Monday, August 14, 2017

Fake News, Terrorist propaganda! Google is moving to fight this!

Google is preparing to release new filters which would give advertisers greater control over the content they appear against.
According to the Times – which ran a front-page exposé earlier this year into how advertisers like M&S were appearing next to extremist content – Google is planning to grade videos and other online content under new parameters which include violence, nudity and political satire.
Offering an example, the Times said it “would hand advertisers the power to block their adverts appearing alongside a bawdy comedy sketch, for example, or risqué music video.”.
The additional safeguards are expected to come into force by the end of the year.
It comes after Google revealed that it would invest heavily in artificial intelligence in an effort to better identify extremist and terrorism-related content, specifically on YouTube.
YouTube claimed that during the past month of testing AI-powered detection and removal tools that over 75% of the videos it has removed for violent extremism were purged before receiving a single human flag. The platform has said it believes the accuracy of its systems have improved “dramatically” due to machine learning.
It’s part of an a four-pronged strategy to appease the industry after major advertisers, in wake of the Times investigation, pulled ad spend from YouTube and the Google Display Network.


This article from Google and By

I believe we must fight this on Facebook and other modes of social media. I believe our last election was interfered with on both sides and this needs to change and perhaps this is a nice first step.

Joe Rossini

Friday, August 11, 2017

It has been a while

Sorry I have not written in a while, I have been very busy. I guess I have learned the hard way again that working hard is not as good as working smart. I have made tons of calls and put out lots of quotes only to get rejected because the people I am quoting to have no intention of buying or spending the incredibly small amount of money for my products they want evwen cheaper. I guess the moral to the story is dont spend time if there is really no reason to spend time. If someone says they dont have enough money or they have been taken before and the owner really is afraid of being taken again either sell harder as to why you should move forward or just say thank  you, give them yur information and move on. I am ready to take this philosphy now. Bottom line is most people want everything but they cant afford ther big car or huge house so you downsize a bit. I can downsize my products but at what price? I am just going to ask up front do yu you have $1200 to $5000 for a great fancy shiny web site and if they hesiotate enough I thank them and move on. So I move on.

Monday, July 24, 2017

Is your network at risk

Is Your Site or Network at Risk?
"Web security" is relative and has two components, one internal and one public. Your relative security is high if you have few network resources of financial value, your company and site aren't controversial in any way, your network is set up with tight permissions, your web server is patched up to date with all settings done correctly, your applications on the web server are all patched and updated, and your web site code is done to high standards.
Your web security is relatively lower if your company has financial assets like credit card or identity information, if your web site content is controversial, your servers, applications and site code are complex or old and are maintained by an underfunded or outsourced IT department. All IT departments are budget challenged and tight staffing often creates deferred maintenance issues that play into the hands of any who want to challenge your web security.

If you have assets of importance or if anything about your site puts you in the public spotlight then your web security will be tested. We hope that the information provided here will prevent you and your company from being embarrassed - or worse.
It's well known that poorly written software creates security issues. The number of bugs that could create web security issues is directly proportional to the size and complexity of your web applications and web server. Basically, all complex programs either have bugs or at the very, least weaknesses. On top of that, web servers are inherently complex programs. Web sites are themselves complex and intentionally invite ever greater interaction with the public. And so the opportunities for security holes are many and growing.
Technically, the very same programming that increases the value of a web site, namely interaction with visitors, also allows scripts or SQL commands to be executed on your web and database servers in response to visitor requests. Any web-based form or script installed at your site may have weaknesses or outright bugs and every such issue presents a web security risk.
Contrary to common knowledge the balance between allowing web site visitors some access to your corporate resources through a web site and keeping unwanted visitors out of your network is a delicate one. There is no one setting, no single switch to throw that sets the security hurdle at the proper level. There are dozens of settings if not hundreds in a web server alone, and then each service, application and open port on the server adds another layer of settings. And then the web site code... you get the picture.
Add to that the different permissions you will want to grant visitors, prospects, customers, partners and employees. The number of variables regarding web security rapidly escalates.
A web security issue is faced by site visitors as well. A common web site attack involves the silent and concealed installation of code that will exploit the browsers of visitors. Your site is not the end target at all in these attacks. There are, at this time, many thousands of web sites out there that have been compromised. The owners have no idea that anything has been added to their sites and that their visitors are at risk. In the meantime visitors are being subject to attack and successful attacks are installing nasty code onto the visitor's computers.

This post compliments of Beyond Security

More to come soon.

Joe

Wednesday, July 19, 2017

How can you help a customer with their business

I am often asked how I can help a customer make more sales or improve efficiency. As a web sales specialist with marketing in mind it is one of the first things I look at about a business and that is what does the web page tell me about that business. The web site today is like the yellow pages ads of yesteryear or the newspaper ads about a company. Your ad calls out in many cases to the potential customer to call. I know I often as statistics show that the big ads get your attention and draw your eye towards it. Web pages today are similar, a very well done, neat yet professional ad with nice graphics. The web site is your opening to the world and with search engines to do the work the old phrase let your fingers do the walking is true, you type what you want and up comes returns from all over the world. As a web marketeer, I look at ways to make sure that the web site meets the criteria of what the main search engines want. Make the web site fast, make it visually nice, make it interesting. Make sure internally the correct SEO programming is in place such as key words, descriptions, title tags and more.  Now once the web site is done, now you have to market it correctly. The web site can be used in many ways that I will get into soon to capture leads, and to allow your customers to get important facts. I have customers that have facts about heating and cooling systems. I have customers with facts about animals. Do you want to know about electrical systems, I have customers that have facts about that. How about putting white papers about your products on line to help your customers solve problems. The web site can be your way to keep in toch with your customers and to help them.

Ok enough for this small section, more soon.

Talk soon.

Joe

How to have a better web site ranking

There are many things a programmer can do to improve your web site ranking but here are a critical few:

Improve the content focus and the format of your web pages
The content of your web pages should align with the intent of the searcher when the searcher visits your website after a keyword search.
Make sure that your content has a clear structure and that the content that the searcher is looking for is easily available on your web pages. Use headers, sub-headers, bullet lists and tables to present your content as clearly as possible.
Improve the internal linking structure of your web pages
Link from your web pages to other web pages on your website that deal with the same topic. Link from pages that discuss the topic in general to pages that discuss specific points in detail. Use breadcrumb navigation to show your website visitors where they are.
The easier it is to find pages about a particular topic on your website, the easier it is for search engines to assign these pages to the right search terms. The website audit tool in SEOprofiler analyzes the internal link structure of your website.
 Increase the content length on your web pages
The more content a web page has, the easier it is to get high rankings (ignoring links from other websites). It is very difficult to get high rankings for very short pages with thin content.
Make sure that your web pages contain enough content to answer the questions of the web page visitor. Search engines love content rich websites that answer the questions of searchers.
The content of your web pages should have a clear structure, and it should be easy to understand.
Improve the mobile usability of your website
Mobile usability is very important. Most websites get more than half of their traffic through mobile devices. If your web pages don't look good on mobile devices, you will lose many potential customers.
The easiest way to do this is to use a responsive website design. Responsive website design means that your website adapts to the size of the screen. For example, go to www.SEOprofiler.com and change the width of the browser window. You will see that the design changes automatically with the size of the browser window.
 Switch your website to HTTPS
If your website uses HTTPS, you show search engines and your users that you're serious about data privacy. In addition, you show search engines that you're serious about your website because you have gone the extra mile to secure your site. Spammers usually do not do that.
Google prefers HTTPS sites. Although HTTPs has only a minor influence on the overall rankings, it is a signal that has a positive effect.
The switch to HTTPS should be done by a person who knows how to do it. Redirect your old HTTP pages to the HTTPS version of your website to show search engines that you prefer the HTTPS version.
 Redirect links to 404 error pages
Older websites often have hundreds of links from other websites that point to pages that do not exist anymore. Retain these links by redirecting the old URLs to the URLs of the new pages of your website.
Retaining old links can have a major influence on the rankings of your new pages. If possible, ask the linking websites to link directly to the new version of the pages. Check the log files of your website to find links that point to non-existing sites on your website.
 Remove errors that prevent search engine indexing
Some errors on your web pages can keep search engines from indexing your website. It is very important that you remove these errors from your website.
The website audit tool in SEOprofiler checks your website for these errors. Check your website to make sure that all pages can be indexed correctly by Google and other search engines.
 Resolve duplicate content issues

Duplicate title tags on your web pages can cause ranking problems. In addition, Google might pick th wrong version if the same content appears on multiple pages of your website (regular version, print version, etc.).
Each web page should have an individual title tag. If the same content appears on more than one page of your website, use the canonical tag to show search engines the version that they should index.

More to come this article came from Alandra seardn.

More to come.

Joe Rossini

Tuesday, July 18, 2017

How to spot spam reviews

Fighting Review Spam: The Complete Guide for the Local Enterprise

Posted by MiriamEllis
It’s 105 degrees outside my office right now, and the only thing hotter in this summer of 2017 is the local SEO industry’s discussion of review spam. It’s become increasingly clear that major review sites represent an irresistible temptation to spammers, highlighting systemic platform weaknesses and the critical need for review monitoring that scales.
Just as every local brand, large and small, has had to adjust to the reality of reviews’ substantial impact on modern consumer behavior, competitive businesses must now prepare themselves to manage the facts of fraudulent sentiment. Equip your team and clients with this article, which will cover every aspect of review spam and includes a handy list for reporting fake reviews to major platforms.

What is review spam?

A false review is one that misrepresents either the relationship of the reviewer to the business, misrepresents the nature of the interaction the reviewer had with the business, or breaks a guideline. Examples:
  • The reviewer is actually a competitor of the business he is reviewing; he’s writing the review to hurt a competitor and help himself
  • The reviewer is actually the owner, an employee, or a marketer of the business he is reviewing; he’s falsifying a review to manipulate public opinion via fictitious positive sentiment
  • The reviewer never had a transaction with the business he is reviewing; he’s pretending he’s a customer in order to help/hurt the business
  • The reviewer had a transaction, but is lying about the details of it; he’s trying to hurt the company by misrepresenting facts for some gain of his own
  • The reviewer received an incentive to write the review, monetary or otherwise; his sentiment stems from a form of reward and is therefore biased
  • The reviewer violates any of the guidelines on the platform on which he’s writing his review; this could include personal attacks, hate speech or advertising
All of the above practices are forbidden by the major review platforms and should result in the review being reported and removed.

What isn’t review spam?

A review is not spam if:
  • It’s left directly by a genuine customer who experienced a transaction
  • It represents the facts of a transaction with reasonable, though subjective, accuracy
  • It adheres to the policies of the platform on which it’s published
Reviews that contain negative (but accurate) consumer sentiment shouldn’t be viewed as spam. For example, it may be embarrassing to a brand to see a consumer complain that an order was filled incorrectly, that an item was cold, that a tab was miscalculated or that a table was dirty, but if the customer is correctly cataloging his negative experience, then his review isn’t a misrepresentation.
There’s some inherent complexity here, as the brand and the consumer can differ widely in their beliefs about how satisfying a transaction may have been. A restaurant franchise may believe that its meals are priced fairly, but a consumer can label them as too expensive. Negative sentiment can be subjective, so unless the reviewer is deliberately misrepresenting facts and the business can prove it, it’s not useful to report this type of review as spam as it’s unlikely to be removed.

Why do individuals and businesses write spam reviews?

Unfortunately, the motives can be as unpleasant as they are multitudinous:

Blackmail/extortion

There’s the case of the diner who was filmed putting her own hair in her food in hopes of extorting a free meal under threat of negative reviews as a form of blackmail. And then there’s blackmail as a business model, as this unfortunate business reported to the GMB forum after being bulk-spammed with 1-star reviews and then contacted by the spammer with a demand for money to raise the ratings to 5-stars.

Revenge

The classic case is the former employee of a business venting his frustrations by posing as a customer to leave a highly negative review. There are also numerous instances of unhappy personal relationships leading to fake negative reviews of businesses.

Protest or punishment

Consumer sentiment may sometimes appear en masse as a form of protest against an individual or institution, as the US recently witnessed following the election of President Trump and the ensuing avalanche of spam reviews his various businesses received.
It should be noted here that attempting to shame a business with fake negative reviews can have the (likely undesirable) effect of rewarding it with high local rankings, based on the sheer number of reviews it receives. We saw this outcome in the infamous case of the dentist who made national news and received an onslaught of shaming reviews for killing a lion.
Finally, there is the toxic reviewer, a form of Internet troll who may be an actual customer but whose personality leads them to write abusive or libelous reviews as a matter of course. While these reviews should definitely be reported and removed if they fail to meet guidelines, discussion is open and ongoing in the local SEO industry as to how to manage the reality of consumers of this type.

Ranking manipulation

The total review count of a business (regardless of the sentiment the reviews contain) can positively impact Google’s local pack rankings or the internal rankings of certain review platforms. For the sake of boosting rankings, some businesses owners review themselves, tell their employees to review their employer, offer incentives to others in exchange for reviews, or even engage marketers to hook them up to a network of review spammers.

Public perception manipulation

This is a two-sided coin. A business can either positively review itself or negatively review its competitors in an effort to sway consumer perception. The latter is a particularly prevalent form of review spam, with the GMB forum overflowing with at least 10,000 discussions of this topic. Given that respected surveys indicate that 91% of consumers now read online reviews, 84% trust them as much as personal recommendations and 86% will hesitate to patronize a business with negative reviews, the motives for gaming online sentiment, either positively or negatively, are exceedingly strong.

Wages

Expert local SEO, Mike Blumenthal, is currently doing groundbreaking work uncovering a global review spam network that’s responsible for tens or hundreds of thousands of fake reviews. In this scenario, spammers are apparently employed to write reviews of businesses around the world depicting sets of transactions that not even the most jet-setting globetrotter could possibly have experienced. As Mike describes one such reviewer:
“She will, of course, be educated at the mortuary school in Illinois and will have visited a dentist in Austin after having reviewed four other dentists ... Oh, and then she will have bought her engagement ring in Israel, and then searched out a private investigator in Kuru, Philippines eight months later to find her missing husband. And all of this has taken place in the period of a year, right?”
The scale of this network makes it clear that review spam has become big business.

Lack of awareness

Not all review spammers are dastardly characters. Some small-timers are only guilty of a lack of awareness of guidelines or a lack of foresight about the potential negative outcomes of fake reviews to their brand. I’ve sometimes heard small local business owners state they had their family review their newly-opened business to “get the ball rolling,” not realizing that they were breaking a guideline and not considering how embarrassing and costly it could prove if consumers or the platform catch on. In this scenario, I try to teach that faking success is not a viable business model — you have to earn it.

Lack of consequences

Unfortunately, some of the most visible and powerful review platforms have become enablers of the review spam industry due to a lack of guideline enforcement. When a platform fails to identify and remove fake reviews, either because of algorithmic weaknesses or insufficient support staffing, spammers are encouraged to run amok in an environment devoid of consequences. For unethical parties, no further justification for manipulating online sentiment is needed than that they can “get away with it.” Ironically, there are consequences to bear for lack of adequate policing, and until they fall on the spammer, they will fall on any platform whose content becomes labeled as untrustworthy in the eyes of consumers.

What is the scope of review spam?

No one knows for sure, but as we’ve seen, the playing field ranges from the single business owner having his family write a couple of reviews on Yelp to the global network employing staff to inundate Google with hundreds of thousands of fake reviews. And, we’ve see two sides to the review spam environment:
  1. People who write reviews to help themselves (in terms of positive rankings, perception, and earnings for themselves either directly from increased visibility or indirectly via extortion, and/or in terms of negative outcomes for competitors).
  2. People who write reviews to hurt others (for the sake of revenge with little or no consequence).
The unifying motive of all forms of review spam is manipulation, creating an unfair and untrustworthy playing field for consumers, enterprises and platforms alike. One Harvard study suggests that 20% of Yelp reviews are fake, but it would be up to the major review platforms to transparently publicize the total number of spam reviews they receive. Just the segment I’ve seen as an individual local SEO has convinced me that review spam has now become an industry, just like “black hat” SEO once did.

How to spot spam reviews

Here are some basic tips:

Strange patterns:

A reviewer’s profile indicates that they’ve been in too many geographic locations at once. Or, they have a habit of giving 1-star reviews to one business and 5-star reviews to its direct competitor. While neither is proof positive of spam, think of these as possible red flags.

Strange language:

Numerous 5-star reviews that fawn on the business owner by name (e.g. “Bill is the greatest man ever to walk the earth”) may be fishy. If adulation seems to be going overboard, pay attention.

Strange timing:

Over the course of a few weeks, a business skyrockets from zero reviews to 30, 50, or 100 of them. Unless an onslaught of sentiment stems from something major happening in the national news, chances are good the company has launched some kind of program. If you suspect spam, you’ll need to research whether the reviews seem natural or could be stemming from some form of compensation.

Strange numbers:

The sheer number of reviews a business has earned seems inconsistent with its geography or industry. Some business models (restaurants) legitimately earn hundreds of reviews each year on a given platform, but others (mortuaries) are unlikely to have the same pattern. If a competitor of yours has 5x as many reviews as seems normal for your geo-industry, it could be a first indicator of spam.

Strange "facts":

None of your staff can recall that a transaction matching the description in a negative review ever took place, or a transaction can be remembered but the way the reviewer is presenting it is demonstrably false. Example: a guest claims you rudely refused to seat him, but your in-store cam proves that he simply chose not to wait in line like other patrons.

Obvious threats:

If any individual or entity threatens your company with a negative review to extort freebies or money from you, take it seriously and document everything you can.

Obvious guideline violations:

Virtually every major review platform prohibits profane, obscene, and hateful content. If your brand is victimized by this type of attack, definitely report it.
In a nutshell, the first step to spotting review spam is review monitoring. You’ll want to manually check direct competitors for peculiar patterns, and, more importantly, all local businesses must have a schedule for regularly checking their own incoming sentiment. For larger enterprises and multi-location business models, this process must be scaled to minimize manual workloads and cover all bases.

Scaling review management

On an average day, one Moz Local customer with 100 retail locations in the U.S. receives 20 reviews across the various platforms we track. Some are just ratings, but many feature text. Many are very positive. A few contain concerns or complaints that must be quickly addressed to protect reputation/budget by taking action to satisfy and retain an existing customer while proving responsiveness to the general consumer public. Some could turn out to be spam.
Over the course of an average week for this national brand, 100–120 such reviews will come in, totaling up to more than 400 pieces of customer feedback in a month that must be assessed for signs of success at specific locations or emerging quality control issues at others. Parse this out to a year’s time, and this company must be prepared to receive and manage close to 5,000 consumer inputs in the form of reviews and ratings, not just for positive and negative sentiment, but for the purposes of detecting spam.
Spam detection starts with awareness, which can only come from the ability to track and audit a large volume of reviews to identify some of the suspicious hallmarks we’ve covered above. At the multi-location or enterprise level, the solution to this lies in acquiring review monitoring software and putting it in the hands of a designated department or staffer. Using a product like Moz Local, monitoring and detection of questionable reviews can be scaled to meet the needs of even the largest brands.

What should your business do if it has been victimized by review spam?

Once you’ve become reasonably certain that a review or a body of reviews violates the guidelines of a specific platform, it’s time to act. The following list contains links to the policies of 7 dominant review platforms that are applicable to all industries, and also contains tips and links outlining reporting options:

Google

Policy: https://support.google.com/business/answer/2622994?hl=en

Review reporting tips

Flag the review by mousing over it, clicking the flag symbol that appears and then entering your email address and choosing a radio button. If you’re the owner, use the owner response function to mention that you’ve reported the review to Google for guideline violations. Then, contact GMB support via their Twitter account and/or post your case in the GMB forum to ask for additional help. Cross your fingers!

Yelp

Policy: https://www.yelp.com/guidelines

Review reporting tips

Yelp offers these guidelines for reporting reviews and also advises owners to respond to reviews that violate guidelines. Yelp takes review quality seriously and has set high standards other platforms might do well to follow, in terms of catching spammers and warning the public against bad actors.

Facebook

Policy: https://www.facebook.com/communitystandards

Review reporting tips

Here are Facebook’s instructions for reporting reviews that fail to meet community standards. Note that you can only report reviews with text — you can’t report solo ratings. Interestingly, you can turn off reviews on Facebook, but to do so out of fear would be to forego the considerable benefits they can provide.

Yellow Pages

Policy: https://www.yellowpages.com/about/legal/terms-conditions#user-generated-content

Review reporting tips

In 2016, YP.com began showing TripAdvisor reviews alongside internal reviews. If review spam stems from a YP review, click the “Flag” link in the lower right corner of the review and fill out the form to report your reasons for flagging. If the review spam stems from TripAdvisor, you’ll need to deal with them directly and read their extensive guidelines, TripAdvisor states that they screen reviews for quality purposes, but that fake reviews can slip through. If you’re the owner, you can report fraudulent reviews from the Management Center of your TripAdvisor dashboard. Click the “concerned about a review” link and fill out the form. If you’re simply a member of the public, you’ll need to sign into TripAdvisor and click the flag link next to the review to report a concern.

SuperPages

Policy: https://my.dexmedia.com/spportal/jsp/popups/businessprofile/reviewGuidelines.jsp

Review reporting tips

The policy I’ve linked to (from Dex Media, which owns SuperPages) is the best I can find. It’s reasonably thorough but somewhat broken. To report a fake review to SuperPages, you’ll need either a SuperPages or Facebook account. Then, click the “flag abuse” link associated with the review and fill out a short form.

CitySearch

Policy: http://www.citysearch.com/aboutcitysearch/about_us

Review reporting tips

If you receive a fake review on CitySearch, email customerservice@citygrid.com. In your email, link to the business that has received the spam review, include the date of the review and the name of the reviewer and then cite the guidelines you feel the review violates.

FourSquare

Policy: https://foursquare.com/legal/terms

Review reporting tips

The “Rules and Conduct” section I’ve linked to in Foursquare’s TOS outlines their content policy. Foursquare is a bit different in the language they use to describe tips/reviews. They offer these suggestions for reporting abusive tips.
*If you need to find the guidelines and reporting options for an industry-specific review platform like FindLaw or HealthGrades, Phil Rozek’s definitive list will be a good starting point for further research.

Review spam can feel like being stuck between a rock and a hard place

I feel a lot of empathy in this regard. Google, Facebook, Yelp, and other major review platforms have the visibility to drive massive traffic and revenue to your enterprise. That’s the positive side of this equation. But there’s another side — the uneasy side that I believe has its roots in entities like Google originating their local business index via aggregation from third party sources, rather than as a print YellowPages-style, opt-in program, and subsequently failing to adequately support the millions of brands it was then representing to the Internet public.
To this day, there are companies that are stunned to discover that their business is listed on 35 different websites, and being actively reviewed on 5 or 10 of them when the company took no action to initiate this. There’s an understandable feeling of a loss of control that can be particularly difficult for large brands, with their carefully planned quality structures, to adjust to.
This sense of powerlessness is further compounded when the business isn’t just being listed and discussed on platforms it doesn’t control, but is being spammed. I’ve seen business owners on Facebook declaring they’ve decided to disable reviews because they feel so victimized and unsupported after being inundated with suspicious 1-star ratings which Facebook won’t investigate or remove. By doing so, these companies are choosing to forego the considerable benefits reviews drive because meaningful processes for protecting the business aren’t yet available.
These troubling aspects of the highly visible world of reviews can leave owners feeling like they’re stuck between a rock and a hard place. Their companies will be listed, will be reviewed, and may be spammed whether the brand actively participates or not, and they may or may not be able to get spam removed.
It’s not a reality from which any competitive enterprise can opt-out, so my best advice is to realize that it’s better to opt-in fully, with the understanding that some control is better than none. There are avenues for getting many spam reviews taken down, with the right information and a healthy dose of perseverance. Know, too, that every one of your competitors is in the same boat, riding a rising tide that will hopefully grow to the point of offering real-world support for managing consumer sentiment that impacts bottom-line revenue in such a very real way.

There ought to be a law

While legitimate negative reviews have legal protection under the Consumer Review Fairness Act of 2016, fraudulent reviews are another matter.
Section 5(a) of the Federal Trade Communication Act states:
Unfair methods of competition in or affecting commerce, and unfair or deceptive acts or practices in or affecting commerce, are hereby declared unlawful.”
Provisions like these are what allowed the FTC to successfully sue Sage Automotive Group for $3.6 million dollars for deceptive advertising practices and deceptive online reviews, but it’s important to note that this appears to be the first instance in which the FTC has involved themselves in bringing charges on the basis of fraudulent reviews. At this point, it’s simply not reasonable to expect the FTC to step in if your enterprise receives some suspicious reviews, unless your research should uncover a truly major case.
Lawsuits amongst platforms, brands, and consumers, however, are proliferating. Yelp has sued agencies and local businesses over the publication of fake reviews. Companies have sued their competitors over malicious, false sentiment, and they’ve sued their customers with allegations of the same.
Should your enterprise be targeted with spam reviews, some cases may be egregious enough to warrant legal action. In such instances, definitely don’t attempt to have the spam reviews removed by the host platform, as they could provide important evidence. Contact a lawyer before you take a step in any direction, and avoid using the owner response function to take verbal revenge on the person you believe has spammed you, as we now have a precedent in Dietz v. Perez for such cases being declared a draw.
In many scenarios, however, the business may not wish to become involved in a noisy court battle, and seeking removal can be a quieter way to address the problem.

Local enterprises, consumers, and marketers must advocate for themselves

According to one survey, 90% of consumers read less than 10 reviews before forming an opinion about a business. If some of those 10 reviews are the result of negative spam, the cost to the business is simply too high to ignore, and it’s imperative that owners hold not just spammers, but review platforms, accountable.
Local businesses, consumers, and marketers don’t own review sites, but they do have the power to advocate. A single business could persistently blog about spam it has documented. Multiple businesses could partner up to request a meeting with a specific platform to present pain points. Legitimate consumers could email or call their favorite platforms to explain that they don’t want their volunteer hours writing reviews to be wasted on a website that is failing to police its content. Marketers can thoughtfully raise these issues repeatedly at conferences attended by review platform reps. There is no cause to take an adversarial tone in this, but there is every need for squeaky wheels to highlight the costliness of spam to all parties, advocating for platforms to devote all possible resources to:
  • Increasing the sophistication of algorithmic spam detection
  • Increasing staffing for manual detection
  • Providing real-time support to businesses so that spam can be reported, evaluated and removed as quickly as possible
All of the above could begin to better address the reality of review spam. In the meantime, if your business is being targeted right now, I would suggest using every possible avenue to go public with the problem. Blog, use social media, report the issue on the platform’s forum if it has one. Do anything you can to bring maximum attention to the attack on your brand. I can’t promise results from persistence and publicity, but I’ve seen this method work enough times to recommend it.

Why review platforms must act aggressively to minimize spam

I’ve mentioned the empathy I feel for owners when it comes to review platforms, and I also feel empathy for the platforms, themselves. I’ve gotten the sense, sometimes, that different entities jumped into the review game and have been struggling to handle its emerging complexities as they’ve rolled out in real time. What is a fair and just policy? How can you best automate spam detection? How deeply should a platform be expected to wade into disputes between customers and brands?
With sincere respect for the big job review sites have on their hands, I think it’s important to state:
  • If brands and consumers didn’t exist, neither would review platforms. Businesses and reviewers should be viewed and treated as MVPs.
  • Platforms which fail to offer meaningful support options to business owners are not earning goodwill or a good reputation.
  • The relationship between local businesses and review platforms isn’t an entirely comfortable one. Increasing comfort could turn wary brands into beneficial advocates.
  • Platforms that allow themselves to become inundated with spam will lose consumers’ trust, and then advertisers’ trust. They won’t survive.
Every review platform has a major stake in this game, but, to be perfectly honest, some of them don’t act like it.
Google My Business Forum Top Contributor and expert Local SEO, Joy Hawkins, recently wrote an open letter to Google offering them four actionable tips for improving their handling of their massive review spam problem. It’s a great example of a marketer advocating for her industry, and, of interest, some of Joy’s best advice to Google is taken from Yelp’s own playbook. Yelp may be doing the best of all platforms in combating spam, in that they have very strong filters and place public warnings on the profiles of suspicious reviewers and brands.
What Joy Hawkins, Mike Blumenthal, other industry experts, and local business owners seem to be saying to review platforms could be summed up like this:
“We recognize the power of reviews and appreciate the benefits they provide, but a responsibility comes with setting your platform up as a hub of reputation for millions of businesses. Don’t see spammed reputations as acceptable losses — they represent the livelihoods of real people. If you’re going to trade responsibly in representing us, you’ve got to back your product up with adequate quality controls and adequate support. A fair and trustworthy environment is better for us, better for consumers and better for you.”

Key takeaways for taking control of review spam

  • All local enterprises need to know that review spam is a real problem
  • Its scope ranges from individual spammers to global networks
  • Enterprises must monitor all incoming reviews, and scale this with software where necessary
  • Designated staff must be on the lookout for suspicious patterns
  • All major review platforms have some form of support for reporting spam reviews, but its not always adequate and may not lead to removal
  • Because of this, brands must advocate for better support from review platforms
  • Review platforms need to listen and act, because their stake in game is real

Being the subject of a review spam attack can be a stressful event that I wish no brand ever had to face, but it’s my hope that this article has empowered you to meet a possible challenge with complete information and a smart plan of action.

more to come!~

Thursday, July 13, 2017

How SEO and a good web site can help your business

If you look at web sites today you can see how many of them have been slapped together with the same old cookie cutter approach. I will admit that at times we use that approach because the customer says that is what they want to see or their competitor is like that so we want to be like that. Many of these sites are pretty but they lack in my belief personality and sell power. Many are too congested and lack the draw of the eye to where you want them to go and that is to order or to call. We believe that your web site should tell a story about you and sell your experience and quality and give reasons to buy.  Many times companies forget just how good they are! You get caught up in the day to day hassle that you forget that one of your selling points is that you have been in business for a long time and do quality work. You should share how you take care of customer needs. You should tell the world reasons why buying from you is better than buying form a company in China or any other country. Tell  the story how your products save time and money for a customer. Remember your web site is an extension of you and your business, you built it from the ground up in many cases and it is you so tell them why you are proud to buy from you!

I really believe this and I believe it is what keeps me going and that is I know we can help a business prosper and have helped many in the past. I am proud of my company, remember to be proud of yours.

More next time.

Joe Rossini

Tuesday, July 11, 2017

How much should you pay for SEO?

SEO prices: What determines cost?

SEO pricing has to consider the following variables:
  • Situation. Where are you currently?
  • Objectives. Where do you want to be?
  • Timeline. How fast do you want to improve?
Only by looking at these three elements can any agency calculate how much SEO should cost for your business

By analyzing a client’s current situation, understanding their objectives and determining the required timeline, we can calculate a price. There are lots of variables here, and we don’t always know what our competitors are doing, but an attempt should be made to calculate the level of work required and subsequent price.
And of course, the industry will in part determine costs. If you make $100 from a new customer, you can expect to pay less than if a customer is worth several thousand dollars. The marketplace, to some extent, regulates price (assuming the work is done properly). It is all about return on investment.
The last variable is maintenance and keeping your flag flying once visibility has been achieved. SEO is a moving target. You step up your game, and the competition does the same. It’s tough, and the best approaches need to be tailored to the unique situation and goals of the business.

Remember SEO and ranking is a constantly moving target. Sometimes rankings can change in the blink of your eye. Remember that you are not the only one trying to rank better. ROI is important and one way to get a feel is by having good reporting. Good reporting will show you at least to a point where the clicks are coming from. How much then do I spend on AD Words? This is a tough subject because when I tell a client that he or she must spend $500.00 to $1000.00 per month minimum some get scared away but think about what you pay some companies that promise you leads? I know that some companies will charge  you minimum pricing starting at $10,000.00! So paying an SEO person $500 to $1000.00 to try for a month or two might be better then shelling out $10,000.00 in one shot.

Remember there is more than one choice for pay per clicks. Google does not have it all! You can try Bing they are pretty darn good too. How about ads on Face book? Have you thought about doing a PR on line release to reach hundreds if not thousands of editors. You have many choices and spending your money in one spot may not be the best possible choice. I suggest not putting your eggs in one basket, you can see those eggs be eaten up by a predator!

I suggest using multiple methods to bring in leads and yes use Ad Words but be careful. We use multiple methods to bring in leads. One thing is be an expert and let people know it via a blog. Connect with your customers via e-mail and let them know you offer new ways to help them.

Help your customer solve problems and you will have a satisfied customer for a long time.

More to come!

Joe Rossini


Wednesday, July 5, 2017

More on Internet security!

The New Old Guard: Symantec And McAfee Fight To Regain Dominance In The New World Of Security



Printer-friendly version Email this CRN article



    In the security market, what's old is new again.
    Symantec and McAfee, two companies that 10 years ago were at the vanguard of the war against email threats in the PC era, have since lost ground in the IT security market to a slew of hot startups with next-generation technology. But the giants are not content to sleep, and now both are trying for a comeback.
    With a focus on new technology that goes well beyond anti-virus as well as robust channel strategies and road maps for innovation to challenge their younger rivals, Symantec CEO Greg Clark and McAfee CEO Chris Young believe their respective companies are poised to once again dominate the security space.
    As fate would have it, the two security stalwarts have arrived at this point in their journeys at the same time, both looking to architect resurgences after a series of spinouts, acquisitions and senior management changes.
    "This is an important transformation that we're going through," Young told CRN. "Cybersecurity is maturing and we're going to see that in five years it's going to be very different than it is today. … We aim to help define that future in a meaningful way. We won't rest until we get there."
    CALL TO ARMS
    security
    Security Vendors Need To Work Together To Beat The Ultimate Competition – The Attackers
    Legacy players and startups know that collaboration and an integrated security approach are the keys to winning in the market.
    That's a future Symantec also is bidding to define, Clark said, transforming its business and bringing to the table its own vision of what that future looks like for customers and partners.
    "We have done a very strong transformation, acquisition and repositioning of Symantec for our enterprise customers around integrated cyberdefense, which we're doing very well at," Clark said. "We put those things together and we have a fantastic growth engine for the long haul."
    It's clear why Symantec and McAfee are both looking to win in the space—the security market is growing at a rapid pace, expected to hit $202.4 billion by 2021, up from $122.5 billion in 2016, according to research firm MarketsandMarkets.
    However, both companies have seen drastic declines in their share of the security software market in recent years, according to research firm Gartner.
    In 2005, Symantec held the top spot with 32.2 percent of the worldwide security software market by revenue, and McAfee held 12.4 percent at No. 2, with both seeing double-digit year-over-year growth, according to Gartner. Ten years later, Symantec and McAfee (then known as Intel Security) still owned the top two spots in the security software, but their share of the market had dropped dramatically: After three consecutive years of revenue decline, Symantec held 15.2 percent of the worldwide security software market in 2015, while McAfee was at 7.9 percent after a year-over-year revenue dip.

    Monday, June 19, 2017

    Did you know that 70% of Ransomware attacks come via e-mail?

    Email remains the No. 1 threat vector for businesses, with a full 76% of ransomware attacks starting with a malicious message.
    According to a survey from Barracuda, phishing—and particularly spear phishing—has become a lucrative art. The attackers also do not discriminate based on company size. Email remains one of the most widely used business communications tools, as well as one of the most commonly targeted threat vectors.
    “Whether you are a mid-sized business with limited staff and resources, or a 10,000-employee organization with a dedicated security team and budget—we are all feeling the impact of these attacks,” said Hatem Naguib, senior vice president and general manager for the security business at Barracuda. He noted that criminals are taking the time to personalize the messages, crafting them to be compelling and convincing.
    The survey showed that more than half (56%) of those we questioned admitted to being targeted by cyberattacks, with 84% of those admitting their organization felt a significant impact as a result. In fact, on average, organizations had been targeted by cyberattacks five times, with 43% targeted more than five times.
    An earlier Barracuda study found that 92% of people surveyed are concerned about ransomware hitting their organization, and nearly half, or 47%, of respondents had been a victim of ransomware already.
    The effects of an attack are not limited to the organization itself. More than three in 10 of those we questioned admitted that their customers (35%) and even their employees (32%) had lost faith in their security because of an attack. Perhaps most shocking from a global perspective, around one in five report a temporary closure of business (21%) or a loss of customers altogether (17%).
    These figures become even more surprising when assuming that the bigger the company, the larger the security budget.
    “Having a sizable security budget isn’t enough to make you immune,” said Naguib. “After all, it doesn’t really matter how much money there is in the budget when the majority of threats are still infiltrating organizations via email. This point brings us back to the very important notion that the most effective security plans include a combination of people and technology.”
    Specifically, given that human error is at play, organizations must be prepared with a layered security strategy. That could include spam protection and malware filtering at the gateway, advanced threat protection and sandboxing technologies, and dedicated spear phishing solutions designed to stop highly-personalized attacks.

    I will tell you I do not click on any link I do not know. When I see an e-mail from a friend that usually never e-mails me a link I delete it. Being very careful helps a lot!


    Protect your small business from [Ransomeware]

    Ransomware is a growth industry – and it's growing because it works. Attacks by hackers that lock up data unless a ransom is paid shot up an unbelievable 6000% worldwide in 2016 over the previous year. According to the FBI, hackers “earned” over a billion dollars in ransomware attacks in 2016, some five times over the amount they netted in 2015.

    Despite the big numbers, it's small users who may be suffering the most. There's reason to believe that small businesses are among the primary targets – perhaps even more than big businesses - of ransomware hackers. According to one study, the average payment demanded by hackers for releasing a system was $679 – an amount that seems paltry, almost, except when you put it in context with who the victims of these demands really are.

    Perhaps the most important statistic – the one that makes the whole effort worthwhile for hackers  - is that some 70% of victims pay up, according to a report by IBM. Of those, more than half paid $10,000 or more in ransom to free up their data. A Ponemon Institute study shows that 56% of companies surveyed said they are not ready to fend off ransomware attacks, and just 38% said they have a strategy to deal with ransomware and other malware.

    Another Ponemon study says that while 66% of respondents rate the threat of ransomware as very serious, only 13% rated their companies’ preparedness to prevent ransomware as high.

    While most small business owners believe that they are more or less immune to ransomware – you can't get blood from a stone, after all – the truth is that hackers are far less selective in their targets. One study shows that in 2015, 43% of all cyber-attacks, especially ransomware attacks, targeted small businesses.  Given the fact that most companies, large and small, pay off the hackers, there's no reason to believe that things will change in 2017.

    That's the secret of ransomware success: There really is no business too small to be attacked. While the database of a local dry cleaner may not appear to be as important as that of a national bank, it is to the dry cleaner; hence, his willingness to pay, and if he can get his business back for $679, then the expense is certainly worth it, isn't it?

    That is certainly a secret to hackers' ransomware success: Data is important to someone, somewhere – and to get their data back, people will pay. Of course, paying up is no guarantee that the hackers will release the security key that opens up the locked data; if a victim is willing to pay once, why not twice or thrice? 

    Once an attack occurs, it's usually too late – although some victims have likely had luck using decryption tools from sites like the No More Ransom Project. Having a good backup system could help a business quickly recover from an attack, but it's not foolproof. In one survey of medium and large companies who didn't pay up, 81% of IT pros said they were “confident” they could cope with an attack, fully restoring their data from backup – but only 42% were able to do so.

    That's likely with the advanced backup systems such organizations would have; most small businesses aren't that fortunate, and for most small business people, educating themselves – or paying a consultant to do it for them – about how to use the dizzying array of cyber-defense tools is probably a non-starter.

    For them, prevention is going to be key. Indeed, preventing ransomware attacks from reaching companies in the first place is a lot like avoiding any other kind of malware – except that the stakes are higher, so organizations need to be very aware of what they can do, what they can't do, and what steps they need to take to upgrade their capabilities.

    Prevent how? According to a report by Osterman Research, “email was the most likely attack vector for ransomware, either via email attachments or malicious links in email messages.” According to the report, 31% of ransomware attacks entered a business via a direct email link, while 28% entered via an email attachment (a Word document with “dirty macros,” for example). Only a quarter entered when engaging with a web site or an application – while infection rates from social media or USB sticks were negligible.

    One effective way of disarming such attacks is to use a system that stops rogue files from getting onto the system in the first place, a “gatekeeper” that nabs malware-laden files before they are passed through to users. Instead of concentrating on detection, installing a system that prevents bad files from getting through in the first place.

    Technology exists that allows systems to examine files before they are “waved through” by examining the code in an attachment or what lies behind a link, dissecting and reconstructing them to examine what is at their core. If an email or attachment checks out, it is allowed to proceed, and if not, it gets dumped, kept away from users and rendered harmless.

    In any event, the bottom line for small businesses is clear: Get control of your email and/or how you engage with it, and you'll reduce your chances of becoming a ransomware victim by a whole lot. 

    Remember it is not about you when working with clients [it is what you can do for your clients]

    Great article by Chaz Horn!

    IT'S NOT ABOUT YOU

    The most useful thing I've learned and can teach you is to take your attention OFF of yourself and put it on the people who need your help. We can't help others when we are focused on ourselves.
    At the end of the day, your potential customers don't give a crap about you. They need help, they need it now, so who CARES what kind of House you have on the Coast or how great your accomplishments are... How does what you do provide a specific and amazing OUTCOME for your clients/customers? If you truly care about the welfare of your clients/customers, but you are unable to reach them. Let's talk.
    Everything in your business, from your offer, your sales process, marketing to your pricing, to your service & delivery, should be built around one big question:
    "What Outcomes do we provide for our clients?"
    At Mastery of Selling B2B, this is our mantra. It determines what we teach, whom we hire, and whom we do (and do not) let into our programs.
    That one question will never, ever steer you wrong.
    Money comes from serving. Serving comes from making the clients' success your #1 priority.

    \I am guilty of forgetting this at times even after all of my years in sales. Listen to your client and then try to help them!

    More to come later.

    Joe Rossini

    Wednesday, June 14, 2017

    Marketing and sales and planing do hook together

    Plan your work and work your plan that is an old saying but it still works today. This week I planned where I was going to make calls and as I like it they were all in an area that would save me on wear and tear and also I could make a lot of calls without wasting a lot of time. Time is money and by maximizing my time I set myself up to make more money.  If you are a young sales representative, consider mapping out your area and see how many potential customers are in that area.  Male calls on them, telephone then cold calls or set up calls and I bet you that you will increase your sales.  If you need help just call me at 913-244-6132 I can give you a few tips.

    More to come soon.

    Joe Rossini

    Tuesday, June 13, 2017

    Important security alert

    Please read.....

    National Cyber Awareness System:

    06/13/2017 11:45 AM EDT

    Original release date: June 13, 2017

    Systems Affected

    Networked Systems

    Overview

    This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides technical details on the tools and infrastructure used by cyber actors of the North Korean government to target the media, aerospace, financial, and critical infrastructure sectors in the United States and globally. Working with U.S. Government partners, DHS and FBI identified Internet Protocol (IP) addresses associated with a malware variant, known as DeltaCharlie, used to manage North Korea’s distributed denial-of-service (DDoS) botnet infrastructure. This alert contains indicators of compromise (IOCs), malware descriptions, network signatures, and host-based rules to help network defenders detect activity conducted by the North Korean government. The U.S. Government refers to the malicious cyber activity by the North Korean government as HIDDEN COBRA.
    If users or administrators detect the custom tools indicative of HIDDEN COBRA, these tools should be immediately flagged, reported to the DHS National Cybersecurity Communications and Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch), and given highest priority for enhanced mitigation. This alert identifies IP addresses linked to systems infected with DeltaCharlie malware and provides descriptions of the malware and associated malware signatures. DHS and FBI are distributing these IP addresses to enable network defense activities and reduce exposure to the DDoS command-and-control network. FBI has high confidence that HIDDEN COBRA actors are using the IP addresses for further network exploitation.
    This alert includes technical indicators related to specific North Korean government cyber operations and provides suggested response actions to those indicators, recommended mitigation techniques, and information on reporting incidents to the U.S. Government.
    For a downloadable copy of IOCs, see:

    Description

    Since 2009, HIDDEN COBRA actors have leveraged their capabilities to target and compromise a range of victims; some intrusions have resulted in the exfiltration of data while others have been disruptive in nature. Commercial reporting has referred to this activity as Lazarus Group[1] and Guardians of Peace.[2] DHS and FBI assess that HIDDEN COBRA actors will continue to use cyber operations to advance their government’s military and strategic objectives. Cyber analysts are encouraged to review the information provided in this alert to detect signs of malicious network activity.
    Tools and capabilities used by HIDDEN COBRA actors include DDoS botnets, keyloggers, remote access tools (RATs), and wiper malware. Variants of malware and tools used by HIDDEN COBRA actors include Destover,[3] Wild Positron/Duuzer,[4] and Hangman.[5] DHS has previously released Alert TA14-353A,[6] which contains additional details on the use of a server message block (SMB) worm tool employed by these actors. Further research is needed to understand the full breadth of this group’s cyber capabilities. In particular, DHS recommends that more research should be conducted on the North Korean cyber activity that has been reported by cybersecurity and threat research firms.
    HIDDEN COBRA actors commonly target systems running older, unsupported versions of Microsoft operating systems. The multiple vulnerabilities in these older systems provide cyber actors many targets for exploitation. These actors have also used Adobe Flash player vulnerabilities to gain initial entry into users’ environments.
    HIDDEN COBRA is known to use vulnerabilities affecting various applications. These vulnerabilities include:
    • CVE-2015-6585: Hangul Word Processor Vulnerability
    • CVE-2015-8651: Adobe Flash Player 18.0.0.324 and 19.x Vulnerability
    • CVE-2016-0034: Microsoft Silverlight 5.1.41212.0 Vulnerability
    • CVE-2016-1019: Adobe Flash Player 21.0.0.197 Vulnerability
    • CVE-2016-4117: Adobe Flash Player 21.0.0.226 Vulnerability
    We recommend that organizations upgrade these applications to the latest version and patch level. If Adobe Flash or Microsoft Silverlight is no longer required, we recommend that those applications be removed from systems.
    The indicators provided with this alert include IP addresses determined to be part of the HIDDEN COBRA botnet infrastructure, identified as DeltaCharlie. The DeltaCharlie DDoS bot was originally reported by Novetta in their 2016 Operation Blockbuster Malware Report. This malware has used the IP addresses identified in the accompanying .csv and .stix files as both source and destination IPs. In some instances, the malware may have been present on victims’ networks for a significant period.
    Technical Details
    DeltaCharlie is a DDoS tool used by HIDDEN COBRA actors, and is referenced and detailed in Novetta’s Operation Blockbuster Destructive Malware report. The information related to DeltaCharlie from the Operation Blockbuster Destructive Malware report should be viewed in conjunction with the IP addresses listed in the .csv and .stix files provided within this alert. DeltaCharlie is a DDoS tool capable of launching Domain Name System (DNS) attacks, Network Time Protocol (NTP) attacks, and Character Generation Protocol attacks. The malware operates on victims’ systems as a svchost-based service and is capable of downloading executables, changing its own configuration, updating its own binaries, terminating its own processes, and activating and terminating denial-of-service attacks. Further details on the malware can be found in Novetta’s report.

    Detection and Response

    HIDDEN COBRA IOCs related to DeltaCharlie are provided within the accompanying .csv and .stix files of this alert. DHS and FBI recommend that network administrators review the IP addresses, file hashes, network signatures, and YARA rules provided, and add the IPs to their watchlist to determine whether malicious activity has been observed within their organization.
    When reviewing network perimeter logs for the IP addresses, organizations may find numerous instances of these IP addresses attempting to connect to their systems. Upon reviewing the traffic from these IP addresses, system owners may find that some traffic corresponds to malicious activity and some to legitimate activity. System owners are also advised to run the YARA tool on any system they suspect to have been targeted by HIDDEN COBRA actors. Additionally, the appendices of this report provide network signatures to aid in the detection and mitigation of HIDDEN COBRA activity.

    Network Signatures and Host-Based Rules

    This section contains network signatures and host-based rules that can be used to detect malicious activity associated with HIDDEN COBRA actors. Although created using a comprehensive vetting process, the possibility of false positives always remains. These signatures and rules should be used to supplement analysis and should not be used as a sole source of attributing this activity to HIDDEN COBRA actors.

    Network Signatures

    alert tcp any any -> any any (msg:"DPRK_HIDDEN_COBRA_DDoS_HANDSHAKE_SUCCESS"; dsize:6; flow:established,to_server; content:"|18 17 e9 e9 e9 e9|"; fast_pattern:only; sid:1; rev:1;)
    ________________________________________________________________
    alert tcp any any -> any any (msg:"DPRK_HIDDEN_COBRA_Botnet_C2_Host_Beacon"; flow:established,to_server; content:"|1b 17 e9 e9 e9 e9|"; depth:6; fast_pattern; sid:1; rev:1;)
    ________________________________________________________________

    YARA Rules

    "strings:
    $rsaKey = {7B 4E 1E A7 E9 3F 36 4C DE F4 F0 99 C4 D9 B7 94
    A1 FF F2 97 D3 91 13 9D C0 12 02 E4 4C BB 6C 77
    48 EE 6F 4B 9B 53 60 98 45 A5 28 65 8A 0B F8 39
    73 D7 1A 44 13 B3 6A BB 61 44 AF 31 47 E7 87 C2
    AE 7A A7 2C 3A D9 5C 2E 42 1A A6 78 FE 2C AD ED
    39 3F FA D0 AD 3D D9 C5 3D 28 EF 3D 67 B1 E0 68
    3F 58 A0 19 27 CC 27 C9 E8 D8 1E 7E EE 91 DD 13
    B3 47 EF 57 1A CA FF 9A 60 E0 64 08 AA E2 92 D0}
    condition: any of them"
    ________________________________________________________________
    "strings:
    $STR1 = "Wating" wide ascii
    $STR2 = "Reamin" wide ascii
    $STR3 = "laptos" wide ascii
    condition: (uint16(0) == 0x5A4D or uint16(0) == 0xCFD0 or uint16(0) == 0xC3D4 or uint32(0) == 0x46445025 or uint32(1) == 0x6674725C) and 2 of them}"
    ________________________________________________________________
    "strings:
    $randomUrlBuilder = { 83 EC 48 53 55 56 57 8B 3D ?? ?? ?? ?? 33 C0 C7 44 24 28 B4 6F 41 00 C7 44 24 2C B0 6F 41 00 C7 44 24 30 AC 6F 41 00 C7 44 24 34 A8 6F 41 00 C7 44 24 38 A4 6F 41 00 C7 44 24 3C A0 6F 41 00 C7 44 24 40 9C 6F 41 00 C7 44 24 44 94 6F 41 00 C7 44 24 48 8C 6F 41 00 C7 44 24 4C 88 6F 41 00 C7 44 24 50 80 6F 41 00 89 44 24 54 C7 44 24 10 7C 6F 41 00 C7 44 24 14 78 6F 41 00 C7 44 24 18 74 6F 41 00 C7 44 24 1C 70 6F 41 00 C7 44 24 20 6C 6F 41 00 89 44 24 24 FF D7 99 B9 0B 00 00 00 F7 F9 8B 74 94 28 BA 9C 6F 41 00 66 8B 06 66 3B 02 74 34 8B FE 83 C9 FF 33 C0 8B 54 24 60 F2 AE 8B 6C 24 5C A1 ?? ?? ?? ?? F7 D1 49 89 45 00 8B FE 33 C0 8D 5C 11 05 83 C9 FF 03 DD F2 AE F7 D1 49 8B FE 8B D1 EB 78 FF D7 99 B9 05 00 00 00 8B 6C 24 5C F7 F9 83 C9 FF 33 C0 8B 74 94 10 8B 54 24 60 8B FE F2 AE F7 D1 49 BF 60 6F 41 00 8B D9 83 C9 FF F2 AE F7 D1 8B C2 49 03 C3 8B FE 8D 5C 01 05 8B 0D ?? ?? ?? ?? 89 4D 00 83 C9 FF 33 C0 03 DD F2 AE F7 D1 49 8D 7C 2A 05 8B D1 C1 E9 02 F3 A5 8B CA 83 E1 03 F3 A4 BF 60 6F 41 00 83 C9 FF F2 AE F7 D1 49 BE 60 6F 41 00 8B D1 8B FE 83 C9 FF 33 C0 F2 AE F7 D1 49 8B FB 2B F9 8B CA 8B C1 C1 E9 02 F3 A5 8B C8 83 E1 03 F3 A4 8B 7C 24 60 8D 75 04 57 56 E8 ?? ?? ?? ?? 83 C4 08 C6 04 3E 2E 8B C5 C6 03 00 5F 5E 5D 5B 83 C4 48 C3 }
    condition: $randomUrlBuilder"
    ________________________________________________________________

    Impact

    A successful network intrusion can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:
    • temporary or permanent loss of sensitive or proprietary information,
    • disruption to regular operations,
    • financial losses incurred to restore systems and files, and
    • potential harm to an organization’s reputation.

    Solution

    Mitigation Strategies

    Network administrators are encouraged to apply the following recommendations, which can prevent as many as 85 percent of targeted cyber intrusions. The mitigation strategies provided may seem like common sense. However, many organizations fail to use these basic security measures, leaving their systems open to compromise:
    1. Patch applications and operating systems – Most attackers target vulnerable applications and operating systems. Ensuring that applications and operating systems are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker. Use best practices when updating software and patches by only downloading updates from authenticated vendor sites.
    2. Use application whitelisting – Whitelisting is one of the best security strategies because it allows only specified programs to run while blocking all others, including malicious software.
    3. Restrict administrative privileges – Threat actors are increasingly focused on gaining control of legitimate credentials, especially credentials associated with highly privileged accounts. Reduce privileges to only those needed for a user’s duties. Separate administrators into privilege tiers with limited access to other tiers.
    4. Segment networks and segregate them into security zones – Segment networks into logical enclaves and restrict host-to-host communications paths. This helps protect sensitive information and critical services, and limits damage from network perimeter breaches.
    5. Validate input – Input validation is a method of sanitizing untrusted input provided by users of a web application. Implementing input validation can protect against the security flaws of web applications by significantly reducing the probability of successful exploitation. Types of attacks possibly averted include Structured Query Language (SQL) injection, cross-site scripting, and command injection.
    6. Use stringent file reputation settings – Tune the file reputation systems of your anti-virus software to the most aggressive setting possible. Some anti-virus products can limit execution to only the highest reputation files, stopping a wide range of untrustworthy code from gaining control.
    7. Understand firewalls – Firewalls provide security to make your network less susceptible to attack. They can be configured to block data and applications from certain locations (IP whitelisting), while allowing relevant and necessary data through.

    Response to Unauthorized Network Access

    Enforce your security incident response and business continuity plan. It may take time for your organization’s IT professionals to isolate and remove threats to your systems and restore normal operations. Meanwhile, you should take steps to maintain your organization’s essential functions according to your business continuity plan. Organizations should maintain and regularly test backup plans, disaster recovery plans, and business continuity procedures.
    Contact DHS or your local FBI office immediately. To report an intrusion and request resources for incident response or technical assistant, you are encouraged to contact DHS NCCIC (NCCICCustomerService@hq.dhs.gov or 888-282-0870), the FBI through a local field office, or the FBI’s Cyber Division (CyWatch@fbi.gov or 855-292-3937).

    Protect Against SQL Injection and Other Attacks on Web Services

    To protect against code injections and other attacks, system operators should routinely evaluate known and published vulnerabilities, periodically perform software updates and technology refreshes, and audit external-facing systems for known web application vulnerabilities. They should also take the following steps to harden both web applications and the servers hosting them to reduce the risk of network intrusion via this vector.
    • Use and configure available firewalls to block attacks.
    • Take steps to secure Windows systems, such as installing and configuring Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) and Microsoft AppLocker.
    • Monitor and remove any unauthorized code present in any www directories.
    • Disable, discontinue, or disallow the use of Internet Control Message Protocol (ICMP) and Simple Network Management Protocol (SNMP) as much as possible.
    • Remove unnecessary HTTP verbs from web servers. Typical web servers and applications only require GET, POST, and HEAD.
    • Where possible, minimize server fingerprinting by configuring web servers to avoid responding with banners identifying the server software and version number.
    • Secure both the operating system and the application.
    • Update and patch production servers regularly.
    • Disable potentially harmful SQL-stored procedure calls.
    • Sanitize and validate input to ensure that it is properly typed and does not contain escaped code.
    • Consider using type-safe stored procedures and prepared statements.
    • Audit transaction logs regularly for suspicious activity.
    • Perform penetration testing on web services.
    • Ensure error messages are generic and do not expose too much information.

    Permissions, Privileges, and Access Controls

    System operators should take the following steps to limit permissions, privileges, and access controls.
    • Reduce privileges to only those needed for a user’s duties.
    • Restrict users’ ability (permissions) to install and run unwanted software applications, and apply the principle of “Least Privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.
    • Carefully consider the risks before granting administrative rights to users on their own machines.
    • Scrub and verify all administrator accounts regularly.
    • Configure Group Policy to restrict all users to only one login session, where possible.
    • Enforce secure network authentication, where possible.
    • Instruct administrators to use non-privileged accounts for standard functions such as web browsing or checking webmail.
    • Segment networks into logical enclaves and restrict host-to-host communication paths. Containment provided by enclaving also makes incident cleanup significantly less costly.
    • Configure firewalls to disallow Remote Desktop Protocol (RDP) traffic coming from outside of the network boundary, except for in specific configurations such as when tunneled through a secondary virtual private network (VPN) with lower privileges.
    • Audit existing firewall rules and close all ports that are not explicitly needed for business. Specifically, carefully consider which ports should be connecting outbound versus inbound.
    • Enforce a strict lockout policy for network users and closely monitor logs for failed login activity. Failed login activity can be indicative of failed intrusion activity.
    • If remote access between zones is an unavoidable business need, log and monitor these connections closely.
    • In environments with a high risk of interception or intrusion, organizations should consider supplementing password authentication with other forms of authentication such as challenge/response or multifactor authentication using biometric or physical tokens.

    Logging Practices

    System operators should follow these secure logging practices.
    • Ensure event logging, including applications, events, login activities, and security attributes, is turned on or monitored for identification of security issues.
    • Configure network logs to provide adequate information to assist in quickly developing an accurate determination of a security incident.
    • Upgrade PowerShell to new versions with enhanced logging features and monitor the logs to detect usage of PowerShell commands, which are often malware-related.
    • Secure logs in a centralized location and protect them from modification.
    • Prepare an incident response plan that can be rapidly administered in case of a cyber intrusion.

    References