Wiz's Computer and Website Security Blog

September 23, 2018

In an article I published on August 22, 2018, I explained the changes I made to convert my long time HTTP website into the more secure HTTPS protocol - by activating a free SSL certificate (read the article). It took a lot of time to clean up old links that were preventing my site from showing a green lock in the address bar. This article will concentrate on the benefits of converting vs the potential losses for staying with just HTTP.

HTTP, introduced in 1991, is the original data transfer protocol employed by computer servers for transmitting web pages that have rich text, layout, multimedia content and images and rendering them in a visitor's web browser. HTTP is the foundation of the World Wide Web (a.k.a.; www). Over the ensuing decades since 1991, the web has evolved in huge leaps, while the HTTP protocol itself has barely changed, from HTTP/1.0 in 1991 to the current HTTP/2.0, adapted in 2015.

While HTTP is great for displaying web page content and input forms, it lacks one important feature. It has no built-in encryption to scramble data that is being transfered between those pages and a viewer's computer browser, or vice versa. Rather, all data that is sent both ways is done so in plain text. This wasn't much of a problem in the days of dial-up modems, before wireless broadband became the norm. Short of obtaining a wiretap warrant, in order for a person to intercept a dial-up data exchange they had to plant spyware or a keylogger on the target computer. The keystrokes and contents of web pages, emails, or private chat programs were saved to hidden text files that they had to come and get later on. There was always a chance of getting caught when they retrieved the stolen data.

Nowadays, data thieves sit in adjacent apartments or houses, office cubicles, coffee shops, mall cafes and restaurants where they connect wirelessly to improperly secured broadband routers that provide Wi-Fi connections to their customers. The programs that capture the data are called "packet sniffers" and the electronic technique used to spy on and capture data flowing between a website and computer user is called a "Man In The Middle Attack" (a.k.a., MITM) Basically, the people conducting these attacks use a hacking program to find vulnerable wireless routers to connect to and make a copy of any data they are interested in capturing (just like a tape recording of an old time phone line wiretap).

In order to improve privacy and data security, an extension of HTTP was developed by Netscape in 1994 and called HTTPS. HTTPS means Hyper Text Transfer Protocol Secure. Basically, it is the secure version of HTTP where communications between the browser and website are encrypted by Transport Layer Security (TLS), or its predecessor, Secure Sockets Layer (SSL). According to the Wikipedia page about HTTPS, "The principal motivation for HTTPS is authentication of the accessed website and protection of the privacy and integrity of the exchanged data while in transit. It protects against man-in-the-middle attacks. The bidirectional encryption of communications between a client and server protects against eavesdropping and tampering of the communication."

Who cares about this?

As a web user these facts are important for your security as you browse and enter details into web forms. Whether it is your name, email address and phone number, or your credit card numbers and security codes, you want to make sure that the web page you are on is using the HTTPS protocol to encrypt your input as it is transmitted and when it is stored on their web server. Remember, anything typed, or copied and pasted into any input field on an HTTP only web page is sent to the server in plain text. In the event that somebody is spying on your online activities, they could intercept, read and alter any data sent to or from your computer. You should check the Address/URL bar to make sure you see a green lock icon to the left of the URL, which should begin with "HTTPS," before typing any personal contact or payment details into any form fields. If the page in not secure, you are taking a chance that your information could be compromised.

As a website owner, or webmaster, you should have the best interests of your visitors in mind. You don't want them to be at risk as they enter details into forms you provide, do you? In case you aren't already aware, current versions of Google Chrome and Mozilla Firefox browsers not only mark HTTP web pages as not secure, they also interfere if you try to enter or paste anything into an input field on those pages. By blocking users from entering data into your online forms they are hurting any potential business those people might bring to you. I know that a lot of websites I visit have a sign-up form to add new visitors to their email lists. Many users will be put off and will exit your site if they use Chrome or Firefox and are blocked from using your form fields.

In the recent past, before July 2018, most web domain owners had to pay a monthly fee (and get technical assistance) to have an HTTPS security certificate installed. They had to move from shared hosting to dedicated or semi dedicated hosting packages that cost much more per month. Of course most commercial businesses did just that and wrote off the added costs as a business expense. But, the same wasn't true for your average hobby website owner, or blogger, or artist, or a band, or a musician promoting their expertise. But, since late July 2018, most web hosting companies worth their salt are offering free Let's Encrypt SSL/TLS Certificates and allowing their shared hosting customers to have HTTPS websites at no additional charge. Ask your web hosting company if they are now offering the free Let's Encrypt SSL Certificate. If they are, ask if you are unsure how to activate it. If they don't and have no plans to offer it, consider changing to a web host who does provide a free SSL Certificate.

Note for website owners running affiliate programs
If you run into problems getting a green secure site lock because of old code affiliate links and/or imported HTTP images, read my article explaining how I fixed old HTTP links to get green locks on my vast number of website and blog pages. In the event that your affiliate program is still showing the same old HTTP protocol for their links, try changing them to "https://" and see if they still work. I did this with my Commission Junction affiliate links and their 1x1 pixel tracking images and they all work fine under https. Note, that when it comes to large blogs, you'll need to use your blog's search engine to search for (and replace or remove) old embedded http images and multimedia links that deny you a green lock.

Recap
By converting your websites into HTTPS you will avoid losing contacts from potential or returning customers due to form fields being blocked by new secure browsers. Your visitors will have any contact details they share with you encrypted, protecting them against MITM attacks. Last, your rankings in search results won't get pushed further down (penalized) because your site in not identified as secure.

Finally, if you need help converting your website to HTTPS, beyond what your web host can offer, contact me via my Webmaster Services form. I am a freelance Webmaster.

Posted by Wiz at 7:48 PM | Permalink

back to top ^

September 16, 2018

If you run a website hosted on an Apache web server, and are using the domain for email, and are using cPanel as your control panel, you most likely have a section labeled "email" which contains a link labeled: "Account Filtering." In this article I will share some filters I made to block email spammers.

A domain name is an alpha-numeric name that has been chosen and registered — by an individual or legal entity — with an accredited domain registrar to represent a web property. "Example.com" is a sample of a domain name. A domain name can be parked until it is needed for use as a website, or can simply be a pointer/shortcut to an active website that has a different name.

Many people choose to send and receive email through a domain and website they own, or administer, or for which they act as the Webmaster. If your domain name represents a business, sending email from that domain looks more professional than using a free email system (gmail, hotmail, live.com, etc).

However, as usually happens to active email accounts, some or all of your domain email addresses will eventually be captured by email harvesting bots and added to spam lists. If you have multiple email accounts for your domain, they may all receive the same, or related spam messages at the same time. If you are a busy person trying to read business messages, these spam emails can become a serious nuisance. Some well written spam filters can put a big dent in the amount of spam emails getting through to your inbox. Here's how I do it.

My most effective spam filters are those that block known spam senders either by their IP addresses or by typical spam domain extensions. At the time of this writing, the worst spam sources are coming from domains hosted on ColoCrossing servers. While I haven't yet discovered all of their IP addresses, the most currently used ranges are within the network encompassing 107.175.123.0/24 and in the recent past: 107.174.30.0/24.

Here is a spam filter I have created that blocks unwanted IP addresses and entire CIDRs. Each line has the conditions: "Any Header" and "matches regex" and has the operator "OR" after each line except the very last. I call this filter: "Block known spam IPs."

• \[104\.36\.84\.\d{1,3}\]


• \[182\.181\.\d{1.3}\.\d{1,3}\]


• \[188\.225\.\d{1,3}\.\d{1,3}\]


• \[198\.27\.110\.(6[4-9]|7[0-9]|8[0-9]|9[0-9]|1([0-1][0-9]|2[0-7]))\]


• \[198\.50\.205\.1(2[89]|[345][0-9])\]


• \[217\.182\.182\.


• Received:\ from\ \[69.94.155.


• Received:\ from\ \[107.174.30.


• Received:\ from\ \[107.175.123.


• Received:\ from\ \[154.16.107.


• Received:\ from\ \[162.244.12.


• Received:\ from\ \[185\.81\.15[2-5]\.\d{1,3}\]


• Received:\ from\ \[185.126.176.


• Received:\ from\ \[185.132.125.


• Received:\ from\ \[192\.3\.33\.\d{1,3}\]


• Received:\ from\ \[192.227.162.


• Received:\ from\ \[194\.67\.\d{1,3}\.\d{1,3}\]


• Received:\ from\ \[36\.(5[6-9]|6[0-3])\.\d{1,3}\.\d{1,3}\]


• Received:\ from\ \[(5\.230\.126|27.122.14|45\.35\.\d{1,3}|45\.58\.132|50\.115\.167|66\.23\.212|81\.7\.1[4-7]|95\.58\.2[01]|104.36.84|104\.217\.137|104\.254\.213|185\.105\.[4-7]|188.72.68|193\.124\.1(7[6-9]|8[0-9]|9[01])|194\.67\.222|199\.116\.11[89]|204\.188\.245|208\.89\.2(0[8-9]|1[0-5])|216.126.239)\.\d{1,3}\]\s

At the bottom of all the filter pages you have to select an action to perform when any condition is met. Since all of these IP addresses represent unwanted spam, scam or compromised domains, I chose the following actions:
Fail With Message and "We do not accept email from your domain. Remove us from your email list."

Next filter

I am also including another spam filter I call: "Block known spam domain senders," which is based upon unwanted domain names and extensions that have never sent anything other than spam or various scams. I am listing the conditions on the same lines as the expressions to simplify them. Again, each line has the operator "OR" except the last line.

• From - matches regex: @.+\.(bid|club|date|eu|faith|host|loan|science|site|stream|top|trade|us|website|win)\b
  


• Any Header - matches regex: @.+\.(bid|club|date|eu|faith|science|site|stream|top|trade|us|website|win)>
  


• Any Header - matches regex: Received:\ from\ .+\.ml\b


• Any Header - contains: csgoxluckyx.com


• Any Header - contains: 90967.net

The action for this filter is: Fail With Message and "We do not accept any email from known spam domains"

Many of the filters are written in Regular Expressions format. Google that term to learn more about them. In the meantime, I hope these filters will be of use to someone else. If they are, please consider sending me a donation for my efforts, via the PayPal donation link in the sidebar. ;-)

Posted by Wiz at 4:33 PM | Permalink

back to top ^