Just noticed the below internal message in my ePassporte account. Anyone have the scoop on this? It smells like BS to me. I imagine it was a processing fee issue and ePassporte felt MasterCard was getting more than their fair share. If this is a smear campaign based on something like that, ePassporte just screwed up big time. I smell a lawsuit brewing…

————-
From: Internal Notification
To: [Removed my ePassporte account name]
Received: Jan 10, 2008 2:41 PM PST
Subject: Important Notice about MasterCard Credit/Debit Load Cards

Dear Account Holder,

ePassporte currently does not accept MasterCard Credit/Debit Cards for loading funds. ePassporte does not believe MasterCard’s security procedures meet the standards required by ePassporte to ensure the security of our Account Holders.

Alternatively, you may use a Visa Credit/Debit card to load funds to your ePassporte Account. To add a Visa Card, please log into your ePassporte Account, click on “Load Money”, “Credit Card” and the “Add a New Credit Card” link.

You may also use your US checking account to transfer funds to your ePassporte Account. To add a US Bank Account, please click on “Load Money”, “US Bank Account” and enter your bank account details.

We apologize for any inconvenience this may have caused you. Please do not hesitate to contact us for further assistance.

Thank you for choosing ePassporte.

Best Regards,

ePassporte Account Holder Services

A couple days back, I read Matt Cutts’ post: Three tips to protect your WordPress installation. His suggestions are decent, but there’s some better stuff you can do via security through obscurity.

Matt suggests protecting your wp-admin directory via .htaccess IP restricting. This is a good idea to be sure, but why let your wordpress install location be known when it’s simple as pie to hide?

Step One:
Toss your WordPress installation into a super secret directory.

Step Two:
Move your style sheet / images from your theme directory and into directories outside of your WordPress install. Change your head to reflect the change.

Step Three:
Dump that wlw reference from your head. This plugin will do the trick.

Step Four:
Move your wp-comments-post.php into your root and edit the beginning of it in the same way you did your index.php in step one. Edit your template files to reflect this. (Don’t visit my wp-comments-post.php, it’s a honeypot idea I’m in the middle of tweaking to snag some comment spammers. ;-)

Step Five:
I edited the pingback url my header sends out to go to Planet 404 since I’m a member of the Pingbacks / Trackbacks are Retarded Club. If you use them, I imagine it’d be just as easy as the wp–comments-post.php move is. You can edit that header info via /wp-includes/general-template.php - just search for “pingback” and you’ll find the line.

Step Six:
If you have any other plugins tossing info into your head or anywhere else that reveals your install location, tweak them.

If anyone knows how to get the install url in some other way(s), leave a comment with the info or email me and I’ll update this with the tweaks to prevent the info leak. In fact, I’ll cough up $20 via paypal to the first person who posts a link to my admin directory with the info on how they found it.

Matt’s second tip was to “make an empty wp-content/plugins/index.html file” to prevent potential plugin info leak. That’s obviously a moot point if you hide your entire install. And, as several people have already pointed out: leaving your indexes viewable is retarded and easy to change.

Matt’s third tip looks like it was just some filler for his post. Subscribe to the WordPress Development blog? Your admin panel already has that feed built into the dashboard.

His bonus tip was also a bit odd. He suggests dumping the bloginfo(’version’) snippet from your template’s header.php. Doing so won’t prevent your WordPress version from being leaked out to anyone though. All a person has to do is view the source of any of your feeds to get the same info. Here’s an example from Matt’s own blog. View the source of that page and you’ll see generator=”wordpress/2.3.2″ at the top. If you really want to prevent your version from being leaked you need to edit /wp-includes/version.php. You should change it to a version in the far future to avoid having that constant “A new version of WordPress is available! Please update now” nag from invading your admin panel. I’m kicking WordPress version 6.9 up in this biotch. :P

Here’s a bonus tip from me:
Change your default database prefixes (wp_) to something else. This basic security through obscurity tweak could save your ass from possible SQL injection attacks. Here’s a nifty plugin that can do it for you.

Now, let’s see who snags that $20.

P.S. I’m in the middle of tweaking this new theme. So, excuse the mess.

…we need your help in filling in the gaps. If you come across a site that is hosting malware, we now have an easy way for you to let us know about it. If you come across a site that is hosting malware, please fill out this short form. Help us keep the internet safe, and report sites that distribute malware. - Google’s Security Blog

If you come across a site that’s hosting some evil evil bad bad stuff: you should report it. Doing so will be good for the health of the internet as a whole and might save you from having to pass by your Uncle Bud’s house to remove some garbage from his PC so he can get back on “The eBay”. The only problem is that people (you, me, Michael Jackson to some degree) quickly become complacent with reporting such stuff if it’s not super quick and easy to do. So… I tossed together a button for Google’s toolbar that makes reporting malware hosting urls easier than your little sister.

How you would normally go about reporting urls:
1. Copy the malware hosting url. That requires a click, drag, click, click.
2. Access your bookmarks and visit the page where you report these things. That requires a click, seek, click.
3. Paste the url into their form. That requires two clicks.
4. Enter the captcha. That requires being human ;-)
5. Click the submit button.

How you will report urls with the nifty little button:
1. While on the malware hosting url, you click the custom Google toolbar button.
2. Enter the captcha.
3. Click the submit button.

That breaks down an eight click, one seek, one drag, and captcha entering process into two clicks and the captcha. And, I used a skull icon for the button so it has a decent presence on your toolbar. The mere presence of that should get you into the habit of reporting stuff as you come across it. For all the security nuts out there, I added the feed from StopBadware.org’s blog. The skull’s eyes will turn red to alert you to any new posts they toss up.

If you already have Google’s toolbar it’s a ‘one click to install’ kinda thing. If not, you can click the same install link to get their toolbar and the button will already be there when the install is done.

To install the “Report Malware Hosting URL” button, Click Here.

I know that the above title isn’t news to anyone. I’ve got a well documented case showing that they aren’t even capable of hiring someone properly though. It’s da funny :P

Go forth and read:
Can MySpace Hear Anyone?

P.S. Be sure to read the comments.

For those of you that missed the insanely huge (over-publicized) story of MySpace filing suit against Scott Richter back in January, here’s a little pre-blog warm-up…

Step One:
Watch this video and bathe in the douche baggery that is Scott Richter, AKA: The Spam King…

Step Two:
Wonder to yourself how I managed to put bathe, douche, and one of the biggest shit bags on the internet into the same sentence without disrupting the space-time continuum.

Step Three through Twenty-Six:

Get that mental image of Doc Brown out of your head.

Step Twenty-Seven:
Go read or reread this old blog entry of mine about MySpace filing suit against Scott.

“Based on [MySpace’s] track record of unrelenting incompetence and boneheaded moves, I find it unlikely that they’re really ready for this war.”

My predictions in that blog entry have proven to be dead accurate so far.

Step Twenty-Eight:
Ponder the notion of me being a time traveler like George Bush to explain away my ability to predict the future.

All caught up? Good. Now, let me explain what all the legal mumbo jumbo in them there fancy legal documents actually means…

continue reading "Spam King Celebrates Legal Wins Over MySpace"