Archive for the ‘Security’ Category

IP address banning

Your Name Here’s servers uses software called ‘Fail2Ban’ which is is an automated way to protect our servers from brute force attacks. Fail2Ban uses regular expressions to monitor log files for patterns corresponding to authentication failures and other errors that are considered suspicious.

If an IP address makes too many login attempts within a certain time interval, this IP address is banned for a certain period of time.

This is to combat attacks on our servers, however if any legitimate user fails to login several times then that users ip address will be blocked. When this happens you will not be able to access your emails, view your website or upload/download any files to the server.

If you cannot login please contact us and we can go through with you how to retrieve or reset any of your user details.

Always keep your Web Applications updated!

It is vitally important to keep your web applications updated to the latest version. Any old versions of software may have security flaws which allow hackers to get in!

A web application is a type of program you install onto your web space, designed to help you perform specific tasks within your website. There are hundreds of web apps which can do all sorts of useful things for your website, and many that can even design your site for you. If you own a smart phone chances are you have installed lots of apps and chances are there is a seemingly constant flow of updates for them. Similarly on your PC, you will be prompted to update your programs whenever there is one available. Below is a couple of update pop ups you may have seen on your computer.


There are several possible reasons why an application is updated. More often than not it is because the designers have added new features to it. Probably the most important reason is for security. New versions often fix security vulnerabilities in older versions of software. If you stick to an old version of software it may be vulnerable to attacks by hackers.

There are many ways a hacker can get into your site, or the server your site is hosted on. To combat this is the many updates and security patches that are made available. So however inconvenient it is, you should ALWAYS update your web apps and programs.

Hello , i am Lauren. – EMAIL SCAM

You may have received the following email:

Sent: 14 December 2010 11:48
Subject: hi

I found your email in my friends list,
i think we talked some time at the one of social networks or not.
So i will remind you a little bit about me, i live in USA , Atlanta, GA.
I love to travel, visit new places, new countries. I am planning to visit UK once again,
that is why i am looking for friends here, it is always more interesting to travel
and to have good time together then alone.
So if you live in UK and you are single i will wait your email.
I am not interested in correspondence if you are married or have a girlfriend.

My e-mail is:

I hope to get your answer and of course i want to see your photo.
Have a good day

This is currently being broadcast on a massive scale and it is all over the Internet. They appear to be sending the spam through a different server each time they send an attack, and the email appears to be sent from your own address so it is proving difficult to block.

Email Scam – Internet Trademark Intellectual Property Rights

There seems to be a new wave of this particular scam email, usually from the ‘Domain name registration center in Shanghai’ or the ‘Domain name registration organisation of Asia’ or similar.

The email will read something like:

—–Original Message—–
> *From:* fiona []
> *Sent:* 08 October 2009 08:34
> *To:*
> *Subject:* Re:Europeanarts-Intellectual property rights (To CEO)
> *Importance:* High
> Dear CEO,
> We are the domain name registration organization in Asia, which mainly
> deal with international company’s in Asia. We have something important
> need to confirm with your company.
> On Oct.7,2009, we received an application formally. One company named
> “Baldfiltering company” wanted to register the following domain names:
> and Internet Trademark:Europeanarts
> through our entity.
> After our initial examination, we found that the keyword and domain
> names applied for registration are as same as your company’s name and
> trademark. These days we are dealing with it. If you do not know this
> company, we doubt that they have other aims to buy these domain names.
> Now we have not finished the registration of Baldfiltering company
> yet, in order to deal with this issue better, Please contact us by
> telephone or email as soon as possible.
> Best Regards,
> Fiona
> **Auditing Department **

Do not be taken in by this, as it is nothing more than a misleading and dishonest marketing ploy.

They basically want you to contact them so they can explain the importance of you buying all those domain extensions from them.

If, for any reason you would like to buy the Hong Kong extension of your domain name that’s fine, but you should go through a trusted domain registration company.

The article in this link explains what happened when one domain owner replied. Notice the amounts they want to charge towards the bottom of the article. Also the many comments from other domain owners who have received similar emails.

Make the most of your Spam Filter

The fight against Spam is a significant challenge that you face daily, and it continues to be  one of the biggest problems on the Internet. Spammers are clever and they will continually conjure up new ways to bypass spam filters, so unwanted email will always be there, but you can dramatically reduce the amount of spam you receive if you use your Spam filter correctly.

Spam Assassin     spam

At Your-Name Here our choice of default Spam Filter is Spam Assassin.

SpamAssassin uses a variety of spam-detection techniques, that includes sophisticated scoring filters, Bayesian statistics, external programs, blacklists and online databases.

Used correctly, it can be a very effective deterrent against unwanted email.

How to configure Spam Assassin.

  1. Firstly login to your Plesk control panel.
  2. Click on the Mail icon under Services.
  3. Click on the email address you would like to configure settings for.
  4. Then click on the Spam Filter icon in the Tools section.
  5. In the Preferences section, you firstly set the score/tolerance level that email must hit before it is recognised as Spam. Each email is  scored between 1 and 10 . As an example, if you were to receive an email with the subject ‘Buy Viagra Now’ that would score 8 or 9 as it is obviously Spam. The default setting is 7, which is usually a good place to start, but if you feel Spam is not being recognised enough, you just lower it to 6 or 5 and see how it goes.
  6. The What to do with Spam section gives you the choice to remove Spam automatically when it comes to the mailbox, or still deliver the email and mark it as xxxSpamxxx. If you want to include into the subject line the number of points that messages score, type _SCORE_ in this box. This will help you determine the best score setting to have.
  7. Next is the Blacklist section which allows you block specific addresses or domains that you do not want to receive mail from. You can add muliple entries, seperated by a tab, a colon or a comma. If you do not want to receive anything from any address at a particular domain you can use * as a wildcard. Just type * and any user at that domain will be blacklisted.
  8. Similarly there is also a Whitelist section. If you want to be sure you do not miss any emails from specific senders, you can add multiple entries to your Whitelist in the same way.
  9. Click on the Training tab to improve accuracy of spam detection by training the spam filter on the e-mail messages that you have in your mailbox. Simply highlight an email and click on ‘It’s Spam’ or ‘Not Spam’  Once finished with training, you can remove spam e-mails from your mailbox using your e-mail program or Horde IMP Webmail interface.
  10. Once finished with your spam filter settings, remember to click the ‘Switch On’ icon, and then click OK.

That’s it! Your Spam filtering is now enabled and set to your specific requirements. The settings can be modified at any time in the same area of your Plesk control panel.

Website Blocked! Reported Attack Site!

Does this look familiar to you?

Website blocked

Not what you want to see when you go to look at your website!

This is a block from Google. When they have indexed your site they have come across some potentially malicious code which can be harmful to any visitor.  Ususally in the form of Malware (malicious software) it is designed to infiltrate a computer without the owner’s knowledge.

A useful article about the dangers of Malware can be found here.

What to do if you see your site is blocked.

The first thing to do is up the security because your site has been hacked, so change usernames, passwords etc (please do not use ‘password’ as your password!) Then you need to go through the content of your site to locate the malicious code and remove it, or you can just re-upload your site again. You may need the help of your webmaster/web designer unless you did your website yourself.

Once this is done you need to let Google know by creating an account and requesting a review.

Go to and create an account. Once you have gone through the process, go to the Webmaster Tools homepage and click on your website name. You will see a message like ‘Parts of this site may be distributing malware’ Click on ‘more details’ and then request a review.

If all is well when Google check your site they will release the block and your site will be live again.