How to find Raw Access Logs:
Let’s take a look at the access logs. To access raw logs, click on the Raw Access Logs icon from the main cPanel account page:

This will take you to the Raw Access Logs detail screen: (see image below)
Click on the first checkbox under configure logs title and then click the Save button.
This will allow the logs to be updated and added to the archive file, which you can download later to see activity for a period of up to a month.
You can see the archive file with under Archived Raw Logs link at the bottom of the screen. (see image below) Archive file name will have the domain name (grayed out in the image) with a date suffix and a .gz extension.
Once you click on any of the archives, you should be able to save it on you local disk and extract the content using either (winzip, 7-zip or any similar software)

Raw Access Logs Layout ( good example):

Raw access log entries starts with the ip address of the visitor followed by date of the visit. Next you can see the http request “Get” meaning the visitor accessing your site’s login form in this example (see image above). Following the Get request, we see the relative file name followed by the version of the HTTP request (1.1)  Note: The 2 most popular requests you’ll find in the log file are “Get” and “Post”.
Next, you’ll find a numerical value 200, in this case it specifies the resulting status of the request. Typical values for this code are 200 (OK). Another known number is 404 (Not Found) and 403 (Forbidden). To learn more about HTTP Status codes, refer to the whole list in wikipedia.

The next numerical is 2125, a number indicating the total size (in bytes) of data transmitted for the request.
The next portion of our access log entry specifies the referrer, showing the URL of the referrer (grayed in the image sample).
Finally, the formal identity of the user-agent is specified at the end of the log raw.

Example of a suspicious Access Logs:

(click image to enlarge)

Here someone has tried to exploit the site via URL attack. Usually these attempts fail due to limited site access setup. Also a firewall running on the server should prevent such attacks. For you it is a good thing to know what is happening on your site, so you can either block the ip or it will alert you to keep a closer eye on your site in general.

Another example of a suspicious Access Logs:

(click image to enlarge)

Here someone has tried to exploit the site via sql injection. You can see “Union” and “Select” database statements that will give the user unauthorized information. This kind of attack can be prevented by the software and it’s capabilities to sanitize the query. WordPress is now a lot more secure than the earlier versions, however be careful of plugins or themes that could not be safe enough to block this kind of attack.

Regards.

BBC wrote today, after facing increasing criticism from not only US consumer groups, but also European Union data protection officials, who describe the recent privacy changes as unacceptable, facebook founder Mark Zuckerberg is pledging easier privacy.

Many have even pledged to quit Facebook. QuitFacebookDay.com, an anti-facebook site is encouraging it’s visitors to quit Facebook by May 31, 2010. Already at the time of this writing over 14,000 have pledged to quit.

I strongly recommend you to visit ReclaimPrivacy.org to take a look and update your privacy if you need to. ReclaimPrivacy.org offers a free and easy to use tool that will scan your Facebook account’s privacy on facebook. Privacy Scanner will display in color coded tags, how secure, (and/or not so secure) your settings are. Even if you are not concerned about privacy, I strongly recommend you to check it out. It will remind you as how the world looks at your personal data.
And while you there, check out the story by Consumer Reports titled: “7 Things To Stop Doing Now on Facebook”

Regards.

Surprisingly there are many password cracking software tools. I assume these were made for ethical use of lost passwords or someone who left her/his job and no one can unlock the computer. The problem however is when these software tools fall in the wrong hands…

To better protect your online investment, you will need to do a little of planning that can bring you far ahead from most online users.

In general your password security will depend on your general caution about protecting your assets. This is the same like leaving your car in the parking lot of a busy shopping area, or even in front of your house. Do you leave it locked or unlocked?

Whether your answer is locked or unlocked, I invite you to keep reading my post and hopefully be aware to better password protect your online assets:

Here is my list:

1- Don’t choose a short password:

I have seen many websites checking and validating for a minimum of 8 characters. That’s great, because it turns out that the time it takes to crack 8 character password is exponentially more, than a 6 character password. I would even suggest a 10 character password and for more sensitive information go even for 15 of more characters.

2- Don’t pick words that relate to you:

Don’t pick family members names, or even a city you live in or phone number or a hobby or anything else that is easily to be guessed about you. Just pick words that are not related to you. Remember, popular social sites and blogs encourage people to write a profile, so if you write you live in … and you wife’s and kids names are …. and graduated from …..

This information could be easily guessed, if you use any of it to create your passwords.

3- Don’t pick easily guessable words, numbers and/or patterns:

I have done this before, with words like: bulldog, goldfish, coffee, 123456, asdfg, abcdef, abc123, 911, ….

4- Don’t  store your password on your laptop or online

If you can’t remember and have to save you password, save it in a file offline. I would save it on a writable CD or a flash drive that can be easily detached from your laptop. I don’t like online sites or software that helps managing passwords. I feed safer just doing it the old fashioned way, writing them on a little booklet that I keep in a safe place.

5-Include numbers, capital letters and symbols

Try to always incorporate all letters in your password, not only lower case. The chances that a brute force attack will find your password will be of a magnitude of 10 thousands more difficult, than with just using lower case characters. It is a statistical truth that you want to be aware of to better protect you accounts.

6-Consider changing your password at least once a year

I have seen big corporations enforcing policies of changing passwords every 90 days, but I don’t think this helps a lot since an attacker will need only minutes or even hours time to crack your password. You will need however to change your password, just to make sure it is not found or stored in a place that someone can find.

7-Make sure your Antivirus software is up-to-date.

Always make sure your anti virus is up-to-date and gets updated constantly, otherwise switch to a different software. Make sure the software checks the incoming email and scans the attachments as well and never download any attachment unless you know the sender and trust the attachment too.

This is my list, did I miss anything? Let me know.

Regards.

Well, a bug can stay forever unless someone uncovers it, right? In this case a Google researcher discovered a utility that allows users of new versions of windows to run old versions of windows software.

This bug goes back to the days of windows 3.1, and has never been addressed by Microsoft until discovered last month. The good news is that this security issue has not been exploited. To read more about it, click here.

France followed by the German government lately warned web users against Microsoft’s IE and advised using an alternative web browser. They knew about the vulnerabilities earlier, but announced the warning after the malicious code that was used on Google was published online.

Even though IE 8 is more secure than earlier versions of IE, Microsoft admitted that it is vulnerable as well. The risk comes only, if you browsed a compromised site and will infect your laptop allowing your sensitive information to be stolen.

I caution using IE for now, until Microsoft comes up with a fix for this issue.

Click here to read more about the story.

Regards.

Setting up SSL on the server requires a certificate to be installed. I usually buy the certificate from godaddy. 

On some sites, you will see only certain pages redirect the page (URL) from http to https. I personally prefer to have https on the entire website and the best way to set it is on the server’s .htaccess file for the following reasons:

1- You don’t have to deal with changing your scripts or adding extra html or php redirect.

2- If you have to test the script on your local machine or on a server that isn’t SSL enabled, you don’t need to make changes to it.

3- It more secure.

Adding the following server redirects should do it. Just save the following in .htaccess under your root directory:

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

You can learn more about it here: http://en.wikipedia.org/wiki/Https. Wikipedia explains the process in simple “plain english”.

Regards.

Scammers are always looking for more traffic to their sites, and lately started to look for organic traffic to get to their victims.
McAfee conducted a study that focuses on this trend by analyzing over 2000 of the most popular keywords and phrases used in search engines.
They came out with an interesting report that shows how much risk is associated to each keyword or phrase you might use in the search engines.

The riskiest keywords were the most popular ones such as: word unscrambler, lyrics, myspace, free music downloads….
By looking at the riskiest keywords, they concluded that scammers keep targeting popular keywords to gain more traffic and target a larger pool of victims.

This study was used mainly with the McAfee SiteAdvisor tool. SiteAdvisor rates sites with color codes, green being safe, yellow minor risk, and red high risk. SiteAdvisor is a plugin that you can use with you explorer and firefox browser and allows you to see the risk of a site before using it. In this study Mcfee gathered the first five pages of search results for each keyword and counted the number of red and yellow rated sites on each page. Risk was assessed as a ratio of the red and yellow sites to the green sites. Both sponsored and organic links are counted in the study.

The good news is that this study shows that the web is safer than previously thought. The average risk level according to this study fell from 4% to 1.7%.

To learn more about the report click here.

Regards.

In the story they mentioned that high visibility sites like USA Today, ABC News, and Wal-Mart were affected.

This happened to one of my sites not long ago. Thanks to avast, I found about it quickly. I have outsourced a site for one of my customers, and asked the freelancer to load the site. After he was done, I went to take a look. Suddenly the popular avast alarm sound started and a panel showed a warning me about the web page.

I was surprised, specially that other pages of the same site were fine for avast.
I quickly went back to look at the site source, and sure enough…, I found the iframe tag in the page source close to the bottom of the web page.
It had code referencing another site, that could have caused damage to my laptop without even me noticing where it came from. I quickly removed it and that was it.
I guess what happened is that the freelancer had a malware or spyware on his laptop, and it inserted the iframe tag in the page while ftp’ing the files to the server. Lesson learned: Don’t let anyone update your files for you.

iframe tags are legitimate html tags that allows you see other site’s content in your own web pages. Unfortunately, they could be used to harm you in many other ways.

To minimize the risk to your laptop, make sure you always have your antivirus software running and up-to-date on your computer. To learn more, click here to read the entire story from avast.

Stay safe.

I got recently a security key and think it’s good investment any paypal account holder should have. Even if you don’t keep a lot of money in your account, it could still be a headache if your account for some reason got compromised. Remember, you might have your credit card account or even you bank account tied to your PayPal account.

No one knows if someone got hold of your account what kind of damage it can cause. A security key is only a $5 investment and provides an extra layer of security to your account.
I think it is well worth it.

You can easily request it from your account. Under the profile tab, click on the “PayPal Security Key” link to request the key.

Follow instruction to pay $5 for a new Security Key.

After payment, Paypal will send you a new Security Key by mail withing a week.

Once your receive it, log into you PayPal account and click on the “Activate now” button to activate your new Security Key.

You will see a confirmation message saying “Your security key is now active”

Don’t worry about losing or not having your Security key with you.

PayPal will let you log into you account without a Security Key, in case your lost it or do not have it handy. Anytime you sign in, you can be presented with 2 questions in case you click on the “I don’t have my Security Key with me” link after entering you password. You can answer only one of these questions:

1- I don’t have my PayPal Security Key. The key isn’t lost, but I don’t have it right now.
2- My PayPal Security Key is lost or broken. I would like to log in and deactivate my Security Key.

Once in your account, you can click on profile and PayPal Security Key link to manage your security key.

Note:

You can have multiple Security Keys and each one has it’s own serial number.

Regards.