Author: Olly

  • Department of Justice – Subpoena -SCAM WARNING

    My past is littered with instances where I have been sued, or people have tried to sue me. So when I received this email about a Subpoena I opened it with hesitation in case it was something legitimate.

    Once open, it was quite clearly not. haha.

    Came from the following address – looks propa legit innit;

    The link in the email links to a hosted Google document, and then it wants you to download a file;

    The download link takes the user to a really dodgy URL;

    https://www.google.com/url?q=hXXp://193.0.178.46/m2Dj5W&sa=D&ust=1571397808415000

    (obfuscated URL to avoid you getting e-aids)

    This is really concerning as the use of Google docs to host this legitimises the scam, I have reached out to google to get them to remove the page.

    These scams are starting to get more intelligent, and it seems some of the larger vendors (Amazon, Google,. etc) are seemingly letting things fall through the cracks which is, I guess, to be expected. Its still alarming and a worrying thing to be discovering especially as technology isn’t slowing down, I hope security and corporate responsibility/accountability can keep up!

    Remember, if its too good to be true, its probably a scam.

  • Social Media has Ruined The World

    Social Media is Shit

    I saw an image shared (ironically) on social media, that contained what was labelled as an “Unpopular opinion”. That opinion, was that Social Media has destroyed our generations chances of ever truly being happy.

    Back in the days before we posted our every single move we make online, an individual’s world was what they could see before them. They occasionally found out about what other people were doing by speaking to them or overhearing a conversation but generally your world was what you could see, and choosing to be happy (as its a choice, dont forget) was an easier choice to make. Apart from unreachable celebrity lifestyles, the majority of the lives we could compare ours to were the ones of our close friends and family, and usually those people live within the same world as you do. Phrases like “Keeping up with the Joneses” have been around for over 100 years, and originally it meant trying to stay on par or ahead of your close neighbours in terms of how nice your house looked, how neat your garden was and how proud you were of your little – actual – empire. Now, thanks to the rise of materialism and consumerism, we now define someone’s success by the clothes they wear, the items they possess and how “Polished” they are as a human being.

    Nows, due to how far-reaching each person’s “world” has become, there is a plethora of micro-celebs, internet “influencers” who paint unrealistic, unreachable pictures of their lies across dopamine-hit-inducing “social” networks, and whether they realise it or not – they use these false images to compare against their own lives which leads to nothing but disappointment and depression.

    There is no denying the correlation between the rise in social media usage, and the rise in clinical depression and anxiety in young people. The rise of suicides, the rise of addiction treatment for social media usage… We have created all-consuming platforms that have taken control of our happiness and almost removed the choice from us. We are forced to feel like shit.

    I have spoken to real people, who are fully addicted to instant messaging and social media and completely deny it. I have witnessed with my own eyes  some people’s inability to hear a notification and ignore it, they are drawn to their device and are impulsed to check what it is and who its from – replying instantly despite the fact they were half way through a conversation with someone else at the time, for example. I’m no angel, ive done it before and now when it happens I find myself feeling guilty for wanting to look. I try not to, as I understand its an issue and I dont want to fall victim to it.

    I am trying to be the best version of me, I am trying to “own” my life and my decisions and not let anything choose or decide for me. It’s hard, and it almost feels like by doing so, I am alienating myself from the rest of the world but I hope I am simply an early adopter of this mindset and I hope one day the world does an about turn and decides to not let AI and social media dictate their happiness.

    Don’t let a temporary feeling or emotion dictate the rest of your life. There is a real world happening around you, dont view it through a 5″ touchscreen for the rest of your life.

    Peace out.

  • Mailgun.com Scam – Fake Support Ticket Phishing Scam Email

    Wow, this one took me by surprise to be honest. We use Mailgun for many of our customer sites, as it provides great logging and flexibility for delivering emails. It also means the outgoing emails aren’t tied to the same server the website is on, as emails can get people on blacklists and that can cause website access issues for customers.

    Anyway, a customer emailed this to me this morning, they asked if it was a support ticket we had raised but straight away I knew something was wrong, as the format of the email/support ticket was all wrong.

    This is the fake one;

    Mailgun spam email support ticket phishing

    To the novice user or someone not familiar with their email format would deffo fall for this. You should always hover over or inspect links in emails like this, before clicking on them;

    Mailgun spam email support ticket phishing

    Hovering over the app.mailgun.com link shows that it would actually take me to kapsicum.com which I can only assume is a hacked website. Normally I would click on it and screenshot the website it takes me to, but it’s early on a Monday and I have a bad feeling about this one so dont want to risk the malware infection to be honest! 🙂

    Just FYI, this is the format of a support ticket notification from Mailgun;

    Mailgun actual support ticket email

    And this is how newsletters come from Mailgun;

    Mailgun Newsletter format

    So none of the official emails look like the spam one, but to the untrained eye it would be easy to mistake and click on the link.

    Be warned!

    If you didnt ask for or request the email in some way, its probably a scam – so forward it to me so I can blog about it!

  • Securing phpMyAdmin… the Easy Way… any OS, any version…

    We work with various servers at work, and one of the areas that gets targeted the most by bots and stuff, seems to be the phpmyadmin login page.

    Now, you could obfuscate the folder name to throw them off the scent… but that probably means renaming loads of things other than the core foldername & time is money!

    The best way (before this blog post) of doing it has always been to secure it with htpasswd but the amount of times i’ve done this quickly and set the password to something obvious, and then forgotten the password. Then unpicking the password configuration to get in, to then have to reapply it… Screw that!

    So whilst I was once again sat staring at the good ol’ “how to secure phpmyadmin with htaccess” guide early this morning, I thought to myself “there must be a better way of doing this!” and I pondered… and pondered… then it hit me!

    Cloudflare!

    We use Cloudflare for DNS management on all our websites, it’s by far the best tool for the job and despite them taking most of the internet down (twice) the other month, its an awesome toolkit for keeping the baddies out and the websites online.

    Anyway, in the cloudflare dashboard there is a firewall section, in that section you can set rules under “Firewall Rules” and a quick 5 minute rule later and my phpmyadmin screen is secured with a captcha screen and cloudflare is beating up the baddies that try and come and hack my gibsons.

    Here is the rule;

    Rule to secure phpmyadmin with Cloudflare

     

    And here is my bitchin challenge screen;

    It’s worth noting that when I originally added the above rule I used “contains” in the rule Operator field, and then the screenshots I added above had ‘phpmyadmin’ in the filenames,  so the cloudflare rule kicked in blocking the images from loading!

    Be careful when setting the rule and ensure it matches my example above.

    It logs how many times it kicks in too, and already since adding it its been hit 50 times!

    Secure your phpmyadmin on ubuntu, cloudlinux, redhat, CentOS, debian, fedora, coreos, freebsd, windows hosting, and anything else with this 5 second rule.

    Oh, it works in cloudflare free accounts too – so even if you dont use cloudflare you can set it up at no cost and have the rule protecting your phpmyadmin from the hackers, bots and baddies of the internet world in no time!