Categories
Security

Malware Stats for Irish Web Hosting Companies

I’ve been paying a lot more attention to the problem of malware. It seems that this issue may be set to be the largest threat to online business, and given the sheer volume of new attacks I thought it would be interesting to take a look at what Google’s Safe Browsing system was reporting for Irish Hosting companies.

Safe Browsing

Google has been directly protecting users from malware since 2006. Their Safe Browsing API is probably best known to Firefox users, and is used by numerous other applications to protect users from malicious websites.

Not Just Sites – Networks Too

Many people don’t realise that Google’s malware detection infrastructure measures infection at network as well as website level. So you can check out how much malware each host’s webservers have been found to host over the past 90 days. Here’s some data for a number of well-known Irish web hosting companies:

Hostname # Tested # Infected % Intermediary Distribution Link
Blacknight 4661 345 7.4% 6 2 link
Digiweb 4691 678 14.5% 7 5 link
Eircom 728 5 0.7% 0 0 link
Netsource 689 4 0.6% 0 0 link
Register365 5695 321 5.6% 5 3 link

Key:
# Tested Number of tested sites
# Infected Number of sites serving malicious software
% % sites serving malicious software
Intermediary Number of sites on network acting as intermediaries for further malware distribution
Distribution Number of sites on network actually distributing malware
Link Link to Safe Browsing Diagnostic page

Some Notes

It’s worth noting that most hacked websites do not host malware, but instead inject code that results in visitors downloading malware from other servers. A significant proportion of the increased malware seen in recent months is likely a result of the gumblar hack.

I had better mention that all I’ve done above is show the stats reported by Google – these figures may be inaccurate, and I’m not inferring anything about the security of the above mentioned hosts. I was unable to find stats for a number of other well known Irish hosters.

Has your site been hacked?

If you’re concerned you can use this URL:
http://google.com/safebrowsing/diagnostic?site=mysite.com
[change mysite.com to your domain without www].

Categories
Security

Serious SQL Injection Vulnerability

This is worth coming out of hibernation. A nasty .ASP/.ASPX exploit has been found that allows a SQL injection. More from F-Secure.

But the real issue is that this is already affecting Irish sites:

MS SQL Injection
Google.ie Pages From Ireland [nihaorr1]

2050 Infected Pages From Ireland

If you are running MS SQL on IIS servers be aware that this seems to be spreading quickly.

Categories
Security

Golden Spiders Best Spammer Award Goes To…

Last year I was pretty vocal on the Golden Spiders Awards. This year I was pretty uninterested.

But I think this story of the Golden Spiders organisers ‘guilty’ of spamming just about sums it up for this particular ‘awards’ ceremony.

How can spammers be relied upon to select Ireland’s top websites? Seriously?

Categories
Blogs Security

Technorati Wiki

Very light posting from me…

Here’s a quickie – check out Technorati’s developer wiki. Let’s just say it’s been moderately spammed (to death)….

Technorati Developers Wiki

Categories
Security

Euro Business Guide Scamming Again

I mentioned this before. I just cant understand how this crowd are still in operation. Total bunch of crooks:

Please print and fill the enclosed document and send it back to:
Euro Business Guide,
P.O. Box 2021,
3500GA UTRECHT,
The Netherlands,
updating is free of charge!

If you want to unsubscribe send an email to unsubscribe@eurobusinessguide.net

The ‘updating is free of charge!‘ really is such an underhand way to hide the following fine print in the footer of their sign-up form:

THE VALIDATION TIME OF THE CONTRACT IS THREE YEARS AND STARTS ON THE EIGHTH DAY AFTER SIGNING THE CONTRACT.

Ooh, how nice – 7 days cooling off period (God forbid they actually break the law).

THE PRICE PER YEAR IS EURO 990. THE SUBSCRIPTION WILL BE AUTOMATICALLY EXTENDED EVERY YEAR FOR ANOTHER YEAR, UNLESS SPECIFIC WRITTEN NOTICE IS RECEIVED BY THE SERVICE PROVIDER OR THE SUBSCRIBER TWO MONTHS BEFORE THE EXPIRATION OF THE SUBSCRIPTION.

Wow, that’s good value – €999 per annum with automatic extensions for two further years.

If you receive anything from this bunch of gougers simply ignore it as spam of the most repulsive kind.

If you have signed this form unknowing of the legalese, you have 7 days under EU legislation to cancel your subscription (Distance Selling Directive), and if Euro Business Guide pursue you for payment (regardless of the 7 days) get in touch with your local national consumer affairs body.

Hopefully some day these people will receive their just deserts…

Categories
Search Engine Optimisation Security

Unison.ie Cloaking – Will They Be Banned From Google?

A nice little find by Niall Donegan who discusses Unison.ie cloaking:

A prime example of this is Unison.ie. When searching for current Irish news it usually ranks fairly high on Google, however all the pages require you register first before you view them. The registration gives no advantage to people like me who just want to a quick look at the latest news. I suspect that I’m not alone and that lots of people will just go back and look for another site.

Unison’s simple user agent checking makes it very easy to get in unmolested though. The User Agent Switcher Plugin for Firefox allows you to easily set exactly what user agent you want your browser to appear as. The GoogleBot isn’t in the list of Useragents available, but it is easily added. Switch to GoogleBot as your useragent, and magically you will have full access to the Unison site.

Now I always knew that they ran a subscription wall on the site, but I hadn’t realised that they were picked up by Google news. There’s been a huge amount of interest in media sites cloaking recently (see here for more). My feeling is that Unison would want to clean this up pretty quick or risk having a lot of egg on their face. As Niall mentions:

I know that Unison will probably close this hole within a few days

Could take quite a bit of work to change the way they present their pages. I suppose they could just set their cloaking routine to let everyone through. But will they?

Nice find Niall.

Categories
Domains Security

Ireland .ie ccTLD Safest In The World

I wrote previously about using aged and trusted .ie domains to bolsteryour search engine rankings. Well now comes further confirmation of the value of the .ie ccTLD.

According to McAfee’s Site Advisor Mapping the Mal Web Ireland’s .ie ccTLD is second only to Finland’s .fi in terms of online safety risks:

Four of the five least risky country TLDs are Nordic countries: Finland (0.10%), Norway (0.16%), Sweden (0.21%) and Iceland (0.19%).Ireland (0.11%) rounds out the top five least risky country TLDs. This could be due to governing bodies employing stricter regulations of these domains.

I would imagine that the last comment is very much the reason for the low risk of .ie ccTLD.

  • Seven TLDs (.com, .info, .net, .biz, Tuvalu (.tv), Cocos Islands (.cc), and China (.cn)) earn the dubious distinction of ranking in the top 20 riskiest for each of the four risky facets we examined.
  • Of these seven domains, .biz and .info are the overall worst domains with highly risky rankings in each of the four categories:

    .info ranks 2nd (overall risk), 1st (e-mail practices), 10th (download risk) and 12th (exploit risk)
    .biz ranks 6th (overall risk), 6th (e-mail practices), 2nd (download risk) and 5th (exploit risk)

  • Again, low cost appears to be at least one factor in drawing scammers to the .info TLD.
  • Spammers flock to .info, which was created as an alternative to the crowded .com, because its domain names are cheaper – registrars often let people use them gratis for the first year – which is helpful for those, like sploggers, who buy Internet addresses in bulk. Splogs so commonly have .info addresses that many experts simply assume all blogs from that domain are fake.
  • Others note that “.info is the first and only top-level domain that was explicitly created and chartered for unrestricted use, though various other TLDs have ended up that way as a de facto situation.”
  • .biz is said to be the most popular TLD for spammers because the name servers update immediately, meaning spammers can start using the domain as soon as they register, rather than wait up to 24 hours for the registration to take effect. This is particularly attractive due to the transient nature of spam and phishing Web sites.

Nice to see that .ie ccTLD is so trustworthy.

Categories
Blogs Keywords Security SEO

A Dose Full of Comment Spam, Long Copy Referrer Pages & SEO Tools – What Do YOU Think?

[Update: this related post by Carsten Cumbrowski puts my analysis here to shame. Very worthy of a read if you want to learn how black-hat affiliate marketing works.]

Just about everyone knows that spam is part and parcel of life. We just live with it and try to do our best to minimise the impact it has on our daily lives. Unfortunately spam is a particular issue for the SEO industry, as unscrupulous search marketers often turn to spamming techniques to make a quick dollar.

I get my share of spam at Red Cardinal. Generally I just delete the crap left by ‘kind’ spammers (like Cork Web Design Spammers), but occasionally I do a little digging to see what some of the particularly nasty spammers are at. More about spammers a little later – but first, let me tell you what I think of ‘Long Copy’.

Long Copy Pages for ‘SEO’ tools

I like to include screen shots of pages in my posts. I have a nifty little app that lets me grab entire screen shots from within the browser, not just the visible area.

I wanted to include the sales pages for two SEO tools, both of which use ‘long copy’. Here’s the screen shot of the two pages:

Long Copy marketing

These pages are so ‘long’ that I had to reduce them by a factor of ~14 just to get them that small. Maybe they’re ‘Really Long Copy’, if there is such a thing. (If you want to view those pages in all their glory I’ve ‘published’ the URLs a little further down the page. In case you’re wondering what this is all about I’ll come clean in a second.)

These pages appear to be affiliate sites for two well known SEO tools. I’m not 100% sure what’s going on with these pages as they don’t appear to have affiliate IDs appended to the outgoing URLs. Perhaps the affiliate program uses HTTP referrers for identification. Perhaps these pages are actually proprietary sales pages. I’m don’t know for sure.

So what’s the problem with those sales pages? Purely my opinion, but they look and feel like ‘get-rich-quick’ pitches to me. The message I hear sounds like ‘I’ll sell you this great benefit. But wait, there’s more. Buy now and I’ll include x and y’. Yes, lots of marketers defend this technique. And I know it’s true that ‘long copy’ can be effective, but only when the content is compelling and does not feel like I’m being ‘sold’.

Long Page Copy – Read or Turn Off?

When I see long copy pages like these I just turn off completely. As I mentioned, I just think ‘get rich quick’.

I’ve stuck my neck out on this issue once or twice (hello Copyblogger). I sometimes wonder if perhaps long copy is a peculiar American technique that we just don’t fall for this side of the pond? (And if you’re interested Brian Clarke, a.k.a. Copyblogger, has written a post about the death of long copy.)

Back to the comment spam

So taking a step backward for a moment. Why am I highlighting those two affiliate pages? Keyword Elite and SEO Elite are marketed and sold by Bryxen Software (a firm owned by Brad Callen I believe). As with so much of the US on-line marketing industry, Bryxen uses ‘Long Page’ techniques to sell there software. They also make heavy use of affiliate programs to multiply their sales. A couple of weeks ago Red Cardinal received multiple comment spam like the following:

SEO Elite | +http://SEOElite.gurubuddy.com | IP: 216.16.246.184

seo firm…

Automate your link building efforts and rank high in the search engines easily….

and

Killer Keyword Tool | +http://Keywordelite.find-your-stuff.com | IP: 216.16.246.184

keyword lists…

Generate huge laser-targeted low competition, high demand keyword lists in minutes….

These comments were dropped on multiple posts, and, as you can see above, were left by the same IP. Odd? I think not. Probably the same bot. Checking the WHOIS shows find-your-stuff.com registered to someone in Singapore, while gurubuddy.com is privately registered.

Both of the tools being promoted are from Bryxen Software (Brad Callens company +http://www.bryxensoftware.com/), and the linked sites appear to be affiliates.

Comment Spam by ‘SEO’ Firms – Why SEO has such a BAD NAME

I am sure of one thing – spamming blog comments with links to long copy pages, such as those pictured above in miniature, is one of the main reasons the SEO industry has such serious reputation problems. It is very, very hard to blame people for viewing the SEO industry with suspicion. After all, every day the results of spammers litter our websites and pollute our on-line experience.

The reputation problem is only compounded given that the products marketed by the above spammers are well-known SEO tools: comment spam + SEO tools = SEO spammers. And how can we blame people for making that connection.

I’m very interested in your thoughts on ‘long copy’, and whether you have been converted by a ‘long copy’ page like the ones above.

And if you’re thinking of buying these tools, think about this…

I neither own nor use either of these tools. They may well be excellent tools, and perform their respective task extremely well – I don’t know. But if you want to do the world a favour, don’t buy products that are marketed by spammers.

Categories
Security

Forresters Fund For Children – Vardis Scam Warning

I got an email a little while back and forgot to publish the details.

Alan Cavanagh sent me this:

I came across your site today after a search for blogs on scams. I was targetted by phone this morning by a company called Vardis (you might already be aware of them). It made me quite angry and I posted a warning on my blog http://allancavanagh.blogspot.com/2007/02/beware-of-scam.html . I’d hate to think these guys got straight on the blower to someone else after I hung up on them so I’ve contacted colleagues to warn them off as well. I’d like to spread the word about this which is why I’m contacting you, as there’s probably quite a few small business operators that read your blog.

If they happen to call anyone can you please tell them I miss them and give me a call. I’d love to talk with them :mrgreen:

There are more details on Alan’s blog.

Categories
Security

I Sense Some Hackers Sniffing About

When I see search referrals like this I get a little anxious:

http://www.google.[...]www.*.*+Port+80

Call me a nut-job (you wont be the first :mrgreen:), but when someone starts sniffing for system variables they’re not normally calling by to say hello.

Now I wonder what the deal is?