Blog Archives

Bork-Edition User Agent

Opera User Agent “Bork-Edition”

bork-edition spam bot iconHave you seen Bork-edition user agent strings? Wondered what browser uses this string? Maybe noticed nearly all traffic to your site with Bork edition in the user agent string is spam and hacking attempts. User agents with Bork-edition are considered by at least one writer among the top 10 spam bots that must be blocked.

There’s several user agents which on first glance look harmless e.g. user agent string Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en]

Read the rest of this entry

Botnet Attacks WordPress Website

Apparent Botnet Attacked My WordPress Website

graphic image of botnet attackerWhat appeared to be a botnet attacked one of my sites (tech.graphicline.co.za) this morning in a brute-force wp-login attempt from multiple IP addresses. This was the most coordinated attack against any of my sites I’ve experienced. Usually the hacker bots I see use up to 6 IP’s in these attacks – 146 IPs is serious stuff…

146 IP’s Used in Simultaneous Attack

The IP’s listed below are the guilty parties to this brute-force login attack on the site. The main attack started at 05h09 GMT this morning (November 25, 2012) and continued until 05h15 GMT. A second but less intense attacked followed; starting from 05h16 GMT tailing off until ending at 05h43 GMT

Read the rest of this entry

Microsoft Security Essentials

Microsoft Security Essentials Under Microscope

Microsoft Security Essentials LogoA look at Microsoft Security Essentials, the free anti-virus application from Microsoft. Is Microsoft Security Essentials any good? Will it protect a Windows PC from most common threats? Can MSE compete with commercial security applications?

Over the next few months we will see.

Annoyed with Commercial AV Software.

I have become increasingly annoyed with commercial anti-virus applications. They have become overpriced, use too much system resources, interfere with other applications, or slow down internet access. Worse still, none of the apps are able to detect every virus or malware… An example is Trojan Generic 24, which seems to be only detected by AVG (but doesn’t stop or remove it). Trend Micro Titanium and Norton AV don’t find all versions of this dangerous trojan.

Read the rest of this entry

Website Hacking Attack

Hacking Attempt from IP 86.96.226.87/8

An unsuccessful attempt to hack my website graphicline.co.za was made Friday 21 October 2011 shortly before 15h00 SASTĀ  (13h00 GMT).

Satellite image of hacker in dubai location

Click image for larger view (image from Google Earth)

The attempt was first identified by repeated 404 ‘page not found’ and 403 ‘access forbidden’ messages resulting from the hacker using URLS while trying to get access to the server and website setup files, and to log-in to unauthorised and prohibited areas of the website and server. The server is set to send notifications to me of 404, 403 and similar errors.

The attack originated from a business on the corner of Jumeirah Road and Sheikh Rashid Road, Juneirah, Dubai, United Arab Emirates. The business is located in a warehouse or freight depot. Identified from the IP addresses used during the attack – IP 86.96.226.87 and 86.96.226.88. It appears two hackers were working simultaneously.

I should thank these ill intended persons for testing the security of the website and server. Each incident is an opportunity to examine security, to improve the strength of the server environment.

Read the rest of this entry

Security Alert | Mijnics Hoax

Credit Card Security WarningWarning of phishing scam: Mijnics Hoax

In the ongoing war against online threats to financial security, this scam e-mail notification warns our readers of a recent threat. An e-mail received this morning masquerading as an offical notification from International Card Services (ICS) (Netherlands) claiming their server had been attacked by cyber-criminals

The mail requests all account holders to update their credit card information.

Do Not click on the links contained in this e-mail

Do not submit your details to this scamming site

The text contained in the mail received reads (in Dutch)

“Afgelopen donderdag is onze server MijnICS aangevallen door internetcriminelen. Wij zijn bezig met ons onderzoek dat onlangs is ingesteld en hopen binnenkort deze internetcriminelen te ontmaskeren.
Tijdelijk is het noodzakelijk dat alle klanten die gebruik maken van MijnICS nu momenteel op de onderstaande website inloggen en hun opnieuw verIfieren. Na het volledig invoeren is ons beveiligingsprocedure voltooid en verschijnt er een scherm waarop zichtbaar is dat uw MijnICS volledig is beveiligd is. U krijgt hier over ook een e/mail toegestuurd. Na dat u onze e-mail hebt ontvangen, kunt u weer inloggen op de officiele website van ICS.
Opgelet! Dit moet binnen 48 uur uur gedaan worden, anders verdenken wij dat er een internetcrimineel achter uw MijnICS zit.
Opgelet! Log pas weer in op de officiele website als u de beveiligde website succesvol hebt voltooid. Logt u toch eerst in op de officiele website, is er kans dat wij deze actie verdacht vinden en uw MijnICS tijdelijk op hold zetten.

Klik hier! Voor de beveiligde website!
(Het kan zijn dat sommige computers het moeilijk hebben met de capaciteit van deĀ  en niet alles meer zichtbaar is)

Opgelet!
Bewaar deze brief/e-mail bij uw andere brieven.

The english translation reads (translation by Google Translate)

“Last Thursday our server MijnICS was attacked by cybercriminals. We’re doing our research that has recently been installed and we hope to expose these cybercriminals.
Temporarily, it is imperative that all customers who use MijnICS now available on the website below and log them again verify. After fully implementing our security procedure is completed and a screen that is visible to your MijnICS completely secure. You will get about an e / mail. After you have received our email, you can log back in to the official website of ICS.
Attention! This must be done within 48 hours hours, otherwise we suspect that an Internet criminals behind your MijnICS it.
Attention! Only log in on the official website if you have successfully completed the secure website. Please log but only on the official website, chances are we suspicious of this action and your MijnICS temporarily hold up. Click here! For the secure website!
(It may be that some computers have difficulty with the capacity and not everything is visible) Attention!
Keep this letter / e-mail with your other letters.”

THIS IS A PHISHING SCAM:

No security card company will ever notify account holders using this type of e-mail notification.
If you are uncertain about the security of your credit card or bank accounts – CONTACT YOUR BANK only. Never use any link contained in an e-mail to access your bank account or your card account.