Hacker Warning

Banned 11 years ago

Hi Jarycu,

Thanks for sharing this. It made me curious.

What do we need to do with this link?

http://www.yoursite.com/phpmyadmin/scripts/setup.php

If my URL is www.abc.com, I'll put "http://www.abc.com/phpmyadmin/scripts/setup.php" on the address bar of my browser?

Sorry, I think I didn't get what you meant at first.

JC

Thanks
1 reply

{{ DiscussionBoard.errors[6369157].message }}

Emily B 11 years ago

Thanks for sharing this. Looks like all of my sites are safe, but it's good to know.
- Thanks
Signature
{{ DiscussionBoard.errors[6369175].message }}

so11

11 years ago

Hello,

Emily B, not a good idea to execute stuff that people tell you here...
If you are signedin, then you might execute the install function of all scripts in the specified directory.
If you are not signedin, probably nothing will happen.

cheers,

Thanks
3 replies

Signature

www.groupesoloviev.com
We help businesses manage cyber risk and compliance requirements.

{{ DiscussionBoard.errors[6369329].message }}

Joseph Robinson

Banned 11 years ago

Originally Posted by so11

Hello,

Emily B, not a good idea to execute stuff that people tell you here...
If you are signedin, then you might execute the install function of all scripts in the specified directory.
If you are not signedin, probably nothing will happen.

cheers,

Yeah, because if there is one thing I know about Jason from his time on the forum, it's that he secretly wants to hack all of our websites :rolleyes:.

[ 1 ] Thanks
1 reply

{{ DiscussionBoard.errors[6369495].message }}

fin 11 years ago

My spidey senses tell me this could be an elaborate ploy by the two J's to hack all our sites.

Ja lays the trap and Joe leads us into a false sense of security.
- [ 2 ] Thanks
- 1 reply
{{ DiscussionBoard.errors[6369524].message }}
- Joseph Robinson Banned 11 years ago
  
  Originally Posted by fin
  
  My spidey senses tell me this could be an elaborate ploy by the two J's to hack all our sites.
  
  Ja lays the trap and Joe leads us into a false sense of security.
  
  We can cut you in or silence you...your call. We have a highly trained squad of smileys to send after you.
  
  [ 2 ] Thanks
  
  {{ DiscussionBoard.errors[6370000].message }}

MattCatania

11 years ago

Originally Posted by so11

Hello,

Emily B, not a good idea to execute stuff that people tell you here...
If you are signedin, then you might execute the install function of all scripts in the specified directory.
If you are not signedin, probably nothing will happen.

cheers,

Don't listen to this advice.

He was merely asking you to try it with YOUR OWN domain. How can you install malicious scripts if it's coming from your website?

[ 1 ] Thanks
2 replies

{{ DiscussionBoard.errors[6370069].message }}

TheArticlePros

11 years ago

Originally Posted by Joe Robinson

Yeah, because if there is one thing I know about Jason from his time on the forum, it's that he secretly wants to hack all of our websites :rolleyes:.

Dammit Joe. I asked you to tell people how great my services were, not blow my master plan to take 1% of everyone's AdSense earnings for myself. Now I'm gonna have to go and create another alter ego and start over again here. I bet I could be Eoj Nosnibor. Whaddya think?

Originally Posted by fin

My spidey senses tell me this could be an elaborate ploy by the two J's to hack all our sites.

Ja lays the trap and Joe leads us into a false sense of security.

Fin, you left out the part where you hack their Paypal accounts and steal all of the rounded down change, like in OfficeSpace.

Originally Posted by so11

Hello,

Emily B, not a good idea to execute stuff that people tell you here...
If you are signedin, then you might execute the install function of all scripts in the specified directory.
If you are not signedin, probably nothing will happen.

cheers,

so11...no offense bud, but I'd be listening to the guy with 700+ posts and 360+ thanks before I'd listen to the guy with 20 posts total. I'm just sayin....

Originally Posted by MattCatania

Don't listen to this advice.

He was merely asking you to try it with YOUR OWN domain. How can you install malicious scripts if it's coming from your website?

Bingo. It was a really odd result on my stats page, and it came from a HostGator account based in India. Just make sure all of your stuff's up to date. If you can get somewhere by typing in that line of code, call your hosting company immediately and get them to fix it.

-- j

[ 1 ] Thanks

Signature

Posting About Life & Video Games:
http://www.jarycu.com

{{ DiscussionBoard.errors[6370114].message }}

so11

11 years ago

Originally Posted by MattCatania

Don't listen to this advice.

He was merely asking you to try it with YOUR OWN domain. How can you install malicious scripts if it's coming from your website?

thats not the point....the point is that you might install stuff that you dont need/want...thats all!

Thanks

Signature

www.groupesoloviev.com
We help businesses manage cyber risk and compliance requirements.

{{ DiscussionBoard.errors[6371453].message }}

TheArticlePros

11 years ago

Originally Posted by so11

Hello,

Emily B, not a good idea to execute stuff that people tell you here...
If you are signedin, then you might execute the install function of all scripts in the specified directory.
If you are not signedin, probably nothing will happen.

cheers,

Ya know, I think this post is worth going after twice. I really like this advice, but it should be further explained that you should run and hide from most WSO's and whatever this guy is advertising in his signature. I think it's funny he wants you to ask, but he can't even do PMs yet.

-- j

Thanks
1 reply

Signature

Posting About Life & Video Games:
http://www.jarycu.com

{{ DiscussionBoard.errors[6370122].message }}

Joseph Robinson Banned 11 years ago

Originally Posted by JaRyCu

I think it's funny he wants you to ask, but he can't even do PMs yet.

-- j

I asked. Things are getting weird.
- Thanks
- 1 reply
{{ DiscussionBoard.errors[6370153].message }}
- azmanar 11 years ago
  
  Just Exposed !
  
  The dangers of having 2 J's and 1 F in WF.
  
  [ 1 ] Thanks
  
  Signature
  
  === >>> Tomorrow Should Be Better Than Today
  
  {{ DiscussionBoard.errors[6370414].message }}

khaspar

11 years ago

That looks familiar.
I think I saw it today on one of my projects. In the Recent pages section (traffic)
So, tell me, What did you Find?
A Well put together Site?

Thanks

{{ DiscussionBoard.errors[6369569].message }}

so11

11 years ago

Hello guys,

No offense to anybody... It was a general comment. Though, i dont think it matters how many comments somebody has...important thing is how pertinent the comment is. I think mine was... its just not a good idea to try things on live/production sites, especially if you dont really know what it is.

[ 1 ] Thanks
1 reply

Signature

www.groupesoloviev.com
We help businesses manage cyber risk and compliance requirements.

{{ DiscussionBoard.errors[6371441].message }}

TheArticlePros

11 years ago

Originally Posted by so11

Hello guys,

No offense to anybody... It was a general comment. Though, i dont think it matters how many comments somebody has...important thing is how pertinent the comment is. I think mine was... its just not a good idea to try things on live/production sites, especially if you dont really know what it is.

On that point, I'll agree. Unless you're a programmer who can read the code and know what's going on with each line, it's rarely a good idea to trust something from a stranger. (Even if that stranger is me.)

The way I found out what the code that I posted does is that I simply put quotes around it and Googled it. I found entries in Yahoo Answers and several other places and found out for myself that it was safe, and then I found out why someone else would attempt it on my domain.

One I found that, I went and installed IP Filter for WordPress (free plugin) and blocked the IP of the offending user. If they're good at what they do, it was probably a proxy IP and they can try again, but it's all I knew to do.

Since your sig really does talk about security, what else do you think we could do?

-- j

Thanks
2 replies

Signature

Posting About Life & Video Games:
http://www.jarycu.com

{{ DiscussionBoard.errors[6371506].message }}

Chris Silvey

11 years ago

Actually that is a very old hack.

Thanks
1 reply

{{ DiscussionBoard.errors[6371529].message }}

Kingfish85

11 years ago

Originally Posted by Chris Silvey

Actually that is a very old hack.

X2, this is nothing new.

Thanks
1 reply

Signature

|~| VeeroTech Hosting - sales @ veerotech.net
|~| High Performance CloudLinux & LiteSpeed Powered Web Hosting
|~| cPanel & WHM - Softaculous - Website Builder - R1Soft - SpamExperts
|~| Visit us @veerotech Facebook - Twitter - LinkedIn

{{ DiscussionBoard.errors[6371693].message }}

TheArticlePros

11 years ago

Originally Posted by Chris Silvey

Actually that is a very old hack.

Originally Posted by Kingfish85

X2, this is nothing new.

Thank you both for that extremely useful information.

Can you be so kind as to provide something a little more useful, like maybe a fix for those us out there that aren't professional security experts such as yourselves?

-- j

[ 1 ] Thanks
1 reply

Signature

Posting About Life & Video Games:
http://www.jarycu.com

{{ DiscussionBoard.errors[6371773].message }}

Kingfish85

11 years ago

Originally Posted by JaRyCu

Thank you both for that extremely useful information.

Can you be so kind as to provide something a little more useful, like maybe a fix for those us out there that aren't professional security experts such as yourselves?

-- j

It's common scanning. In most cases it's nothing to worry about. You will spend more time "wasting time" than you will trying to figure it out. You can give your web host the IP and have them block it at the server level. If your using shared hosting or reseller hosting, there's not much you can do.

A lot of the paths you see in the logs will be non-existent or not accessible by anything other than localhost.

It would also help if the OP posted the entire line from the logs, as you will probably see "http code 404"

Older versions of phpmyadmin, mySQL etc are susceptible to exploits.

You can also configure your firewall to block these types of things. Solution is that if your web host is up to date, there shouldn't be any problems.

[ 1 ] Thanks
1 reply

Signature

|~| VeeroTech Hosting - sales @ veerotech.net
|~| High Performance CloudLinux & LiteSpeed Powered Web Hosting
|~| cPanel & WHM - Softaculous - Website Builder - R1Soft - SpamExperts
|~| Visit us @veerotech Facebook - Twitter - LinkedIn

{{ DiscussionBoard.errors[6371859].message }}

TheArticlePros

11 years ago

Originally Posted by Kingfish85

It would also help if the OP posted the entire line from the logs, as you will probably see "http code 404"

Much better answer, and really good information as well. I appreciate that. As far as posting all of the code, I did. That's all my stat tracker returned to me. When you actually go to the URL with my domain substituted, it does generate a 404 error, so I figured I was safe. I've noticed that I also get constantly scanned for my robots.txt file, but I read countless times where that's harmless so I don't worry about it.

When you say scan and scan...what am I scanning with? I use a plain ol' HostGator hosting package, so I'm not on my own server. My traffic's not high enough to warrant that yet. Do I just make sure and hit the update button whenever WordPress tells me to and trust that HG is doing everything else correctly in the background?

-- j

Thanks
3 replies

Signature

Posting About Life & Video Games:
http://www.jarycu.com

{{ DiscussionBoard.errors[6371882].message }}

dowho 11 years ago

robots.txt is harmless. It just keeps search engines out of files/areas you don't want them in. Not actually used to protect or exploit you.
- Thanks
{{ DiscussionBoard.errors[6371911].message }}

Kingfish85

11 years ago

Originally Posted by JaRyCu

Much better answer, and really good information as well. I appreciate that. As far as posting all of the code, I did. That's all my stat tracker returned to me. When you actually go to the URL with my domain substituted, it does generate a 404 error, so I figured I was safe. I've noticed that I also get constantly scanned for my robots.txt file, but I read countless times where that's harmless so I don't worry about it.

When you say scan and scan...what am I scanning with? I use a plain ol' HostGator hosting package, so I'm not on my own server. My traffic's not high enough to warrant that yet. Do I just make sure and hit the update button whenever WordPress tells me to and trust that HG is doing everything else correctly in the background?

-- j

Don't pay attention to Wordpress logs. Use raw logs.

When I say "scan", I'm referring to scans like script scans, url scans, port scans etc.

As far as server security & firewall settings go, there's nothing you can do. That is on the web host to ensure their environments are secure.

If you go to the url and it generates a 404, then it's a url that doesn't exist. The scan that you have a log for is an exploit for an older version of phpmyadmin.

Thanks

Signature

|~| VeeroTech Hosting - sales @ veerotech.net
|~| High Performance CloudLinux & LiteSpeed Powered Web Hosting
|~| cPanel & WHM - Softaculous - Website Builder - R1Soft - SpamExperts
|~| Visit us @veerotech Facebook - Twitter - LinkedIn

{{ DiscussionBoard.errors[6371928].message }}

so11

11 years ago

Originally Posted by JaRyCu

Much better answer, and really good information as well. I appreciate that. As far as posting all of the code, I did. That's all my stat tracker returned to me. When you actually go to the URL with my domain substituted, it does generate a 404 error, so I figured I was safe. I've noticed that I also get constantly scanned for my robots.txt file, but I read countless times where that's harmless so I don't worry about it.

When you say scan and scan...what am I scanning with? I use a plain ol' HostGator hosting package, so I'm not on my own server. My traffic's not high enough to warrant that yet. Do I just make sure and hit the update button whenever WordPress tells me to and trust that HG is doing everything else correctly in the background?

-- j

Be careful with this statement... robots.txt might get scanned to see what gets indexed... a lot of unexperienced web developpers will index everything and i mean everything, so indexing the right stuff is very important.

Im not a big fan of free scan tools. the problem is they create lots of false positive/negative results, so basically they'll misguide you and make you waste your time for not important stuff...Another story real scanner, they get pricy. So its like anything else,your choice : go free, , pay for a product, outsouce the service or do nothing.

don't update right away, unless its a special update fixing a specific critical issue needed to be patched right away. Wait a couple of months...they'll take care of buggy stuff and then patch and then scan

Thanks

Signature

www.groupesoloviev.com
We help businesses manage cyber risk and compliance requirements.

{{ DiscussionBoard.errors[6371976].message }}

andersvinther 11 years ago

Originally Posted by JaRyCu

what else do you think we could do?
-- j

You can run through this WordPress Security Checklist to see if you have missed anything... if you're running WordPress that is :-)
- Thanks
- 1 reply
{{ DiscussionBoard.errors[6372765].message }}
- TheArticlePros 11 years ago
  
  Originally Posted by andersvinther
  
  You can run through this WordPress Security Checklist to see if you have missed anything... if you're running WordPress that is :-)
  
  *wink wink* LOL!
  
  I'll check that out when I get home this evening and see if it can fit my needs.
  
  -- j
  
  Thanks
  
  Signature
  
  Posting About Life & Video Games:
  http://www.jarycu.com
  
  {{ DiscussionBoard.errors[6373177].message }}

OldLodgeSkins

11 years ago

I've seen some of these attacks appear in my logs recently... I mean, the first one I've seen is maybe a week old. Makes me laugh...
Something as vital as PhpMyAdmin - or any admin tool for that matter - shouldn't be accessible by anybody without prior identification, period. All my admin areas are protected by a .htaccess, always. This is actually one of my first orders of business when I build a new website...

Seb.

Thanks

Signature

Do you use Facebook ? Then you can make money just by inviting people to a Facebook group ! It's called the Instant Income System. How cool is that?

{{ DiscussionBoard.errors[6371526].message }}

so11

11 years ago

The reason I've made a comment in the fist place, is the actual code line itself...just dont run it... period. In your directory you might have bunch of stuff, installed and not installed scripts and so on. You run the script, you might execute everything under that directory, including the stuff you dont want...thats all.

Now, why somebody would want to do that? The person is searching for WP sites with default configurations...Ex.: admin password is by default... you are cooked!

IP block is only effective if your site gets bombed with requests...like a DOS attack. In this situation, that wont work.

What you can do:

1. Follow good practices (passwords, configurations, etc.)
2. Dont execute anything, unless you know what it is
3. Periodically scan your sites with Web application security scanner to identify vulnerabilities and patch/correct them.

so11

[ 2 ] Thanks
1 reply

Signature

www.groupesoloviev.com
We help businesses manage cyber risk and compliance requirements.

{{ DiscussionBoard.errors[6371564].message }}

magiclouie

11 years ago

Originally Posted by so11

The reason I've made a comment in the fist place, is the actual code line itself...just dont run it... period. In your directory you might have bunch of stuff, installed and not installed scripts and so on. You run the script, you might execute everything under that directory, including the stuff you dont want...thats all.

Now, why somebody would want to do that? The person is searching for WP sites with default configurations...Ex.: admin password is by default... you are cooked!

IP block is only effective if your site gets bombed with requests...like a DOS attack. In this situation, that wont work.

What you can do:

1. Follow good practices (passwords, configurations, etc.)
2. Dont execute anything, unless you know what it is
3. Periodically scan your sites with Web application security scanner to identify vulnerabilities and patch/correct them.

so11

Nice one, so11.

Just out of curiosity, do you do penetration testing?

Thanks
1 reply

{{ DiscussionBoard.errors[6374042].message }}

so11 11 years ago

Hello Magiclouie,

just to make sure we are talking about the same stuff.

Penetration testing and vulnerability scanning are two different things, though very closely related.

Vulnerability scanning is a passive scan that checks for gaps, misconfiguration, security issues/vulnerabilities and so on. Usually this kind of test is harmless, but very effective to identify security issues/holes/problems.

Now, penetration testing is actually when you try to exploit those vulnerabilities to penetrate security perimeter, which could lead to potential problems such as DOS attack for example. This kind of tests are not welcomed and not authorized by hosting providers, because its basically hacking...Imaging if everybody would be doing that... Sometimes though, special/major clients can get that kind of authorization.

So I hope this clarifies some things...

PS. : if interested, you can look me up in Warriors for hire section. thanks

so11
- [ 1 ] Thanks
Signature
www.groupesoloviev.com
We help businesses manage cyber risk and compliance requirements.
{{ DiscussionBoard.errors[6375228].message }}

TheEnlightenedBeing1

11 years ago

Yup, don't immediately try anything especially if it includes code that will involve your sites or ip addresses. Others may not have the right intentions...

Thanks

{{ DiscussionBoard.errors[6371629].message }}

so11

11 years ago

JaRyCu,

dont worry about it...people scan sites all the time to probe them for vulnerabilities...its another story if you've got them than you are at risk.

So be in advance, scan and patch, scan and patch ...

[ 1 ] Thanks
1 reply

Signature

www.groupesoloviev.com
We help businesses manage cyber risk and compliance requirements.

{{ DiscussionBoard.errors[6371848].message }}

dowho 11 years ago

Well that "attack" only actually poses a threat on a windows server. On a linux server, they would have to be logged in as root (or sudo it) to run phpmyadmin setup. Provided that your host hasn't completely mangled their setup.

Other, (often simpler) exploits include looking for:
yourdomain.com/install.php
/admin.php
/thanks.php (on sales sites)
/cp.php

Often you will find you need one of these on your site to setup a plugin. Always remember to remove that file after it's installed.
- Thanks
{{ DiscussionBoard.errors[6371893].message }}

alistair

11 years ago

I've seen this on a few of my sites today and wondered what it was.

Everything is in lower case letters except the actual domain name for some reason which is in capitals.

Thanks

{{ DiscussionBoard.errors[6371929].message }}

Noel Cunningham

11 years ago

Interesting thread guys...coming from someone here who isn't very knowledgeable on security issues could I ask...

What would be a good way to analyze your sites and assess how secure they are? I'd be interested to hear your thoughts...

It's something I need to learn more about. Thanks.

Thanks
1 reply

Signature

Killing Off the Day Job...

{{ DiscussionBoard.errors[6371950].message }}

so11

11 years ago

Originally Posted by Noel Cunningham

Interesting thread guys...coming from someone here who isn't very knowledgeable on security issues could I ask...

What would be a good way to analyze your sites and assess how secure they are? I'd be interested to hear your thoughts...

It's something I need to learn more about. Thanks.

just keep reading it gets better and better...

Thanks

Signature

www.groupesoloviev.com
We help businesses manage cyber risk and compliance requirements.

{{ DiscussionBoard.errors[6372011].message }}

TheArticlePros

11 years ago

OK it looks like I'm outta thanks for the day, but this thread has turned out to be a lot better than I thought it would when I posted it yesterday.

A lot of good information is starting to surface about how to protect yourself and I'm really grateful to yall for chipping in.

I will say that I traced the IP back to a Bluehost account, and I attempted to file a complaint with them. After going through their live chat for 15-20 minutes this morning, their admin told me that he could not determine which user was running the script, so it was all for nought. At least I know now, and I'm happy with that.

-- j

Thanks
1 reply

Signature

Posting About Life & Video Games:
http://www.jarycu.com

{{ DiscussionBoard.errors[6372161].message }}

Kingfish85

11 years ago

Originally Posted by JaRyCu

OK it looks like I'm outta thanks for the day, but this thread has turned out to be a lot better than I thought it would when I posted it yesterday.

A lot of good information is starting to surface about how to protect yourself and I'm really grateful to yall for chipping in.

I will say that I traced the IP back to a Bluehost account, and I attempted to file a complaint with them. After going through their live chat for 15-20 minutes this morning, their admin told me that he could not determine which user was running the script, so it was all for nought. At least I know now, and I'm happy with that.

-- j

I'm glad you got some useful info here. As for the other comment regarding BlueHost - I'm not surprised. they are notorious for lacking security. Can't track down the user that's running the script? That's the most ridiculous thing I've ever heard.

Thanks
1 reply

Signature

|~| VeeroTech Hosting - sales @ veerotech.net
|~| High Performance CloudLinux & LiteSpeed Powered Web Hosting
|~| cPanel & WHM - Softaculous - Website Builder - R1Soft - SpamExperts
|~| Visit us @veerotech Facebook - Twitter - LinkedIn

{{ DiscussionBoard.errors[6372174].message }}

TheArticlePros

11 years ago

Originally Posted by Kingfish85

I'm glad you got some useful info here. As for the other comment regarding BlueHost - I'm not surprised. they are notorious for lacking security. Can't track down the user that's running the script? That's the most ridiculous thing I've ever heard.

You're not just saying that because of the really big ad in your sig, are ya?

LOL!

I kinda figured it was a load of hogwash when they told me that. I'm an IT guy (in training) and I have some experience with this...they told me that next time I need to let them know when it's actually happening. I guess that means I have to monitor all of my domains to find that .02 seconds when someone unsuccessfully runs that script and let Bluehost know about it right then, huh?

-- j

Thanks
1 reply

Signature

Posting About Life & Video Games:
http://www.jarycu.com

{{ DiscussionBoard.errors[6372216].message }}

Kingfish85

11 years ago

Originally Posted by JaRyCu

You're not just saying that because of the really big ad in your sig, are ya?

LOL!

I kinda figured it was a load of hogwash when they told me that. I'm an IT guy (in training) and I have some experience with this...they told me that next time I need to let them know when it's actually happening. I guess that means I have to monitor all of my domains to find that .02 seconds when someone unsuccessfully runs that script and let Bluehost know about it right then, huh?

-- j

Nope. It's an honest statement.

I wouldn't worry too much about that script though.

Thanks

Signature

|~| VeeroTech Hosting - sales @ veerotech.net
|~| High Performance CloudLinux & LiteSpeed Powered Web Hosting
|~| cPanel & WHM - Softaculous - Website Builder - R1Soft - SpamExperts
|~| Visit us @veerotech Facebook - Twitter - LinkedIn

{{ DiscussionBoard.errors[6372242].message }}

Dylan Lars

11 years ago

Well, this is an attempt that has been noticed before, I think early 2011, maybe mid. This was a scan for leaks in the site, but since the file ".../phpMyAdmin/scripts/setup.php" doesn't exist on updated installations, this brute force technique doesn't compromise anything. So if there is a problem for whatever reason, just update your installation.

Also, check your logs. Find the host, which will be the IP (usually marked as Host) and find who the service provider is. Report it to their abuse center.

Hope this helps.

Thanks for the heads up JaRyCu

Best,

Dylan

Thanks

{{ DiscussionBoard.errors[6372325].message }}

so11

11 years ago

Hello all,

I've created a security thread "Security FAQ". I thought it could be useful for all security related stuff...

feel free to post your questions...

so11

Thanks

Signature

www.groupesoloviev.com
We help businesses manage cyber risk and compliance requirements.

{{ DiscussionBoard.errors[6373905].message }}

*Gabriel*

11 years ago

Thanks. It's a good reminder to keep all your software & servers up-to-date.

Thanks

{{ DiscussionBoard.errors[6375457].message }}

williamk

Banned 11 years ago

Thanks JaRyCu. I just triple checked all my sites and they look good so far. But its good to know this fault in the sites. It will help in safeguarding my future sites too.

Thanks

{{ DiscussionBoard.errors[6382710].message }}

ankur sharma

11 years ago

thanks for sharing I think it's time to go and check my own WordPress website.

Thanks
1 reply

{{ DiscussionBoard.errors[6504600].message }}

Jays80 11 years ago

Thanks for sharing this. as of now my all websites look fine.
- Thanks
{{ DiscussionBoard.errors[6525477].message }}

Hacker Warning

Trending Topics

What is the acceptable spam rate for cold emails?

Dan Kennedy wants me to speak at his event?

Should I create Profile Backlinks in 2023?

Life can make you change paths when least expected

Photo type for website Webp VS JPG