Receiving Payments from Affiliate Marketing: Payment Methods Pros and Cons

There are a lot of different affiliate marketing opportunities out there for bloggers. Unfortunately, there are also a lot of methods of payment from those affiliate merchants and various rules that come with each. When I first started monetizing my blog, I couldn’t afford an accountant, so a lot of this was sort of a learn as I go process. Find out what I’ve managed to learn about the various affiliate marketing payment methods such as direct deposit, check, wire transfer and more!

Log Monitoring: Logins to Different Accounts from the Same Location

In my last article, we looked for users that had multiple logins with impossible timestamps. For this search, we’ll be doing the opposite. Instead of looking at one user being accessed from multiple locations, we’re going to look at one location accessing multiple users. Sometimes, this is as simple as a husband and wife who work for the same company both logging into their work accounts from the same home computer. Other times, it’s an indicator that you could have a major breach on your hand! Let’s take a look at how to keep an eye on accounts being accessed from the same location…

Log Monitoring: Logins with Impossible Timestamps

In my previous article, I talked about looking for logins from unusual locations, specifically outside of the United States. However, if you are an international company, or just generally have users all over the world, that search may not be the best fit. Instead, you can implement a similar search by looking logins that physically wouldn’t be possible. For example, a login from the United States, and then five minutes later a login from China.

Log Monitoring: Unusual Locations

If you work for a smaller company that only has one or a handful of offices all in the same area, there’s a good possibility that there won’t be too many logins from locations outside the immediate area. If my company is based in Tennessee, it’s unlikely that there will be logins from say, Washington. It’s even less likely that there will be logins from out of the country. Sure people travel, you’ll get a few false positives. However, it can also be a good first indicator that an account has been compromised, especially if you see logins from places like Iran or China. Let’s see how to watch out for logins from unusual locations!

Log Monitoring: Attempted Logins to Disabled and Nonexistent Accounts

Failed logins can be interesting, but more often than not, the reason for the failure is more interesting than the failure itself. Some of the more interesting failure reasons include “the account doesn’t exist” and “the account is disabled.” Sometimes, you might see attempted logins to nonexistent accounts simply because somebody mis-typed their username. You can also see this if a person leaves a company and had services running under their name or they were still logged into a system. However, it can also be a good first indicator that an attacker may be trying to compromise accounts and/or fain access to a system. It can also mean that a recently fired, disgruntled employee is trying to get access to their old account. Let’s see how to monitor for attempted logins to disabled and nonexistent accounts!

How to Create Custom Templates for Amazon Associates Link Builder

Amazon Associates Link Builder plugin is a fantastic way to start inserting Amazon affiliate links without a whole lot of work. For me though, the built in templates for displaying Amazon products just didn’t cut it. Thankfully, the plugin allows us to build our own template with HTML, CSS, and Mustache (a web template system). Let’s find out how to create custom templates for Amazon Associates Link Builder!

Log Monitoring: Connections to Malicious Domains

No matter how much security awareness training we do, there will likely always be that one user who falls victim to a phishing scam. Sometimes, we’re lucky enough to catch it right away. Other times, users can remained for days, weeks, or even months. Wouldn’t it be nice to know every time on of our users visited phishing or malware infected websites? Guess what? We can! Let’s see how to monitor for connections to malicious domains!

Log Monitoring: Generic Accounts

A lot of times companies set up generic email accounts such as info@company.com that multiple people will be given access to. However, it’s best practice that nobody has direct username/password access to these generic accounts. Instead, an individual user account is just given permission to see the email box of the generic account and maybe even reply as that account. However, users typically shouldn’t be able to actually “log in” to that generic account. Therefore, any attempts to might raise some red flags. Let’s check out how to monitor for attempted logins to generic accounts…

Log Monitoring: Changes to AD Groups

Active Directory (AD) is a big part of access controls in most corporate companies that use Windows. AD Groups often control the access users have to  particular files, systems, and/or applications. For example, they can be used to give a user access to the company’s Virtual Private Network (VPN), a shared folder, or even access to manage the entire network. For this reason, AD Groups should be monitored and audited frequently, especially the ones that give highly privileged access (think Domain Admin, Network Admin, etc). Thankfully, log monitoring can do a lot of this for us. Let’s see how to monitor for changes to AD Groups!