie Crawford — TODAY!

Wednesday, January 16, 2008

Willie Crawford will be interviewing me TODAY (Wednesday, January 16, 2007) at 5:00 PM Eastern Standard Time. The topic will be computer and website security.

This is a free call (long distance charges apply); we are not charging for access to the call.

To register and get the call details, go to the following link:

http://therealsecrets.com/ComputerSecurity/.

Hope to be talking to you in a few hours.

Thanks for listening,
Tom

Filed in News | Comments (0)