Oct 082009
 

Starting a new website is your idea ? Without an online presence a company doesn’t exist. If is about a person the most popular is a weblog. But many people have the hope about making money sitting in an armchair or near the pool waiting the cash.Forgot this idea. Is only the nice side which a lot of scammers are promoting, trying to sell the automate successful business.
On the other side, if you plan to make your own website,  a lot of possibilities are available. Build your own website is not a difficult job. If you don’t have any experience, you can start with a multi user platform like this one, at wordpress.com or an alternative like blogspot.com, and so on. You will  choose a subdomain which will be also your site name and is done. If you are few steps ahead, you will purchase a domain name and a hosting plan. Of course you can setup by yourself the website or use a tool as Fantastico which is the most diffused in the hosting system. What is next ?
Want to start an online store! Many people will tell you about the advantages and benefits of an online business.  Before you waste your time, money and nerves think that would be good to know which classic mistakes people are doing .  The first is a wrong business idea. A lot of things are seem to be simple at first look. You saw that Amazon.com may sell everything, and do millions of dollars . Your idea? To do a bookstore! or .. To make an electronics store! Not necessarily bad ideas, but do not qualify easily as good ideas for a startup. A good business is the one we are enough expertise to run it. Avoid heavy businesses, you do not know in detail, you do not you support, you do not understand very well. Otherwise, you will be another-website without visitors and revenue. Think to a business that will energize your interest every day you open the page on the internet. To build the website starts by purchasing the domain name,  a name which will better define the  activity  and content. Next post will be about the technical part of the job.

Theme 1

Theme 2

Jun 242009
 

Few days ago I had problems with the sites I am playing. The reason of the problems was a vulnerability in the Firefox not in Windows so it was a little bit harder to find and understand.
So,  Thunderbird was so kind to allow download of a malware. It is added by the W32/Zotob-I worm. This infection, when started, it connects to a remote IRC server where it waits for commands to execute. I installed the TCP view from sysinternals.com and I have take a look at what is happening. My infection script start to open a lot of ports and listen to be connected to remote attacks. In one of this session, a ftp connection was up and some passwords was stolen. From here to have the sites modified was piece of cake.
To clean this issues I installed TCPView ( sysinternals ) which is a useful tool to see what connections are in use on the computer.

After I have installed Hijack This from TrendMicro.com to see what processes are starting at Windows boot. In the same time TrendMicro’s tool is able to clean the suspect entries and give explanations about every program started by the system.
The worst thing in all this adventure is that a site I am maintaining for a friend was down few times and this, you can imagine, is not a good vote for my expertise. Bellow is an example on how it looks the screen for this job in action.
Good Luck and  safe websites 🙂

SERVICES.EXE:712    TCP    192.168.2.2:2028    206.46.232.11:25    ESTABLISHED
SERVICES.EXE:712    TCP    192.168.2.2:2030    216.39.53.2:25    ESTABLISHED
SERVICES.EXE:712    TCP    192.168.2.2:2035    217.72.192.149:25    LAST_ACK
SERVICES.EXE:712    TCP    192.168.2.2:1830    216.18.67.184:25    FIN_WAIT2
SERVICES.EXE:712    TCP    192.168.2.2:2012    64.12.138.120:25    LAST_ACK
[System Process]:0    TCP    192.168.2.2:1996    61.9.0.187:25    TIME_WAIT

Jun 112009
 

This days I am dealing with some infected files in my sites. I have seen thet this bot is inserting two iframes in files containing in their name “index”,”default” or “home”. On this blog the files infected was /index.php, /wp-admin/index.php, /wp-admin/index-extra.php, wp-includes/default-filters.php and /wp-content/themes/../index.php . All this files were containing the two iframes pointing to the two .cn sites. Looks to be a vulnerability on the server as far as all sites hosted at the same IP were modified.

So the fastest method to repair is replacing the infected files containing the malicious code inside with some clean files from default installation or open with an editor and clean manually. After it, has to be secured the website by adding a .htaccess file with the rules to block the malicious visitors and of course install some useful plugins as firewall and file monitor.

The plugin WordPress-Firewall is available to download here


Later on I will post a model of a .htaccess file