Category Archives: Security

Stopping Bots From Blacklisting Your Mail Server

Posted on by
Reply

Some of my cli­ents run a mail server on their local net­work enabling them to have full con­trol over their email sys­tem. Most Inter­net facing mail serv­ers will con­sult a black­list for all incom­ing email, com­par­ing the iden­tity of the send­ing server to known spam sources. When you are a busi­ness you abso­lutely do not want to have your mail server black­lis­ted as your cus­tom­ers mail serv­ers will simply refuse to receive email from your company.

Anger Bot!
Photo From Stick­Bus

A com­mon cause of black­list­ing, in my exper­i­ence, is when cli­ent PCs are infec­ted by mal­ware and become part of a bot­net. The own­ers of the bot­net then use the infec­ted machines to send out thou­sands of spam emails and its not long before this is noted and your con­nec­tion appears on a black­list, effect­ively pre­vent­ing your legit­im­ate email from get­ting to recipients.

To pre­vent black­list­ing I adopt these best prac­tices:

  1. Allow the local mail server to send email and block all other out­go­ing con­nec­tions on port 25 at the firewall
  2. Con­fig­ure the mail server to only accept con­nec­tions from authen­tic­ated mail clients.

Now only legit­im­ate users that are logged in to the mail server can send mail, any attempt by an infec­ted machine to con­tact an external mail server to send email is blocked at the fire­wall. If PCs then become infec­ted, the fire­wall logs will alert you to the out­go­ing con­nec­tion attempts on port 25 and the infec­tion can be dealt with.

Questioning WordPress Security - Roundup

Posted on by
3

Back in April news broke of a num­ber of Word­Press powered sites being com­prom­ised and redir­ect­ing vis­it­ors to mali­cious sites. At that time the prob­lem seemed to be lim­ited to Net­work Solu­tions shared host­ing cus­tom­ers but more recently sim­ilar exploits have been encountered by GoDaddy cus­tom­ers. At this point it seems that not only Word­Press but other PHP based soft­ware, such as Zen­Cart and Joomla, and static HTML web­sites have also been compromised.

Imprisonment
Photo From Daz­zie D

I’ve been keep­ing an eye on this story and when I saw that the Explict­Web Pod­cast were inter­view­ing Word­Press con­trib­ut­ing developer Andrew Nacin I asked, via twit­ter, if they could get his com­ments on the issue. Sadly there was not enough time to get his response on the show, but he kindly replied to my ques­tion on his blog.

Andrew points out that Net­work Solu­tions have already owned up to the fact that it was their fault and noth­ing to do with Word­Press, cit­ing the prob­lem was due to a ‘com­plex com­bin­a­tion of factors’. In a later post they explain more fully what the attack­ers did and I hope we also see the res­ults of secur­ity ana­lysts work­ing on the prob­lem as to what mis-configurations or weak­nesses were exploited.

For those who run web­sites, it might be time to think about the qual­ity of your host­ing. Shared host­ing solu­tions are cheap but it is hard to bal­ance low-cost with secur­ity and performance.

Backing up Your Data - Do it

Posted on by
3

Here is a little real-world scen­ario. You are off on a two week busi­ness trip that is going to take you half way around the world and you have been plan­ning it for months. The day before you leave, you work in your office get­ting organ­ised for the trip and then head home to pre­pare for your flight. Later in the even­ing you turn on your laptop and it says:

Windows XP Corrupt Registry Message on Boot

Win­dows XP Cor­rupt Registry Message

This is a true story, the cli­ent called me at 7:30pm and needed to be on a train at 8:30am the fol­low­ing morn­ing. In the course of invest­ig­at­ing the issue I found that no backup of the laptop or Win­dows sys­tem disks were taken and the hard disk con­tained many busi­ness crit­ical doc­u­ments and thou­sands of emails.

I could not fix the prob­lem there and then and had to take it back to my lab to safely backup the data, fix the registry cor­rup­tion and get the sys­tem boot­ing again. The cli­ent had to leave without his laptop but we shipped it out the same day to catch up with him at his first stop in China, all adding up to a big bill.

To para­phrase Henry Rollins:

Don’t talk about it, do it! If you didn’t backup, man. You blew it!

If you have been think­ing about back­ing up your com­puter you really need to do it, now.