FFXI Blog Writers, heads up!

According to a BG article, RMT have started targeting Blog owners like WordPress (the Operating System of Blogs). You can read the BG post if you’re interested.

I’ve mention this before on my Update on Account Security post, to remind administrator to keep their software (forums, blog etc) updated. I personally saw it coming because the moment I saw RMT trying to post comment in my blog about selling FFXI gil, I know they are up to something.

The exploit for those blog owners are the same ones exploited in somepage, by injecting an iframe (adding a line of code) into your webpage, that connects to another server to retrieve more codes.

For the less tech-savvy blog owners, you should just keep it updated. WordPress gives tons of control over your blog, but controls simply means more opportunity to exploit a flaw in your database. Also, not only wordpress flaw can be dangerous, but also Themes that we use. I’ve read that some themes now contain malicious code when you download them. Since I go into the code and do personalization, most of the time I know what’s in the code but, for those that don’t customize and just slap a theme on, be sure to only get your theme from wordpress.org, they might not have the best theme, but they will have the theme code that was written by the author.

Just remember, your blog and forum are read by your friends. By not keeping it secure, not only you harm yourself, but also all your friends.

So again, for the 100th time…

• Use Firefox, with No-Script, and of course keep it updated!
• If possible, just surf on another PC
• Don’t visit a website that is -not maintained/updated-. Chances are if they don’t update their content, they don’t update their blog software / website, (kinda like how somepage haven’t updated for awhile), hence don’t even know their website’s being compromised.
• If you’re lazy and just don’t understand or have the time to update your own blog, considering using a blog that’s automatically maintaned like Livejournal, Blogger or a WordPress.com, where they do the dirty work for you.

Little Extra Reading on Security

I havta say, I myself is also a little bit paranoid about these crazy hackings. I did a little research and found out there’s an independent company call AV-Comparatives! They do nothing but test anti-virus software for a living. Basically, they load up a PC with all Trojans you can ever find and have a anti-virus scanner to pick it up. The more you pick up, the better of course!

Here’s a paper on it.

For those who’s too lazy to read, let me summarize. The best one which can pick up most virus (including fresh new ones) is Nod32 (which Taj recommend), follow by Kaspersky (which I use), while not providing false alarms (Eg. which detect your Windower trying to hack FFXI, and delete your Windower altogether lol…).

Nod32 itself is a nice AntiVirus software, but since Kaspersky also bundles a Firewall, its a nice combo to buy together. These two are the strong ones which pick up a lot of old ones, and a lot of new ones. So if you’re a little bit paranoid about it, then these are the two AV that you want to have in your computer.

If you’re a blog owner, consider subscribing to http://blogsecurity.net/ ^^; keeps you updated with latest tricks of how people rip apart your blog!

Anyway, if you keep your Windows and AV updated, there should be nothing to worry about. :) See that “9000” Spam that I blocked… yea… bad RMT comments goes there (RMT comment with bad URL of course :/). I’ve also check my own and all others that I host (Sakura’s, Ashiya and Sohjai’s), they are also okay and not affected. Btw, there’s a new patch for WordPress around 18hrs ago ^^; be sure to grab em (its pretty serious flaw too, so make sure its patched)