This is just a heads up to everyone out there to be extra careful when handling email.  We have seen an explosive increase in the number of attacks brought about to every day citizens through email.  From SPAM with fake links, to Internet Scams that these fraudsters want you to invest your time and money in, to Viruses/Trojans/Back doors, and of course Phishing attacks where someone pretends to be from some place familiar to you like your bank, eBay or PayPal in an attempt to get your account information.

There are some basic steps to take like using good anti-virus software, and making sure it is kept up to date, that can help you stay safe.  We posted an article a while back with these explained, and I believe we should take a look at updating it since it’s been a year or two.  The basic principals stay the same, and there is still lots of good info there, we will most likely just be adding more stuff to deal with new threats.  Take a look at it here, it’s called Web Surfing Safety, and we hope you find it useful.  In addition to that, be sure to check out the Library, since we have lots of other good information and tidbits in there too!  Thanks.

Guess what kiddies, in troubleshooting an email connection for a customer that was unable to send any email through one of my servers, I found the problem was not quite what I expected.  The good news is that the problem wasn’t my mail server, or even on my end at all for that matter.  After some testing and digging I found that the problem is that Verizon has now blocked ALL out bound port 25 traffic.  Period.  As you know, port 25 is the standard RFC compliant port for SMTP communication, and Verizon has blocked all port 25 traffic as a means to fight SPAM.  Uh-huh.  Sure.

This means that you cannot use any other email provider for sending mail unless they support a non-standard port for their SMTP service, or you are using webmail exclusively.  This, to me, is wrong on so many levels.  First off, it’s not helping in the SPAM wars as far as I can tell.  I am told the same thing by some Verizon customers I surveyed.  Second, it’s just wrong to cut out basically all other mail providers like that.  This is yet another example of how stupid Verizon is, and how they cannot manage their service at all.

I have done business with many, many telco’s over the years, and Verizon tops the list by a mile of the worst service providers to deal with.  Some of the most incompetent people, bone headed mistakes and plain batshiat crazy experiences have all been at the hands of Verizon.  I hope this is just the first of many nails in their coffin.

One last thing, conveniently enough, the only way around this is to upgrade to FIOS (or other non-specified broadband service) and pay extra for a static IP address.  How nice.  Read more here.

Here is a heads up that we are seeing the online backup application Carbonite, put out by the company of the same name, bundled with a Java update. If you aren’t careful, when you click through the Java update installer, you get Carbonite and a 30 day trial subscription to the service. Not sure if the trial subscription is automatic or if that’s an extra step. Now, I am not saying anything bad or good about Carbonite, I haven’t ever used the service (naturally I prefer MYfilesanywhere), but any time an application gets installed automagically without my express consent, it sets off a red flag in my book.

Look alive there folks, WordPress has released an update to their web publishing platform.  Version 2.8.1 is live and it seems like a quick and easy upgrade.  In case you haven’t tried WordPress lately (or at all), or haven’t upgraded in a few versions, they now have built in the capability to upgrade not only plugins, but also the whole distro right through the point and click admin panel or dahsboard.  You need an FTP account somewhere to make the magic happen, but most people running a web site have that, and if not they are easy to come by.  So far, I have had great success with their automatic upgrade features, both for plugins and WordPress itself.  Being who I am I was very skeptical at first, but it’s actually worked wonderfully so I thought I would share.  Now, get out there and get to upgrading.  Unlike some other software entities that add more bugs and security holes than they fix, the guys and gals at WordPress actually imrpove the software with each new release.  Let me know what you think, post a comment and share your opinion.

OK folks, I came up with something helpful and I thought I would pass it on.  Recently I had a spam bot (or maybe a real person, who knows) join the forums.  Went right through all of the security controls and verifications.  Then, said user went about posting almost 500 porn posts all over my site’s forums.  Posting topics, posts, pics and embedded videos, it was really bad and I was really mad.  First off I banned the user, no problem.  I figured I would do that so I could keep relevant info like IP and email addresses rather than just deleting him.  Now I had the arduous task of removing all those damn posts and topics.

I do know that you can delete a user and tell SMF to also delete all of those users topics posts as well, but that hasn’t worked in the past so I did it on my own. Here is what I did.

Read the rest of this entry »

You may already be familiar with the feed I put up from Security Focus so you can easily get the latest news on vulnerabilities that are either already out in the wild or have the potential to be soon.  If not, check it out here.  As I am always looking to improve things, I recently added some feeds that will deliver the latest advisories for Red Hat, SuSE and Ubuntu Linux quickly and easily.  So, to recap, from here you can easily get information on the latest vulnerabilities overall, plus the latest advisories for three top Linux distros: Red Hat, SuSE, and Ubuntu. Check ‘em out and look for more good stuff, as I find new ways to deliver goodness, I’ll be adding them.  Thanks.