Ethical Protection Statement: I only provide the following below to give you an idea of how susceptible some ’systems’ are, and to allow you to possibly protect yourself against it

I first came up with this idea about a year or so ago, when I was short of cash and really wanted to buy a new TV. I wanted the best TV I could get but didn’t want to pay full price either. I looked around, online and offline to try and find the best deal I could. Now what you usually find is a lot of offers and deals but never an ideal price. Well I went into one shop to just have a browse, and I noticed a sign where they claimed they had the cheapest prices on TV’s, and that if you could find a price cheaper than theirs, they would match it. Turns out a lot of shops have these offers nowadays! I looked at a couple of the TV’s in the shop and knew that they couldn’t be the cheapest prices, and that surely somewhere online would offer better rates. Then it hit me – what’s to stop me taking the HTML from an online site that sells the TV, change the price, print it off and claim that its cheaper! Surely a great idea no?

Well, I thought about it some more, and then realised that printing off the page probably wouldn’t be enough proof for them. I mean, as soon as they log onto the website they will be able to see that the price is different, and will know that something is amiss…so how do we get round this? Well, its going to take some work…

Firstly, go into the shop you wish to ‘target’, and note down the item you want, along with the model number etc. Once home, you want to start building a website that looks like an online retailer. Now there are many ‘ready-to-go’ templates out there that you can get essentially for free – the website doesn’t have to be pretty either, it just needs to hold up to inspection. Then you want to enter a selection of products, which includes the item you want to purchase (hence whywe grab the model number etc.) - this you mark up at whatever price you wish to pay for it – so say its a £500 TV, you could mark it up as £399. Now you can print off the details of the TV, and when handed to the shop owner, they can also visit the site to check that the price matches! Ahh, but what if they try to put a purchase through, and buy the TV from you? Surely that will put you out of pocket very quickly! Well, here’s where we get even sneakier – when they try to go to the checkout, we want to change the files so that the checkout page presents a maintenance page, saying that the site is currently experiencing difficulties and will hopefully be back up soon. Here you can provide an email address – or if your feeling even sneakier, a phone number, of which on the other end is an accomplice. The accomplice can then say that they are offering the TV for that amount as they have ’special relations’ with the suppliers or something similar.

There are flaws in this plan, as its possible that the shop you visit will say that it won’t do you the price deal because of ’such and such’, so you might want to get someone to ask the shop owners for the terms of the price match/bust offer, before you start doing the above. Its important that you don’t ask personally, as they will remember you and realise that its a potential scam. If you also know the terms and conditions, and the company still refuses, you can then ask them to present their terms, of which you should be all in order with. Sadly, most of the time it is upto the seller though if they decide to go through with it. Another potential issue is the cost of setting up the site, with phone numbers etc.

Well there you have it, it’s not the worlds most perfect plan, and it does have a couple of issues, but it is a method of knocking a significant price off of an item you might wish to purchase! Maybe I will set up the site for you guys and then charge a pound to list the items you want to get offline ;)

Dan

XML error: Invalid document end at line 261, column 1

Obviously me being the loving person that I am, and not being just out for the links (I am such an angel), I continued posting and thought of it as just a glitch…oh how wrong I was…

I logged onto my computer again today and proceeded to look around the blogging world to drop my comments – yet again I was receiving the XML error. This time I decided to investigate into the matter at hand. I first went to comment-luv to check that the correct feed name had been placed in – which it had. I then proceeded to load up my feed, on which I discovered it wouldn’t load. So I went to my feed provider (which is the google owned feedburner), and proceeded to do a ‘feed check’. This repeated the error that comment-luv brought up for me, as well as all the source for my feed! On scrolling down, I found that someone had lovingly put links to various pornographic websites at the bottom of my feed, which was preventing it from loading.

Now I had discovered the issue, it was a matter of where they had put the data so that I could remove it. I logged on to my server and checked my ’index.php’ file first – and to my surprise it was just at the bottom of that file. I promptly deleted the lines of code that had been added, and my feed was restored (once I reloaded it via feedburner). I reported the attempt to my web hosting provider (who then proceeded to break my website without asking…but that’s another story), and everything was back to normal!

So what do I recomend to protect yourself from this type of hacking attempt? Well, firstly download Comment-Luv as soon as you can, and comment frequently – you’ll notice any problems with your feed instantly. Even if its not the same problem, and you can’t figure out what is happening, there is a handy forum over there also you can ask questions in! Comment-Luv is a great way of keeping a good hold on your feed, as you would never normally check it yourself – why would you need to? As well as using this plugin, you may just want to check your index.php file, just to be sure that nothing had slipped its way in.

Be safe out there guys!

Dan

Now through my varied searching a few weeks ago, I actually stumbled across a way that some people have been ‘breaking into’ blogs, which would enable them to essentially delete your database. Now I’m not going to give out the precise details, but let it be known that the information needed to ‘delete’ your database is actually available on google through a search!

You see, there is one file which is quite crucial to the working of your blog, and this file would be the wp-config.php file. This file contains all the information regarding your database – your username, password, and where to look for it! If an attacker knows this, then they can easily take your site down. Even worse, if they are very ‘talented’, they could manipulate your posts to their own ends, possibly placing harmful code on your site.

So what can you do? Well, a lot of you shouldn’t have to do anything, once uploaded it should be fine. However, there isn’t any harm in taking up a bit of extra security is there, especially if the unfortunate did happen, and access was someone given to your wp-config file. First, you should make sure that your CHMOD settings on that file are set to 640. You can do that via any ftp program, right clicking on the file and choosing ‘CHMOD’ on the options. A free ftp program is WinSCP. Depending on your hosting provider, you may be able to do this via some form of cpanel also.

A further way to protect your config file is in your .htaccess file. If you add the following to it, it will stop people from accessing the file itself:

#protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>

This will protect your config file. To protect your .htaccess file, simply replace the ‘file wp-config.php’ text with ‘file .htaccess’. This will help prevent people getting at your ever-so-important database information! However, I am yet unable to protect you against lions who have learnt to use the internet…they seem to have skills that are incomparable to humans…we should be scared…so very, very scared.

Dan