New Security Measures


 


Diagram of how a botnet works
Larger image can be viewed here

I awoke yet again on a Sabbath morning to find too many emails where someone is trying to brute force their way into this site.  It seems that something I said must have upset someone.  As they say, however, if no one is mad at you, then you’re probably not saying anything of consequence.  It seems that this requires an urgent change in strategy from one that is pretty manual to one that is more automated (and especially more automated on the Sabbath).

Interestingly, there was a notice on the COGWA members site this morning that they had an issue with their In Accord site.  Related?  Who knows?  Probably not.  It is an interesting coincidence, though.

Do we need further proof that Satan does not rest on the Sabbath?

So, if there are any issues, I have created a temporary email address:  bloghelp.jdcnservices AT recursor.net (do the obvious human thing there).  This is to be used to report issues only, and it will be taken down after an undetermined amount of time.

At any rate, the spike in hits on the weekends suggests, perhaps, that a few of you may or may not be infected with a bot of some type.  Every scan of this site indicates that it is not infected, but rather it is simply the target of a few attempted attacks.  I say it suggests bots of readers because I know that a few of you catch up on your blog reading, at least if it is COG related, on Friday or Saturday nights.  Of course, it may be just a more general thing that more infected computers are turned on on Friday evenings overall because many do not work on Saturdays and have nothing to do with any of the regular readers of this blog.

What You Can Do

If you haven’t performed any regular maintenance on your PC in a while, after this Sabbath has ended is a good time to do it.  More to the point:

  1. Clean out browser caches and temporary files.  Malware of all sorts likes to hide in these areas.  If you are on a Mac or PC either one, Ccleaner is a free program that can do both with a couple of clicks.
  2. Scan your computer for malware.  If you are on a PC, I suggest using either Malwarebyte’s Anti-Malware or SUPERAntiSpyware to do a complete scan.  If you are on a Mac or Linux machine, don’t kid yourselves that you cannot get a virus or other malware.  Many are browser agents these days, but even the few Mac viruses that exist are pretty nasty.  I recommend F-Prot for these platforms.

If you are on an iOS device, then there is only a tiny chance of having malware.  That’s not so much because they are anything more spectacular, but rather it is because they are part of what is known as “closed ecosystem” because all apps must come through the Apple App Store.

Of course, iOS devices can be jailbroken, and then they are only somewhat more secure than Android apps, especially financial apps!  WSJ online highly recommends either the free Lookout Mobile Security that works in both platforms, or there is Avast Free Mobile Security for Android only.

These are things all of you are hopefully doing regularly anyhow, in addition to regular system backups and running security updates as they come out.  This post, therefore, should not induce any panic but rather serve as a gentle reminder.  I work on computers.  I know that these are things that fall through the cracks.