[Hidden-tech] Spammers piggy backing on my website

[B. Kimo Lee]

Hi George,

Initially I thought it might be robot signups, but I see that you have a reCaptcha text field on your trial signup form. Probably humans paid per form to fill them in. Not much you can do to prevent those kinds of signups.

As far as intrusions, you can ask your hosting provider to run a malware scan of your site files and database. Always make sure to keep your Wordpress version up to date, including updating versions of any of the installed plugins so that you know you have the latest security fixes. Also make sure your host keeps the server software up to date, too. Older versions of PHP have known vulnerabilities and don't meet PCI compliance. Any site with eCommerce features ought to have an account with a PCI scanning service, like ControlScan, SecurityMetrics, McAffee, etc., which will turn up those security holes.

These days, intrusions seem to focus on grabbing user info —names, addresses, session hijacking, i.e., recording keystrokes to gain passwords.

Btw, if you're not already receiving comment spam on your blog, when you do, I'd suggest getting an Akismet account and installing the Akismet Wordpress plugin. I use the Akismet service on several Joomla client sites I maintain and it cut comment spam down to zero.

Hope this helped.

Best,
Kimo


AZURELINK  ::  "Simply Connected!"
-------------------------------------------------------------------------------
Web Site Design & Scalable, Managed Web Hosting
Joomla! Content Management System Implementation
eCommerce Development
-------------------------------------------------------------------------------
321 Main Street, Suite 4
Amherst, MA 01002
(413) 549-2020
For more information, please visit: www.azurelink.com
-------------------------------------------------------------------------------
Follow Azurelink on Twitter: http://twitter.com/azurelink


-------------- next part --------------
A non-text attachment was scrubbed...
Name: Azurelink.vcf
Type: text/directory
Size: 611 bytes
Desc: not available
Url : http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20111029/b619bafb/attachment.bin 
-------------- next part --------------


On Oct 28, 2011, at 6:34 AM, Videatives wrote:

>   ** Be sure to fill out the survey/skills inventory in the member's area.
>   ** If you did, we all thank you.
> 
> 
> Hello Hidden Techers,
> 
> Has anyone had a problem with spammers piggy-backing on your  
> websites?  I have a video library subscription service at www.videatives.com 
> .
> Anyone who wants to can open a 14 day trial subscription.  For the  
> pass few weeks I have been getting about six new subscribers who embed  
> a message
> in their sign-up form about lacy hair wigs.  There is often some  
> stylized text about what a good article they found on some website.   
> The email addresses look weird
> and the password is always "super123."   I have been deleting these  
> particular "subscribers" as soon as they come it, but it is like  
> cutting off one head of The Hydra.
> 
> Currently the problem is more a nuisance, but I worry that some sort  
> of spam is being sent out into the world with my web address on it or  
> eventually my
> website will become corrupted.
> 
> Does anyone have ideas about what is gong on, how I can stop it, and  
> should I be worried.
> 
> Thanks,
> 
> George E. Forman
> President, Videatives
> Amherst, Massachusetts
> _______________________________________________
> Hidden-discuss mailing list - home page: http://www.hidden-tech.net
> Hidden-discuss at lists.hidden-tech.net
> 
> You are receiving this because you are on the Hidden-Tech Discussion list.
> If you would like to change your list preferences, Go to the Members   
> page on the Hidden Tech Web site.
> http://www.hidden-tech.net/members