So the church hosting account got hacked.

I don’t really know when but the first I was aware was a very terse email from our hoster:

Hello,

We regret to inform you that your account has been suspended for the following reason:

compromised account, spamming

Please contact us as soon as possible to discuss your options for reinstatement.

Sincerely,

Well ok that’s fair but surely they could have given us a clue as to what caused them to be aware of this so we are better able to fix it, prevent it happening again and discuss it.

Turns out the rather simple password that was used for the cpanel account was just that – too simple and consequently the hacker placed a few ‘iffy’ PHP files that were (so I’m told) sending out spam.

I’ve passed the file onto my eldest – he does PHP – and asked him to look it over.

The lesson today … use strong passwords.

Don’t know how or worried about remembering them? Then read this about various password utilities. Need to create a strong password and don’t have one of the listed tools in my link then try this online password generator. My advice, at the very minimum use the defaults but preferably up the character count to 16 or more.

Want to know what makes a strong / secure password? Then have a read of this article.

• Do you use strong / secure passwords?
• Do you have a different one for each site you access?
• Do you use any tools to help you?

First off, what is phishing?

phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. [quote]

According to the Anti-Phishing Group this type of attack is very much on the rise – it is, as I’ve maintained before (e.g. 1, 2), that we should learn about the hardware and software we use and understand what we need to do to ensure the security of said items.

Let me state upfront – you can’t prevent phishing attacks, but you can prepare yourself by taking certain precautions.

• Ensure you keep your computer OS, software, drivers, etc., up to date.
• Ensure you frequently scan your system (either schedule it or manually run) with a top class security tool such as Malwarebytes or similar.
• Ensure (especially Windows OS users) that you keep your anti-virus up to date; that it is running and that it is still working as well as you hope. Check out what independent reviewers / testers such as AV Comparatives think of your AV.
• Always check the full URL of a financial site to ensure you are where you think you are – better still, type it yourself rather than use links in an eMail.
• Don’t trust any eMail that asks for any personal information, especially financial.
• Always check that the email from your financial institution is actually from them.
• Never give out your personal logon details to anyone – this includes your bank as they should never need that information.
• Take the approach of never trusting any eMail or web link unless you are 100% satisfied that it is genuine or has come from a trustworthy source.
• Equally, never open any attachments (especially from friends) unless you know they are sending it. It never hurts to double check.
• Finally, when logged in, ensure your browser is in secure mode.

In short, apply some common sense and avoid providing anything of a financial nature to a faceless website or eMail.

As I said above, you can’t prevent phishing attacks but by applying the above steps you will go a long way towards avoiding falling for their traps.

Also remember that only a few ever fall prey to these attacks and I’m hoping the above advice will reduce those numbers even further.

Have I missed any advice in my bullet points?

Do you take active steps to avoid scams?

Or are you a blind truster?

I want this to happen but at the same time I’m not sure I want to hear what you folks really think about this blog!

Do I honestly want to know what you think or am I happy to live on in blissful ignorance? Being the person I am I’ve opted for the latter and am grateful to Paul at OurChurch.com for giving me the opportunity to be reviewed by my fellow bloggers on the 31 Days to Build a Better Blog challenge.

So onwards then.

To give some idea, I’d really appreciate feedback on the following items (one, many or all), but do feel free to throw any brickbats my way no matter how trivial they may seem to you.

So, layout and design first:

• General layout, font size, width of the text (I want it wider – do you agree?) or blog, readability, etc …
• Colour / graphic elements. Is it too blue? What about the header – I know I need a graphic / specific ChurchTechy logo but I’m grappling with lack of ideas – can you suggest something or better yet design me one?
• Sidebar elements. Is there too much, too little? If so, what should change?
• Would you prefer the “alternative layout” (see bottom of the post for an image and the bigfoot bit would become a CT image)?
• Advertising – I’ve been an avowed anti-adverts person partially because I don’t want to get into the battle of trying to understand them and integrating them but mostly because I’ve not taken the blog that seriously. But if I included adverts would you care? Would you click through if relevant?
• The “more tag” – until recently I’ve been a regular user of the more tag so as to keep the homepage down to size, but of recent have stopped that as most folks land directly on the post page anyway. But I really want to know if you click through when you see the “read more here” tags or not?
• Does the blog display well in your browser of choice? If not, what’s wrong / missing / broken?
• Is it easy enough to find other content?
• Have you noticed the Skribit tab on the right hand side? Would you ever use it? Or should I dump it?

And now some thoughts about the content:

• Are my posts too technical or too dumbed down?
• Do I come over as patronising?
• Am I covering the topics that interest you?
• If not, what’s missing?
• Do you like my use of graphics? I decided about 6 to 8 months ago to start using them in every post – should I do more, less?
• I know this is a technically aimed blog but of the posts you’ve read are they aimed right for you? Would you care if I included off-topic posts? Please also tell me if you are a technical or non-technical person?
• Are my posts too long? Or should I offset those by including shorter ones?

And a final area of thoughts comes under other:

• Does the site load quickly?
• Do you like the use of the IntenseDebate plugin?
• Would you like more options to register for commenting?
• What about my ‘About‘ and ‘Vision’ (EDIT: no longer present)pages – are they useful? Do you ever read these things? Are they missing anything or do they have too much/ little in them?
• If I didn’t have a tag line (mine’s “Where Tech meets Church”) would it matter?
• Anything, and I mean anything else?

Click for larger version

Thanks for taking the time to read this request for a review and I do hope you take the time to consider and answer as many of my queries as possible.

If you only have the time or patience to answer just one point then that too would be as useful as answering all the points. Finally, if you want to address any of the points in greater length then do feel free to use my contact me form.

Today I’m starting a new series on “Internet Safety”. And I’m going to call it Internet Safety Sunday or ISS for short so that it can be utilised as search keyword on Twitter.

The idea being that every Sunday I publish a tip, software review, advertise links, give my opinion, etc… on the subject matter of internet safety. Although not directly related to the most recent lessons in the ProBlogger 31DBBB course, not indeed any of its lessons, I feel a series is something this blog is lacking.

So to start the series off here’s my opening tip:

Establish Guidelines

Be you a parent at home, a business or a Church then you need to have clear and established guidelines.

• Establish a policy for acceptable computer use.
• List what may or may not be allowed including clear rules about time limits.
• Be upfront with your children / employees / volunteers that this policy will be enforced and monitored.
• Try to set a policy that respects their privacy whilst maintaining your rights over the equipment.

Specifically I’d add the following when children are involved:

• Don’t allow internet enabled computers in a child’s bedroom. Keep it in a public area.
• Set time limits.
• Consider their age, maturity level and inclination towards risky behavior when setting any guidelines.
• Discuss beforehand what to do if any issues arise.

What about your guidelines?

Do you have any at all?

Why / why not?

This post is a request for any assistance I can get.

It’s about a mistake or an oversight when setting up a Windows 2003 server running Active Directory (AD) and DNS. So if you know nothing about these things then please feel free to check out one of my other more regular posts – such as this one.

- o – o – o – o – o – o – o – o – o – o – o – o -

OK, on with the issue.

Please bear in mind that this used to work using a workaround despite the oversight. It stopped working when due to reasons beyond their control our hoster had to put us on another server and hence a different IP, but more on that in a moment. (more…)

As part of the 31DBBB challenge we’ve been challenged to write a list post as list posts are succinct and hit the reader right where they are at.

So, keeping in mind that this is a tech blog, here’s my list post for today’s part of the challenge:

• Run a computer workshop.
• Run a “Parents Internet Safety” class.
• Run a “Youth Internet Safety” class.
• Find a local church that doesn’t have a tech volunteer and volunteer.
• Learn some new tech or software purely to help your church.
• Take one section of your church and find a way to make tech more useful to them.
• Offer to train non-christians on better, safer, more effective use of their tech.

I hope these prove of some use and certainly some of these I’ve undertaken and others I plan to.

What other tech ministry ideas do you have?

I’m not usually a person who falls easily into scams or attempts by others to obtain more money for a product than it is realistically worth.

But this one got me.

If I asked you what NOH means, would you know?

What if I said it was on a website that sells products?

Still no idea?

Well that’s ok, because you won’t be alone. I asked my contacts and friends via facebook and twitter and whilst I had some excellent guesses and some fun ones, not one of them was right or even close to being right.

First, a bit of history. I was probably the first keeper (read maintainer) of text speak acronyms (as they’ve become known) on “teh internets”. It was an ascii document full of smilies in all varieties, TLA’s such as IANAL, and it even had some ascii art in it. You’ll see the linked doc has my old, now defunct, email address and is from Feb 8th 1994 but I’d been maintaining it for a couple of years by that stage.

I tell you this to let you know that I do acronyms. I get them. I understand them and I’ve seen most of them already. If I don’t know them, then google is but a click or two away. But NOH had me thoroughly foxed.

When I saw it in the context it was in it was laid out this way:

Product Name Model NOH Get FREE blah - where ‘Model’ was a combination of letters and numbers.

Later on the same page it repeats the black boldened text but this time it is non-bold and nothing else on the line.

So would you then expect, as I did, that the NOH was simply an extension of the model?

Maybe you wouldn’t, but I haven’t found anyone yet that understands what it meant out of context or even in.

But I do know now.

After I purchased said product.

It means “Newly OverHauled” as in refurbished or second hand.

Last time that one gets me and I hope this goes some way to helping others.

Icon courtesy of icons.mysitemyway.com

I love free and I like ScriptLogics stuff – however most of their stuff is not free so I tend not to visit too often.

Today though I’ve taken some time to see what their latest products are and guess what, they’ve released it as free. The latest (?) tool in their armoury is “Privilege Authority” which is sub-headed as ‘Users Need Rights Too‘ and I agree.

Privilege Authority is designed let the Windows network admin establish what aspects of Windows “users can manage without making them local admins. By defining elevation rules within Privilege Authority, user privileges are automatically elevated for specific actions that currently require administrator access”.

Sounds good to me and I can think of at least two uses for it already.