Monday, August 28, 2006

Tripod Phishing

F-Secure has a post pointing out that Tripod isn't doing a good job preventing obvious phishing sites from being hosted on their free service. Now if this were a small free hosting service it would not be a big surprise, but Tripod has been around for many years. I used to even have a site there long enough ago I hardly remember it.

Still a small number phishing sites isn't that unbelievable (of course there could be plenty others Google didn't index). Clearly if they were doing nothing they would be full of these scam pages. But from Google's cache, the dates on the current three I saw are the 17th, 22nd, and 24th. That is up to eight business (12 total) days to catch the earliest of them and all three are still up. See them in Google while you can.

I checked out some of the competition (MSN, Yahoo, Geocities, GooglePages, and Blogspot) using similar searches.

Of those searches, I found only one other page. The lucky host was Blogspot, though this wasn't nearly as bad as the others. It was only a splog not a phishing site and they have already removed the account.

F-Secure has a poll asking, "Should free hosting companies try to detect Phishing sites hosted on their servers?" The answer is clear to me. If the free hosts don't do it they will quickly be known for not caring and be over run with scam sites. Hosting that much garbage certainly won't make their business look very professional. Out of the first about 1000 responses, currently almost 90% agree with me that it is the free hosts responsibility to at least try.

Wednesday, August 23, 2006

Wikipedia Fix

Ars Technica has an article about an experimental feature the German Wikipedia is trying out to reduce "vandalism, edit wars, and misinformation." Edits won't go live until approved by a logged in user with "a certain level of time and experience."

That is a very good solution to those problems and will give articles some stability and hopefully credibility. But it will severely limit editors if they must wait for their changes to appear. It will also put a burden on those who must approve the edits when there are multiple conflicting versions of the page to merge.

Spam Cartoons

The stupid and often random subjects used by email spammers are often funny, but Spamusement makes them even funnier with "poorly-drawn cartoons" illustrating them. Some of my favorites:

Spyware Fight

In a pretty innovative attempt to prevent users from ending up with spyware infestations, Google started popup warnings when you attempt to visit a site known to distribute malware. This is built right into their search results rather than relying on a toolbar or extension.

That might be old (early August) news for those who keep up on search engine news, but what surprises me is I have not yet seen it in action and I do visit slimy sites quite frequently in my tracking down spam. I wonder if they decided to take it offline to rethink it.

A visit to StopBadware.org which maintains the malware database shows an example of one of the sites in their list, ThemeXP.org. Yet in Google's search results there is no popup, just google ThemeXP. Does that mean the warning popup is offline?

I have also yet to see Firefox 2.0 beta warn me of a Web Forgery with its new anti-phishing technology. I have even followed clearly deceptive links in bank phishing emails and not seen the warning. It is based on Google's Safe Browsing extension if you want to try it out before Firefox 2.0 is released.

What I have been using that is working pretty well is McAfee SiteAdvisor. It is available for both Firefox and IE for free. It advises you of the status of the site you are visiting by color coding its button. It also puts indicator icons on search results (Google, Yahoo and MSN) so you know before you even click (even on ads). When you hover the icons it gives you a brief summary of why the site got its rating. This service not only warns you about malware, it warns you when a site is likely to spam you if you sign up, I really like that.

Of course, there are privacy issues to think about when you add this protection to your browser. For the best protection, every URL you visit gets transmitted to the database provider. With Safe Browsing and Firefox 2.0's anti-phishing there are local checking options which provide some protection, but I would rather the best protection I can get.

Update: In early August, a Mozilla representative pointed out that 2.0's phishing filter isn't working yet. So I guess I shouldn't have uninstalled Safe Browsing yet. This post says you now get Safe Browsing as part of Google Toolbar. He also suggests you try OpenDNS, which reportedly corrects obviously mistyped URLs and warns about possible phishing sites.

Update 2: I found an example of Google's warning popup still working from another blog. Maybe StopBadware.org removed TweakXP from the list and just haven't updated the site with a better example.

Sunday, August 20, 2006

Finding A New Host

Less than a month ago the entire server my site was hosted on was hacked. Supposedly that vulnerability was fixed. Well someone must have it out for that particular server because it was hit again last night.

So far I haven't found another host, but this is just getting insane so I am seriously looking now. Even if I don't find the best, it will still be a huge improvement. I have not heard from support yet, but the backup I have access to is again full of the hacked files. Thankfully this time I backed up everything earlier this month after learning the hard way last time.

On reason I haven't moved yet is I have done some looking around and there just isn't much reliable information out there. Most of what I find is self promotional, splogs, questionable review sites, or other people looking for a host. There are a number of good looking host review sites, but much of the info looks like taken from the host's page or submitted by them. I would much rather find a blogger who has tried several hosts and strongly recommends it. But thanks to splogs and reblogs those are impossible to find.

GoDaddy was high on my list mostly because I couldn't find anything that offered what I want. It sounds great and has really low prices, but is apparently is insanely oversold and has little support.

I finally decided on BlueHost.com partly because of the CEO's blog in which he admits they have had bad service lately and what they are doing to fix it. The price is reasonable though it isn't nearly as cheep as the $20 a year I paid before, but you do get what you pay for and I will have a lot more features to play with. The company has been around since 1996 so in terms of internet years that is like forever. Overall customers seem to be relatively happy, unlike with my previous host after they were sold. Hopefully I made a good choice. I will let you know how it turns out.

Saturday, August 05, 2006

Hacked Server

Parts of my playground site, chongqed.info (not the more important chongqed.org), have been down since July 26 or 27. I am finally mostly through recovering and reinstalling things (I think). I was away from home when I got the email that the entire server had been compromised. According to my host it was due to a bug in Fantastico Application Installer which allowed a hacker to replace all the index pages on everyone's accounts with some anti-war propaganda.

The root page of my site that listed antispam RSS feeds headlines is gone thanks to my host having just backed up the hacked files before realizing anything was wrong and me not being able to find my offline copy. Maybe I will see if I can set it up again some day, but for now I am happy I finally got everything else mostly back to normal. If you want a great host, be sure not to choose mine. It is dirt cheep at $25 a year, but you get what you pay for.

All the wiki spam I have been collecting on the honeypot wiki is fine. Since the site has been down for about a week and a half I decided it was a good time to clean up the spam and start fresh. I reverted or blanked a total of 27 different pages. At least 10 of those were talk pages spammers created. Here are the pages with the top numbers of revisions (very few of those are reverts):
  1. Main Page (204 revisions)
  2. Wiki Spam Collection (56 revisions)
  3. CSS Hidden Spam (42 revisions)
  4. My spam blacklist (25 revisions)
  5. Suggestions (21 revisions)
  6. Google Spam (15 revisions)
  7. Spam Caught Here (13 revisions)
  8. First Spam (11 revisions)
  9. Spam (8 revisions)
I would like to do some more detailed analysis of the spamming patterns (knowing me I won't get around to it), but from those numbers at least one thing is clear. Spammers like the main page a lot. That makes the suggestion to lock your main page sound like a really good one. Most of the time your main page is going to be pretty static anyway.