Good grief. What’s up with the Facebook Stalker app (and all the idiots that are promoting it)?

Folks, it’s just another way that scammers are getting you to give up your Facebook password.

Don’t fall for it!

First of all, if your Facebook security is good (no telephone numbers, addresses or real birth years), then you don’t need to worry about those who will steal your identity.

And if you have played fast and loose with your personal information get LifeLock identity theft protection!!!

Secondly, it’s easy enough to tell if you have a REAL stalker (and I’ve dealt with 2 of them over the years).

They don’t just lurk – they pursue you — relentlessly.

They send you every app in the book, send you loving messages and then express real frustration when you don’t respond. (Have you seen “The Resident“? Watch it.)

Dealing with Facebook stalkers is easy — defriend the creeps.

I have 2 Facebook accounts. One for family and REAL friends (those whom I’ve actually met, spent time with… love). The other is for people with whom I do business. Some folks are on both accounts… but never would I allow a stranger into my ‘friends and family’ account.

Back to the point, as far as an Stalker Trackers application on Facebook — there’s no such thing.
The original stalker app was removed from Facebook very quickly due to security issues. Don’t believe that others will be any different.

So, don’t fall for the bandwagon and promote it. In too many cases, it’s just a front for nefarious programmer/scammers to access your account.

One morning back in March, I hit ‘Check Mail’ on my email client and was horrified to see more than 300 emails downloading.

When all was said and done, about 20 of those emails were valid.

285 of them however were all the same – see the screenshot below.

The email came from an adult dating site affiliate program manager who was trying to get affiliates to sign up for his program.

Spamming potential affiliates is bad enough, but worse than that… the email had been sent to hordes of people, all of whom had their email addresses visible because they’d been CC’d, rather than BCC’d.

I immediately assumed that it wouldn’t be long until I started receiving spam program invitations from other affiliate program managers and I was right – the first one came in just a couple of hours later from a program that I’m already affiliated with.

I sent a reply to the 2nd spammer to express my dismay and intent to drop his program.

His reply?

I will look forward to having you back on board after you realize we are the best converting dating site on the internet. Best of luck testing our competition!

Duh!

No apology – just a stupid pitch.

He did NOT reply again after I sent him a link to my “Art of Wooing Affiliates” article published on the Revenue Magazine site.

That wasn’t the only affiliate program that I ditched that day, however.

If you read the article linked above, under “Affiliate Tip” you’ll see how I found out which affiliate program was responsible for selling the email address to the original spammer. It’s a practice I employ with all independent programs.

I found 265 spam comments in my blog’s comment moderation queue this afternoon.

This video shows how I actually do filter through mountains of spam looking for valid comments that go astray and get mistaken as spam.

And although it seems like I’m scrolling through the list pretty quickly, the video (or running Camtasia) seems to slow my scroll rate down by about 20%. So imagine it happening that much faster.

Comments, questions or suggestions? Please leave a comment below!

Cheers,

One of our newest NPT Forum members, DLZ, discovered something odd in the moderation queue of his new blog and was wondering if he’d been spammed. This is the answer to his question.

If you’ve been blogging for more than a day or two, you’ve probably seen trackback requests in your Moderation Queue.

Provided that you’ve set your Discussion options to allow link notifications (pingbacks and trackbacks) from other blogs and require than an administrator always approve the comment, a Trackback request will show up in your WordPress Moderation Queue when a blogger publishes an article on their blog that contains a link to your blog.

Trackback requests are differentiated from normal comments in the queue by square brackets enclosing 3 dots, eg. [...], which are placed at both the beginning and end. The trackback consists of the title of the post, a link to the post, the site’s IP address and some of the commentary surrounding the part of the post that links to your blog… as shown in the graphic below.

You have the option to approve, spam, delete or defer moderation on the trackback until later. To decide whether you should approve, spam, or delete the trackback you’ll need to visit the blog from which the link originates.

My general rule of thumb for trackbacks is to approve them if the author has cited my work, provided proper attribution and added their own commentary on the subject matter.

For example, I heartily approved the trackback shown in the graphic below. Linda Buquet of 5 Star Affiliate Programs had found my “How Affiliate Marketing Works” video and blogged about it in a post entitled “How Affiliate Marketing Works – Great Video for Newbies“.

Not only does her post lend credence to my video, but the content on her blog is of value to my readers – those in interested in affiliate marketing – so of course I’m more than happy to share some linky love with Linda.

On the other hand, the trackback in the first graphic was not only deleted but marked as Spam.

Why?

Well, first of all, I would delete this trackback because this blogger’s post had nothing at all to do with the post on my blog to which he linked. He was talking about scam affiliate products with ‘bad ratings’ (whatever that means), picked up on my post about Affiliate Marketing with a Bad Credit Rating and apparently decided that the subject matter was what… close enough to be relevant? It was NOT in the least bit relevant and therefore patently obvious that the blogger linked to my post just for the sake of the trackback.

And although I could just delete the request, I chose to mark this trackback as Spam for the simple reason that this blogger has been consistently targeting my blog (and other’s) with spammy trackbacks.

WordPress is smart.

Once a trackback from a particular blogger (IP address) is marked as spam, you won’t be bothered with having to moderate trackbacks in the queue from that blogger anymore. Their trackbacks will be sent to the Spam queue immediately where they will wait until you hit the ‘Delete All’ link and get rid of a couple hundred spam comments and trackbacks all in a single click. Killing that much spam should give you a nice little rush to boot.

The point is to set your discussion options so that all comments and trackbacks are moderated. Take time to evaluate the post from which the link originates and decide whether or not the content is worthy or just there for the sake of the link, i.e. spam.

One of my servers was recently hacked — and although I don’t want to alarm you, you should know that your sites could be subject to attack at any time.

To help you protect your sites and your data, in this article I share what happened to my sites and why.

More importantly, I’ll tell you what I learned about defending my server, sites and computer against hackers.

What do hackers want?

Although some hackers get their thrills from breaking into and vandalising your property, most hackers are thieves. They may be identity thieves looking for credit card information, or they may want access to copyrighted works or sensitive intellectual property either for their own use or for the purpose of resale. Still other hackers are hijackers, who want to use your computer or server to send out spam email in phishing schemes.

Lucky me, I got a multi-purpose hacker(s) who demonstrated talent in 2 of the 3 categories above.

When Steve of DataWebPro discovered the problem, 250,000 of the spammer’s emails were ready to be delivered from my server — and we have no idea how many were sent.

While the hackers were having their jollies, the sites on that server slowed to a crawl and crashed a few times.

It’s nearly a month after the attack and we are still discovering that email sent to our customers with product download information, or to which they’ve subscribed in order to receive update notices from the forum, is being rejected by certain ISP’s, i.e. black-listed.

A bigger problem that was discovered during the episode was that one of our customer databases had been corrupted. Worse, it had been down and out for so long that the server backups couldn’t be used to rectify the problem.

Although both the blacklistings and database problems are resolvable issues, they have been a HUGE hassle and neither the incantation that Steve offered, nor the prayer sent by Andrew have been of much help.

So far, rebuilding the database has involved hour after hour of mind-numbing multi-platform data mining and entry which promises to continue for at least another 2 weeks.

How do hackers gain access to your account?

You’ve probably heard of worms, viruses and Trojan horse programs that can seriously damage or make your computer vulnerable to remotely controlled exploits.

Hackers like to look for ‘security holes’ through which they can gain entry without much trouble. These holes frequently exist in the programs and plugins that we install on our sites.

Hackers also use programs that are designed to figure out the passwords to your accounts. Typically known as brute force password attacks, these programs run through letter and number combinations until it gets a match and gains access to your account. When your server is being bombarded by one of these attacks, the sites may become interminably slow.

Perhaps the ugliest type of hack is the one to whom you gave your password willingly because he or she is doing some programming work on your site.

How to foil a hacker

At very least, we should protect our computers and data with routers, firewalls, anti-virus software and external hard-drives.

Remember, it is not enough to install these programs and hardware, we actually have to use them. For example, set up your anti-virus software to download updates automatically. Likewise, program your external hard-drive to automatically back-up your data on a regular basis.

If you are on a managed server, such as a BlueHost hosting account, login into your cPanel and Fantastico interfaces regularly and update your installed programs as the upgrades become available.

If you want to install programs and plugins that don’t come with Fantastico, research them for known ‘security holes‘. Better yet, ask the technical people at your ISP if they have information about the program. Because they are just as keen as you are to stop hackers, in many cases, they will research the software for you.

Too, don’t leave unused WordPress themes on your server, and un-install unused plugins.

Stay alert for unusual activity on your accounts. If you have trouble logging into any of your accounts and you sure the username and password is correct – alert your ISP right away and send the account name with logins.

If you are running a membership software such as Amember, you can prevent bruteforce attacks by setting an incorrect login attempts limit. That allows a user to make a mistake in entering their username or password only a set number of time times, i.e. 3 or 4. If the user exceeds these attempts the system will either lock them out of the system or prevent any future attempted logins.

If you need a programmer to tweak a particular piece of software, go first to the developer and find out whether they will either do the work or if they know programmers who are experts with that software. Otherwise, ask your friends if they can recommend a programmer whom they trust.

When you hire a programmer for a small tweaking job, set them up with their own password which you then cancel as soon as the work is finished.

Do NOT use duplicate passwords, i.e. use different passwords for your affiliate accounts and server access. For your best defense against bruteforce password attacks, be sure your passwords are comprised of numbers as well as uppercase and lowercase letters and change your passwords regularly.

Last but not least, backup your sites’ data! Although they probably do, it is not enough to count on your ISP to back up your site regularly. You can generate your own full site backups manually from cPanel.

A alternative that may be preferable however, is to install software that does automated backups and has a quick and easy restore process such as Affiliate Backup. At the time of the hacker attack, I had Affiliate Backup set up on only one site — now it is set up to run on all of my sites. And yes, I AM kicking myself for wasted a pile of cash on weeks worth of data entry, when I could have had another instance of the program installed for $57. DUH!!!

Although there is no way to completely eliminate hacker attacks, there is plenty you can do to prevent them from gaining access to your site. DO make the time and effort to protect yourself, because doing so after the fact takes 100 times more time and effort.

Over the last couple of weeks the email address posted on my domain records has been completely inundated with emails sporting subject lines such as “Website Advertising Enquiry” as shown in the screenshot below.

These emails typically show up with one of the following subject lines:

• Website Inquiry
• Website Advertising Inquiry
• Marketing Inquiry
• Website Partnership

Although it may be tempting to respond to someone who is offering to pay to advertise on your site… do not take the bait and DO NOT REPLY.

They’re spammers and it’s a phishing scam just to get your email address.
[tags]phishing,email,scam,spam,spammers[/tags]

If you tried to access the site yesterday, you probably found it a slow load – if it loaded at all.

That’s because some dastardly, rotten, no-good email spammer hacked into the server and used a forgotten test blog to send upwards of a quarter million emails. The server crashed, but fortunately my fabulous web guy, Steve, at DataWebPro, brought her back to life again.

Now, you may remember that Steve provided me with an incantation to solve database errors.

Well, I have a prayer for anyone affected by spammers and it goes like this:

May the fleas of a thousand camels infest the crotch of the person who screws up your day and may their arms be too short to scratch… AMEN

Many thanks to my nephew Andrew for sending that prayer to me. I’ve had it up on my bulletin board for years, and always knew there would come a good time to share it.

This hat is the best blog comment spam filter ever… not.

Actually, the best blog comment spam filter is the one that comes with WordPress. It was developed by Matt Mullenweg and is called Akismet.

Akismet checks comments posted to your blog against the Akismet web service to see if they look like spam and you can review the spam it catches under “Comments.”

Akismet is now catching approximately 1500 spam comments per day here at the NPT blog.

In the picture below, you’ll note that there were 4,731 comments in the Akismet filter waiting to be trashed (I emptied the trash about 3 days before I took the screen capture) and that the plugin had caught 67,694 blog spam comments since I first installed it.

I just noticed that Akismet picked up 10 more spam comments in the time that it took me to write this post!

To use Akismet, you will need a WordPress API key. To activate Akismet, go to “Plugins”, scroll down to “Akismet” and click “Activate”. Enter the API key at the “Akismet Configuration” page, also under the “Plugins” tab.

As your blog gets more and more traffic, you’ll be SO glad you installed Akismet! I certainly am!

[tags]Akismet,wordpress,plugin,blog,comment,spam[/tags]

I stumbled on GeurillaMail a few minutes ago and what a great idea!

The website provides you with a disposable e-mail address which expires after 15 Minutes. You can read and reply to e-mails that are sent to the temporary e-mail address within the given time frame.

What a brilliant way to keep the spam at bay!

The affiliate spammer mentioned in Affiliate Spammer and the Super Affiliate Handbook has been blacklisted from promoting any ClickBank products.

Coincidentally, shortly after I received that confirmation from Clickbank, that post received a very nasty comment from ‘chris’, who called me a thief and various names associated with the female anatomy. I trust that ‘chris’ was the spammer in question and I’m glad that he’s angry.

Now let’s hope that ‘chris’ grows up and gets angry at himself long enough to learn a valuable lesson that his mother should have taught him – cheaters never prosper – at least not in the long term.

[tags]Super Affiliate Handbook, Rosalind Gardner, affiliate, spam, Kowabunga, Clickbank, spammer[/tags]