This is default featured slide 1 title
This is default featured slide 2 title
This is default featured slide 3 title
 

Monthly Archives: January 2017

Tips To Protect Your Site Content

1. Place a Copyright Remark

You must demonstrate your copyright notice on each page of your web site. This notice should have the year of publication and also the name of your firm. This information could also be displayed in a graphic pasted in the footer of the page, eg.

(c) 2000-2004, Active Venture Pte Ltd. All rights reserved.

2. Register with the U.S. Copyright Office

You may also register your web site with the U.S. Copyright Office. Even if you don’t register, still you will get protection, but in that case you will have to collect evidence against the content thief.

You have to register your site with the U.S. Copyright Office within three months of its launch.

3. Action to be taken against online thieves

You should send them a strong mail telling them to stop their copyright infringement activities.

If they continue to violate copyright, send a mail to their ISP, credit card company, webhosting company, and the domain name registrar.

If nothing happens even after you have taken these steps, contact your lawyer for further advice to take legal action against the culprits.

Apart from the above mentioned measures, there are some simple tricks to prevent online thieves from lifting content from your web site:

1. Disable right click

You can use JavaScript to disable the right click of your mouse. But this method can be annoying for the sincere visitors to your site.

2. Software security

There are several softwares to prevent users from seeing your source code. These softwares invoke a JavaScript function ‘unescape’ which ‘encodes’ the HTML coding into a long series of characters. However, it can still be easily decoded to HTML using another function of JavaScript.

3. Use PDF files.

More usage of password-protected PDF files would prevent people from blatant copy and paste of your web content. Although the more experienced thieves could make use of several password recovery softwares available to break through the protected PDFs and copy the content.

4. Conversion of text to images

This solution takes a lot of time and the size of pages also get increased but is a fool-proof solution for copy-paste problem. But if someone is determined on lifting content from your site, then no one can stop him from re-typing the content.

5. Using Java/Flash

If your images are embedded in Java Applets or Flash, it is very difficult for online thieves to copy them.

Here again, the more experienced thieves will take a ‘print screen’ of your image, open it in paint and get way with it.

So, you could see that all these tricks would only prevent the new thieves from copying content. The more experienced ones could always come up with counter-measures for all these tricks.

To conclude, I would say that you should adopt one or more these tricks/measures to reduce copyright violation and for the more experienced thieves, you have to seek help of U.S. Copyright Office in taking legal action against them.

 

Know Pervasive Phishing Scams

1. Financial Institutions.It is highly likely that you have already received this type of notice which appears to have come from your financial institution. It goes something like this:

We are glad to inform you, that our bank has a new security system. The new updated technology will ensure the security of your payments through our bank. Hoping you understand that we are doing this for your own safety, we suggest you to update your account , this update will maintain the safety of your account. All you have to do is complete our online secured form. Thank you .

Comment :

No financial institution will require you to respond to an email asking you to update your account. In addition, I left in the typos, punctuation errors, and overall poorly worded request just as it is. Finally, many of these scams do not go to account holders as the phishers spam email accounts in the hope that someone will take the bait.

2. Paypal Account.This scam is giving Paypal/eBay fits as its says that billing information must be updated by you, the recipient of the notice. Verbiage is included whereby “Paypal” threatens to close your account if you do not respond, money will be withheld, etc.

Comment :

The first time I saw this note, I thought: huh?! The nerve of Paypal! However, I forwarded the letter to Paypal who confirmed its scammy nature.

3. ISP Fraud.An internet service provider has seen a number of “their” letters surface in emails around the US. A common request goes something like this:

Dear Comcast customer,

We recently attempted to charge your account but we seem to receive an error when charging your card. This sometimes occurs for a variety of reasons including card expiration, over limit, suspicion of fraud, or several other technical difficulties. Please visit the Comcast Service Center, by clicking on the hyperlink shown below, and update your information so this issue can be resolved.

Comcast Service Center

Thank you,

Chris Hammonds

Comcast Service Department

Comment : 

Another request to obtain valuable information belonging to you. I have seen 3-4 variations of this letter, all allegedly from Comcast.

Oftentimes, phishers will go to great lengths to copy the company’s logo and other pertinent information and include that within the email. Almost without fail they provide a link for you to click on so that you will go to a site thinking that it is legitimate.

Once at the scam site, all kinds of questions will be asked of you including: social security number, credit card information, your address, and more. The more information you give, the easier it will be for you to become a victim of identity theft as the perpetrators assume your identity and open up multiple accounts in your name.

Usually the consumer knows nothing of the scam until they receive letters demanding payment for accounts opened up in their name, calls from creditors, and rejected credit applications because of assumed bad credit.

The best defense, of course, is to not respond to the email. However, you can play an important part in stopping phishing fraud by forwarding a copy of the message to the company being mimicked. Their fraud department will be grateful and you will help them [as well as policing authorities] in their quest to stop phishers in their tracks.

How to Secure Your Site?

Password Protecting Directories

If you have a directory on your server which should remain private, do not depend on people to not guess the name of the directory. It is better to password protect the folder at the server level. Over 50% of websites out there are powered by Apache server, so let’s look at how to password protect a directory on Apache.

Apache takes configuration commands via a file called .htaccess which sits in the directory. The commands in .htaccess have effect on that folder and any sub-folder, unless a particular sub-folder has its own .htaccess file within. To password protect a folder, Apache also uses a file called .htpasswd . This file contains the names and passwords of users granted access. The password is encrypted, so you must use the htpasswd program to create the passwords. To access it, go to the command line of your server and type htpasswd. If you receive a “command not found” error then you need to contact your system admin. Also, bear in mind that many web hosts provide web-based ways to secure a directory, so they may have things set up for you to do it that way rather than on your own. Barring this, let’s continue.

Type “htpasswd -c .htpasswd myusername” where “myusername” is the username you want. You will then be asked for a password. Confirm it and the file will be created. You can double check this via FTP. Also, if the file is inside your web folder, you should move it so that it is not accessible to the public. Now, open or create your .htaccess file. Inside, include the following:

AuthUserFile /home/www/passwd/.htpasswd
AuthGroupFile /dev/null
AuthName “Secure Folder”
AuthType Basic

require valid-user

On the first line, adjust the directory path to wherever your .htpasswd file is. Once this is set up, you will get a popup dialog when visiting that folder on your website. You will be required to log in to view it.

Turn Off Directory Listings

By default, any directory on your website which does not have a recognized homepage file (index.htm, index.php, default.htm, etc.) is going to instead display a listing of all the files in that folder. You might not want people to see everything you have on there. The simplest way to protect against this is to simply create a blank file, name it index.htm and then upload it to that folder. Your second option is to, again, use the .htaccess file to disable directory listing. To do so, just include the line “Options -Indexes” in the file. Now, users will get a 403 error rather than a list of files.

Remove Install Files

If you install software and scripts to your website, many times they come with installation and/or upgrade scripts. Leaving these on your server opens up a huge security problem because if somebody else is familiar with that software, they can find and run your install/upgrade scripts and thus reset your entire database, config files, etc. A well written software package will warn you to remove these items before allowing you to use the software. However, make sure this has been done. Just delete the files from your server.

Keep Up with Security Updates

Those who run software packages on their website need to keep in touch with updates and security alerts relating to that software. Not doing so can leave you wide open to hackers. In fact, many times a glaring security hole is discovered and reported and there is a lag before the creator of the software can release a patch for it. Anybody so inclined can find your site running the software and exploit the vulnerability if you do not upgrade. I myself have been burned by this a few times, having whole forums get destroyed and having to restore from backup. It happens.

Reduce Your Error Reporting Level

Speaking mainly for PHP here because that’s what I work in, errors and warnings generated by PHP are, by default, printed with full information to your browser. The problem is that these errors usually contain full directory paths to the scripts in question. It gives away too much information. To alleviate this, reduce the error reporting level of PHP. You can do this in two ways. One is to adjust your php.ini file. This is the main configuration for PHP on your server. Look for the error_reporting and display_errors directives. However, if you do not have access to this file (many on shared hosting do not), you can also reduce the error reporting level using the error_reporting() function of PHP. Include this in a global file of your scripts that way it will work across the board.

Secure Your Forms

Forms open up a wide hole to your server for hackers if you do not properly code them. Since these forms are usually submitted to some script on your server, sometimes with access to your database, a form which does not provide some protection can offer a hacker direct access to all kinds of things. Keep in mind…just because you have an address field and it says “Address” in front of it does not mean you can trust people to enter their address in that field. Imagine your form is not properly coded and the script it submits to is not either. What’s to stop a hacker from entering an SQL query or scripting code into that address field With that in mind, here are a few things to do and look for:

Use MaxLength. Input fields in form can use the maxlength attribute in the HTML to limit the length of input on forms. Use this to keep people from entering WAY too much data. This will stop most people. A hacker can bypass it, so you must protect against information overrun at the script level as well.

Hide Emails If using a form-to-mail script, do not include the email address into the form itself. It defeats the point and spam spiders can still find your email address.

Use Form Validation. I won’t get into a lesson on programming here, but any script which a form submits to should validate the input received. Ensure that the fields received are the fields expected. Check that the incoming data is of reasonable and expected length and of the proper format (in the case of emails, phones, zips, etc.).

Avoid SQL Injection. A full lesson on SQL injection can be reserved for another article, however the basics is that form input is allowed to be inserted directly into an SQL query without validation and, thus, giving a hacker the ability to execute SQL queries via your web form. To avoid this, always check the data type of incoming data (numbers, strings, etc.), run adequate form validation per above, and write queries in such a way that a hacker cannot insert anything into the form which would make the query do something other than you intend.

 

Know The Dangers of Using Proxy Servers

Basically, a proxy is a collection of servers which allow you to access a website, while maintaining your anonymity by hiding your IP address. All information you wish to send to the website you are browsing passes through the proxy you use. Usually this information reaches the proxy in an unencrypted form, which means they can be easily read by the webmaster or the owner of the proxy. Such information transmitted may include your usernames and passwords and even banking information!

So, the first rule to follow when using a proxy is to never type in any information you wish to keep to yourself, such as your password, or credit card number. When checking your mail, or logging into your bank’s online banking system, never use a proxy. This helps in keeping all private information confidential.

When you first try a proxy website, be sure to read through the terms of service of that particular proxy. Proxies usually also have a privacy policy, which is also to be carefully read. If you doubt the integrity of the proxy site, never use the site. Only use proxies which are trusted by a lot of people, and have a proper privacy policy.

When using a proxy, you may also find that certain websites cannot be accessed, since the proxy has been banned by the site. In such cases, try a different proxy or try direct access.

Most anonymous proxies offer excellent service without the need for registration. If you find a proxy which requires registration, avoid using it. Any proxy which asks for personal information such as your zip code, or your social security or credit card numbers should also be avoided.

A few proxies are used as fronts for marketing sites. Such proxies observe your surfing pattern and send you spam or junk mail, based on your internet habits. Some proxies may also attempt to download software onto your computer. Such software may include viruses, spyware, adware and other malware. Never download any software from your proxy.

Not all proxies offer the same levels of anonymity. Some proxies even transmit your original IP address to the websites your surf. Others completely hide all information pertaining to you. Hence always ensure that the proxy you are using will serve your purposes.

Never use a proxy which does not support encryption when transmitting confidential information over the internet, such as your credit card numbers. This also means that you should never make any purchases while using an unencrypted proxy server. This is because since the information reaching the proxy is in an unencrypted form, it can easily fall into the hands of hackers.

So, while using a web proxy, you will definitely be taking a few risks. However, if you follow the precautions mentioned and keep in mind the risks involved, you will definitely have an enjoyable proxy experience.