Being blacklisted is never a fun experience. You are fairly safe from this if your site has its own IP address, as is the case for dedicated and semi-dedicated servers, however, it can still occur if you have an insecure contact script or server. In a shared environment there can be dozens or even hundreds of customers per server - so if it gets blacklisted odds are a bad apple decided to send out some spam. In either case, there are certain things you can do to help speed up the process of delisting your server from an ISP’s blacklist.

Here’s a simple 5-step procedure to help improve your chances of getting your server whitelisted once again:

1. Find out if it is a blacklist issue - Try sending an e-mail to yourself at various addresses to find out if the issue has to do with a blacklist or if it’s a basic server issue. If the service that is blocking you is open like AOL or Yahoo, get an account and try sending a message there. If you get an error message along the lines of “message rejected” then it is probably a blacklist issue. If your e-mail is simply delayed, it is most likely a communications or server problem.

2. Contact your web host - Once you have a general idea of what the problem is, it is time to contact your host. Be sure to inform your host of any error codes you may have received and let them know which server you were trying to send the e-mail to (Yahoo, AOL, Gmail, etc). Odds are they already know there is an issue, but letting them know you are having problems might put more pressure on them (and possibly the other ISP) to take action.

3. Inform Visitors - If after a few days or weeks the problem persists, inform your website’s visitors on your contact page that you won’t be able to respond to them if they use that ISP’s services due to ongoing problems with them. This is a good way to ensure no e-mails are lost before the issue is resolved.

4. Send e-mail to ISP - If your server is still blacklisted in the following weeks, it is time to send a nice aggressive e-mail or message to the ISP that is blocking you. Be sure to send it from a non-blacklisted address though - I usually send mine through my Gmail account. Most ISPs offer some sort of way to contact their postmaster, either through a form or through an e-mail address. Be nice, but at the same time let them know you’re losing patience with their unwillingness to fix the problem. If your own webhost is mediocre in the support department, I’d also send the e-mail to them.

5. Send another e-mail to ISP - If after a few more days or weeks your server is still blacklisted, send another e-mail or message that has a slightly angrier tone. There’s no reason to curse like a sailor though - simply tell them you’re utterly disgusted with the company. If possible, I’d send the second e-mail to the abuse contact for the ISP - since they tend to pay more attention to e-mails sent there. Every time I’ve had a blacklist issue reach this point in the past it has always been resolved within a few weeks of my sending the second e-mail. Either it is coincidence, or my e-mail convinced them that I was ready to start dropping exlax in their postmaster’s coffee.

The main thing to remember is be patient - these issues are normally resolved with time. Jumping the gun and bitching 2 days after you’re blacklisted will do nothing to help get your site whitelisted again. Oh, and if you run a bigger blog or website use that to your advantage. Just think about it and you’ll understand what I mean

The US Copyright Registry is a company that sends spammy e-mails to webmasters asking if they want their content copyrighted. The prices are extremely high, about ten times the cost of the actual copyright, and they do very little work. While “Scam” may not be the best way to describe the US Copyright Registry, I think we can all agree charging $350 for a $30 copyright is far past the land of sanity and is way into ridiculous-territory.

The thing to remember is the second you write a post on your blog or create a new web page you hold the copyright on it thanks to a lovely creation called the Berne Convention. The only thing registering in the US gets you is the ability to bring forth a lawsuit over copyright infringement. For most blogs and websites in general this is unneeded. I think the only time registration is helpful is for something like an e-book, a chunk of software, a rare photo, etc. Think about it, if you had to sue someone over a stolen blog post would you? What if they stole a program you sell for $30 a pop. Which would make it easier for you to prove you lost profit? Which would be worth missing work over?

Ah yes, and let’s not forget if you can write your name and address you can register your copyright with the U.S. govt. If I remember correctly registration is only about $40.

For a more in depth look at the US Copyright Registry be sure to check out Plagiarism Today.

Jonathan Bailey posted an insightful article the other day on his blog, Plagiarism Today, about why blog search services have failed. In the post he raises an interesting point about Google. While Google has done an OK job at handling splogs in their regular search engine, their blog search is pretty bad at filtering them (assuming blog search even finds the splogs, it seems to have a hard time finding blogs at all).

At first I thought part of the reason could have been due to a lack of spam reporting for the blog search, but after a brief discussion Jonathan found out that their normal spam report form is for both their blog search and their regular search engine (supposedly).

So the question still remains, why does it give splogs good rankings?

I don’t know the full answer, but I do think a good chunk of the reason has to do with the blog search algorithm. Unlike normal search, the blog search algorithm relies heavily upon when something was posted, instead of how important the posted content is. The number of links going to an individual post, the pagerank of the blog, and similar factors that are important in the normal search arena have very little to do with where content appears in the blog search. New content goes on top, old content goes on the bottom.

While factors like the number of links can have a slight effect on a post’s ranking, it won’t make a post so “important” that it gets the #1 position for a year (like with regular search). So unless a blog is considered a spam blog by the algorithm, a good chunk of the posts will briefly be given decent ranks.

In addition, I get the feeling Google Blog search is a more of a hobby for Google and isn’t a serious product. When it first came out it caused a bit of buzz, but since then it hasn’t really changed at all. Call me crazy, but I wouldn’t be too surprised to see it get dropped at some point in the next couple of years. If it doesn’t get dropped it’ll at least end up under the “even more” section of Google along with their other miserable failures (errr… “less accepted” products).

It doesn’t take long to find dozens of recent news articles about Internet filtering. Nearly every major ISP has at least talked about the issue, but very few of them have made a firm decision. Sometimes they claim they don’t like filtering, but then they turn around and implement packet shaping, which not only hurts Internet power-users but also annoys those who use services like VoIP.

The idea of filtering the ‘net is flawed from the beginning. If it is implemented at the network level (ISP, routers, etc), all a user needs to do is use SSL connections, use a proxy, etc. In the case of packet shaping/bandwidth throttling all they would get is slower speeds, but their data would still download. If some type of software is required to access the Internet that also serves as a filter, no software pirate with half a brain would install it and a workaround would be quickly made. Plus let’s not forget filtering always causes unintended consequences (such as those I listed above).

I remember back during my days of school the administration felt they needed to put blocks on a handful of websites, some of which were good sources of information (I think MSNBC and CNN were two of them). The first block I remembered them installing could be bypassed by putting “%20″ before the protocol declaration in the URL (http://”). The newer filter (possibly the one they still use) could be bypassed by using a basic web proxy. Their filters were easy to bypass. The same is true for newer ones as well. Back in early February Danish ISP Tele2 was ordered to restrict access to The Pirate Bay. The filter was implemented successfully, but from what I understand a workaround was quickly created.

I’m not saying piracy is good, I’m simply saying filtering is not a good solution to the problem. There are always unintended consequences, and there’s always a workaround.

I don’t think it is a secret that the Internet is slowly becoming less safe. There are more threats now than ever before. Unfortunately these threats are also becoming more dangerous. Malicious users have grown up and are no longer interested in crashing systems – instead they want to sell your information to get money (to get prostitutes with?). They are using spoofing and cloaking to trick users into installing software or to type in their passwords on some copied page, all without anyone knowing.

Malware

Malware, and in particular spyware, will always be the biggest threat. The reason it will always be at the top is due to the fact people love free junk, and hackers take advantage of that as much as possible. One of the newer tactics is to try and install a codec needed to play some video (usually porn), and instead install some icky virus or spyware. Go on any Digg comments page about a celebrity and there will be tons of links to such video files.

When I first heard about this new tactic the first thing I thought was “wow, it’s about time they do that.” For years and years I always wondered why no script kiddies did it – even though it would be so incredibly easy to do. Simply claim you have a video of Paris Hilton and Britney Spears doing topless dances together (don’t know why anyone would want to look at that, they are both ugly), trick some idiots into installing a “codec”, and boom, you have control. So simple, but so effective.

Another similar tactic is to disguise a virus as innocent software (a bit of a Trojan horse). A perfect example of this is WinZix. I have not tried it, but from I have heard (from forums and friends) it installs some nasty, hard to uninstall adware. Basically WinZix is a program you need to uncompress .zix files. They are generally hidden behind a .rar or .zip file, so you won’t know about it until after you spend hours and hours downloading the stupid thing.

Phishing

While the threat of some new viral outbreak is always at the top of the “Internet threats” list, the risk of losing your identity from phishing is a close #2. More and more malicious servers, are being set up in an attempt to steal your information. You might think you are on Pay Pal, but are you? How do you know whether or not you are? The easy way is to look at the URL, but will that trick always work? Give it time, malicious users will find a way to trick the entire DNS system and forward domains to bad servers.

In addition, I believe the openness of many public and private WiFi networks is practically an invitation to steal users’ information – it’s like waving your wallet in the street and yelling “hey criminal, come here and steal my info!” Just a tip: use open WiFi for simple things – not for transferring cash on your bank’s site or on PayPal.

Spam

No Internet threats list is complete without spam. Spam can come in many forms, can be sent several ways, and it can even help spread viruses and assist in the theft of innocent Internet users’ confidential information. Odds are if you read this blog you are a blogger, or you are at least interested in the art of blogging (or, maybe neither) – so I won’t spend any time discussing comment spam. However, I will discuss something that is often overlooked – e-mail spam, and more importantly, e-mail spam with spoofed addresses.

As I have said in many previous posts, it is incredibly easy to spoof an e-mail address. In fact, all you have to do is change one setting in your e-mail client and you too can send a message from any address (assuming your SMTP server supports it, which most if not all do). The root cause of this problem has to do with the e-mail architecture itself. Currently there is no real way to prevent e-mail spoofing beyond SMTP server rewrites. I do have some ideas on solutions, but they belong in a post of their own. For now, I’ll simply say, don’t ever totally believe the “from” address on an e-mail. Until everyone learns to distrust that header entry, people will continue to be taken advantage of by phishers.

If it is a message about your parent’s dog, fine, but if it contains a link to some program on an unknown site or has a program as an attachment, a little bit of caution is warranted. I’m not saying every user should be paranoid and think everyone is out to get them (run run run, as fast as you can, you’ll never catch me, I’m the gingerbread man!), I’m simply saying you should be careful.

Conclusion

So, those three items are the top Internet security threats of 2008. It’ll be interesting to see if the Internet has less spam and malware at the end of the year, but I suspect it won’t. The best way to stay safe is to stay educated. Even knowing how to tell the difference between a real site and a spoofed site can go a long way towards keeping your identity safe.

And remember, most likely your computer knows more about you than you do. It knows what you are interested in, it knows what your crazy fantasies are (please don’t share them!), it knows your passwords, your bank account numbers (please share them on here! … just kidding), etc.