How to find Raw Access Logs:
Let’s take a look at the access logs. To access raw logs, click on the Raw Access Logs icon from the main cPanel account page:

This will take you to the Raw Access Logs detail screen: (see image below)
Click on the first checkbox under configure logs title and then click the Save button.
This will allow the logs to be updated and added to the archive file, which you can download later to see activity for a period of up to a month.
You can see the archive file with under Archived Raw Logs link at the bottom of the screen. (see image below) Archive file name will have the domain name (grayed out in the image) with a date suffix and a .gz extension.
Once you click on any of the archives, you should be able to save it on you local disk and extract the content using either (winzip, 7-zip or any similar software)

Raw Access Logs Layout ( good example):

Raw access log entries starts with the ip address of the visitor followed by date of the visit. Next you can see the http request “Get” meaning the visitor accessing your site’s login form in this example (see image above). Following the Get request, we see the relative file name followed by the version of the HTTP request (1.1)  Note: The 2 most popular requests you’ll find in the log file are “Get” and “Post”.
Next, you’ll find a numerical value 200, in this case it specifies the resulting status of the request. Typical values for this code are 200 (OK). Another known number is 404 (Not Found) and 403 (Forbidden). To learn more about HTTP Status codes, refer to the whole list in wikipedia.

The next numerical is 2125, a number indicating the total size (in bytes) of data transmitted for the request.
The next portion of our access log entry specifies the referrer, showing the URL of the referrer (grayed in the image sample).
Finally, the formal identity of the user-agent is specified at the end of the log raw.

Example of a suspicious Access Logs:

(click image to enlarge)

Here someone has tried to exploit the site via URL attack. Usually these attempts fail due to limited site access setup. Also a firewall running on the server should prevent such attacks. For you it is a good thing to know what is happening on your site, so you can either block the ip or it will alert you to keep a closer eye on your site in general.

Another example of a suspicious Access Logs:

(click image to enlarge)

Here someone has tried to exploit the site via sql injection. You can see “Union” and “Select” database statements that will give the user unauthorized information. This kind of attack can be prevented by the software and it’s capabilities to sanitize the query. Wordpress is now a lot more secure than the earlier versions, however be careful of plugins or themes that could not be safe enough to block this kind of attack.

Regards.

A recent survey by Pew Research and Elon University’s Imagining the Internet Center of 895 technology stakeholders and critics shows 85% of respondends agree with the following statement:

“In 2020, when I look at the big picture and consider my personal friendships, marriage and other relationships, I see that the internet has mostly been a positive force on my social world. And this will only grow more true in the future.”

I agree too, however you have to keep in mind that with the positives come negatives too. I would keep in mind the following:
- Allocate time for online usage and watch your time carefully.
- Watch your privacy when setting up online accounts and use only trusted and reputable sites.

To find out more about the study, click here.

Regards.

I think the message should say ‘Not hosted here, please park the site by us first if you need to access total dns configurations’. I have been asked about it numerous times and generally find messages that show next action steps easier, than just telling ‘Not hosted here’.

If you follow the instructions from Google ( click here for the instructions ) and don’t find the link to setup the total DNS. Instead it says: DNS: (Not hosted here).  Then click on the ”Manage” link under Nameservers setup  (just on the left) and pick the radio button for “I want to park my domain” and click okay. This action will take a little and first display Total DNS: (Temporarily unavailable). After a little while, it should show a link “Total DNS Control” as in the image.

By then you can continue with step 5 to set up a cname and then setup a record for your domain.

Regards.

BBC wrote today, after facing increasing criticism from not only US consumer groups, but also European Union data protection officials, who describe the recent privacy changes as unacceptable, facebook founder Mark Zuckerberg is pledging easier privacy.

Many have even pledged to quit Facebook. QuitFacebookDay.com, an anti-facebook site is encouraging it’s visitors to quit Facebook by May 31, 2010. Already at the time of this writing over 14,000 have pledged to quit.

I strongly recommend you to visit ReclaimPrivacy.org to take a look and update your privacy if you need to. ReclaimPrivacy.org offers a free and easy to use tool that will scan your Facebook account’s privacy on facebook. Privacy Scanner will display in color coded tags, how secure, (and/or not so secure) your settings are. Even if you are not concerned about privacy, I strongly recommend you to check it out. It will remind you as how the world looks at your personal data.
And while you there, check out the story by Consumer Reports titled: “7 Things To Stop Doing Now on Facebook”

Regards.

Surprisingly there are many password cracking software tools. I assume these were made for ethical use of lost passwords or someone who left her/his job and no one can unlock the computer. The problem however is when these software tools fall in the wrong hands…

To better protect your online investment, you will need to do a little of planning that can bring you far ahead from most online users.

In general your password security will depend on your general caution about protecting your assets. This is the same like leaving your car in the parking lot of a busy shopping area, or even in front of your house. Do you leave it locked or unlocked?

Whether your answer is locked or unlocked, I invite you to keep reading my post and hopefully be aware to better password protect your online assets:

Here is my list:

1- Don’t choose a short password:

I have seen many websites checking and validating for a minimum of 8 characters. That’s great, because it turns out that the time it takes to crack 8 character password is exponentially more, than a 6 character password. I would even suggest a 10 character password and for more sensitive information go even for 15 of more characters.

2- Don’t pick words that relate to you:

Don’t pick family members names, or even a city you live in or phone number or a hobby or anything else that is easily to be guessed about you. Just pick words that are not related to you. Remember, popular social sites and blogs encourage people to write a profile, so if you write you live in … and you wife’s and kids names are …. and graduated from …..

This information could be easily guessed, if you use any of it to create your passwords.

3- Don’t pick easily guessable words, numbers and/or patterns:

I have done this before, with words like: bulldog, goldfish, coffee, 123456, asdfg, abcdef, abc123, 911, ….

4- Don’t  store your password on your laptop or online

If you can’t remember and have to save you password, save it in a file offline. I would save it on a writable CD or a flash drive that can be easily detached from your laptop. I don’t like online sites or software that helps managing passwords. I feed safer just doing it the old fashioned way, writing them on a little booklet that I keep in a safe place.

5-Include numbers, capital letters and symbols

Try to always incorporate all letters in your password, not only lower case. The chances that a brute force attack will find your password will be of a magnitude of 10 thousands more difficult, than with just using lower case characters. It is a statistical truth that you want to be aware of to better protect you accounts.

6-Consider changing your password at least once a year

I have seen big corporations enforcing policies of changing passwords every 90 days, but I don’t think this helps a lot since an attacker will need only minutes or even hours time to crack your password. You will need however to change your password, just to make sure it is not found or stored in a place that someone can find.

7-Make sure your Antivirus software is up-to-date.

Always make sure your anti virus is up-to-date and gets updated constantly, otherwise switch to a different software. Make sure the software checks the incoming email and scans the attachments as well and never download any attachment unless you know the sender and trust the attachment too.

This is my list, did I miss anything? Let me know.

Regards.

A survey by Edison Research reveals that for the first time more Americans would give up television over the internet, if they had to choose of course. 49% would give up television versus 48% would give up internet. Just 9 years ago the same survey showed the opposite. 72% will give up internet versus 26% give up television.

Regards.

If you don’t have Gimp, download it from here. It’s a high quality image manipulation software that you can download under the GNU license.

Open the image in Gimp

From the Layer menu item, click on Transparency and then click on the “Add Alpha Channel” the first item in the submenu.

Click on the fuzzy selection tool from the Toolbox panel and highlight the background area on your image that you want to make transparent.

Click on the “delete” button on your laptop, or select the menu item “clear” under the Edit menu. You will start seeing the background color change to transparent. Shown in the software as gray squares (see image below).

Now you can save the new image and you should be done.

Well, a bug can stay forever unless someone uncovers it, right? In this case a Google researcher discovered a utility that allows users of new versions of windows to run old versions of windows software.

This bug goes back to the days of windows 3.1, and has never been addressed by Microsoft until discovered last month. The good news is that this security issue has not been exploited. To read more about it, click here.

Online money management has become a method used by many. At work, I always see my colleagues going to either their bank, brokerage accounts, or just checking the stock market on a frequent basis.
No matter what your New Year resolutions is, the internet makes it easier to start your search. Of course remember their are a lot more resources in the libraries, that haven’t yet made it online. The internet is a good place to start however, just be cautious to  turn to known and reputable sites and use your common sense to stay away from trouble sites.

Have you done something about using the internet more safely? Read about McAfee here.

To read more about the study from Performics, please go here.

Regards.

France followed by the German government lately warned web users against Microsoft’s IE and advised using an alternative web browser. They knew about the vulnerabilities earlier, but announced the warning after the malicious code that was used on Google was published online.

Even though IE 8 is more secure than earlier versions of IE, Microsoft admitted that it is vulnerable as well. The risk comes only, if you browsed a compromised site and will infect your laptop allowing your sensitive information to be stolen.

I caution using IE for now, until Microsoft comes up with a fix for this issue.

Click here to read more about the story.

Regards.