Aug 27, 2007

Rebecca the Webmaster - A StopBadWare Case Study: Practical Guide for Webmasters (1 of 3)

Don't panic!!!" - Rebecca the Webmaster - A StopBadWare Case Study: Practical Guide for Webmasters– descriptions of tools we used. (Part 1 of 3) - In-depth analysis of problems and issues (Part 2 of 3), - Avoiding problems in > the future (Part 3 of 3)

This is the requested follow up from “Rebecca the Webmaster - this is my story, no tears, no glory.” Here we describe the problem solving methodology, analysis, tools used, web code issues, and steps taken to avoid problems in the future. The “we” are Rebecca a newbie webmaster with the guidance of El Jart, also we made sure that although Jart started with his “geek” tools (which I could not even understand the names of), we made sure anything we used was available to all and “free” – no commercials. Remember if I can learn to do this anyone can.

Introduction
First of all let us stress the obvious; regular checks of the tools available to virtually all webmasters are the way to avoid being flagged by Google in the first place, see how to avoid problems below. However, remember even the best web sites get hacked or compromised, for example AOL or MSN, so the most important advice from The Hitchhiker’s Guide to the Galaxy “Don’t Panic!!!”

The Tools
Just a word of caution, the tools below worked for us, however do get the help of your web host and only do this work if you have a PC with a really good anti-virus, anti-spyware etc. The stuff you are trying to clean up can bite; also make sure your PC is clean in the first place!

1. Server access – I know it sounds obvious but to start with as the site webmaster I realized I did not have full access or know what tools were available. So check this first, if you use CPanel or similar many of the tools to clean up and check are there e.g. http://www.cpanel.net/docs/cpanel/

2. Firefox and add ons – As the webmaster you have to be able to look at the site and check what is called. What we mean by this is the “scripts”, for example you may use a simple Ad or banner, what is actually called by your web site, e.g. the “inline scripts”, “cookies” etc. Just a note for end users if you surf with Firefox and these add ons https://addons.mozilla.org/en-US/firefox/browse/type:1 your surfing is a lot safer, it is then up to you if you want to accept scripts, cookies or other downloads.

a. Firefox – ensure latest version (set for no-popups and cookies to manually accept)
b. Google toolbar (add on) – this helps to search the web for any terms or third party web addresses, but for me if you search “define:sql injection” you can get any description to help you or use “site:anywebsite.com” “inurl:anywebsite.com” “cache:anywebsite.com” you see a lot more about any web site, including your own.
c. McAfee Site Advisor (add on)– Just to check out any web address you come across, especially on any spam or script.
d. No-Script (add on) – this is great because when used you can look at a web sites but any script on the web site is disabled.
e. PhProxy (add on) – Using this you can go to any website without using your real IP address, however this is for the first safe look, you have to switch this off when you look at “inline scripts”
f. Edit Cookies (add on) – Now you can see any cookies, before you accept them
g. DOM Inspector (add on) – Lets you inspect a web window and its contents.
h. Safe cache (add on) – Prevents any cache based privacy attacks.
i. Key scrambler (add on) – This encrypts any passwords you type on your PC for websites; just in case there are keyloggers in action.
j. Web developer (add on) – This lets you check the actual scripts called, in other words not what you think is on your website, but what the user actually gets.

3. Notepad ++ - This is an Open Source text editor, using this you can capture or download text, HTML, scripts, server log files, SQL, and save for later examination.

4. SmartFTP – There are several around this is the one we used, simply because you can use it in a secure mode and set / reset file permissions, so you help being attacked again.

5. Windiff – A free utility so you can compare directories that you FTP as a backup from your website to your PC and even individual files.

6. On the server (assumes PHP & MySQL);

a. Server Log files – just use your secure FTP to download and check in your text editor
b. PHPmyAdmin – now this is daunting at first but a bit of reading http://www.phpmyadmin.net/home_page/docs.php soon help to master this, in our case this was vital to down load and backup the website databases. This is where we found most of the problems that could have re-infected / re-hijacked us.
c. PhpBB – forum tools http://www.phpbb.com/community/ lots of help here.

7. Common sense – Maybe the most important webmaster tool as Jart kept on stressing, what should be within the website; its scripts, files, on the forums, within the SQL databases, etc. If you see a call to some website you do not recognize check it out. If some script is calling to download a special multi-media application, is it the real one? If some website / bot is coming to your site (on the server log files) every 10 seconds, why is it coming? What is its purpose or even more important what is calling it? Simple really.

1 of 3

Rebeca La Webmaster - herramientas empleadas (Parte 1 de 3)

"¡¡¡MANTÉN LA CALMA!!!" - Rebeca La Webmaster – Un Caso de estudio de StopBadware, Guía práctica para el Webmaster, - Descripción de las herramientas empleadas (Parte 1 de 3) – Análisis exhaustivo de problemas y cuestiones (Parte 2 de 3) – Evitando problemas en el futuro (Parte 3 de 3)


Esta es la continuación de "Rebeca La Webmaster, esta es mi historia sin lágrimas ni gloria" Donde describimos el los métodos de resolución del problema, el análisis, herramientas utilizadas y los pasos tomados para evitar problemas futuros. El "nosotros" somos Rebeca (una webmaster principiante) con la ayuda de El Jart, nos hemos asegurado de que El Jart empezó también con estas herramientas "tontas" (de las que a veces ni podía entender los nombres) y de que todo lo que utilizáramos estuviese disponible para todos de manera gratuita – nada comercial. Recordad que si yo puedo aprender esto, cualquiera puede.


Introducción
Primero dejadnos empezar por las obviedades, con chequeos regulares de las herramientas disponibles virtualmente es posible evitar que nos marquen en google, podréis encontrar mas abajo la manera de evitarlo. Pero recordad que hasta las páginas más importantes acaban siendo hackeadas o puestas en peligro, por ejemplo AOL o MSN, así que el consejo más importante del la Guía del Autostopista por la Galaxia es "MANTEN LA CALMA".

Las Herramientas

Una llamada a la precaución, estas herramientas funcionaron para nosotros, de todas maneras debes buscar la ayuda del host de tu web y sólo hacer este trabajo si tienes un buen antivirus, anti-spyware etc. Lo que estás tratando de eliminar ¡muerde! Así que asegúrate primero de que tu pc está limpio.


1. Acceso al servidor: sé que suena obvio, pero cuando empecé como webmaster no tenía acceso absoluto ni sabía de que herramientas disponía, así que compruébalo primero, si usas Cpanel o similar muchas de las herramientas de limpieza y comprobación están ahí. Ejemplo: http://www.cpanel.net/docs/cpanel/

2.
Firefox y extras– Cómo webmaster tienes que poder ver la web y cómo se llama. Lo que quiero decir es que debes conocer los "scripts", por ejemplo, puede que uses algún anuncio o banner, al que se llama desde tu site, por ejemplo "cookies" etc. Sólo un aviso a usuarios de firefox y estos extras https://addons.mozilla.org/en-US/firefox/browse/type:1 vuestra navegación es mucho más segura, de ti depende si quieres aceptar scripts, cookies y otras descargas.


a. Firefox – asegúrate de que tienes la ultima versión (preparada para que no ver pop-ups y aceptar las cookies manualmente)

b. Google toolbar (extra) – ayuda a buscar en la red la dirección de cualquier tercero, pero para mi si buscas "define:sql injection" puedes encontrar la descripción para que te ayude o usar "site:anywebsite.com" "inurl: anywebsite.com" "cache:anywebsite.com" para ver mucha más información sobre cualquier web, incluyendo la tuya.


c.
McAfee Site Advisor (extra) – para comprobar cualquier web en la que entres especialmente en busca de cualquier tipo de spam o script.

d. No-Script (extra) – esta es genial porque puedes navegar por cualquier web con todos los scripts que utilice deshabilitados.

e. PhProxy (extra) – usando este puedes entrar en cualquier web usando una ip que no es la tuya, de todos modos esto es solo para echar un primer vistazo de forma segura, lo tienes que apagar para ver los "inline scripts"

f. Edit Cookies (extra) – con el puedes ver todos los cookies antes de aceptarlos.

g. DOM Inspector (extra) – te deja inspeccionar una ventana web y sus contenidos.

h. Safe cache (extra) – te previene de ataques a la privacidad que utilicen el caché.

i. Key scrambler (extra) – encripta cualquier password que teclees en tu pc para las webs, para el momento en el que los keyloggers se pongan en acción.

j. Web developer (extra) – te deja comprobar los scripts reales, en otras palabras, no lo que crees que hay en tu web, si no lo que ve el usuario realmente.


3. Notepad ++ (block de notas) – utilizando esta simple herramienta puedes descargar texto, html, scripts, archivos log del servidor, SQL y grabarlos para un examen posterior.


4. SmartFTP – hay varios, pero este es el que utilizamos, simplemente porque puedes usarlo en modo seguro y dar o quitar permisos a los archivos, con lo que evitas ser atacado de nuevo.


5.
Windiff – una utilidad gratuita que comparar los directorios que tienes en el FTP y hacer un backup y/o archivos individuales de tu site en tu pc.


6. En el servidor (asumiendo que usas PHP & MySQL);

a. Server Log files – usa tu secure FTP para descargarlos y compruébalos con el editor de texto.


b.
PHPmyAdmin – de un poco desalentador al principio pero con un poco de lectura http://www.phpmyadmin.net/home_page/docs.php pronto te harás un experto, en nuestro caso fue vital para descargar y hacer un backup de las bases de datos de la web. Es donde encontramos la mayoría de los problemas que nos podían haber re-infectado.

c. PhpBB – herramientas para los foros http://www.phpbb.com/community/ hay mucha ayuda aquí.

7. Sentido común - quizá la herramienta mas importante mientras Jart me presionaba con lo que "debería haber en una web": scripts, archivos, en los foros, en las bases de datos SQL, etc. Si veis una llamada a una web que no reconocéis comprobadlo, si algún script llama a la descarga de alguna aplicación multimedia ¿es la auténtica? Si alguna web o bot entra en tu web ó en tus archivos log cada 10 segundos, ¿por qué lo hace? Y lo más importante ¿qué lo está llamando? Es realmente simple.

OK fin de la parte 1 de 3 – para el momento en el que hayais instalado todas las aplicaciones sugeridas estaremos de vuelta con la siguiente entrega, trabajad sobre esta guía. ¿alguna pregunta?


Rebeca & El Jart

Aug 22, 2007

Alexa to be blacklisted?

So who can you trust on the Internet nowadays? Perhaps the answer lies with the cyberspace citizen democracy. Alexa, the Web Information Service owned by Amazon, appears to be on the brink of being blacklisted by McAfee’s Site Advisor .

Site Advisor uses the basis of its own scanning to judge whether users should be warned of a website dishing out exploits, spam etc. At the moment is shows a green tick, however it also relies upon independent reviewers to judge website experience. At the moment 75% of reviewers are giving Alexa the thumbs down, for consistent; ad-ware, viruses, and spyware. On the anti-virus tests Alexa’s toolbar comes up with;

AhnLab-V3:Dropper/Alexabar.494672
AntiVir:DR/AlexaBar.J
Avast:Win32:Adware-gen.
BitDefender:Adware.Alexabar.L
Ewido:Adware.AlexaBar
FileAdvisor: threat detected
Fortinet:Adware/AlexaBar
F-Prot:W32/AdwareX.CKD
Ikarus:Win32.SuspectCrc
Kaspersky:not-a-virus:AdWare.Win32.AlexaBar.j
McAfee:potentially unwanted program Generic PUP
NOD32v2:Win32/Adware.Alexa
One-Care (MS): Privacy concerns
Panda:Adware/Alexa-Toolbar
Sunbelt:Alexa Toolbar
Symantec:Trackware.Alexa
VBA32:Application.Win32.Adware.Alexa
Webwasher-Gateway:Trojan.AlexaBar.J

So on Site advisor it now shows on the brink of getting the red “X” along with other exploiters, http://www.siteadvisor.com/analysis/reviewercentral/?page=onthebrink&showMore=true ,

So most users know Alexa’s Spybar is primarily BadWare, (ad-ware / spyware) and a real nuisance to uninstall. So here is the question, will McAfee and others take the step to give it the red “X”?

The possible reason they won’t is because it is one of the big boys on the Internet? – Wonder if the community could tip the scales by also adding their negative views of Alexa’s Spybar as a reviewer try it out http://www.siteadvisor.com/sites/alexa.com#reviewercommentssummary .

Wow, just imagine if we could get Amazon and others to come clean and maybe set a good example for others, by changing their spybar. No wonder many webmasters go to StopBadWare (Google’s blacklist forum) to complain about why their website has been flagged, when Alexa just rolls on regardless.

Aug 19, 2007

Rebecca the Webmaster - BadWare Case Study

Rebecca the Webmaster - this is my story, no tears, no glory...- A
StopBadWare Case Study (English version)

Introduction;
This is a success story for Rebecca and StopBadWare, - no tears, no
glory! This is written by me and 'El Jart' to assist other webmasters
and written in a case study format as a step by step guide from a
website getting flagged by Google, not only to the lifting of the
warning, but added measures to hopefully reduce the chances of ever
getting flagged again, with hidden traps for any unwary exploiter in
the future.

(Note: No staff of StopBadWare or Google was involved, and the review
process was as for any website.)

This case study is in 3 parts; English language version (this post),
Spanish version, Tech version and descriptions of tools and in-depth
analysis of code and script issues we used. This is to demonstrate how
a newbie webmaster with help from the community, can get it done,
hopefully any webmaster can follow "Rebecca's Guide"

Backgound;
The specific web domain itself is not relevant for this study; however
the site is a popular Spanish language community fanzine; news,
sharing stories, pictures, multimedia and an active forum. Based in a
small town in Northern Spain, Rebecca started off 2 years ago as a
forum moderator; "without even an internet connection at home but when
she got one her dial-up she was ready to get into de administration,
so “I personally decided to change the website looks, and start
spanking the others to do their job properly. The web site really
started to take off, not just the news section the designing and all
the info was starting to be what it was meant to be, then the problems
started."

Being Flagged by Google;
The Google warning story... one of the members of the site team was
testing our rank in Google when he found out we were flagged, so
that's when the story begins... May 3rd 07. We asked Google, who told
us to remove certain code and told us to ask for review in
StopBadWare. After some time trying to clean it myself... I decided to
ask for help at the StopBadWare forum July 28th 07... Lucky me! I
found help from the community!! How I have found out that we did get a
Google mail warning us, but I did not have access to that accounts
till I asked another team member for the passwords and all that stuff,
he doesn't even know how to enter that accounts I'm not blaming
him for that, so I'm not sure for how long we were flagged 'till May
3rd." Having requested a review the Google flag was clear August 2nd
07... Happy team, site, and users.

How we fixed it;
The first strange stuff, after reading the StopBadWare guidelines I
could see was a reference in the HTML index page was to iframe ....., relating to some .swf and 'RuneScape' and as we do not have such files on the site! I just deleted, but I was not sure if
that was it?

Found out it is used by hackers to trick users into downloading
malware from a fake Adobe Shockwave Player download site. Prospective
users who stray onto a game site are presented with broken icons in an
attempt to convince them that their copy of Shockwave (if already
installed) isn't working properly.

Then we found another iFrame src "quickcnt” hidden iFrame in the
Administracion directory there is a file called "index.php" so we got
rid of that too, with two other .swf fake player downloads. Ok I
thought this was all done until 'Jart' told me to search all the
server log files for strange activity on the site, after he found them
for me, he was right! Lots of funny IP addresses (web bots) coming to
call, linked to the stuff I had got rid of but also for the forum.

So I went to work on the PhpBB forum, cleaned off any spam, and banned
all the IP and domains linked to the spam and the logs. We then also
added a 'robots.txt' especially for the forum and patched various php
files for the forum.

Finished I thought, then 'El Jart' asked me about the SQL database
files, did not even know where they were. So Jart pushed me again (El
Jart can be more Bad than the BadWare!) what did we find? A forum that
I did not even know existed. This had SQL injections, with only spam
addressed to bad websites. Also administrators with passwords for the
whole site, who had nothing to do with the site, and spam that,
attached its self to any proper post on the real forum. This is how we
got hacked in the first place and if we had not dug down deep enough,
we could have easily been infected again.

Conclusions and a happy ending;
When we first found out we were flagged by Google I was first
frustrated and after getting rid of the first bad iFrame, I was
annoyed we had to wait. Thanks for the StopBadWare forum and really
finding out what was wrong and really fixing it, I can only tell any
other webmaster it was worth the wait.

So check your website if you get flagged or even better check your
website before you get flagged - check;

1. For any iFrame code especially where it has the name of a website
you do not know, and says "hidden".

2. In any PHP or other files for this, as well as any calls for
downloads of multimedia players, PDF, or other files you do not
recognize.

3. Look at your server log files, for all contact with your web site
is within them, might take a bit of learning but worth it.

4. Check these database files (SQL) for anything unusual.

5. Go to the StopBadWare forum and ask, I did and it helped me. For a
little more practice, El Jart is going to take me on some of his next
"help visits" then I will assist other webmasters!

So in all "a few tears but a lot of glory", one further happy ending
is, Jart showed me how to add a few further "patches" which he made me
promise not to tell anyone, but apparently they are "BadWare Hacker"
traps, which if someone tries to hack our site again, their "bot" goes
back to its dark place with a bad headache ;-)
Hope this helps others.

Rebecca AKA "The BadWare Avenger" & with an El Jart assist.

Rebeca la Webmaster – esta es mi historia, ni lágrimas ni gloria

Rebeca la Webmaster – esta es mi historia, ni lágrimas ni gloria… un
caso de estudio de Stopbadware. (Version Española)

Introducción;
Esta es una historia de éxito de Rebeca y StopBadware – sin lágrimas
ni gloria, escrita por mi y “El Jart” para ayudar a otros webmasters y
escrito paso a paso desde una web con aviso de Google “este sitio
puede dañar su equipo” y no solo conseguir deshacernos de el si no
añadir medidas para reducir las oportunidades de volver a tener un
aviso con trampas ocultas para cualquier ataque indeseable en el
futuro.

(Nota: Ningún miembro del personal de StopBadware o google fue
involucrado y el proceso de revisión fue el mismo que para cualquier
website).

Este caso de estudio consta de tres partes, versión inglesa, versión
española (este post) versión técnica y descripción de las herramientas
y análisis detallado del código y el script que utilizamos.
Es para demostrar que un webmaster nuevo con un poco de ayuda de la
comunidad puede conseguirlo, y cualquiera puede seguir la “Guía de
Rebeca” .

Historia;
El dominio de la web no es importante para este estudio, de todos
modos hay que decir que es un Fanzine, una comunidad llena de
noticias, fotos, multimedia e historias varias, así como un foro
activo. Empecé hace dos años como moderadora del foro, no tenía
conexión a internet en casa por lo que no podía aspirar a mucho más,
cuando la conseguí comencé mi pequeña revolución, instando a los demás
a completar un trabajo que estaba a medias. Cuando todo empezaba a
tener “cara” empezaron los problemas.”

El aviso de Google;
La historia del Google Warning... uno de los miembres del equipo
estaba testeando nuestro webranking en google cuando se dio cuenta de
que teníamos ese indeseable aviso “este sitio puede dañar su equipo”
ahí es donde la historia empieza, 3 de Mayor de 2007, preguntamos en
google y nos dijeron que borrásemos cierto código y que pidiésemos
review en badware, después de un mail en el que nos decían que
estábamos limpios y que el aviso sería borrado pronto empezaron los
verdaderos quebraderos de cabeza, ya que día a día el aviso seguía
allí… después de bastante tiempo intentando limpiar los códigos yo
misma decidí pedir ayuda en el foro de StopBadWare el 28 de Julio,
afortunadamente encontré ayuda de la comunidad enseguida!

Podría haberme dado cuenta del aviso de google antes, nos habían
mandando un correo al mail de la web, pero hasta hace relativamente
poco yo no tenía acceso a esas cuentas, hasta que no le pedí las
claves a otro miembro del equipo, él tampoco tenía muy claro cómo se
accedía a esas cuentas, con lo cual no le culpo por ello, por lo que
no sé exactamente desde cuando teníamos el aviso. Finalmente nos
deshicimos del google warning el 2 de Agosto y nos quedamos
“tranquilos”.

Cómo lo solucionamos:
La primera cosa extraña, después de leer las guías de StopBadware vi
que había referencias en mi html principal (index) a un iframe .....,
Relacionado con un .swf y 'RuneScape' cómo no teníamos esos archivos
en nuestra web simplemente lo borramos, pero no estaba segura de si
era eso o no.

Averiguamos que es algo que los hackers usan para engañar a los
usuarios y que descarguen un Adobe Shockwave Player falso, los
usuarios normalmente acaban en una páguna de juegos con iconos rotos,
haciéndoles creer que su copia de Shockwave, si es que la tienen
instalada, no funciona correctamente.

Después encontramos otro iFrame src "quickcnt" escondido en el index
del directorio de administración, con otras dos llamadas a la descarga
de .swf falsos. Pensé que eso era todo cuando “Jart” me dijo que
ojeara los archivos log buscando actividad extraña, después de que él
buscase, me di cuenta de que era cierto, muchas IPS raras (web bots)
haciendo llamadas, linkeando a cosas que ya había eliminado y también
al foro.

Así pues, me dirigí al foro PHPbb, limpié todo el spam y baneé las IPS
y los dominios linkeados a spam y los logs, añadimos un robots.txt
especialmente para el foro y parcheamos varios archivos php del foro.

Pensé que habíamos acabado, pero otra vez 'El Jart' me preguntó sobre
la base de datos SQL, no sabía donde estaban. Así que me instó de
nuevo (A veces El Jart es peor que el propio badware) ¿qué
encontramos? Un foro que no sabía que existía que tenía inyecciones
SQL, con sólo spam y links a sites de dudosa reputación. También
administradores con passwords para todo el site que ya no tenían que
ver con él, y spam que se adjuntaba a algún post del foro real. Esa es
la manera en la que nos hachearon la primera vez, y si no hubiéramos
investigado a fondo hubiéramos podido ser infectados fácilmente otra
vez.

Conlusiones y final feliz;
Cuando nos dimos cuenta de que teníamos el aviso de google estaba un
poco frustrada y después de borrar el primer iFrame me molestaba la
espera. Gracias al foro de StopBadWare he averiguado cual era el
problema real y se ha solucionado de verdad, solo puedo decir que la
espera ha merecido la pena.
Así que, si tenéis un aviso de google ó mejor, mirad vuestras webs
periódicamente antes de que lo tengáis, en busca de:

1. Cualquier iFrame, especialmente si va acompañado de el nombre de un
site que no conocéis y que diga "hidden".

2. en cualquier PHP ú otros archivos por la misma razón, así como
cualquier llamada para descargar reproductores multimedia, PDF ó
cualquier archivo que no reconozcáis.

3. echad un vistazo a los archivos log, buscando cualquier contacto
extraño con vuestro site que se encuentre en ellos, os llevará un poco
saber descifrarlo pero merece la pena.

4. Echad un vistazo a los archivos de la base de datos (SQL) buscando
cualquier cosa fuera de lo normal.

5. Id al foro de StopBadWare y preguntad, a mi me ha ayudado mucho.
Para que adquiera un poco más de práctica, el Jart me llevará en sus
“próximas visitas de ayuda” después yo misma ayudaré a otros
webmasters!

Así pues, después de todo "algunas lágrimas pero mucha gloria”, un
nuevo final feliz, Jart me ha enseñado cómo añadir algunos parches más
pero me ha hecho prometer que no se lo diré a nadie, aparentemente son
trampas para "BadWare Hacker", por lo que si alguien intenta hackear
nuestro site otra vez, su “bot” vuelve a casa con su con un mal dolor
de cabeza. ;-)

Espero que esto os ayude.

Rebeca AKA "The BadWare Avenger" con la ayuda de El Jart.

Aug 18, 2007

Google Blacklisting and Ad-Networks – Ethical Choice for a Webmaster

Having you website “flagged” by Google is very frustrating, but is it Google who is punishing you?

For many webmasters the problem is caused by "Ad-Networks" they subscribe, here is an illustration; “You buy a gun, the gun is picked up, fired and hurts someone, whose responsibility is it, yours or the gun manufacturer?" - Answer = 100% your responsibility

Did you need the gun in the first place? Were there better methods available? Did you check out the manufacturer / ad-network in this case by checking the experience of other users, particularly those end users who have had their PC’s screwed up and complained to Google?

There are many complaints on forums all over the Internet. Most end users, me included, are thankful Google is at least providing some warning. Why should the user put up with this annoying and nearly impossible to remove adware - from your site?

So take action against the real people who caused you the problem; as examples have you gone back to Casale Media or ValueClick or many others and asked them, (a) why does their code get you into these problems, and (b) what are they going to do about it?

We all have moral or ethical choices; your web site is delivering to the end user so 100% your responsibility. If you and others decide not to use Casale Media and ValueClick, then they would be out of business or might change their bad methods.

Webmaster, "as you did buy the gun"; Are the Ad-Network’s methods good for end users? When did you know they caused issues (adware / spyware / spam) for end users, only because Google flagged you? How much did the $$$ factor made you decide to use them?

BadWare Hunter's Tools

Tools for the BadWare Hunter

Top 100 security tools

Top 10 Web vulnerability scanners

Info on author Fyodor of sectools.


Joomla! Administrators, advice & tools

Joomla! Administrator's Security Checklist

How to find exploits using the *NIX shell

Help! My site's been compromised. Now what?

BadWare Activist

Malware or badware or whatever you want to call it, so another Blog?

I and millions of others (yes millions!) have been "burgled", yes that is the right word, and these burglars have either:

  • Come onto my property without permission and attempted to steal or maybe have stolen for all I know.
  • Thought it is OK to sell me a product or service and then also steal or attempt to steal.
  • Initially as an invited guest, but without my permission or even the courtesy to ask, plant a bug which is designed to spy and then ultimately steal from me.

This has wasted my valuable time and cost me a lot of money over the years. So I am going to stop being an ongoing victim, get the real answers many of us Internet an PC users are looking for. For example who can you even report this crime to or will take action? I want to really find the answers, whistle blow on the burglars and badly behaved guests. Do something about it and encourage others that will.


This Blog, is not associated with any vested commercial interest:

  • It "is" a place which will not be pretty or diplomatic, it is in layman’s terms going to question, point fingers, get and provide answers, and seek justice.
  • It "is" a record and resource of firstly how to find out if you have been burgled, see some of the burglars tools, and what to do about Malware - Badware or whatever is the current flavor of the month key word, you discover lurking there.
  • It "is" a place where the question is asked, with hopefully some answers, not only about how to remove or fix malware / badware. It is about how to proactively prevent it, or even more importantly find out and get back at whoever sent it you.
  • It "is" a place where there will be a debate on the industry ethics and philosophy on the cause to this disease.
  • It "is not" a place for selling or reselling; but if you know of the latest gadget / tool as a solution that "really works" then provide advice.

Well, not just as a good sound bite "the more I know the less I understand" about malware, badware, hacks, viruses, spyware, or the myriad of other terms. As someone who is supposed to have reasonable expertise on all of this, the more in depth I have researched the who and why, the more I have realized we are all missing the point. Of the more recent discoveries, ongoing research, forensic analysis, and information passed to me, has already revealed some surprising if not disturbing answers, that is another reason to use this blog, to avoid some of the vested interest.

You a victim as well? Got some answers? Then add a comment, add your frustration, try and tell us there is no problem, provide advice, let us whistle blow on the; who and why.