HOEI

The MakeUseOf.com domain seems to have been hijacked over the weekend.   The guys over at MakeUseOf.com have set up shop temporarily on a Blogger platform at makeuseof-temporary.blogspot.com. The hosting company (GoDaddy.com) released the domain to someone who was impersonating the owner of the domain.  Here is what Mark from MakeUseOf.com had to say:

“Now it turns out that in order to transfer the domain, Ferank (or someone helping him) called up GoDaddy and impersonated Aibek. At that point he had already access to our account (or at least had enough information to recover the username/pass for the account) and basically said “hi, I’m the owner of MakeUseOf.com, please transfer the domain”. GoDaddy then complied. “

The Real Truth Behind The MakeUseOf.com Domain Crack

The plot has thickened because the hijacker (aka Ali Ferank) has requested a ransom of $2000 for the safe return of the MakeUseOf.com domain name.

What I would do if I woke up in Mark and Aibek’s shoes:

1) I recommend that the MakeUseOf.com team go over and take a swim in the ICANN registrar transfer policies to determine what pressure can be placed on GoDaddy.com to take some responsibility for what happened.

2) I would get Google involved since the  person currently holding the registration is using Goggle as the email host provider.

The following shows the current WhoIs for MakeuseOf.com:

Registrant Contact:
DomainsGame LLC
Ali Ferank

Alhana baghas nara St
Dubai, NA 85445
AE

Administrative Contact:
DomainsGame LLC
Ali Ferank ()
+1.5544415212
Fax: +1.5555555555
Alhana baghas nara St
Dubai, NA 85445
AE

A quick nslookup for the MX record for the email domain listed in the registration information shows that DomainsGame.org is using Goggle as a host for email services.

> domainsgame.org
Server:  vnsc-pri.sys.gtei.net
Address:  4.2.2.1

Non-authoritative answer:
domainsgame.org MX preference = 30, mail exchanger = aspmx3.googlemail.com
domainsgame.org MX preference = 30, mail exchanger = aspmx4.googlemail.com
domainsgame.org MX preference = 30, mail exchanger = aspmx5.googlemail.com
domainsgame.org MX preference = 10, mail exchanger = aspmx.l.google.com
domainsgame.org MX preference = 20, mail exchanger = alt1.aspmx.l.google.com
domainsgame.org MX preference = 20, mail exchanger = alt2.aspmx.l.google.com
domainsgame.org MX preference = 30, mail exchanger = aspmx2.googlemail.com
>

3) I would give these guys at Moniker Privacy Services a call to see who registered DomainsGame.org.

A WhoIs on the DomainsGame.org domain shows it registered to:

Admin ID:MONIKER1571241
Admin Name:Moniker Privacy Services
Admin Organization:Moniker Privacy Services
Admin Street1:20 SW 27th Ave.
Admin Street2:Suite 201
Admin City:Pompano Beach
Admin State/Province:FL
Admin Postal Code:33069
Admin Country:US
Admin Phone:+1.9549848445
Admin FAX:+1.9549699155
Admin Email:

4) I would not assume this to be an international issue just because the person gave a Dubai snailmail address.

Conclusion

In the meantime GoDaddy has told the MakeUseOf team to realax in a bowl of legal stew.  GoDaddy is obviously trying to determine their liability in this matter before taking too much action.  Lets hope that GoDaddy is not one of the registrars described in the Wikipedia explanation of Domain Hijacking and Domain Theft.

“However, it is well documented that some registrars will admit no fault in accepting the forged credentials and will refuse to correct the record until forced by legal action. In many of these cases, justice is not done and the hijacker retains control of the domain. The victims of such theft often do not have the resources or willingness to invest the effort necessary to regain control of their domain, which may require a lawsuit or a lengthy and time-consuming arbitration process, especially if the hijacker and victim are in different countries.”

GoDaddy.com has a chance to avoid more of the “GoGaddy Sucks” articcles if they handle this correctly.

The first questions to ask before buying a laptop is, “what will the laptop be used for and what are your accessory needs?”  I will give a couple of examples of decisions I have faced when searching for a laptop in the past.

User 1 - For a stay home mom who will be surfing, checking email, and saving a ton of digital photos (accessory via USB) Oh, and we doesn’t really like touchpad mouse option:

Answer: Look for cheap, wireless, DVD Player, and pointing stick option.  You may need to look for a huge hard drive, but maybe not.  I’ll come back to that.  You can find a good fit for this solution on auction sites or when employers cycle out and replace old machines. The last one is how I scored a $100 laptop (2 Ghz, 1 GB Ram, 40G HD).  I had to add a PCMICA wireless card since the smoke’n deal did not include integrated wireless.  As for storage, you may be able to make use of a networked server/workstation shared drive to Backup and store excess photos.  This is what we do sine we have a fairly small hard drive.  This latptop at your house can be a Mac, Linux or Windows machine.

User 2 - Road warrior network security engineer running virtual machines on the laptop and doing extensive data gathering (packet captures and vulnerability assessments) in addition to email, browsing, and document creation/editing (including detailed network diagrams and data manipulation using spreadsheets and databases).

Answer: Get a fast machine, with a good amount of memory and storage space. It must be fairly light weight and it MUST run Windows XP or Server 03 (MAC is a bad choice). You must run a dual boot feature with Linux or at least have a copy of Linux running in a virtual machine that executed from your hard drive.  Other virtual machines are often useful, but they can be stored on removable media.

That leads me to my final point.  Don’t get to wrapped around the axle on hard drive space on this machine but rather go with the largest drive that is available at the fastest generally accepted speed category available on the market.  For instance, I would go with a 200GB - 7200rpm/16MB Cache over a 320GB - 5400rpm/8MB cache.  Hard drive performance (i.e., spindle and read/write speed, cache, etc) is one of the most overlooked performance features on PCs and laptops. As for additional space, you will likely need some removable media anyway.  Removable storage is dirt cheap at less than $150 per TB.  As for solid state drives, they still have some maturing to do before a serious road warrior should trust them.

Rachel over at Christians in Good Company has a post titled Google Reader: Friend or Foe? and it made me consider how feeds may be adversely affecting blog traffic.  I am not talking about your blog’s feed hurting your traffic even though that could be true since you don’t get hits on those readers if you are providing full post content in your feed, but rather I am talking about the feeds we read via tools like my Google Readers on my iGoogle page.  Much like Rachel, I often skip the process of visiting and commenting on posts I view in my reader even though I traditionally would have left a comment on many of the posts I read.  In my opinion that can and has led to the decline in traffic on my blog(s) since I am not leaving those little link crumbs pointing back to my blogs since I am not commenting nearly as much as I used to.

I have been furiously testing Twitter gadgets just like a slew of other folks. Live happened and I did not blog or tweet much for a couple of days. However, this blog and my Twitter home page did not get the memo to stop the presses until I returned. Below is what happens when you tell Twitter Tools to “Create a daily digest blog post from your tweets?” and at the same time telling Twitterfeed to post tweets for all new posts.

And here is the Twitter end:

The way I stopped the loop was to disable the feed for this one domain in Twitterfeed.  I have activated the “Create a tweet when you post” option in the Twitter Tools options.  We will see how that works out.

Mrs. Ozz is a genius! Tonight she asked me, “what happened to Lowcountry Christian Community School web site?” As you can see from that link, there is little to see on their web site right now, well at least until I complete the instructions I am about to share with you. I told Mrs. Ozz that the LCCS administrators had let their domain registration and hosting service expire. This resulted in the hosting service deleting all of the HTLM files for that domain to free up space for the next paying customer. I told my wife that the school administrators had asked me to help build a replacement site which I had promised to do when I got some free time.

The next thing out of my wife’s mouth made me feel REALLY stupid. She asked, “can’t you just get a copy of the site from one of those online services that saves everything automatically?” My response was, “You are a GENIUS! I have not even considered that.” She turned a couple of shades of red as I proceeded to follow her advice.

What she is talking about is something like the Internet Archive WayBackMachine. As a result of her suggestion, I have been able to recover about 90% of the content from the original LCCS web site as it was last displayed in August 2007.

To recover the site I did the following:

1. Searched archive.org for the LCCS site
2. Clicked on the most recent copy of the site (Aug 2007)
3. Using Firefox - selected File - Save Page As (making sure to choose type “web page complete”)
4. Navigated to each subpage and repeated step 3 for each
5. Edit the content and FTP it into the new site location (In Progress)

That’s it. Now I have a pretty solid copy of the content from the school’s site prior to their domain and hosting service expiring. I can use these HTML pages to create the same look, feel, and content that they had prior to the expiration.

By the way, you have not heard the last of Mrs. Ozz. She has got the itch to do a little blogging. She will be joining me on The Land of Ozz(s) and she may actually jump into the mix over at GrowingKids.org as well.

Not so fast there cowboy!

I will step out on a limb here and say that there are very few people who build a publicly accessible blog or web site with the intent that no one will ever visit. While that was not my intent when I built Blog Community College (BCC) more than six months ago, the harsh reality is that less than fifty people total have visited the site since it was built. Well over half of the 42 unique visits to the site to date have come from me or my co-author Chad.

Site Meter stats more than six months after the first post.

There are a few lessons to be learned from this unplanned exercise in blog flop:

Publicity Required - Building a blog requires some very basic marketing if you want people to actually read the blog. We might start by:

1. Registering the site with search engines
2. Using BCC’s URL as my “Website” when commenting on other blogs
3. Notifying other bloggers of BCC’s existence
4. Emailing a  few friends

More Content -Only one video tutorial has been posted out of nearly a half dozen that are in various stages of editing.

Follow Through - Continue you what you start.  While I have not done very good on this so far I believe that this is a pretty good idea for a blog.  That said, there is no reason to sit on it.  It is never too late to follow though.

A flurry of comment spam has been going around in recent days with the following message:

“very interesting, but I don’t agree with you
Idetrorce”

There is no URL and the message is exactly the same on all the blogs where you find this comment.

What is this comment all about and who is Idetrorce?

In my humble opinion, this is a pre-attack campaign for a bigger spam campaign that will come in the next few weeks. The comment above would be okay on most blog posts since it is not trying to link people back to a product of service and it is just a polite disagreement. Once posted on a loosely moderated blog, the blogger might get a bad rap for deleting such a non threatening comment. Read the editors comments on the wormblog comment number 12.

“So I googled and found that it is indeed SPAM.

I am leaving it up though as I would never wish to be accused of deleting someone who simply disagreed with me.”

If a blogger does not block the email address and user name associated with this comment, then they could be opening themselves up to something much bigger coming down the pipe. That is just one man’s opinion. I am not afraid to delete and edit comments on my blog. I have even deleted some comments from people who agreed with me. When it’s my blog I will do what I think is in the best interest of my blog.

I do strict moderation on all comments on some of my blogs. There are very few terms I force moderate on here on this blog, but this user name and email address will be added to my list. I recommend you do the same with your blog. I just don’t have a good feeling about this Idetroce character.

In Wordpress

Go to your Dashboard and select Options/Discussion. Scroll down and enter the user name, email address and IPs from this commenter. By the way, the IPs this person is sourcing from are out of Amsterdam.

The following video was recorded from a Windows XP laptop. This short lesson demonstrates how to connect to a FTP server using Windows Explorer and transfer a file from your PC to a FTP server.

Don’t forget to change the time on your WordPress software if you live in one of those areas that plays the daylight savings time game.  I have not yet found a plugin that automatically adjusts the blog time the way many operating systems do.

When ranking the security status of a PC on a scale from 1 to 5, with 5 being the most vulnerable, this PC ranks an 87.

This is a screen capture from the Windows Update site for one of my laptops shortly after installing Windows XP Professional and adding Service Pack 2.  Choosing to ignore these updates leaves a PC very open to attacks especially if the machine has not anti-virus software and a firewall is not running.

Visiting the Windows Update site is a good first step to securing a PC.  There are a few other things that I would highly recommend when building or buying a new PC.

1. Purchase and install an enterprise grade anti virus application and subscribe to automatic signature and software upgrades.
2. Install a client based firewall application, especially if you will be connecting to public networks.
3. Use VPN software and SSL (https) web sites as much as possible when on public WiFi. (more HOWTO details to come on this subject)
4. Update your other third party applications on Windows regularly and enable automatic updates where possible. (i.e., iTunes, QuickTime Viewer, Java run-time, etc.)
5. Verify that your PC is not trying to automatically reconnect to Windows Network shares at logon.

I can not impress upon you bloggers how important number three is for those of you who frequently log onto your blog software via http (tcp port 80) over a public wireless access point from a hotel, coffee shop, or your favorite lunch location.  The software to enable a hacker with the capability to capture your user ID and passwords over a public access point is widely available and very easy to use.   The same from utilities can be used to capture unencrypted passwords used when accessing email, ftp servers, and web site control panels.