Posted on: August 14th, 2010 by Famous Phil
Today’s topic was sparked by a recent influx of worms attempting to take over one of the public servers that I manage. Basically, I constantly get log notifications for the firewall (yes, I actually read logs!) saying that all these attack signatures are being detected against programs running on one of my servers.
These programs are IIS 7 (web server, Internet Information Services) and MSSQL Server 2008 R2 (Microsoft Standard Query Language Server). In the past when I ran my own computers on an un-firewalled internet connection (public wi-fi, home DSL), with home security software installed (like Norton 360), I have also noticed these types of log messages and popup warnings.
Most people (I’d estimate at least 50%) probably have some sort of broadband, un-firewalled, connection setup in their home that is directly connected to their computer. Most people probably subscribe to some security solution like Norton 360, and they probably run some sort of firewall. Normally, these firewalls catch all the bad stuff that can harm your computer, but stuff still could potentially come through.
Although there will always be loop holes for these security vulnerabilities, there is another means of protection that most people would NEVER think of! If you’re thinking Wireless router from the local Wally World (Wal-Mart), you read my thoughts. Yes, Wireless routers don’t just share an internet connection wirelessly like most people think.
So what else does a wireless router do? A wireless router is simply a ROUTER with a wireless ability built into it. Routers are complex pieces of engineering that connect many computers together. Without getting into too much detail, routers connect two separate networks together to bring multiple endpoints together. The internet has many subnets that are connected to each other through routers. Think of the telephone system when I mention this, more specifically area codes and dialing prefixes. The area code for Matthouse is 716, the prefix is 584. So 1-716-584-xxxx gets routed to a particular telephone. In my example, when you dial the full number, 1 means connect to the main US router which knows all the US phone area codes. Next, 716 means connect to the router which handles the Western New York area prefixes, then finally that router sends the call to the router than handles the 584 prefix. That router then is practically directly connected to the xxxx number which will ring a phone and help establish your connection. The internet is connected in a similar fashion.
Traffic is sent in internet packets that run on a certain port number. For simplicity, a port is required to connect to a computer. Computers listen on ports for connections and there are 65535 possible ports. You might think of a port like a way to get to your house from the road at your address. Each drive way is a unique path in and it accepts only a certain type of car. Hackers tend to send a car into that drive way that acts and looks like the car it accepts, but once it’s in, it can cause havoc in your home (computer).
So what am I getting to? Routers connect different networks, so they inherently have to forward all the traffic from one network to another, including all the ports. Since ports are easy ways to get into your computer (provided your computer is actively listening / accepting on that port), hackers tend to go for these ports. Some ports on web servers (like port 80) are absolutely necessary to leave open, but other ports like 5109 (which happens to be the AOL Instant Messenger port) probably isn’t needed on that web server. For a home computer, blocking all the ports inbound to the computer is probably smart, while allowing all the outgoing ports from the computer to the internet.
NOTE: I probably should add that with outbound connections through firewalls, if you request something from an external source (say a webserver) while having all incoming connections blocked, you will still get the response from that external source. Firewalls are smart about allowing replies back through while blocking all new connections that are probably hacker initiated.
BOTTOM LINE: All computers have different needs. A wireless router when added to your network will block all incoming ports by default and allow all outgoing connections on all ports. Therefore, by adding one of these cheap boxes, you’re not only gaining a wireless network access point, but you’re also protecting yourself from the nasty dangers of hackers that probe computers for open listening ports. Since many ISPs provide un-firewalled public IP addresses to residential customers, those customers would be wise to install one of these routers. Who knows, it might save their computer from a severe attack from a hacker some day! I’ve also found that when I run a firewall in terms of a router, I don’t need as much protection from Norton 360 on my computer, so I basically have a faster computer (it isn’t working on blocking bad stuff anymore).
Hopefully this helps you!
Tags: Firewall, wireless router
Posted in Technology
|| 11 Comments »
Posted on: July 30th, 2010 by Famous Phil
Today’s blog kind of got pushed to the top of my to do list after I finally obtained a virus that I have been trying to get now for the past year and a half! This basically deals with a type of malware which comes from advertisements on websites you visit. For many years now, I have always wondered, how can someone walk into my room, get on my computer, and have a virus on it within 5 minutes. After all, I haven’t gotten a virus now in at least 5 years!!! Is it the surfing habits of people, or is it just that I don’t visit “those” types of sites. I’m going to go into a little detail today about what I’ve found out.
At one point or another, I’d say that at least half the population that uses a computer has seen some sort of a virus. The most popular virus as of late (I’m talking the past 2 years) is the Antivirus 20xx Virus. Its usually labeled Antivirus 2008, 2009, or 2010 and looks like an antivirus program. The only trick is that it isn’t. I’ve always wanted to figure out how this virus enters the computer because I’ve seen it so much now that I’ve become an expert at removing it without tools. I’ve also given a few lectures (as a Teaching Assistant) on viruses, but without the virus as an example, it is really hard to show how infections occur and how to prevent them. So instead, I just gave the usual lecture about run Windows Updates, Antivirus protection, and use Firefox or Google Chrome instead of Internet Explorer.
So now, lets get into how I actually found the virus. Yesterday, I was talking with my friend, John, about the normal crap we talk about and John brought up that he was fixing a Windows XP machine that was infected by Antivirus 2010. He mentioned that it was a popular virus (which I already know). Up until that point I have fixed at least 10 computers with the same infection. The only common thing I could come up with between them (in most cases) was that the user had Yahoo! set as their homepage, Windows update was seldomly ran, and Internet Explorer was the main browser. John also came up with very similar characteristics.
Normally I give a walk through to everyone who I repair computers for that includes click ok to any updates to symantec antivirus and windows updates, this is what that screen will look like, etc. Contrary to popular believe, some of the biggest updates DO NOT get installed automatically for Windows. For example, internet explorer 8 right now is considered a non vital update, so is Windows Vista Service Pack 2. Both of these updates take a long time to install and require the user to initiate them. To do so, the user should get in a habit of running Windows Updates monthly at the very least to manually check for these updates that don’t automatically install.
Yesterday, as a test, John left Yahoo open in Internet Explorer on his fully updated computer and he noticed that a risk was found. After hearing that, I too ran a similar test. I follow all of my instructions and I verified that my computer had the latest version of everything. I managed to find a risk within 5 minutes of simply reloading the yahoo page. This completely shocked me and confirmed what 2 of my last customers said they were doing when they got the virus (working on Yahoo Mail). The risks that I found could easily give me the virus that I’ve looked for. Of course, I’m a bit smarter than most and I killed the Internet Explorer window through the task manager when the risk showed up. I will still probably restore my computer though a hard drive clone I made a month ago to verify that nothing bad did happen.
I always thought that the culprit was free porn and file sharing (emule, limewire, torrent, etc). I have always known that free videos and music can contain malicious software on the inside encoding that can cause your computer to execute a virus installer. I never thought that this could happen from viewing a simple advertisement. So now that I know the culprit, is there anything you can do to protect yourself? Of course there is. First, I strongly encourage you to dump Internet Explorer. I have never seen “Internet Explorer” and “Secure” used in the same sentence with correct grammar (there is no correct way to put those 2 into the same sentence truthfully). The first step to protect yourself is to Goto http://www.getfirefox.com or http://chrome.google.com and download Firefox or Chrome, then install it. I personally like Firefox more, but others push Chrome too.
Now comes the controversial part of the solution. The internet is mostly ran on Advertising (sadly) meaning that there is a lot of controversy with blocking advertising. FamousPhil is a more a hobby site so I never intend on having advertisements on this site that I don’t have full control over. Sadly, some of the biggest sites, including Yahoo, Fox, Google, and others have malware placed within their dynamic ads (as per my testing). It may or may not be any fault of their own (there are hackers out there), but malvertising is a major security risk. I have always run an ad blocker (which is probably why I have never gotten anything). My reason has always been that I’m on a slow connection and without ads, my internet is so much faster. Therefore, I have never strongly recommended ad blockers until today, but I always put them onto comptuers that I fix for clients. Now I feel that without ad blockers, this malware will get into the computers of innocent people. Being a computer technician, I really hate seeing the same problem / computer over and over.
So with that said lets apply an adblocker to your browser of choice above. To install an adblocker for firefox, simply open up firefox and goto tools -> addons. Search for the addon “adblock plus”. Install that addon and restart the browser. Upon restart, you should see a screen asking what filter you want. I am an avid fan of “easylist usa” which blocks just about everything that is advertising related. For chrome, you want to click on the wrench (tools) and goto extensions. Then you want to browse the gallery. The first adblock by gundlach is the one you want to click on. Then click the install button. The extension will pop up a window that says install, so install it. After that window goes away, simply exit google chrome and go back into it. Ads should now be gone.
I really hate having to recommend blocking ads, but hopefully after enough people block ads, the advertisers will realize that their ads are doing more damage than good and will fix that. Until then, If you want to avoid viruses and crap, I’d strongly recommend using one.
Tags: ads, advertising, antivirus 2010, malvertising, malware, virus, yahoo
Posted in Technology
|| 10 Comments »
Posted on: July 23rd, 2010 by Famous Phil
I am delighted today to bring you a guest posting from Alexis Bonari!
Anyone who does any sort of work on their computer can tell you a hard drive crash is the stuff nightmares are made of. While it’s easy to pass judgment on such individuals for failing to use an external hard drive, doing so is admittedly time-consuming and, in some cases, expensive.
The solution: online backup sites. For a small fee, these off-site servers back up all data stored on the computer in case of a hard drive failure. Here are the top three such services and what they have to offer:
1. Carbonite
(http://www.carbonite.com/en/default.aspx)
For only $54.95/ year, Carbonite offers unlimited backup on their server. No matter what your computer’s storage limit, the Carbonite system can handle it. For security purposes, files are encrypted before being sent to the Carbonite server for storage. For ease of use, the files are automatically backed up each time the computer is connected to the Internet. Restoring the files is as simple as logging into the Carbonite website and clicking the “restore” button listed on your account.
2. MozyHome Free
(http://mozy.com/home/free)
Unlike Carbonite, Mozy doesn’t charge a fee for the first 2 GB backed up. The system for retrieving files and backing them up is essentially the same the one used by Carbonite. If you want to store more than 2 GB, Mozy charges $4.95/month. This gives you unlimited data storage for only slightly more per year than Carbonite.
3. SugarSync
(https://www.sugarsync.com/)
Many experts believe that online syncing represents the future of online backup technology. SugarSync.com is the current leader in online syncing technology. Instead of simply backing up a set of files on one computer, SugerSync notifies other computers and devices you’ve listed of any changes made. You can work from nearly anywhere in the world and have your files backed up in real-time by the Sugarsync server. Devices supported include Mac’s, PC’s, Ipads, smart phones, and many others.
Those who sign up get a 30 day free trial. After that, the price goes up to $10/month for 60 GB of storage. While the limited storage and the higher price might be prohibitive for some customers, many are happy to pay extra for the ability to sync documents over multiple devices.
Bio: Alexis Bonari is a freelance writer and blog junkie. She spends much of her days blogging about Education and CollegeScholarships. In her spare time, she enjoys square-foot gardening, swimming, and avoiding her laptop.
Tags: alexis bonari, backup, disaster, guest post
Posted in Technology
|| 15 Comments »
Posted on: July 14th, 2010 by Famous Phil
This is the revised version of my initial blog last night:
I always perform updates monthly on all of my servers beginning at 10:30pm Eastern Time of the Wednesday following the 2nd Tuesday of the month (to stay in line with Microsoft Updates). I know a lot of Windows admins look at the 2nd Tuesday of each month as “Black Tuesday”, and I now have a first hand incident that has me dreading it also.
So last night, Windows Updates recommended I install Exchange 2010 Server Update Rollup 4. I have never had issues in the past, so I quickly looked into known issues and guidance. Nothing was listed with a Bing / Google search (I use Bing more when I’m dealing with Microsoft technologies). Anyways, last night the updates took about an hour to install. Once done, I rebooted as normal, but Outlook Web Access didn’t ever come back. After some investigation, all of the exchange related services that make exchange work were disabled. I’m not sure why this was, but I began troubleshooting lots of stuff and the I have 2 theories for what happened (I did both at the same time so it could be either one).
I first tried to remove the update rollup that Windows Update installed but was asked for a DVD that I don’t think was ever made and released by Microsoft!!!! I also tried a system restore which lead nowhere since it doesn’t exist on Server 2008. After this, I was considering my options, I tried 2 things at the same time which worked to fix the issue and get Update Rollup 4 installed (thankfully).
Theory 1: The updater package disabled the web service and since the web service had to be up to be updated, the updater failed to update everything successfully.
Theory 2: The previous update rollups (I had update rollups 1, 2, and 3 all installed) were interfering with the new update rollup. So I removed all 3 previous ones then reinstalled update rollup 4. Note that I had to uninstall all 3 of these with the broken install of rollup 4 still listed in the optional remove panel. Once I was ready to reinstall update rollup 4, only update 4 was listed in the installed updates for exchange section of Windows Updates.
Steps to fix such an error:
1. don’t panic or get impatient, this will take about 3 hours
First remove any previous update rollups from the add/remove programs in the control panel for applied updates. Each one will take about 15 to 30 minutes to uninstall. I started with rollup 3 and worked my way backwards.
2. get the official rollup 4 package from Microsoft’s website
3. open up an elevated (run as administrator) command prompt and change directory to the file that you downloaded
4. execute the rollup msp file – don’t do anything once the installer loads yet
5. open up the services console (under administrative tools)
6. start the updater… as soon as it is done with the stopping services text, immediately goto the services console and enable both the iis admin service and world wide web publishing service, also START them immediately. There is about a 60 second window to do both (start the www publish service first)
7. let it install, afterwards you will need to re-enable all of the exchange related services that were running prior to the original windows update (I hope you have a good memory, for my server, it was all but the edgesync service)
8. reboot the server
9. hopefully exchange will work again, for me it did. Apparently Microsoft released a bad update to Windows Update this past black Tuesday and it caught me off guard 
Anyways, I hope this information is useful for other Windows Admins that are in this situation without any option but restore a complete system image and have lots of downtime while Exchange’s latest email is restored.
Posted in Hosting / Server Administration
|| 8 Comments »
