loader

Server Migration

by on July 12, 2012 | Posted in Support

We are moving to bigger, better, server. What does this mean for you? We’re glad you asked.

The Simple Explanation

The server is essentially  the computer that runs your website.  It’s like when you get a new computer and you have to move your files to it.  Though instead of a few folders and files there are about 2,464,254,932  files and folders to move.  You will also get more features at the same low price you are currently paying.  We will be cancelling services like advanced mail because they are now included, so users who were paying for these service before now get them at no additional charge.  The transfers will begin on July 16th, if you need more time or assistance backing up your emails please contact support..

 

The (somewhat) Nerdy Explanation

We are shifting our services to a faster, more reliable server which will move our uptime from 99.2% to 99.9%.  Our new servers will also feature cPanel for account management and you can keep all your domains in one convenient location and manage them from one account.  You will easily be able to access cPanel from your Innovative Solutions account so you can access all your domain tools in one convenient location.   Bandwidth and storage are more limited than on our old servers but we have added other services that were needed and set our limits to a comfortable level.   We also have real time server monitoring so if there is an issue we will know instantly.  

For assistance or further questions please contact support..

No Comment
Read More

We had an interesting virus infection on a netboook last week and thought it would be good to share. This was a 2 hour fight with a click hijacking malware, that functioned even after it was deleted.

What is click hijacking?

Glad you asked. There is a huge difference between pop-ups and click hijacks.  Let's say your in google and you type in weather.  Several sites come up, so you decide to click weather.com.  All of the sudden you are looking at an odd looking site with links to various weather places (based on a true story).  You look at the address bar and see a weird link that is much longer than weather.com and actually doesn't even mention weather.com.  This is a click hijack. It can be deployed different ways, in this instance there was a bit of javascript that ran that redirected the link to the malwares choice location.  

How do you fix it?

This on was a bit more difficult than they are usually. We still are unsure as to how it deployed, most likely some rouge app claiming to be a needed plugin to stream a movie (this was our final conclusion, but the fact is still not known). The first thing we did was take a look at the processes.   Right away I noticed an app called Rn1.exe with a couple friends Rn2.exe, Rn3.exe, and Rn4.exe.  All 4 were running from a temp folder in the users application data folder. There was also a process called something like CTS568732.  Easy enough we thought, I stopped the processes, tracked down the files in the application data folder and deleted them all and the folder called CTS568732. I then removed the start-up process (in msconfig) and deleted it from the registry.  There we go, problem solved. I fired up Mozilla, typed weather in google, clicked weather.com and bam, hijacked. Well, now what?  I right clicked on the page and chose "view source".  There was still a javascript command on each link. No it's time to dive into the Mozilla profile folder.  I opened the prefs file and scrolled down through the list. There were several options that didn't belong, including 3 strip and replace strings for google.com, ask.com, and yahoo.com.  There we go, I deleted all the odd looking preferences and fired up Mozilla. Back to google and weather.com.  Hijacked yet again. After I brief walk to the refrigerator and brief conference, I went back into the mozilla application data folder and started checking each file.  Noticing 3 xmarks files I pulled one open and inside, was some cleverly placed javascript.  There was also a file called source1 that was loaded with links.  After deactivating Xmarks, uninstalling, and deleting all the extra scripts I again attempted to reach weather.com through google only to be sent to a list of sites where I could watch movies.  How could this be?  I opened start-processes since I had rebooted twice, the Rn files were gone,  so was the CTS568732 process. I checked running processes only to find Rn1.exe running with a new file called QUJ6823432.  There was a huge plague of infection, and I could clearly not handle it alone. I fired up internet explorer and went to Eset.com and ran their free online anti-virus scanner. The scanner is not an antivirus protection software, but an antivirus/malware scanner and disinfectant.  Like a Lysol wipe for windows. I ran the full scan and clean of which several Rn files from various areas of the PC were deleted as well as a couple other files, 9 in total.  I shutdown Internet explorer and sent google to weather.com to see today's weather pop-up on my screen. Success.   Thanks to Eset for their excellent utility.  

Why would someone hijack my links, What do they get from it?

In this particular instance, each click redirected the search to another search provider with a list generated from the search terms. The new links page has a click return for every link clicked.  So the Hijacker was making money for every link you clicked after the redirect happened.  Other hijacks can take you to fake websites that try to get you to enter personal information so they can try to steal things like social security numbers, credit card numbers, etc.

How can I be safe?

Guard yourself online.  Only make online purchases from reputable stores and dealers.  One thing to look for when buying from an online store is the address bar, is the page that you put your credit card info into http://www.websitename.com or https://www.websitename.com? The https uses a secure connection and is safer than a http connection.  Using payment methods like paypal also help reduce the risk of fraud and stolen credit card information.

Also, you need a good Antivirus software. We don't recommend bloated software like McKafee.  For our paid antivirus, Kaspersky Antivirus or ESET antivirus are our top picks. For free services we like AVG free and Comodo antivirus and firewall, Comodo can be  bit tedious and is not for the fainthearted.  If you are using a netbook any of these will most likely render it unusable. For netbooks we suggest Panda Cloud Antivirus because it is lightweight.

Also be wary of anything that offers to improve your search results or add a toolbar.  Most of these are less than helpful. Using Mywebsearchbar over google is certainly not going to help your results.  Use the providers you can trust like google, ask, yahoo, and bing. 

Also be careful of any that prompts you to install special "codecs".  If it won't play back with flash or media player you might want to find another place to watch it.  If you download a file you are not sure about scan it before you open it.  If you have an antivirus installed you can usually right click a file and choose "Scan with [your antivirus program name]" to scan the file before you run it.

Have more suggestions or virus war stories? Leave them for us below.

No Comment
Read More