The body of the email:

Hey vguysville ,

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
The Facebook Team

Bredolab is a trojan horse that downloads and executes files from the Internet, such as rogue anti-spyware. To bypass firewalls, it injects its own code into legitimate processes svchost.exe and explorer.exe. Bredolab contains anti-sandbox code (the trojan might quit itself when an external program investigates its actions).

This Bredolab variant will create the files:

%AppData%\wiaservg.log
%Windir%\temp\wpv861256600826.exe
%Programs%\Startup\isqsys32.exe

It will also create the process isqsys32.exe and svchost.exe. The dll %Windir%\dsqstm6.dll is being loaded into the address space of Internet Explorer combined with several Windows registry edits.

It will attempt to connect with the remote hosts on port 80: 202.39.17.53 0, 217.23.7.162 and 95.211.27.211.

The data identified by the following URL was then requested from the remote web server:

hxxp://mmsfoundsystem.ru/public/controller.php?action=bot&entity_list=&uid=&first=1&guid=13441600&v=15&rnd=8520045
hxxp://hostvegass.ru/cman/receiver/online
hxxp://wapdodoit.ru/mn/base.cfg
hxxp://www.whatsmyipaddress.com

Virus Total permlink and MD5: e3edffb53e463bc6e3f498c8aaa1e447.

[Update - 02/11/2009  5:30 PM local Belgian time]

New subject is being used:

Facebook Password Reset Confirmation. Help Centre.

In order to protect the security of your account; please log into the Client Portal, click on My Details and update your Security Question Answer. We have now implemented this option for our Team to verify the Account Ownership. We will no longer allow emails being sent to our Support Team in order to open a Support Ticket or replies. It must be done via the Client Portal.

For details on the phishing email that is being sent, please review the following two links (although UCwebhost.com is not listed as a possible phisher, we want you to be aware):

News details
www.thewhir.com/web-hosting-news/120809_...l_Targets_Webmasters

Explanation on the phishing email contents with screen shots:
garwarner.blogspot.com/2009/12/webmaster...by-cpanel-phish.html

Again, please be very cautious when entering any account specific details on any site. You should always check that the site is actually UCwebhost.com or contact us directly if you are not certain about the legitimacy of any email you receive.

If you have any questions on this matter, please open a Support Ticket and include this email.

As we were driving down the interstate my wife (out of the blue) asked me "...why should anyone want to join the UCwebhost family...why not our competitor?" she surprised me with that question; not of the content of that question but I did not have my normal "quick, scripted sales" response to the question.  As I paused to ponder the question and how to structure my answer; which must have seemed like an eternity.  A lot of answers came to mind but the first thing that came out was "because we are human and we know it!"  She looked at me confused and asked me to expound on that answer.

I said, we are humans, that is what makes us different then hostgator, lunarpages, hostmonster and the rest; not that they are not either but I know we make mistakes, I know we let emotions get involved sometimes but we can all go to sleep at night knowing that we have done our best.  Computers are just a bunch of electronics that can only read "1" and "0",  there is no human emotions that allow them to relate to mankind.  They are just doing what they were programmed to do and will not deviate from it.

We are humans and we can relate to others and have emotions (feelings), compassion for others.  I recall a Client that called to discuss what UCwebhost.com provides as a hosting provider.  As we begun carrying on a nice conversation about many things besides hosting, I could hear her voice quiver and sound almost tearful. When I asked her what was wrong she said that her current host just suspended her account because she was using too much resources and if she wanted it back on, she would have to pay to upgrade to an expensive server.  We talked some more and told her that we would be happy to host her site.  She asked us to help her migrate her site to our servers which we agreed to do for her.

After 10 or 11 days, we were no closer to getting her account over to our servers.  When I told her about it, she sent us some communications from the old host which said that they were not obligated to help her with her site and she had xx days to get it off or they would just terminate it; or upgrade and they would charge to move her site.  When I called to talk to them and request some help, I was totally shocked that this company was even in business; let alone one of the Top 10.  We finally got her site moved over and it is running strong on our servers and we have not had a single issue with the account or resources.

When we talked to her to tell her that we finally got her site online and was working without any problems, she started to cry.  She said something that makes me proud of what we do and who we are; she said "...when everyone gave up hope and said to start over UCwebhost.com continued to move forward, aiming for the target and completed the task."

We told her about a situation we had with another account that was causing a lot of problems on one of our servers with huge loads.  This Client was frustrated because there did not seem to be a fix, our System Admins were even more frustrated because they could not find the root cause, every time they fixed it the problem came back.  Our Client was forced to look for another host, I telephoned her; I told her that I understood if she wanted to leave but I wanted her to understand if we could not find the cause; the next host will see the same issues and they may not be as friendly.  After we talked, we decided to look at the scripts and a problem jumped out at us; we discovered what caused it and fixed it.  The Client is still here and the site is running normally.

So, why UCwebhost.com?  Our company does make mistakes; but we admit it and we fix it.  We do not blame it on someone else just to brush off the question or the work.  I want each and every client to stay with us.  I work for each of my Clients and I hate to see one leave.  I have developed many friendships with my Clients over the years; each client has my email address and can contact me.  I have never suspended an account because of a problem and not offering help to fix it.

To wrap up the question, why UCwebhost.com?  We are in this together; we cannot be in business without our Clients and our Clients could not be in business without a host.  Choosing a host because they are the largest or the most famous is not always the best choice.  Choosing someone like UCwebhost.com who is dedicated to providing the absolute best service to their Clients is the best for the long term.

As a Client, you all have my email address; I do not mind getting an email about an issue that has not been resolved, that is my job.  But I want to hear from you about how we can improve our service, add applications that will be beneficial to everyone, tools that can make your life easier.  This is why UCwebhost.com.  It is an honor to work for you!

How to Add Sub Users and Grant specific permissions for them:

1. To Add a Sub User; click on the Add Sub User link from the "My Details" area.  File out the form completely and then click save.
2. To grant permission levels to your Sub Users; once the Sub User has been created, click on "Manage Sub Users" select the Sub User, scroll down to Assign Password - and click the Assign... link; add the password, click save.  Then click "go back..." link followed by clicking to "assign permissions..."  Save and you're done!

Send the new Sub User an Email with their new account information and passwords.

Enjoy!

Stay informed, just us on Facebook; we frequently update Facebook and would like to have you as a fan!  Click on the FACEBOOK Icon on any of our pages.

What is UCmail (Round Cube Webmail)?

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking.

How to use UCmail?

Go to www.ucwebhost.com and under the "Support" Tab, scroll down to select "UCMAIL" a new browser window will open.  just enter the email address (e.g johndoe@yourdomain.com) you want to use and the password for that email account.  That's it!

What language will you use to code your site? If you are coding in ASP (Active Server Pages), you are best suited for a Windows powered server with IIS. If you are coding PHP, Perl or JSP, either Windows or Linux/Unix will work, but make sure to check with the perspective Web host that the server maintains the proper software, plug-ins and modules needed to host your site efficiently. If you're coding a straight HTML Web page, almost any Web host should serve your needs. With a straight HTML site, reliability is your greatest concern. Ask yourself these essential questions:

• Is your site going to use a database? If so, Microsoft SQL Server will only work on a Microsoft Windows platform. MySQL and a few other databases work on both platforms quite well.
• Does the hosting company have the software you need installed or is it cost extra?
• How much control over the database do you need?
• How much space for the database do you require?
• Can you use phpmyadmin or a similar database control system to add/remove databases and create/restore backups?
• Are your database(s) backed up on a frequent basis?

These are all important questions for any database driven Web sites. Your data and how it is maintained, stored, processed and backed up is critical to your project.

As for choosing one platform over another, both Windows and Linux/Unix platforms (the most common platforms available) are excellent and stable solutions. I haven't had the opportunity to run a Novell or Sun platform, but I'm sure they also work very well. The key is to make sure you're able to do everything you need to do on that server without much trouble.

Another very important feature is the uptime and availability. Does the host guarantee uptime? How much space do I need? The latter is usually a difficult question because it's difficult to make that kind of prediction. To calculate the space you're going to use, go through your site and find the size of the coded pages first. Then add your media files. Media files are PDF files, Word documents, movie clips, audio files, flash files, and images, among other items. Media certainly takes up the bulk of space on your site. Adding more disk space later is almost always never a problem with hosts so long as you're willing to pay more.

The next big item to tackle is how much bandwidth you're going to use. Bandwidth is what your host will measure to calculate how much people are downloading pages of content from your site. Bandwidth costs your Web host money, so you will almost always incur bandwidth charges. For new sites, try starting at the minimal bandwidth cost, and change your monthly bandwidth rate only if necessary. You'll find out very quickly that the sites with very little media files take very little bandwidth while sites with media will take up more.

This finally takes us into cost. How much should you pay? Some Web hosts charge separately for hosting, bandwidth, databases, and so on, while others bundle it together.

Having to change hosts is an inconvenience, so do your homework. Evaluate your options and make a list of the best Web hosting companies, based on your server needs. Choosing the right Web host the first time eliminates unnecessary hassles and saves you money in the long run. Don't choose a Web host for cost alone. Make an educated decision based on the Web host's speed, reliability and connectivity.

Fortunately, it's also relatively easy to protect yourself against most of these dangers, provided you put in place a consistent, constant e-mail security plan. The plan has two parts: e-mail security policy (that's you and your employees) and e-mail security software (featured in good anti-virus programs).

We'll look at each element and what it entails.

E-Mail Security Policy

Most e-mail security problems are the result of our own errors; viruses attached to e-mails, for example, usually don't take effect unless they are actively clicked on by a user. With that as our starting point, let's look at the basic elements of an e-mail security policy that should be followed by every employee using e-mail:

• Never read unsolicited e-mail or e-mail from an unknown sender: the act of opening (reading) such e-mail can expose your computer and network to outside threats.
• Never click on attachments from unknown senders: viruses and other malicious software lurk in attachments that often promise to be a picture or game.
• Never respond to financial or other offers, no matter how legitimate they appear to be: legitimate companies do not request confidential information such as credit card or Social Security numbers by e-mail; any sweepstakes or other offer that looks too good to be true should be ignored.
• Never share your e-mail account password: as with any password, this information must be kept absolutely confidential.
• Never forward an unsolicited e-mail: you shouldn't be reading it, much less forwarding it.
• Never use business e-mail accounts for personal mail: by restricting business accounts to business use, you take a large step toward reducing the risk of e-mail security problems.

 E-Mail Security Software

Anti-virus software includes e-mail scanning tools that guard against the most common e-mail viruses, worms and Trojans. To be most effective, certain practices should be followed:

• Enable both incoming and outgoing e-mail virus scans: should a virus enter your system from another avenue - an employee using an infected disk, for example, the outgoing mail-scan insures that the virus isn't transmitted.
• Update anti-virus software often: if the software isn't updated, your e-mail is vulnerable to the newest attacks; update weekly if not more often.
• Make sure all anti-virus accounts and licenses are up-to-date and renewed: bear in mind that software license renewals are required for each employee computer or notebook.

 The Bottom Line:  Make e-mail security policy a regularly reviewed element of your company's overall business practices. The only sure defense against e-mail threats is a consistent and constant defense.

We have gone through some trying times in the past but every time our Team works through it.  There has been times that many have worked on issues well past the time that there were suppose to work.

Each Team Section has a poster that  says "CUSTOMER SERVICE IS OUR #1 PRIORITY.  DO YOU KNOW WHO YOUR EMPLOYER IS?  OUR CLIENTS AND LETS NOT FORGET IT!"  This is our philosophy and just words.

There are times that I will help with something just to make more problems.  It normally occurs with our Support Team.  But the Team does not complain, they just keep on working.  Recently, while working on an upgrade for a Client; which I do many times, I needed to make a change so I ssh'd into the server and began the change only to discover that I was changing everything on the servers directory. I paniced and contacted our Senior Admin on duty at the time; I humbly told him what I did and he said "...Ok Keith, no problem, I will get it fixed now..." When he finished he told me that I did not hurt anything.  Of course I was relieved.

Then I went out and bought everyone pizza for all 3 Shifts.  Please don't let my wife know since I have over spent my allowance for the month - lol!  I said all of this, so that you understand that I AM PROUD to have so many Team Mates here who are dedicated to their jobs and to the company; we have many that have worked here from the beginning and also have family members working together.

Everyone here is as much part of my family as my real family is.  I want to publicly say THANK YOU Staff for your loyalty and commitment.  For putting up with me when I do something that I shoud not do (I promise to let my Teams do their jobs and I will do mine).

I want everyone know how proud I am to be working with the BEST PEOPLE in the WORLD - It is an HONOR!

Warmest Regards,

Keith Read, President

Security researchers warned today that a new class of vulnerabilities dubbed "clickjacking" puts users of every major browser at risk from attack.

Details of the multiple flaws -- six different types, by one count -- are sketchy, because the researchers, who presented some of their findings at a security conference earlier this week, have purposefully kept their information confidential as at least one vendor works on a fix. ... Go to source

Update and test your site while visitors are redirected to the page of your choice:

order deny,allow
deny from all
allow from 123.123.123.123

ErrorDocument 403 /page.html


allow from all

Replace 123.123.123.123 with your IP address. Also replace page.html with the name of the page you want visitors to see.

2 - Display a Custom 404 Error Page

Your server displays a “404 File Not Found” error page whenever a visitor tries to access a page on your site that doesn’t exist.

You can replace the server’s default error page with one of your own that explains the error in plain language and links visitors to your home page. Here’s how to use your own page:

ErrorDocument 404 /404.html

Replace 404.html with the name of the page you want visitors to see.

3 - Handle Moved or Renamed Pages

You’ve moved or renamed a page on your site and you want visitors automatically sent to the new page when they try to access the old one. Use a 301 redirect:

Redirect 301 /old.html http://yoursite.com/new.html

Using a 301 redirect also ensures the page doesn’t lose its search engine ranking.

4 - Prevent Directory Browsing

When there’s no index page in a directory, visitors can look and see what’s inside. Some servers are configured to prevent directory browsing like this. If yours isn’t, here’s how to set it up:

Options All -Indexes

5 - Create User Friendly URLs

Which of the two URLs below looks friendlier?

http://yoursite.com/about
http://yoursite.com/pages/about.html

When it comes to URLs, as long as the meaning is clear, shorter is always better.

With htaccess and an Apache module called mod_rewrite, you can set up URLs however you want. Your server can show the contents of “/pages/about.html” whenever anyone visits “http://yoursite.com/about”. Here are a few examples:

RewriteEngine on
RewriteRule ^about/$    /pages/about.html [L]
RewriteRule ^features/$ /features.php [L]
RewriteRule ^buy/$      /buy.html [L]
RewriteRule ^contact/$  /pages/contact.htm [L]

There’s a lot more to mod_rewrite and htaccess. Check out the author’s blog at passwordrobot.com/blog for more details and tricks.

Author Carlos Foster is the founder and president of Illmatic, a small web application development shop based in New York City. He started the company in 1998 with their first product, Illmatic’s CGI Password Script, a simple program that helped webmasters manage their members. In 2000, Illmatic launched a popular, automated password protection system called Password Administrator. 2004 saw the release of Password Robot, a powerful password protection application.

A lot of people from the get go thought the iphone was a piece of junk, while others thought it was the best thing since sliced bread. Everyone has their opinions about iphone vs Nokia just like Mac vs. PC. So moving on then…

Since Mr. Steve Jobs had announced that there would be an SDK (software development kit) for the iphone, a lot of people have really been excited. Now that over 100,000 people have downloaded the developers kit whats next?

How many people will really switch over from having an unlocked iphone that can run tons of free applications to go legit with Apple and pay a fee for every application? The reason I even ask that is because the current developers kit doesn’t allow for 3rd party music applications. Isn’t music what people would likely use their iphone most for? Or would it be games?

It seems that Apple has decided to do things this way so sales on itunes are not hurt, but there will be an effect with upcoming players like Amazon music as well as Emusic which have compatible DRM free music for the iphone. Will Apple lose some ground with their Itunes music downloads?

One thing is for sure, and that is that Apple will continue governing and restricting their own products and applications like they have been for a while. I think the mentality of Apple which seems to be the ‘we control the product even after you buy it’ for all consumers is getting a bit old. The thing is, that the larger apple gets, and the more popularity that grows for Apple products, the hacking, cracking and unlocking will only continue to grow with it.

Will people be willing to blow their money on new applications approved by Apple, and made by the developer that had to pay $99 to publish that application. Thats right, you have to pay 1 dollar short of 100 to even be able to deploy your application if your a developer, and then if you are a consumer you can buy those applications straight off your iphone for a price, which Apple and the developer split for profit. This whole thing with new applications for the iphone has dropped from a hot boil to a mild simmer, and until Apple comes up with a better plan I’m going to have to say that the majority of people are going to go the free route.

Here below is just a little rundown of some of the FREE unlocked iphone applications that actually have some value. I’m not personally promoting them, but the fact is that they exist and Apple can’t stop it.

• SSH For iphone - How to setup and install SSH for iphone.
• MobileTerminal-vt100 - A Terminal emulator for the iPhone.
• MobileTextEdit - Allows you to edit .txt files within mobilefinder.
• Izoho - Full office suite to create edit and more.
• Ruby on iphone - An iPhone Ruby interpretor which includes supporting libraries.
• Stumbler Wifi Networks Locator - Lets you find wireless networks in your area.
• BSD Subsystem - Unix Tools for the iphone.
• Iphone Python - An iPhone Python interpretor including libraries.
• Mobile Scrobbler - Lets you play music from Last.fm
• NES Emulator - Play old school Nintendo games.
• Ishare - Works with a Sendspace account to upload and download files.
• Swapmusiclibrary - Allows you to sync with another PC without erasing.
• Genesis4iphone - Lets you play Sonic and other Sega games.
• Navizon GPS - GPS for the iphone.
• TouchPadPro - Control your PC or Mac with Your iphone.
• RocketShotz - Adds Icons So you never have to Type a Favorite URL to Browse.
• Ispit - Acts as an http Server that runs from your iphone.
• Funiculus - Guitar Tuner for iphone.
• MobileChat - Instant messenger with all the extras.
• Ifob - Social Networking application worth using.
• iPhlickr - Easy way to browse Flickr Pics.
• Expense View - Keep track of finances.
• iPhoneDigg - For all the fanatical Diggers.
• iPhoneTravel - Easy way to book flights and car rentals.
• goMovies - Easy view of movie shows and times.
• Google Reader - Clean and easy to use RSS for the iphone.
• Iactu - Displays headlines from multiple newspapers.