Wiz's Computer and Website Security Blog

I read the access logs for my website every day and sometimes I see something that jumps out and grabs my attention, as not right. This month, that something is a bunch of attempts to grab various pages on my blog, in an unusual manner, with a very unusual user agent: WordPress/2.1.1

At first I thought that somebody is just trying to pick up my MovableType RSS feed, but that is not what they are after. So, I did a little research on "WordPress/2.1.1" and learned that it represents a hacker compromised version of the popular WordPress PHP blogging software, which was updated months ago, to version 2.1.2, by Wordpress.org. I suppose that there may be some Wordpress users who haven't heard that this version was hacked with a backdoor, and haven't bothered to check for updates, but the log entries I am seeing are not from a Wordpress blog. I decided to do a little investigating, which is something I am good at. So, I followed the IP addresses to see from whence they came.

What I have learned so far, regarding the visitors who have configured their browser with the user agent "WordPress/2.1.1" is that, (A) - they come at me with no "Referer" field entry, (B) - they always try to GET a blog article itself, followed immediately with a request for the HEAD, and (C) - they change IP addresses after getting my 403 (Forbidden) message and try again. This cloaking of IP addresses has no effect, since I am also blocking them by their User Agent string.

Let's take a look at the access log entries for this user agent (stretch out or maximize your browser):

67.228.198.50 - - [02/Mar/2008:00:58:01 -0700] "GET /blogs/2008/02/my_spam_analysis_for_february_18_24_2008.html HTTP/1.1" 403 350 "-" "WordPress/2.1.1"
67.228.198.50 - - [02/Mar/2008:01:04:52 -0700] "HEAD /blogs/2008/02/my_spam_analysis_for_february_11_17_2008.html HTTP/1.1" 403 238 "-" "WordPress/2.1.1"

69.50.177.18 - - [13/Mar/2008:12:06:49 -0600] "GET /blogs/2008/03/2wire_modem_dns_poisoning_attack_returns_to.html HTTP/1.1" 403 351 "-" "WordPress/2.1.1"
69.50.177.18 - - [13/Mar/2008:12:07:14 -0600] "HEAD /blogs/2008/03/2wire_modem_dns_poisoning_attack_returns_to.html HTTP/1.1" 403 238 "-" "WordPress/2.1.1"

83.222.14.129 - - [23/Mar/2008:16:52:57 -0600] "GET /blogs/2008/03/windows_vista_sp1_released_some_driver_probl.html HTTP/1.1" 403 269 "-" "WordPress/2.1.1"
83.222.14.129 - - [23/Mar/2008:16:52:57 -0600] "HEAD /blogs/2008/03/windows_vista_sp1_released_some_driver_probl.html HTTP/1.1" 403 236 "-" "WordPress/2.1.1"

89.108.85.75 - - [23/Mar/2008:16:52:38 -0600] "GET /blogs/2008/03/windows_vista_sp1_released_some_driver_probl.html HTTP/1.1" 403 269 "-" "WordPress/2.1.1"
89.108.85.75 - - [23/Mar/2008:16:53:08 -0600] "HEAD /blogs/2008/03/windows_vista_sp1_released_some_driver_probl.html HTTP/1.1" 403 236 "-" "WordPress/2.1.1"

91.192.116.2 - - [23/Mar/2008:18:56:59 -0600] "GET /blogs/2008/03/windows_vista_sp1_released_some_driver_probl.html HTTP/1.1" 403 269 "-" "WordPress/2.1.1"
91.192.116.2 - - [23/Mar/2008:18:57:14 -0600] "HEAD /blogs/2008/03/windows_vista_sp1_released_some_driver_probl.html HTTP/1.1" 403 236 "-" "WordPress/2.1.1"

216.255.185.178 - - [24/Mar/2008:10:15:07 -0600] "GET /blogs/2008/03/followup_article_about_windows_vista_sp1_rel.html HTTP/1.1" 403 269 "-" "WordPress/2.1.1
216.255.185.178 - - [24/Mar/2008:10:15:22 -0600] "HEAD /blogs/2008/03/followup_article_about_windows_vista_sp1_rel.html HTTP/1.1" 403 236 "-" "WordPress/2.1.1

These are definitely not typical access log entries and nothing a normal search engine or human visitor would do. Wordpress is a software blog application that gets installed onto web servers. It is not a browser. User agents are words that identify a browser, or a search engine, or robot. Despite the diversity of IP addresses, these visits are not unrelated. Read my extended comments to see where these IP addresses are allocated and my conclusions about their source and probable intent.

Continue reading "Russian connection to user agent "WordPress/2.1.1" in website access logs" »

Posted by Wiz at 8:18 PM | Permalink

Prelude:
For the last couple of years I have been compiling and publishing lists of IP addresses belonging to ISP's and commercially hosted web servers in various parts of the World, from which unwanted spam, scams and server hacking attempts emanate. These lists are compiled in a format that is recognized by Apache Web Servers, using - <Files *> deny from - IP address directives (rules). They include both individual IP addresses and ranges of IP's, belonging to web hosts, server farms and ISP's, known as a CIDR. When a group of these blocked IP addresses and CIDR's are compiled into groups they become a "blocklist," sometimes mislabeled as "blacklist."

My blocklists can be used in at least two different Apache Server configuration files; "httpd.conf" (requires server root access like on dedicated servers) and ".htaccess" (used on shared hosting accounts). My blocklists are all used in private .htaccess files that go into the web root (e.g public_html), or individual folders, on an Apache hosted web site. If your web host allows .htaccess overrides on individual websites you can use any of my blocklists. Instructions are found on each page, in comments like this:

# Here is a sample comment as used in a .htaccess file.
# The # sign causes Apache to ignore the rest of this line

The New Files:
The new Russian Blocklist is now located at www.wizcrafts.net/russian-blocklist.html and it contains IP addresses and CIDR's traced to Russia, The Ukraine, Bulgaria, Romania, Estonia, Latvia, Estonia and Turkey. I included Turkey in this blocklist because I get tons of spam coming through various ISP's in that country (e.g. Turk Telecom), plus numerous server redirection exploit attempts. Basically, the Russian Blocklist is comprised of ISP's, with some web hosting companies thrown if, which are located in Russia or these other Eastern Bloc countries. Most of the traffic I see from these folks are blog, access log and email spam, with the occasional server exploit attempt against my website. New IP addresses and CIDR's are added to this blocklist as I analyze spam sources, or trace log/blog spam attempts (all unsuccessful due to my security measures and filters) to countries covered by this file.

The new Exploited Servers Blocklist is located at www.wizcrafts.net/exploited-servers-blocklist.html and contains long "deny from" lists of various types of web hosting and dedicated server companies, that are, have, or might try to run hostile codes against my web site, or spam my access logs, or bypass my security measures, or try to steal my traffic via proxy services. All of these things are hostile actions and are conducted by criminals and criminal organizations. This blocklist is growing rapidly as I see and trace exploits attempts against my server.

Conclusion:
If you have been using my previous file - russia+exploited-server-blocklist.html - please change your bookmarks to point to one, or both of the new files that have replaced it. Here is a list of my current .htaccess blocklists, as of this posting:

Exploited Servers Blocklist | Russian Blocklist | Nigerian Blocklist | Chinese-Korean Blocklist

Posted by Wiz at 4:56 PM | Permalink

Sometimes people who you'd think know what they're doing are just so completely clueless that it makes me laugh! I am referring to Blog spammers; the guys in Russia, The Ukraine, Estonia and other parts of the former Soviet Union, who relentlessly pound away at their keyboards, sending comment and trackback spam messages to every MovableType blog they can locate. They must assume that most of these blogs accept these comments and blindly publish them, because they keep trying to post spam messages to MT blogs, linking back to their spamvertised websites hawking various drugs, or pornography.

Well, I for one don't allow any comments or trackbacks on my blog. It says so in plain, bold English and Russian words, at the top-right of every blog page, and in all of my blog search results pages. Look under the Google Search box, at the top right of this page, and you'll plainly see where it says:

SORRY: NO COMMENTS, NO TRACKBACKS
КОММЕНТАРИИ и TRACKBACKS ВЫКЛЮЧЕНЫ и НЕ ИЗДАНЫ!

Now, if I was wanting to spam this blog and I read that, I'd move along to an easier target and not waste my time on this one. Yet, when I read my server access logs I see that somebody keeps trying to post comments and trackbacks to specific articles in my archives (all of which get a server 403 response), then tries to search for them on the pages to which they were targeted. However, since I don't want any comments or trackbacks I have deleted the Perl files that handle them and disabled those functions in my global settings. Heck, I have even stripped out all the codes referring to trackbacks from my page templates. Even I can't post a trackback on this blog!

Since these spam comments never reach my blog, when the idiots who try to post them search for them on the target pages, nothing is found matching those spam terms. Boris the Spammer needs to get a life or find less secure targets to pester. Instead, he plugs away fruitlessly on this blog, filling my access logs with all kinds of new IP addresses for me to add to my ever-growing Russian Blocklist.

Countless webmasters are using my Russia+Exploited Servers Blocklist. Most of the IP addresses in the Russian blocklist are gathered from my own raw access logs, from stupid blog spammers who evidently can't read the English or Russian notice that I don't allow comments or trackbacks.

If you have a blog or forum that is getting scammed by Nigerians, or spammed by Russians, one or more of my .htaccess blocklists may help you get rid of these leeches. Note that they only work on Apache web servers, unless your Windows server has an isapi rewrite module installed by the company leasing the server space to you. You can use my Webmaster Contact page to hire me as a consultant to help keep scammers and spammers off your website.

Posted by Wiz at 11:34 PM | Permalink

The title of this article tells it all: "Stupid Blog Spammers Don't Understand Server 403 Responses!" Many months ago I discovered that although comments and trackbacks were not being posted to my blog, due to automatic moderation and classification of them as spam, nonetheless they kept on a-comin'. The comments spammers gave up a couple of months ago when they searched my blog only to learn that their bullshit comments had not been posted and never would be (I told them so on the search results page). However, the idiots who are trying to post trackback spam messages don't bother to search the blogs they are posting to, nor do they apparently read the responses sent by the script they are aimed at. If they did all they would see from my blog is a steady stream of server 403 responses; "Access Denied!" I don't even have the comments or trackbacks Perl modules installed anymore, so even I can't post comments or trackbacks to my own blog! I removed them when it became obvious that only spammers were commenting or tracking back.

If you run a MovableType blog and don't care to allow comments or trackbacks, yet you are seeing numerous attempts to spam your blog (in the list of junk comments and trackbacks), you can do what I did and disable them altogether, then delete or rename the files used to post these comments. To disable them in MovableType, log into your MT installation, then click on the left sidebar item "Settings" then click on the "New Entry Defaults" tab, then under "Default settings for new entries" uncheck both "Accept Comments" and "Accept Trackbacks," then scroll down to the bottom of the page and click on the "Save Changes" button. This will remove the Comments and Trackbacks links under all of your posts. You may still have to manually remove existing comments and trackbacks from old topics, or delete the old topics entirely if they have a lot of useless commenting in them.

Despite the fact that you have disabled accepting comments the spammers may still try to go straight to your Perl scripts that handle comments and trackbacks, bypassing the choices you made to exclude them. To prevent this you can either remove or rename these two files that are in the standard MT installation, under the CGI folder/MT (typically cgi-bin/MT/):
mt-comments.cgi
mt-tb.cgi

Without those files nobody is going to Post a spam comment to your blog and you can never accidentally re-enable comments or trackbacks unless you upgrade, or replace those files.

As I said in the beginning these spammers are not reading the results of their attempted trackback messages (success or failure), thus they are probably using automated scripts to send them out blindly from a spam list supplied to them by somebody even dumber than they are, without any concern about success or failure of their efforts. If you run your blog on an Apache hosted web server and want to deny access to these assholes read the technical details in my extended comments.

Continue reading "Stupid Blog Trackback Spammers Don't Understand Server 403 Responses" »

Posted by Wiz at 5:44 PM | Permalink

There are millions of websites that host blogs and/or forums and many of them are targeted by scammers, spammers and hackers. Webmasters everywhere are searching for solutions to these problem-causing individuals and scripts. Some of you already know that I can help you block this unwanted traffic from your websites, but a great many more may just be discovering this fact. If your website, or blog, or forum is hosted on an Apache web server, and your hosting allows personal .htaccess overrides, read on.

For those who don't know what .htaccess is, it is an access control file used on Apache servers, on a per-website basis, to define who may or may not access all or parts of a website, and to rewrite requests for certain files, or folders, or URLs to other files, folders, or URLs. You will notice that the file name has no prefix ; just a period followed by htaccess. This makes it a normally hidden-system file on the Apache hosted web server. Hidden Apache files can be revealed by using a special FTP command: -al or a website control panel function on the file manager page, to display these hidden files for downloading or editing (show hidden files, etc). Your website may or may not already have a .htaccess file. If you upload with an FTP tool use the "remote file mask" -AL ( or -al) and refresh the remote view to see if .htaccess exists in your home, or public_html or / directory (more info in the extended comments). Otherwise, look at your website's file manager, or ftp tools in your Cpanel, or other website control panel. There should be some option to reveal hidden files beginning with a period.

If you do not use an FTP Client to upload files, but are using a web-based control panel, it is entirely up to your web host as to whether or not you can view, alter, or upload .htaccess files.

Important Notice! Be careful when creating, editing, or pasting codes into a .htaccess file, because if you type an invalid term, directive, or character, or add an unescaped space in a regular expression, you may cause a Server 500 error to occur, locking everybody out of the website, except via FTP access (with login credentials).

The blocklists that I am about to tell you about use the Apache Module mod_access which is almost always available in Linux based shared, vps, semi-dedicated, or dedicated hosting. Unfortunately, if your website is hosted on a Windows Server you are out of luck, unless your host has installed, or is willing to install the ISAPI_Rewrite module for you.

Assuming that your website is hosted on a Linux box running an Apache web server, and you are allowed to use a personal .htaccess file with mod_access - IP "deny from" directives, the following web pages may be of great help to you in blocking access from unwanted countries, ISPs or hostile servers that are trying to spam or exploit your server (or website).

First on the list is my first work in the field of blocking scammers from forums and auction sites; my Nigerian Blocklist. I have been and still am compiling this list of IP addresses assigned to Nigeria and most of it's neighboring countries in Africa, from which Nigerian scammers and other African fraudsters have operated against forums and auction sites around the (non-African) World. It is extremely effective at denying access to anybody trying to access your website from within Nigeria or other African countries, including via satellite Internet services. If you have a blog, auction site, or forum that is plagued by Nigerian scammers - try embedding my .htaccess directives into your .htaccess file, or create one by copying and pasting the contents of the one on my Nigerian Blocklist web page into a new plain text file (Notepad) and save it as .htaccess. If your computer's operating system won't allow you to save it without a file prefix, choose htaccess.txt then upload it to your server and rename it there to .htaccess . You will see an instant drop in the number of Nigerian scammers on your website.

The second blocklist deals with unwanted traffic coming from ISPs and servers within China, Korea and surrounding countries. This is my Chinese Blocklist. All of the same methods listed above apply to this mod_access deny from list. It can be copied and pasted into your .htaccess file just like the Nigerian list details show, or it can be added to that list by merging the two groups inside just one set of <Files *> directives. Note that if you do business with anybody in China, Korea or neighboring countries, they will not be able to access your website unless you "poke a hole" in the list to allow their IP address(s) in.

Lastly, I present for your viewing pleasure, the Russia and Exploited Servers Blocklist. This list is growing faster than the other two because I am getting hit constantly by so many Russian based blog and log spammers and server exploit attempts, from both shared and dedicated servers around the World. This blocklist contains a large number of IP addresses and CIDRs (basically means IP ranges) from Russia, The Ukraine and other former Soviet Bloc Countries, Turkey, Algeria, and from a huge number of exploited web servers, co-location server farms, and hosting companies around the World. Servers should not be trying to contact other servers, unless they have a relationship with each other. These servers want to hack or spam your server or websites and should be blocked.

All of these blocklists are still being added to or modified as new information is discovered about the sources of scams, spamming or hacking attempts from exploited servers. Each page has a button (under the bold last-modified date, before the directives) for you to use to sign up for alerts from the ChangeDetection bot, which will email a notice to you once a day, only on days that I have modified the blocklist you are monitoring. This is a free service that I use myself. Next to that button you will see a PayPal Donate button that I have placed there, where people who benefit from my voluntary work can show some financial appreciation. Any amount will be gladly accepted, with a $10 minimum please.

There are links to contact me for assistance or to provide input, on all of the blocklists, in the footer area.

Continue reading "Block spammers, scammers and hackers with our .htaccess blocklists" »

Posted by Wiz at 5:30 PM | Permalink

I am a member of and Moderator of the computers section of the Steel Guitar Forum, which has been offline since the morning of June 19 (2007). In an email exchange with the owner - b0b Lee - it was revealed that workers on the street outside of the server's location have accidentally cut his T1 line. AT&T will be repairing the line as soon as possible. SGF members may wish to use this time to practice their steel guitars, until the forum is back online.

The Steel Guitar Forum is a multi-section discussion forum for members only, most of whom are either amateur or professional pedal steel guitarists. I have been a member for a number of years since I am also a professional pedal steel player. My section is the computers forum, of which I am the moderator and a strong contributer.

Anybody who plays any type of steel guitar (pedal, non-pedal, or lap steel), or a resophonic guitar is welcome to apply for membership at the SGF.

UPDATE: The SGF is now back online.

Posted by Wiz at 10:19 AM | Permalink

DreamHost Status Blog Archive Security Breach

It seems that somebody has managed to hack into the customer database for FTP login passwords, at the DreamHost website hosting company. According to an email sent out to the affected Dreamhost customers, 3500 accounts seem to have been breached by a hacker, or hackers, using as yet unknown attack vectors.

According to the update posted by DreamHost, on June 7, this may be a combination of security breaches, including keyloggers that may have been installed onto the affected users' computers. That means that the same thing could affect users of other web hosting companies. So far the hack appears to be the addition of various iframe codes or links to porn sites, to all files containing the word "index" of the compromised accounts. The file extension does not matter; if you have a file containing the word "index" it will be a target of this hacker. This includes index files in sub-directories, or add-on domains hosted under the same master account. Therefore, all website owners are urged to download their index files and inspect them for unauthorized modifications. If you find any remove them and notify your hosting provider, and scan your own computers for spyware, keyloggers, or backdoor trojans.

In one blog post about this I read that at least one DreamHost customer had all of his "index" files overwritten completely with a page containing an iframe exploit, leading to a website that installs a Trojan Horse program.

There is a statement about this incident, from the DreamHost blog, in my extended comments...

If you are a DreamHost customer, and you have scanned your computer for security breaches and found none, and you were notified that your account was among those compromised, and you are looking for another web host, I use and recommend BlueHost Web Hosting. They offer huge amounts of disk space and data transfer, plus unlimited add-on domains, for those who need to host multiple domains at a low monthly rate. I have all of the details on my BlueHost page. I have been with them for over 6 months and have had very little downtime - well less than I used to experience with my previous web host. My server has not been hacked, altho I see people trying to do so every day or two (by reading my raw access and error logs).

I am available to assist people whose websites and/or computers have been compromised by hackers, spyware, keyloggers, or other security threats. Please visit my home page for more information and links to my webmaster services and contact pages.

Continue reading "3500 FTP account passwords stolen from DreamHost database" »

Posted by Wiz at 12:45 PM | Permalink

Attention website owners!

If you have been thinking about registering a few new domain names, but were waiting until the price was "right," your moment has just arrived! Dotster Domain Registrars just announced a half price sale on new domain registrations, this coming Memorial Day Weekend, from May 26, through 28, 2007. Domains regularly priced at $14.95 will only cost you $7.48 per year, using my coupon code below.

Note that this only applies to brand new domain names, not renewals or transfers.

Dates - May 26th, 27th, 28th

Discounted Extensions - .com, .net, .org, .biz, .us

Coupon Code: MDAY50

Bonus coupon code offer

Dotster also provides all manner of web hosting packages, from low cost shared hosting to VPS semi-dedicated, at very reasonable prices.

5 Free Domains with Any Dotster Web Hosting Package! Enter Coupon Code "5FORFREE"

Posted by Wiz at 7:06 PM | Permalink

Yee Haw! Domain Registrar - Dotster, Inc. has just announced a March Madness sale on new and transfered Domain registrations, from now until April 1, 2007. Dotster is allowing unlimited numbers of registrations and transfers at the low low rate of only $7.00 each, when you use coupon code MADNESS during checkout. The regular price for new domain registrations at Dotster is $14.95, per year, so you will save a whopping 53% off new registrations. Domain transfers are regularly $8.95, so you will save 22%, plus gain one extra year on the expiration date, per domain transferred.

If you want to have a web presence you will need to have a domain registered with a recognized Registrar. Dotster is a leading ICANN-accredited registrar capable of registering your .com, .net, .org, .cc, .tv, .ws, .info, and .biz top level domain (TLD) names.

If you would like to learn more about Dotster's services, read my Dotster information page. I have been a happy Dotster customer for 7 years and won't even consider another registrar. Most of my Webmaster clients are also registered at Dotster. Dotster also offers fast and affordable custom web design.

Posted by Wiz at 3:35 PM | Permalink

< Begin Rant >
If you publish a blog (Weblog) using MovableType, I'm certain that you have learned that if you accept comments, or trackbacks, that you are going to attract blog spam (splog). I used to allow comments and trackbacks on my blog until I found that all of the comments and trackbacks were 100% spam, with links to sleazy websites. Being the curious, suspicious spam/scam hunter type person that I am, I began studying my raw access logs to see where this crap was coming from. I wasn't surprised when I discovered that most of the blog spam I was getting aimed at my blog was coming from a few IP addresses in the Ukraine and Russia. Normally I would consider Russians and Ukrainians to be educated, intelligent folks, but now I have to wonder if I was mistaken in that line of thought.

The reason I make such a harsh statement is because I have not allowed comments or trackbacks to be posted for a long time now (Turn Off Comments and Trackbacks), and when I did allow them I always moderated them and deleted spam comments; they were never posted. In an effort to curtail the continuing attempts to post spam to my blog I have even removed the files used to post comments and trackbacks to my MovableType blog. Still, every day, for hours at a time, idiots in Russia and the Ukraine keep trying to spam to my blog, despite the fact that I clearly state that no comments or trackbacks are accepted, and the files that are required for them are gone. Everytime these idiots Post a comment or trackback my server gives them a 403 Forbidden response, but they don't seem to care, or notice, or are too uneducated to understand that Access Denied means that their request failed to go through! So, growing tired of even giving them the courtesy of a 403 response I am now redirecting all of these bullshit attempts to Post comments or trackbacks right back to the sender's own browser or web appliance; to 127.0.0.1. That should result in a Page Cannot Be Displayed or Server Cannot Be Located message on the program the idiots are using to try to spam me.

The blog spammers are even resorting to using hijacked proxies, on computers in other countries, but they all get the same message, since I block all such exploits in my .htaccess file. I wasn't born yesterday. I know how to block IP addresses, proxies and unwanted behavior or exploits on my server. I also know how to track the source to their ISP and report them for spamming.

If you run MovableType blogs on an Apache Server, and are interested in seeing in my solution to the problem of blocking blog spammers, read my extended comments.

Continue reading "Russian and Ukrainian Blog Spammers are STUPID!" »

Posted by Wiz at 2:25 AM | Permalink

If you are a website owner, and are thinking about adding another domain name, Dotster.com
is having a one day sale on all new domain registrations of the TLDs: .com, .net, .org, .biz and .us. For the 24 hour period beginning tomorrow, February 28, at 12:01 AM, through 11:59 PM, PST, all new Registrations are only $7.00 for one year! The regular price for these TLD registrations is $14.95/yr. That represents a savings of $7.95 bubba, and that ain't hay! Heck, at that price I'll grab a couple of new domain names and park them on my home page, or add them on to my BlueHost account, since they allow up to 5 additional domains to be hosted under one account, for free.

To grab your $7.00 domain go to Dotster.com
on Feb 28 and use the coupon code: 7domain, when you place the order.

I have more information about Dotster Domain Registratrar on my website. I also have a complete webpage about BlueHost, here.

Dotster is also offering coupon code discounts on a second year of web hosting (7hosting), and on their in-house website design services. Visit Dotster.com
before March 1, 2007, for the details.

Posted by Wiz at 2:10 PM | Permalink

If you own any Internet Domains you already know that they require a valid Domain Registrar to hold your registration information, before they can go live on a web host or server. I have had website domains since around the year 2000, and they have all been registered through the same Registrar; Dotster.

Today I received a deceptive letter in the mail from Liberty Names of America, apparently a Domain Registrar. At the top right, in large bold type it said: Domain Name Expiration Notice. After that, in small print, it stated: "As a courtesy, we would like to remind you that it's time to renew your domain name, which is expiring on April 27, 2007." Below that it listed one of my various domain names and a reply by date of March 14, 2007. The rest of the details in the letter are in small type, except for the parts where it outlines the renewal rates for 1, 2 and 5 years, and the place where the gullible would fill in their credit card details to "renew" their domain with these pirates.

As I stated in the first paragraph, Dotster, Inc. is and always has been my domain Registrar. Liberty Names Of America is harvesting the Whois records for as many domains as they can lookup, then sending out phoney renewal notices to capture business away from the existing Registrars, by decieving gullible recipients of these letters. To be fair, the letter does state, in small print, that they are not your current Registrar, and that they want you to transfer to them. The back side of the letter contains almost 7" of type that is so tiny that it requires a magnifying glass to read it. In that tiny type are the legal details and disclaimers for their transfering of your service.

As a reference to you all, I currently pay $14.95 per year (1 yr renewals) to maintain my domains at Dotster. Liberty Names is offering me the fabulous opportunity to transfer my domain away from $14.95 a year with Dotster to them, for the low rate of only $25.00! Hmmm. Simple math tells me that they are charging almost twice what Dotster charges for common TLD domain name registration. PIRATES! Take me off your mailing list, Liberty Names of America. You are slimeballs, just like DROA, who sends out similar Expiration Notices to domain owners. Are you the same slimeball company under a different name? Go F yourself!

Now that my tirade is over, if you really do need a decent domain registrar, one that won't dick you around, I recommend Dotster. For $14.95 you can register your domains, not $25, or $35, or $40 per year that the ripoff registrars charge. They do have sliding reduced rates for 5 or 10 year renewals and charge only $8.95 to transfer your existing domain, plus they add one year to it's expiration date.

Nuff said.

Posted by Wiz at 1:41 PM | Permalink

I finally put the finishing touches on my revamped website hosting page, found at www.wizcrafts.net/hosting.html, on August 30, 2006. This is the first major overhaul of that page in many months.

The old page made a very brief mention about what hosting is and only scraped at the surface of the concept of different types of hosting accounts. It then went on to list the detailed features of a few select web hosting companies, wih no mention of alternatives. to say the least it was lacking in breadth of coverage.

The new hosting page is totally the opposite in how it presents information. The first half of the page contains reasonably detailed explanations about what website hosting is, what web servers are, and details the differences between dedicated, semi-dedicated, VPS and shared web hosting.

The next section explains domain name registration and registrars.

Following that I have embedded a comparison of over 20 shared-hosting companies, outlining their allowed disk space, bandwidth (data transfer), email or FTP accounts, add-on domains policies and pricing (monthly and annual). I have also created separate pages detailing the features of the various hosting plans, showing as many features as the company publishes online. Those pages contain links to the companies and to alternate services like VPS servers. I have not finished the features pages for all of the listed web hosts, but am in the process of creating new ones every day or two. I am also trying to keep the disk space/bandwidth/pricing up to date, as several companies are frequently changing their plans to respond to their competitors.

I also plan to include a voting script on each features page, in the immediate future. I look forward to your input to help rate the various hosts according to your own experiences with them (not hearsay).

The final section of the new hosting page deals with website promotion tools and has several very useful links to help you get listed or improve you online business prospects.

Please avail yourselves of this information, found at www.wizcrafts.net/hosting.html

Continue reading "My Website Hosting Page Has Been Totally Revamped" »

Posted by Wiz at 2:09 PM | Permalink

This is a heads-up warning to my fellow Domain owners to watch out if you get a letter in the mail from Domain Registry Of America, or some other Domain Registrar with whom you are not already affiliated as a customer.

Today I got a letter from Domain Registry Of America, addressed to my master account name used in the Whois Directory. The letter proclaims in large bold text:
Domain Name Expiration Notice
It then displays one of my Domain names that is due for renewal in 6 months and "As a courtesy to Domain name holders, we are sending you this notification ....."

Upon carefully reading the details they do make it clear that they are not your current Registrar, and want you to switch from you Registrar to DROA. They brag about only charging $30 for a one year renewal fee, and a bargin rate of only $50 for two years. There are checkboxes to place your order and a place to input your credit card numbers, which you would then mail in. There is a huge amount of information and disclaimers on the back of the letter that are in such a small font I had to get a magnifying glass to read it. I wouldn't transfer to these people if they were the last Registrar on earth.

If I was paying $35.00 a year for a Domain that would sound like a bargain, but I am a Dotster customer (see below), and only pay $14.95 per year for TLD Domains (or less if there is a special deal or Happy Hour Sale). If I was fooled into transferring to those people it would double the cost of renewing my Domains. Luckily I wasn't born yesterday.

Many Domains are owned by companies that have different people who know different details about the business, but not everything. These people are probably hoping that this letter will end up at Accounts Payable, where the secretary will call somebody to ask if they have a Domain that might need to be renewed, to which that person may say I think so. The Accounts Payable will pay the invoice by credit card and the company will have their Domain name transfered away from their current chosen Registrar by trickery, probably at increased expense.

I have seen other letters from other Registrars that never mentioned that they are not my current Registrar, asking for x amount of dollars to renew my expiring Domains. This is pure fraud, trying to get me to pay an invoice to a company with whom I have absolutely no relationship. If you do make the mistake of transferring your Domain to such a company you will probably never be able to get them to let you change back. Once a company like that gets your Domain name they make it almost impossible to transfer away from them. Legitimate Registrars have a simple method of locking and unlocking Domain transfers, with no fees (see below about Dotster).

As a Domain owner make it your business to know with whom your Domains are registered and what the renewal dates are for each Domain. Most Registrars with whom you are a customer will attempt to contact you by email first, to let you know 60 days in advance of a renewal date. Always check carefully when you receive a Domain renewal notcie to be sure it is from the Registrar who holds that Domain for you.

My Recommended Registrar:

If you are paying more than $14.95 a year for your Domains take my recommendation and check out Dotster.com. Dotster is an ICAAN Accredited Registrar and is above board all the way. They will not try to scam or trick you into unwittingly transferring a Domain to them. In fact, if you do transfer an existing Domain to Dotster they only charge $8.95 for the transfer and first year Registration, plus they extend your expiration date by an additional year. I have a lot more info about this on my Dotster web page. I have been a Dotster customer since the year 2000 and have never had a complaint about their services or methods of communications.

Continue reading "Beware of DROA Domain Name Expiration Notice Postal Mailings" »

Posted by Wiz at 12:59 PM | Permalink

The Happy Hour $2.00 Domain name sale has expired, at Dotster.com. I'll let you know when the next one is announced.

If you need to register a new or additional Domain name, I recommend Dotster, which is my Registrar. TLDs go for $14.95 /yr, and transfers are $8.95 with one additional year added to your expiration date, and they have a limited time sale on .info Domains, for only $2.99 for one year.

Use this link to go to the Dotster home page and search for your desired Domain name(s).

Dotster is my registrar for all of my Domains, and most of my Webmaster Services customers use them as well. Dotster is an ICAAN Accredited Registrar and has been around for quite a while now. I first learned about them from Leo LaPorte, on Tech TV. I have more details about their services on my Dotster web page, and on my web hosting page. Dotster accepts Domain registrations from people around the World.

I was there on the 26th and bought a new Domain name, www.computer-consulting-services.com and got a free .info with the same prefix. I'll be putting content on it over the next few weeks, but right now it is parked, waiting for my brain cells to wake up again. Watch my blog for details about this new Domain.

Posted by Wiz at 10:34 PM | Permalink