Stop Leechers From Compromising Your Website And Your Computing Resources

Leeches are worms that predominantly suck blood and feed on blood from vertebrate and invertebrate animals. Historically, leeches were widely used for medical purposes in Greece and India to remove blood from patients. Modernly, in the internet world however, web administrators and website owners associate leeches with more subtle ends, rather than the sucking of blood, merely the sucking of computing resources. This historical association is modernly used to associate users across the internet who use resources on a network without paying for them or giving anything back to the network.

On a torrent network a leecher is someone who downloads files without adequately contributing to the network, in a meaningful way - typically by disconnecting from the network as soon as he/she has completely downloaded the file. On other networks, a leecher is someone who benefits from the network or gathers information from the network and offers nothing in return. In economic terms, such users are called free riders. For example, a member of a labor union who does not pay any dues but benefits from the efforts of the union.

As a website owner, you should be concerned about leechers using your resources such as disk space, bandwidth and other computing resources such as processing power or memory. This may occur when users that are authorized by you to use the website use it in a manner that is not authorized or intended by you. For example, a university may offer its students a cloud storage space for educational purposes, and some students may maliciously use such storage space to store movies or mp3 files, which is not necessarily illegal or wrong - but is not the intended use of the resource offered to the students.

This may also occur in a small or medium business, where employees are offered storage space on the network to store the data they need, so that they can access it from multiple locations through the internet - but the employees may end up using the storage space for completely unrelated purposes, such as to store personal information and files. Users may also end up sharing the login information with other people and allow them to use those resources for unintended uses.

As a website owner, depending on whether your resources are scarce and based on the cost benefit of having such leechers, you may want to terminate such leechers. The next obvious question that arises is, how you would identify such leechers, and how you would terminate them. Obviously it is not feasible to individually eliminate each user and verify each user, but there ought to be a system to identify usage patterns and alert you when there is a risk of leechers being on your network.

Many popular web hosting interface providers offer leech protection, and it is widely used in the industry to prevent leeching activity. Mr. Ruzbeh Raja a web administrator at a popular web hosting company said that "Preventing leechers is a priority for many website owners and, indeed widely used by our clients to prevent waste of resources". Mr. Raja further said that users being offered an unlimited web hosting plan in particular should be concerned about leechers given that they do not have a particular set limit of the resources they can use, he said that this would cause them to run the risk of being caught as abusing their account as a whole.

Article Source: http://EzineArticles.com/8271667

What Are Security Best Pratices? Why Follow Them?

Everyone should be concerned about computer security. It determines whether your confidential information is safe from cyber thieves. Computers with weak defenses can endanger your financial health and your family's personal safety.

The number of computer criminals and attacks continues to grow and so does the sophistication. Cyberspace is becoming increasingly dangerous. You must take steps to protect yourself. You can do so by implementing what is known as "security best practices".

What are security best practices? The phrase refers to procedures; awareness of processes and habits that you routinely perform to "harden" your computer. Let's examine a few. 1. Use robust passwords - Your password should consist of at least 11 characters and include one uppercase letter and one special character. Avoid using common, pop culture words, birthdays of families and friends, the name of your pet, or other easy terms that could be easily discovered.

2. Always lock you machine - When you leave your computer unattended lock the workstation. Otherwise your machine would be accessible to anyone who is nearby.

3. Avoid downloading apps, screen savers and software from unknown sources. Malicious hackers frequently use malware embedded inside desirable products and offer them free. Once you have downloaded the software it can borough into your computer system and wreak havoc. Your computer may even become a "bot" and attack others.

4. Avoid opening email attachments from unknown senders - Malicious software could be installed on your system.

5. Double-check requests for information that you receive from a company with whom you do business. It could be a "phishing attack". Cyber criminals are skilled and can present to you a screen that appears to be from a trusted source. Crackers have duplicated a fake request for information from PayPal, for example, to gain personal information under false pretenses.

6. Avoid questionable websites that focus on gambling, porn or get rich quick schemes. Many of these sites will automatically scan your computer for known vulnerabilities and, once found, exploit them. Your system will be compromised.

7. Install an antivirus software package and use it. There are a number of excellent products on the market. Antivirus software looks for virus signatures and blocks them.

8. Change your wireless router's password from the factory setting. Certain routers ship with a default password that may be known to hackers. Anyone who is within range trying of your signal can intercept it and access your network.

9. Avoid sharing media with your computer. Malicious software could be downloaded onto your machine from a friend or associate's USB drive, for example, without your knowledge.

10. Perform a "white hat hack" on your system. Such a procedure can identify any vulnerabilities that exist. Gibson Research has an excellent and free program.

11. Keep your software updated. Install recommended patches from the publisher. Consider automating the process. Malicious computer users are up-to-date on vulnerabilities and know what to attack.

12. Install and use a firewall. There are both hardware and software firewalls. You can block specific senders when using a firewall.

13. Terminate your Internet connection when you finish your work. The Internet is one of the biggest attack venues. Disable your connection to the Internet and reduce the attack surface that nefarious hackers can use.

14. Encrypt your critical information. A number of free or inexpensive encryption programs are published, such as PGP (Pretty Good Privacy).

15. Consider using more than one way method to access your computing resources. A password is one level of authentication (something you know). Consider using a token (which you possess). Use a fingerprint reader (something you are).

16. Be discrete when using social media. Cyber criminals prowl sites of this type for scraps of information that can be used in exploits against you.

Computer Viruses: All You Need to Know

A virus could be a sort of malware that, once dead, replicates by inserting copies of itself (possibly modified) into different laptop programs, data files, or the boot sector of the exhausting drive; once this replication succeeds, the affected parts are then "infected".

We all apprehend laptop viruses and other forms of malware that will cause issues starting from irritating to ruinous. Some malware replicates itself till it fills up all offered area on your drive, turning your laptop into a brick. Other forms corrupt information on your machine or create your laptop unstable. Many can even decide to use your e-mail programs to distribute the malicious code to everybody in your contacts list. And there is invariably the likelihood a cracker a malicious hacker that can use malware to induce remote access to your laptop.

No one desires to have a laptop infected with a nasty virus. That is why it is very vital to practice safe computing habits and to put in reliable anti-virus software system. You'll avoid most malware simply by being attentive and staying far from many common traps. If your anti-virus software system is up so far, you will be in pretty fine condition.

But not so often, viruses get past our defenses. Perhaps our anti-virus software system is out of date or is compromised by a very clever little bit of code. At times we tend to click on a link inadvertently and activate a virus. Or somebody else used our laptop and downloaded some malware by mistake.

How does one understand if your laptop has been hit by a virus? If your anti-virus software system is powerful and updated, you will probably receive a message because the application scans your laptop. That makes detection of a virus easy. What if your software system is out of date or the virus has managed to switch off the anti-virus program? There are signs that can tell you if a virus is present on your computer.

A virus is a program that spreads by first infecting files or the system areas of a pc or network router's disc drive then creating copies of itself. Some viruses are not damaging, others could harm information files, and a few could destroy files. Viruses were easily spread when people shared portable devices and email messages.

Unlike worms, viruses typically need some variety of user action (e.g., opening email attachment or visiting a malicious internet page) to unfold.

Malware Surged in 2013

Malware, short for malicious software, is a general term for hostile or intrusive software that is used to disrupt computer operations, gather sensitive information, or gain access to computer systems.

According to industry sources, 20 percent of all of the malware that's ever existed was created in 2013. That is, 30 million new threats were created in just one year or about 82,000 a day. This represents a dramatic malware surge over previous years.

A threat is any new release of malware. This may be a totally new threat or a variation on an existing piece of malware. A very minor change to the code of an existing threat is counted as a new threat because the change will probably have been devised to get around anti-virus or other security systems.

Here's a summary of the malware that was created in 2013:

Total threats... 30 million (100%)

Trojans... 21 million (70.0%)

Viruses... 2.5 million (8.5%)

Worms... 4 million (13.3%)

Adware / spyware... 2 million (6.9%)

Other... 0.5 million (1.3%)

A Trojan is a hacking program that gains access to your computer's operating system by offering something desirable such as a free app which, when you download it, includes malicious code.

A virus is a program that infects executable files (in which the name ends in.exe) such as an app. A worm is a standalone program that actively transmits itself to other computers.

Adware shows advertisements automatically. Spyware gathers your information, such as internet surfing habits, user logins, and banking or credit card information, without your knowledge.

As regards actual infections, Trojans accounted for nearly 80% of infections detected in 2013.

The most infected country was China with 54 percent of the total infections. This may be because China has the highest percentage of users running Windows XP, which is considered to be a very vulnerable operating system.

Targeted attacks

While the sheer volume of malware created last year is extremely worrying, the most disturbing aspect of Internet security in 2013 was the successful assaults on Twitter, Facebook, Apple and Microsoft. These are major tech companies whose security systems should be unbreachable. So, if the experts are vulnerable, what about the rest of us?

Starting with Twitter in February, these four companies were targeted in sophisticated attacks that exploited an unpatched vulnerability in Java. Unpatched is geek-speak for "not fixed yet".

The attack on Adobe was one of the worse incidents in 2013. Source code for some of company's products was compromised, and the usernames and passwords of more than 38 million users were lifted.

The attacks on Twitter were laughable in a way but could have had deadly serious effects. Hackers used the Associated Press' Twitter account to send out fake news alerts claiming that bombs had been detonated at the White House and that President Obama had been injured.

The Twitter account of Burger King was also hacked. The attackers changed the site's images to images lifted from McDonalds and tweeted that Burger King had been taken over by its rival. It would be interesting to see who bought and sold shares in both those companies on that day.

Passwords... lessons learned?

The breach at Adobe revealed the extent of users' laxity when it comes to passwords.

An analysis of what happened at Adobe reveals that nearly two million account-holders (about five percent of the total) used the extremely insecure password "123456", even though this type of password has been shown to be easy breachable in the past.

Another half million users relied on "123456789," while nearly 350,000 accounts simply used the term "password" as the password.

It seems that the message security experts have been pumping out for years - to use complex and therefore more robust passwords - is being steadily ignored by users.

Threats to mobile banking

The number of new or modified malicious programs tailored for smartphones and tablets more than doubled to nearly 100,000 in 2013. The vast majority were focused on users' banking details and hence their money.

Mobile users in Russia were particularly hard hit, accounting for 40 percent of all attacks, well ahead of India (8 percent), Vietnam (4 percent), the Ukraine (4 percent) and the UK (3 percent).

It's probably correct to say that the hackers were testing and refining their mobile malware in Russia which is said to be less security conscious and therefore more vulnerable. So it's only a matter of time before cyber-thieves move on to more lucrative mobile banking in the West.

It seems that this move is already occurring. At the end of 2012, there were only 64 known mobile banking Trojans, but by the end of last year, that number had multiplied by 20 to more than 1,320.

According to the industry, 98 percent of all of last year's mobile malware were targeting Android devices. Android is an operating system (OS) designed primarily for touchscreen devices such as smartphones and tablets. It enables users to use swiping, tapping, pinching and reverse pinching to manipulate on-screen objects quickly and easily. It's no surprise than that, in most markets, Android-powered phones are the most popular, comprising more than half of all smartphone sales. There are at least one billion Android devices in use.

Android is owned by Google which releases the source code under a free licence, making it a favourite among app developers. Android's share of the global smartphone market exceeds 80 percent and there are over 1 million apps available for this operating system.

According to security experts, vulnerabilities in the Android OS architecture as well as the devices' popularity, account for the surge in Android banking Trojans last year. Being Trojans, this malware gets into smartphones bundled with some innocent-looking app.

The takeaway:

As you can see, the Internet is getting more dangerous year by year and mobile banking is now becoming the target of choice for sophisticated hackers. The chances that your system will be compromised in 2014 are extremely high.

Nevertheless, there are plenty of things you can do to protect yourself from malware:

1) Keep updated... make sure your operating system and other software is updatedregularly as the latest versions will contain patches for security vulnerabilities.

2) Install anti-virus software... to guard against viruses, worms, spyware and trojans. This software should scan files are they are being downloaded and block the activities of malware components. It should also intercept attempts to install start-up items or modify browser settings.

3) Scan... your computer regularly for malware, at least once every month, to detect and remove malware that has already been installed on your computer.

4) Be careful... when following links on the internet. Be especially cautious on social networking sites... images and videos that go viral can infect huge numbers of computers very quickly indeed.

5) Don't install unknown software... some websites offer you free software. Before you download, ask yourself: 'why would anyone give away software for free?' More than likely there's a catch, such as an unwelcome piece of malware hidden within the freebee.

6) Don't click on pop-up windows... many malicious websites try to install malware on your system by making images look like pop-up windows.

7) Perform regular back-ups... to an external hard-disk or other media so that, if the worse comes to the worst and the only way to get rid of malware is to format your hard disk and reinstall your operating system, you don't lose your files.

8) Be ultra-cautious when using mobile banking... It might be best not to use the same smartphone for mobile banking as you use for other online activities such as telephoning, texting and messaging etc.

How to Reduce the Risk of Your Online Accounts Being Hacked

Internet security and protecting your online identity is becoming one of the major threats of the current day. With the increase in social media and access to personal data being more available, we must be more vigilant and careful what we are posting out on to the web. It is important to limit who can view certain data about ourselves on social media platforms. We may want our friends and family to view all of our details on social media platforms however; it is important that we are careful of who is actually viewing this personal information.

There are some simple steps that can be taken to reduce the risk of your data being hacked. Remember these steps will reduce the opportunity for hackers but cannot guarantee your accounts will not be hacked.

It is important that you have strong passwords. That does not mean using your pet's name; your favorite football team or your high school name and many other similar answers to these types of questions do not count as a strong password. If asked this for security questions do not provide real answers as these can be easily figured out. I know it can be a pain to change your passwords often and then you often find yourself having to reset them as you keep forgetting them. It is better to spend a few extra minutes generating passwords on a regular basis then spending hours trying to resolve the issues of your account being hacked. The stronger passwords contain both upper and lower case letters and special characters. Passwords should not be actual words, as this is more difficult to detect for hackers. Do not use the same password for different sites. It can be difficult to remember all these different password combinations however; there are many tools that you can use to store these passwords. One used by many currently is RoboForm. You will have to create one master password that will allow you to access your all saved passwords. There are great tools to simplify your password management.

With the increase in use of social media it is important to update your privacy settings on a regular basis. Only share your contact information with people you know and keep your social media profiles private as can be. Simply displaying an email address, screen names, phone numbers and other contact information can become an advantage for a hacker.

By implementing the changes to your online details you will be at less risk of your data and information being accessed. Even if you do regularly update passwords, create strong passwords and follow the advice above there is still a chance of your information being accessed, but there is less of a chance than if you do not do follow this.

Protecting Against Email Viruses

Anti-virus and anti-malware scams pose a serious problem for today's Internet users. Although more people are becoming aware of these risks, there are still many email users and casual web readers who don't know about the tricks and ploys scammers use to trick you into sharing information or making your system vulnerable to attack.

Despite the ingenuity of many viruses and malware, there are two basic ways most virus scams target your computer: via email or through pop-up ads. Email from unknown addresses may be dangerous, as it can include viruses in the form of attachments. Make sure that your entire management team sends out company-wide emails, warning employees of their danger. Standardize your internal processes to make a security a top priority. Pop-up ads are more likely to advertise bogus products to remove viruses you don't actually have - and then seize your personal or financial information.

There's noting more destructive to a small business than the leaking of sensitive information. Don't let that happen. Take preventative measures today! Start by addressing two of the most common threats utilized by hackers: Email Viruses and Pop-Up Ads.

Email Virus Dangers

Email virus scams are very common, and they disguise themselves well. Viruses are often sent to thousands of email addresses under the guise of a real company that you might have had contact with, such as eBay, PayPal, UPS, FedEx, DHL, or other commonly used service providers.

The email may look exactly like a legitimate email from the alleged company - or it might have typos and spelling mistakes that give it away. In either case, these "phishing" emails will ask you to take some urgent action that could endanger your computer or your personal information. For example, it might ask you to respond to email you sent, inquiring about hiring a new IT firm with your account information, open an attachment that will explain the email further, or click on a link that will take you to a site that requests your address, phone number, credit card information, or other personal data.

Opening the email could unleash a virus on your computer, or give scammers access to your PC to take credit card information or other data that would allow them to use your name and identity. If you receive an email and aren't sure if it's legitimate, contact the company directly - through the "Contact" page on their website - and ask them whether or not they actually sent the email. Most groups taking phishing very seriously and will respond quickly to these kinds of inquiries. As a rule of thumb, never open it if you aren't sure.

Pop-up Ads and Scam Anti-Malware

Scam or "rogue" antivirus software can sometimes appear in the form of pop-up ads when you visit legitimate websites (often because the website itself has been hacked by scammers). I've seen it too often: an accidental click on the wrong link corrupts data for weeks to come. Some of these bogus sites have very sophisticated designs that look virtually identical to the websites and software you use on a regular basis. These pop-ups may warn you that your computer has been compromised, listing a series of viruses or other alleged problems on your computer that their software purports to fix - for a price. Then, when you order the software, your computer will become infected with a virus or your personal information will fall into the wrong hands.

If you receive one of these pop-up messages warning you about viruses on your system, be forewarned: it's almost certainly a scam, intended to solicit cash and personal information from unwary web users. The best way to be sure, however, is to check with a reputable site like Snopes, McAfee, or Sunbelt to find out whether the notification is legitimate.

2014 And Beyond

Today's hackers are growing bolder and bolder. Unlike their forefathers in the early 1990's they use increasing complex codes, applications, and password generators to keep one step ahead of firewalls and other security measures. And while staying on the cutting-edge of virus protection is a must in today's business world, staying informed of these threats is the first step. If you don't have an internal IT department or staff, contracting your email & server protection to an outside IT services firm could be your best strategy. They'll be able to offer a wide range of customized strategies to align with your budget.

Now that you know how to spot the red flags, you won't be caught unaware the next time one of these messages turns up on your computer screen or in your email inbox.

Residential Broadband Hosts Used to Horde Phishing Sites

A new wave of phishing attacks that utilize spam to distribute links to phishing sites were found to be installed and hosted on the personal computers of residential broadband customers. Such a new trend named as 'Phish@Home' was noticed in the first quarter of 2014 by PhishLabs - a leading provider of cybercrime protection and intelligence services.

What are we talking about... 
By scanning the residential service IP address space, attackers exploit individuals who have (1) enabled the remote desktop protocol (RDP) service on Microsoft Windows and (2) use a weak password. The attackers then install PHP Triad (free, open-source, web server software) and upload a number of different phishing pages. Links to the phishing sites (usually financial institutions and payment websites) are sent out via spam email messages.

This trend is highly significant, as phishing sites hosted on compromised personal home computers are more likely to have a longer lifespan than those located in a traditional hosting environment. (The hosting provider's terms of service typically enable them to quickly shut down malicious sites; Internet service providers (ISPs), on the other hand, have little control over customer-owned home computers linked to the ISP by residential broadband networks.)While RDP is turned off by default on desktops with modern versions of Windows, it was found that the many individuals still use RDP as a free, no third-party way to remotely access at-home systems.

According to the report, a few of these recent phishing attacks suggested "evidence of social engineering to get the user to enable RDP or create Remote Assistance invitations; exploits with shellcode or malware that enables RDP; or attacks that target other possible weaknesses in RDP configurations such as Restricted Admin mode in RDP 8.1." In every attack analyzed, attackers gained access only through RDP-enabled connections and weak passwords.

Why worry?
Although these attacks target residential systems, the intentions of the attackers can't be predicted. Successful creation of such a network of compromised machines could lead to a huge bot network which can be utilised for larger attacks or breaches. It could be also used to send spam email or participate in distributed denial-of-service attacks.

Such event clearly indicate the need for security for home devices, owing to the evolution of Internet of Things. There exists a growing need for security solutions for home devices, besides the general office devices, as the level of risk and quantum of vulnerability is similar, irrespective of whether the device resides in your home or in your office network. Hence such a series of attack clearly indicate the need for security of home devices.