It is a SPAM

It is a SPAM

I think this is a similar topic we have discussed not long ago. Let me refresh your memory on this about spam email.

What is your definition of a spam email that you have received? Right, most said unwanted email. Wait a minute, how do system knows you want or don’t want the email? Here’s the problem, an email server or an antispam does not know you want that email to be detected as spam.

So, the understanding of an end-user and the definition set in the server are not the same. Well, we try to minimize this false-positive but this is happening.

The less sophisticated antispam uses RBL. RBL is known as a realtime blackhole list, this is the most basic and common way to fight spam. The type of techniques is based on the source of that email. If the RBL has blacklisted the source base on IP address. Somehow it has worked but it isn’t perfect until if someone’s account is compromised and it was used to send spam.

Then with SPF & DKIM, to tell others I only send out my organization’s email on these email servers and signed my outgoing emails as shown in my domain’s DNS. The trouble is others in the organization were not informed if they were sent from anywhere or the server’s IP address is not stated` in the SPF. In this type of scenario, emails were genuine can be rejected or quarantined.

Servers with antispam mechanism, no matter how sophisticated they are, it boiled down to compliance. Servers don’t read your thought, they are set up with preset rules to determine an incoming email is spam or not.

So if you are sending emails from an email server that has not been defined in the DNS or an outgoing email was signed but it was not matched the key published in the DNS. Even that you are representing the organization. your email will be rejected.

More intelligent email antispam read incoming emails if the content or words look spammy, they can be rejected too. These are a few techniques are used in antispam.

I want to mention this to all email server’s administrator, please send a returned message if you reject the senders’ email. I have seen email was rejected and dropped quietly, made tracing difficult.



WordPress Duplicator Vulnerability

WordPress Duplicator Vulnerability

A crucial vulnerability was found in the popular Duplicator plugin in WordPress. It has affected more than 1 million websites, so we urge you to act quickly and take proper actions to mitigate the vulnerability discovered in this addon.

Updated duplicator 1.3.28 can be found here

If you have installed the duplicator, even for the PRO version, I suggest you update your database credential when you are updating the plugin.

You can minimize your risks with our shared hosting and cloud hosting, websites protect by Imunify360.

The best anti-virus?

The best anti-virus?

ANTI-MALWAREIt has been quite some time that I’m writing an article at Vastspace. Not really that I’m lazy to write, just that I cannot think of a topic to share. Today, I’m sharing something that I have done during my last weekends, anti-virus.

Anti-virus has become must-have protection on computers, especially if you are using a Windows OS computer. I have a Linux, a Mac, and a Windows laptops I have Sophos on my Mac, ESET on my Linux Ubuntu and now Norton360 on my Windows laptop.

You have many choices on Anti-Virus, not for Linux though. What is the best? Actually, I cannot tell who is the best as an end-user but I can share with you the performance and usability of the popular one like Bitdefender, Norton360, Avast, Avira, and Kaspersky.

These are a few of the makers that I have shortlisted for my Windows laptop. I have been using Bitdefender. It has done a good job, blocked many attacks. However, it has given me the feeling that I should try others. So, I did and I installed trial copies except for Norton360 that I have bought the actual one.

norton360Most default settings work for end-users but I need it more sensitive and details as I handle important data, However, as soon as I increase these values the CPU utilization is high. Even it is installed on an i7-9750H CPU laptop, multi-tasking like turning on Spotify is just acceptable.

However, if you are comparing on full scan speed, Avira and Avast are quicker. I don’t like the UX and there are too many false-positives of Avira. Avast has nice UX, lower CPU utilization and memory footprint are smaller.

I have done some readings at AV-TEST and AV-Comparatives as well as some searches on the internet. I realized Bitdefender is mentioned everywhere, it looks like they have very good online marketing. I’m not saying that they don’t make good anti-virus, I was once their supporter but I feel maybe I should try something else.

Finally, I have chosen Norton360. It has given me a sense of security using the software and logging in online to my account. The CPU utilization is high like others, guess you can’t avoid if you are doing a full system scan but you can use the software to see both Norton’s CPU utilization and the system’s utilization.

Small thing but it is useful, I do not need to open my task manager to see what service is hogging my CPU. Also, the best value at this point in time, you get unlimited VPN and 75Gb of storage if you are buying the Deluxe package for 5 devices.

I did not test out the password manager and the parental control most anti-virus have included. My priority mission is still keeping the bad guys out.

Using weak password

Using weak password

If you are reading this, it is not too late to update your weak password to a stronger one. What is a strong password? Why there is a need to use a strong password? Ai 16 characters and above is considered a strong password.

A strong password, I personally reckon that it must be 10 characters long, comprises of upper letters, lower letters, numbers, and at least one symbol. If your current passwords have not met this requirement, they are weak.

I have seen 123456, abc123, p@ssword and similar. They are an extremely weak password, they should be prohibited and updated immediately.

In today’s internet, access to the internet is easy, brute-force login attacks are common. Thus, you should refrain yourselves using a weak password. A strong password is difficult to remember, the introduction of 2FA will help with this situation. But strong password is the most effective defense from any authorized access.

Fail2Ban in your Plesk

Fail2Ban in your Plesk

Bruteforce logins attack is common nowadays. If the ports are opened to the internet, they are prone to such attempts to gain access to the services. Using a strong password can reduce your risk but you cannot stop this kind of attack.

To stop totally unless you can limit or restrict access to certain IP addresses. This is not likely possible with the email service. So Fail2Ban can reduce and stop such attempts but it can too block a genuine use from accessing the service in some situations. However, if you are able to understand and fine tweak the module, false-positive can be reduced.

Today, we take a look at this module and neglected it by many Plesk users. One of the reason, this module is not adopted by many Plesk users, it is because this module is not set up by default.

Fail2BanIf you do not see this module in your Plesk under ‘Tools & Settings’ you can install from updates and upgrades under Plesk further down your screen. You will see this module after successfully installed. Likely you have to login again to see the just installed module.

Once it has installed successfully, we need to configure and turn on the module. I recommend placing your current IP address in the trusted IP section. This will avoid if you are blocked accidentally after you switched on the module.

fail2banNext, we will tell the module which are the services I want to use Fail2Ban. You might not need all but the important one like ssh, Plesk-proftpd. Plesk-panel, Plesk-postfix & Plesk-dovecot. These are the common services we have observed, receive most brute-force attacks. After you have decided which services, switch on and make sure they are active.

fail2banThe final step is the settings. Define how long you want to ban an IP, the number of failed logins within how long each interval. The default is 5 failed logins within 10 minutes and banned for 10 minutes if violated. I felt that the ban period can be longer, 3600 seconds is an hour. Lastly, we check the box to Enable intrusion detection and apply.

Congratulation, we have set up Fail2Ban on Plesk.


Paid SSL certificate is a processs

Paid SSL certificate is a processs

I have spoken to many customers were buying SSL certificates. Most have commissioned Vastspace for the entire process. From my experience, most have the impression that the SSL certificate can be done on the same day.

Whether it is done by yourselves or Vastspace the process is the same. I will explain the entire process, so you will get a better understanding.

A Paid SSL certificate is issued by the certificate authority, not Vastspace. All SSL certificate applied for that domain must be validated and the CSR from the origin must be submitted.  The validation methods are;  domain-validation, organization validation and extended validation.  Each validation process is conducted by the CA. DV, domain validation has a shorter process. The ‘owner’ of the domain must approve that he or she has applied an SSL certificate for that domain.

Once CA has satisfied, they will issue the SSL certificate. This process is the fastest but it has lower insured value because it is domain validated. How soon? It depends on how soon the owner can approve for the DCV email sent to him or her.

I have seen DV SSL certificate took more than a month or even cancelled after the CSR was submitted. OV will validate the organization applied and buying the SSL certificate. The CA will print the organization name on the OV validated SSL certificate.

EV SSL certificate verification is the most extensive. The verification comprises the DV, OV and callback to verify the real person behind the business.  Business telephone number published on the authorised websites will be used.

The EV SSL verification is very long-winded if the organization is not prepared for the process. Handled by an inexperienced sales guy can delay the entire process. Thus, I recommend asking and check with the vendor before you are buying an SSL certificate, especially for the EV SSL certificate.

Here is the link to understand more about different types of SSL certificates.

Should you own a static IP?

Should you own a static IP?

Should you own a static IP?

This is a debatable question but I personally felt if you have sensitive information or data and they are hosted on the internet or accessible through the internet, you should own a static or a permanent IP.

A permanent or static IP does not have a short leasing period. It should be given on the first day of the service until the service ended.

The most common way is to get a static IP from your internet provider. If not, you can try VPN providers offer dedicated IP as an addon. You can connect with your VPN account and get the same IP address every time.

Static IP is especially for environments that have restricted access. For example, your website administrator dashboard, your shell access, your RDP access etc.

I suggest to my customers, they should own a static IP. Lockdown sensitive areas where brute force entries are possible. I have seen wp-login.php, the admin login for WordPress is extremely popular to brute-force attacks.


Brute-force Protection

Brute-force Protection

Whether you are using Exim, Postfix or others, I personally feel that the brute-force protection is necessary. I have seen unauthorized login attempts on email accounts especially the common ones.

I supposed your service provider has been telling you ‘please use the strong password’. However, Imseeing compromised account use a weak password. So, please remind yourselves always to use strong passwords.

A strong password can be 13 characters and above, a mixture of the symbols, capital letters, small letters and numbers. You don’t and never define such as strong password ‘P@ssword123456’ Yes. it has more than 13 characters., symbols, capital, small letters and numbers.

This type of password is very guessable, they are likely in the hacker’s dictionary. Never use this kind of password. Combination of name, birthday, handphone and NRIC number should be avoided too. A password is your first defence line, hence it is important to make sure they are not guessable.

Devices have set up with email services should install with a good anti-virus capable of detecting malicious activities like for example ports scanning which is common nowadays. This is also important to an individual, even you have a strong password, there is risk your password is stolen through a backdoor on a virus-infected devive.

If you do have the above both, the brute-force protection is useful but it is not 100% you are protected or you are safe. Hackers will attempt to login to your email account with their hacking program using a guessable password.

The ideal of brute-force protection is a rule to block further failed login after X attempts in X interval and block the source for an X period. This is effective to bar authorized access. Whoever came out the mechanism is a genius. This mechanism has protected many, not only email accesses.

Like SmarterMail has such feature out of the box, actually more like internal spammer etc. However, today topic is mainly on brute-force and yes, SmarterMail has built-in with such feature. The server admin can define the number of attempts and the block interval. SmarterMail will display the IP address and its location, should you blacklist them permanently.

I personally felt this is a great feature to protect our email users. This feature reduces the workload on email server admin too. A good email system must built-in with a good security feature and SmarterMail did it.