NAWS IT News and Updates

WordPress Brute Force Attacks and what that means here

April 14, 2013 | Author: Steve L.

Over the past few days many security sites and web hosts around the world reported that a WordPress brute force attack was under way. Brute force meaning the attacks are attempts to find users that have weak passwords and outdated installations. Once the attacker has found a WordPress account with a weak password, it’s used to gain access to the administration panel. At that point, that site can be used in a variety of ways, but it is no longer controlled by the legitimate site owner.There are many articles on the subject out there, some of them detailed and very specific but here is one that seems to give sufficient details without getting overly specific.

What that means is that here on this site, I have had to make some changes. Login attempts have been limited to two. After two failed login attempts, there must be a twenty minute wait before attempting to login again. I changed password to something far more difficult and encourage anyone else who uses a WP site to do the same.

Lastly, on the advice of the webhost we use for this domain, all other users have been changed to contributors, meaning that they can no longer do their own publishing on the site. As an author, you can get access to the control panel in some form, which is to be avoided at this point. This last part is a temporary solution, one that needs to be revisited in the next week or so.

Steve

GEEKLOG: Localization And Adaptability Part One: Text Systems

April 13, 2013 | Author: Chris M.

ABSTRACT:

In my work on the BMLT, I write a system that is meant to be used by many different Service bodies, and adapted to fit their needs (as opposed to the other way around).

That means being able to store and display special characters, like Ü, ç, å and ø.

This is absolutely necessary to support sites like NA Sweden. They are currently helping me to localize (translate) the BMLT into Swedish, so that they can upgrade their system.

When we create Web sites that are designed to be used in contexts other than those with which we are already familiar (such as sites that can be translated to other languages or cultural areas), we should try to design in flexibility and “hooks” that allow the software (Web sites are software, just like word processors and Web browsers) to be adapted or coerced into forms suitable for their own use.

There are some important things to keep in mind, like making sure that you use a text system that will support extended character sets For example, Extended ASCII and various flavors of Unicode.

Read more »

Service committee website hosting basics

April 9, 2013 | Author: Steve L.

The PR Handbook has some good information about local committee websites. However, one of the topics that is hard to address without getting into potential issues with the traditions is the one about where to host, what to look for in a web host, etc. So, this post is an attempt to start that discussion based on some hard won experience.

Things to consider:

There is no such thing as “free” in terms of a website. There is always some catch, usually involving some advertising of products and/or services, any of which brings into question whether or not there is an implied endorsement or affiliation involved. This is different from links to products like Acrobat Reader or Java or Flash, those are tools provided to help view web content and provided to everyone free.
If you have followed the suggestions about your website content, target audience, etc., then its time to browse for some good web hosts. I am not going to favor one or more host over another, but there are some qualities that most good hosts will offer:
- a good quality SLA (service level agreement) meaning they guarantee that your site will be live for at least 99% of the time and offer steps you can take if they do not meet this guaranteed level.
- support (both technical and account management) that is responsive and highly available.
- an accessible control panel that allows you to setup your web presence the way you want to, including databases, email, some traffic reporting tools, FTP access, ways to back up your website, etc.
- clear, easy to understand tutorials about how to use the control panel and the programs it contains
Find out if they offer a site restore option, meaning they do an daily backup of websites, in case your site gets hacked (it can happen to anyone) and you need to restore it to a previous state. Most hosts will offer some form of disaster recovery. If they don’t, make sure you back up your files frequently. Depending upon your available resources, you may also want to consider mirroring your site. If you need some info about what that means, email me at stephan@na.org (just remember that you may not get an instant response).
Lastly, try and find out how seriously does the host take security? One way to start finding out is to ask how complex their passwords have to be. Passwords for any website should be pretty complex, meaning they should include letters, numbers and special characters upper and lower case. It may be a pain to remember the passwords, but the more complex, the harder to hack them. No password is hack-proof but we don’t have to give the keys away ourselves by using something that is too simple. Also ask what tools do they offer to filter spam at the server level.

There are a lot of good hosts out there, and don’t be afraid to spend a little research and time to find the ones that will serve you and your committee the best.

As always, yours in fellowship,

Stephan Lantos | IT Manager
NA World Services

Why I Do This

April 8, 2013 | Author: Chris M.

Before rolling my sleeves, and getting into some technical stuff, I figured that I’d “break the ice” by talking a bit about exactly WHY I do Service, and what I get from it.

I’m an “Old School” kind of chap. I got clean in 1980, and have spent my entire adult life in Recovery. At one time, that was unusual. However, I am running into more and more people like me in NA.

I quite literally, grew up in NA. NA taught me most of my life skills. It helped me to become that “acceptable, responsible and productive member of Society.”

I owe EVERYTHING to NA.

EVERYTHING.

In thirty-two years, I can’t think of a single thing that has happened to me, good or bad, that hasn’t been improved, or directly gifted, by NA.

Security – personal computers

March 28, 2013 | Author: Steve L.

One of the topics that seemed to get attention at the Symposium was about security, especially at the personal level. I will post some things to consider for area and regional websites in another post, but this one is about some basic info about desktop/laptop security.

Before I even talk about the security I need, I want to point out that we all should be aware of rootkits and do an active scan to see if we have any. Here is some basic info about rootkits and botnets. A good, free scanner is offered here: http://www.sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx.

Once I have made sure that my computer is clean, I am ready to setup more extensive protection. My experience is that I need three solid layers of security on any desktop or laptop that I use for the web:

A really good firewall: windows gets just barely passing marks in my book, Symantec, Comodo, McAffee, Sophos, Kaspersky, etc. etc. take your pick, just make sure it has two features: it must be able to be configurable, meaning you can choose which ports to open for which applications, and second, that the intrusion protection is rock solid and highly rated. Look online for unbiased ratings for firewalls. You may want to look at http://www.firewallguide.com/software.htm for comparisons.
Top notch Antivirus. Hate to say it, but you get what you pay for. Free sometimes works, but if you spend a lot of time on the web, be willing to pay $20-$70 annually for a good product. Oftentimes firewalls and AV are bundled together in a security suite. Again two features are really important: first, that the software will automatically scan any new software being downloaded onto the desktop/laptop and second, that it will actively scan the computer daily. Like with firewalls, there are a lot of good products out there. One spot to look may be http://antivirus-software.findthebest.com/d/y/2013 for comparisons.
I also believe in having a third-party malware scanner like Malwarebytes or SpyBot. Free or trial versions are easy to find. Run one on your PC and you may be surprised what it finds.

Additionally, I use WinPatrol. Being somewhat paranoid, I want to know when something new is being added to my computer by any program. WinPatrol will ask me if I am authorizing the program to be installed and to run. This is especially useful to ensure that no new processes are added to my machines without my knowledge. Of course, if my desktop is already infected or has a rootkit, it won’t stop that from running.

Oh and by the way, having a MAC is no longer a guarantee that you are not infected. Unfortunately that changed a while back. While they are far safer than Windows machines, clicking on links, etc. get you in as much trouble on a Mac as on a Windows machine. Here is a link to a story from the NY Times last year.

Well enough on that topics for now. I encourage everyone to be careful as you surf, dump your temporary files often and be sure what link you are visiting… As the Websense report recently showed, over 80% of malware is downloaded from perfectly legitimate websites.

Yours in fellowship,

Stephan Lantos | IT Manager
NA World Services
Stephan@na.org | www.na.org
1-818-773-9999 ext. 181

Hello, From Chris M.

March 25, 2013 | Author: Chris M.

Just a quick intro, here.

My name is Chris, and I am an addict. Stephan asked me to help him in this venture, and I am happy to do so.

The exact shape of my contributions are yet to be determined (for example, will I have a “regular column,” or will I post in a less “linear” fashion).

I got clean at the age of 18, in Baltimore, in 1980.

I have a great deal of experience with professional (non-NA) software engineering, and the best practices, thereof.

I have been the principal author of the BMLT (Basic Meeting List Toolbox), and have been working on Web sites since about 1996. I have been working on Area and Regional Websites since about 1998.

As of the writing of this post, I am the Webservant for the Greater New York Region, which covers most of Downstate New York.

Looking forward to participating here.

Florida Service Symposium IT – update

March 24, 2013 | Author: Steve L.

Just done with Symposium, stay tuned for news and updates.

By the way, the RSS feed to this blog is http://naws.org/IT/?feed=rss2

Florida Service Symposium 2013 IT Track

March 15, 2013 | Author: Steve L.

Like two years ago, the Florida Service Symposium includes an IT Track, focusing on information that is helpful to fellowship webmasters and those interested in IT-related issues. I will try and post links and an update after the event. Stay tuned. For more info about the Symposium look at the Florida Regional website (http://www.naflorida.org).

During th Symposoium, I will try to focus on is the issue of security on the Internet. We use a variety of tools and applications here at NAWS to keep everything secure, but it is truly a huge task. There are a number of truly valuable reports out there about the rise in malware (over 700% in 2012, according to Websense) and the fact that over 80% of it resides on legitimate websites.

One of the sources I rely on for news and information about security is the System Administration, Networking, and Security Institute (SANS) website and its newsletters (http://www.sans.org/newsletters/). Everyone in security agrees that hackers and malware developers are consistently ahead of the curve, but these newsletters at least help somewhat in letting me know what is out there and what I can do.

More later on about the whole issue of security and steps we can take. Until then, stay safe.

Stephan Lantos | IT Manager
NA World Services
Tel: +1 818-773-9999 ext.181
Stephan@na.org | www.na.org

Need some help!!

January 9, 2013 | Author: Steve L.

Those of you who come here regularly know that this is used for a variety of purposes: updates about the www.na.org website, news about upcoming additions, etc. In the past year, I have mentioned our desire to have some simple, and some not-so-simple, mobile applications developed.

We are pretty close with an application that contains two components: a map-driven meeting search usable around the world, and a bundled daily meditation reader. The app is developed for both iOS and Android platforms but needs some design and further application fine-tuning. If you know of any member who is a whiz with mobile development, please have them send me an email? My email address as always is stephan@na.org. I would really appreciate the help.

Yours in fellowship,

Stephan Lantos
IT Manager
NA World Services

New mobile version of site is alive and thriving; map-based meeting search coming in early October

September 14, 2012 | Author: Steve L.

I am overdue in my responsibility to update the IT blog, but here is some great news:

1. The mobile version of the na.org website went live some weeks ago and appears to be met with enthusiasm. You can access it at http://m.na.org. If you access the site via a smartphone, it will automatically take you to the mobile version.

2. The map-based version of the meeting locator should be ready to go live the early part of October. We struggled with how not to exceed the maximum number of geocodes allowed on a daily basis by Google maps, but figured out that by doing client-based geocoding instead of server-based, we should be safe, at least for a while.

3. The epub versions of the Basic Text, It Works: How and Why and Sponsorship will be available on iBooks (Apple iOS devices) and on Amazon. Look for an eblast once they are ready.

A further note/request regarding the Meeting Locator: for it to be truly effective, we need all local web trusted servants to update their meeting information. More information can be found at http://www.na.org/?ID=updates.

Stay tuned for other updates.

Yours in fellowship

Stephan Lantos
IT Manager
NA World Services
stephan@na.org