May 2011 | Page 3 of 3 | The Web Authority

May 9, 2011May 8, 2011

Testing, Testing, Spam Relay Open?

If you get funny submissions from your website contact form you may have wondered, “what’s going on?” Here is a sample of the type of form submission that you may be getting:

firstName2: atfkbja
lastName2: atfkbja
Street: uwTnCHgFWbtDZEameGH
City: New York
State: —
Zip: 101rand[0,
BusinessPhone1: KGR
BusinessPhone2: WoM
BusinessPhone3: mcdX
BusinessPhone4: ImTIDlComments: yggULo
<a href=”http://ncrunlbfzqmn.com/“>ncrunlbfzqmn</a>,
[url=http://acppnvcxefkp.com/]acppnvcxefkp[/url],
[link=http://sukuwtwotdmm.com/]sukuwtwotdmm[/link], http://equynulmfvaa.com/

Even if you have a Catchpa or human verification code employed on your form, you may still get submissions like this. These robots are not actually completing your form, but rather spidering the form and then going right to your cgi-bin and acting on your form script. They are looking for a vulnerability to see if your server can be used as a spam relay. If you get forms like this, don’t be alarmed, as if you are working with a quality web host, your form script and send mail server are most likely secure, but not always.

Spammers once they find a website script with a vulnerability will use your band width on your hosting site to spew out their spam messages with your email and your website as the sender. One way to identify if your site is being used as a spam relay is that you may be getting hundreds of bounced messages back to your own email inbox with your own name on them.

As bounced messages do not always mean that your server is a spam relay, it is important to get with your web host and check first. It could be that your domain name is being spoofed but that your server is hacker and spam free. In other cases your server could be sending out thousands of spam messages with your name attached; potentially getting your domain name and server IP address blacklisted.

If you feel that you are getting an inordinate number of these types of forms, now is the time to get with your web host and ask them to check to make sure your server has not been compromised and is now acting as a spam relay without delay. It is not uncommon to get three or four of these types of forms a day, but if you are getting lots you should dig deeper by sending some samples to your web host and asking them to check your server.

May 6, 2011May 5, 2011

How to Sync Outlook on Your Motorola Droid X Phone

This past week I bought a Motorola Droid X mobile phone. I wanted to have a portable office so I can go anywhere yet be working. Well, kinda of working. My biggest question was how to connect Outlook and my Outlook calendar with my new Droid phone. I have tested a few applications this week and wanted to share my experience with you.

Google Apps for Business
Actually I unloaded this application after I got it to work, but for larger offices this may be a very practical solution. With an Outlook plugin, you can see your email, calendar, and contacts on your mobile phone. Google works to sync your info to GMail and then your phone grabs it from there. With a $50 a year single user fee it is very practical. For me, I found the program however intrusive. It set up a second mail profile which after I unloaded it I was stuck with. The settings are complicated so don’t do set up on a weekend when there is no phone support.

CompanionLink for Outlook
I had hoped that this would be the perfect solution for me. One click syncing. I downloaded the free 14 day trial and had an endless look as the software tried to sync Outlook. I was willing to be patient for the first time sync but the menu did not give me an idea of what was happening, to me it appeared stuck. Price for this one is $39.99, but I unloaded it too.

Google Calendar Sync
Okay, now I am back to free. I was willing to pay, but just could not get everything to work properly. I set up a calendar with my GMail account, then I downloaded the calendar sync software. This was pretty easy. Allow several hours for all your appointments to appear in the calendar online which then your phone can grab. For me it took about two or three hours for the events to appear and in the meantime, I was sure it was not working. I recommend setting it up and then leaving it to work over night. In the morning all your appointments will be on both Outlook and your Droid.

The Rest of the Story
Okay so what did I do about mail and contact syncing? Well I set up my Droid to download my mail from my servers making sure that my desktop Outlook was set to leave a copy on the server. Then I manually loaded my cleaned up address book to GMail. It was cake to export a .csv file from Outlook and cake to load it to GMail. So now I am totally synced office to phone and phone to office.

If you are holding back from getting a smart phone due to the complication to figure out how to sync, learn from my trials and just start the easy way. Sometimes simple is best!

May 4, 2011May 1, 2011

Change the Name on Your WordPress Admin File

Here’s a cool plug-in to help you monitor, change, and keep up-dated your WordPress blog administration names. It is called Admin Renamer Extended. You may ask why not just use the WordPress control panel to update your admin names? Sometimes a hacker will hide the admin name from you to keep you from deleting their access. This renaming plug-in allows you to update, see, and change the administrative names for your WordPress account.

It is interesting to know that many blogs are set up with the name admin and lame passwords making their blog easy to hack. By default WordPress calls your main login simply admin. I recommend a much more difficult user name such as a combination of words and certainly a secure password with letters and number. I don’t recommend that you use your business name as the administrators name.

Try to make your administrator login complicated for others to guess and easy for you to remember.

May 2, 2011March 4, 2012

WordPress Security Tips

In this ever changing world where hackers look to hide spam links on your blog and hackers try to crack into your blog posts to try to spew their malware out at your expense, it makes sense to keep your WordPress blog secure.

Here are a few thing that I do and recommend that you consider to keep your website and blogsite safe. First, why do I say website? Well, it is not uncommon for a blog to be hacked and used as the springboard to compromise your website. So if you have a blog on your server, make sure you are keeping it secure to protect your website.

I use the following items for our managed blogs:

Login Lock Down
This plug-in protects you from brute force robot attacks that try to gain access to your blog by simply trying a million possible login combinations. This plug-in allows you to set login attempts to a specific number before access is locked for a specific time period you select.

Exploit Scanner
This is a very good plug-in and can actually let you know if your blog has been hacked and where the files are residing. I really like this one and have solved and cleaned up a number of hack attacks with its use.

WP-MalWatch
This is another very helpful plug-in. After installation look for it on the dashboard. It will let you know if your site has been compromised with the Pharma Hack and searches your locales.php file and file ending combinations.

WordPress File Monitor
Oh, I really like this one. Once you have cleaned up after a hack, this plug-in will advise you by email or text message when any of your WordPress core files is changed. This is very helpful if you are having trouble keeping your site clean from problems.

There are other great plug-ins these are just the top three that we use that come to mind. In addition to using scanning application, make sure that your logins are secure, you keep all your plug-ins up-to-date and keep your WordPress version on the most recent version.

If you don’t have time to keep an eye on your own WordPress application, get a blogmaster like us to watch your blog and scan it monthly or weekly.