jump to navigation

Bash commands September 7, 2008

Posted by Joker in : blog, scripts , add a comment

I’m currently working on a script to list several bash commands that I use at work all the time. Yes I’m making a script instead of a static HTML page. This is because I can change the sorting on it among other things easier then when just typing up a plain old HTML file.

It is going to be here. As I said I’m still working on it. That is to say it isn’t even working yet. I made a static page to hold some commands temporally before I actually get it working.

Sphere: Related Content

Securing your site June 21, 2008

Posted by Joker in : FrontPage, Security, blog , add a comment

Since I’ve seen so many customers getting their accounts hacked I figured I’d post the tools I have to try to deal with these types of issues.

One of them can be found here, it was written by one of my co-workers. (His scripts should only work on Linux/Unix based OS’s, sorry no Windows support.) Basically he wrote a script that checks for some easy to discover vulnerabilities such as having register_globals enabled or world writable files among other things. He also wrote a script to fix those issues, one to tell you if any changes have occurred since the last time the script was run, & he converted my FrontPage clean up script for SSH.

I also made it so that the security scanner he wrote can work in php. (Once again this is only for Linux/Unix servers.) You can get it here.

Sphere: Related Content

Update on the FrontPage Server Extensions cleanup script May 3, 2008

Posted by Joker in : FrontPage, blog, work , add a comment

Well as I mentioned earlier I made a script for cleaning up the Microsoft FrontPage Server Extensions. I have recently made some major overhauling of it. Now instead of running a series of searches to find the offending files & folders, only one search is done making it much less intense on the server, or at least that is the hope.

Another thing only the first few versions deleted the .htaccess files. I had someone help me figure out how to rename them instead. I used that command through version 3.5 after which I made 4.0 which didn’t do that.

If you want to get a copy of every version I remembered to save you can obtain it here. Of course if you want the current version you can get it here.

Now that the script is written entirely in php I’m going to see if I can do anything to improve the performance of the script further.

Sphere: Related Content

Spammers don’t ever seem to give up April 4, 2008

Posted by Joker in : Evil, blog, spam , 1 comment so far

I really don’t understand why people delete the account. I came up with a better solution, at least I think it is.

  1. I changed the password for that account.
  2. I made it so the user doesn’t even have read rights. Thanks Role Manager.
  3. I changed almost everything about the user to indicate it is a spam account.
  4. I disabled the forgot password feature. Thanks WP-IDS.

Yes I am talking about the account alina77vere9uk account that everyone seems to be getting on tons of blogs that has that really suspicious e-mail address of alina77vere@gmail.com.

I am also grateful to BlogSecurity for info on securing my blog.

Sphere: Related Content

Strange Island Pic March 14, 2008

Posted by Joker in : blog , add a comment

Well I suppose this is a real change for me. A post with a picture in it, or more accurately about a picture.

small IslandWhen I first looked at this picture I figured it was likely a photo shop job. I still can’t help but think it is. I haven’t been able to find anything on this pic so I really don’t know if it is or isn’t though.

It is still interesting so I thought I would keep it & post it in hopes someone can identify it for me.

You can get a full size version from here.

Sphere: Related Content

More on the Microsoft FrontPage Server Extensions February 25, 2008

Posted by Joker in : FrontPage, blog, work , add a comment

Well I figure it is about time that I make another post. Back to the subject of the Microsoft FrontPage Server Extensions. Well I’ve seen way to many customers at Bluehost using things they shouldn’t with the Microsoft FrontPage Server Extensions being used on their account. Here is a list of some of the offenders HotLink protection, Password Protect Directories, IP Deny Manager, Leech Protect, anything that uses mod rewrite (examples would be Joomla & WordPress), & just about anything that thinks about touching the .htaccess file(s).

So I ended up leaning some SSH commands to do the cleanup. The only problem is that I have to jump through several hoops to run them. I then found a way to run the commands from inside a PHP file which made it even easier. So now yes I have a php script that cleans out the extensions. (Please note I only developed them to work on Linux servers & I highly doubt they will work on Windows servers.)

I know you might think it a little extreme to delete every last file & folder with the following names, but if you knew how frequently & easily they broke you might understand. The names of the files & folders that get deleted are the following .htaccess, postinfo.html, _vti*, _themes, _private, _overlay, _fpclass, _derived, & _borders. I know this means you have to republish any web, but it does cleanup the server 100% thus if the borders or themes are broken it is coming from your copy of Microsoft FrontPage which is broken, your web is broken, or the configuration file is corrupted.

Sphere: Related Content

MD5, Should we really be using just it? December 3, 2007

Posted by Joker in : Security, blog, hash , add a comment

Well why are we still using MD5 hashes? I really want to know as I’ve heard of & seen at least one example where this is happened. This made me think that the solution might be to use multiple methods of saying it is what it says it is. I say this because all of the encryption methods I know of were developed by humans & thus have a good chance of having some sort of flaw in them. I strongly believe in the following, nothing is fool proof against a sufficiently talented fool.

My idea is to use three different hashes to significantly reduce the chances of the file being intercepted & replaced with something else. The three that I’m thinking about are MD5, SHA-1, & cyclic redundancy check. Yes I know that cyclic redundancy check is considered to be highly insecure, but I think that it would help a tiny bit unless someone else has a better idea of what a third hash function that is better. Since they all have different mathematical functions this should reduce the chances of people faking files.

In the example I showed the files they provided only matched on the MD5 hash value with entirely different SHA-1 & CRC values. I only proposed those three because they are the only functions I know of that can determine if the files are the same. Also size is important, but in the example I showed earlier all the pdf files they had are exactly the same size. I guess this proves that one hash & the file size is not enough.

Sphere: Related Content

The RIAA, the MPAA, Sony & the DMCA October 17, 2007

Posted by Joker in : DMCA, Evil, MPAA, RIAA, Sony, blog , add a comment

I was looking up the word terrorism & I realized that it applies to the RIAA & MPAA, as they are trying to instill a sense of fear into the population. I had heard someone saying the at it should apply to Sony back when the rootkit was first discovered in 2005. (I had to use the Internet Archive to get that because the original page is gone now.) I know I’m afraid of downloading MP3 files because of the number of lawsuits that the RIAA has started & the MPAA doesn’t seem much better only I haven’t heard as many frivolous lawsuits from them. By that I mean how the RIAA keeps suing people even people who are dead & didn’t have a working computer.

Since President Bush declared war on terrorism I think that should to apply to organizations like Sony, the RIAA, & the MPAA. Sony for the rootkit they released & the attitude they had about it. The RIAA & MPAA for the way they behave with all the frivolous lawsuits. I think I should be able to have my movies edited so they don’t have the filth that Hollywood seems to keep coming out with.

They seem to think that if they scare us they can stifle technology. They seem to be going into the future while traveling into the past. They didn’t embrace the Internet or MP3’s when they came out. Now you have to hear crap about you would do this or that before you can watch the DVD you just bought. I agree the artists should receive some money for what they have done, but I believe that with the Internet the artists should be able to free themselves of the shackles that the RIAA & MPAA place on them.

Next that the MPAA doesn’t seem to have a clue about how to do a proper rating system. Here are some rules that I think should be implemented on the rating system.

  1. The people rating the movies need to be on a publicly available list. This is so they can be held accountable. The only group I know of that doesn’t do this for a rating system is the CIA & I am ok with them keeping it secret. All other major rating systems I know of have a way of finding out who did what. (Do we really want another Enron?)
  2. There needs to be a set of rules written as to what makes a movie to what rating & it needs to be followed to the very last jot & tittle. (BTW from what I understand a Jot & a tittle are two of the smallest marks in the Hebrew Language.)
  3. When a precedent is set by saying one thing is ok in a certain rating to be fair it should be allowed or the previous rating needs to be stricken.
  4. There should be at least one clergy from each major religion making the rules. Yes I know this means the Catholics, Protestants, Jews, Mormons & several other religions that I can’t remember the names of.

Ok those are the rules I can think of so far. If anyone has any other Ideas I’d be glad to hear them.

More information about the RIAA can be found at this blog. And they prove me right about Sony being evil too. Wow I hate to say this but AOL now actually has competition for being the most evil major corporate entity. I mean the spyware, adware, & other scumware programs come close, but they are to small after all to really compete with the RIAA, MPAA, Sony, or AOL.

So where does this leave us. We need to do something about companies with attitudes like this. The evil needs to be stopped. I don’t pretend to know how, but I know something must be done.

One other thing while I’m ranting about evil companies. What I really don’t get is why do they call DRM “Digital Rights Management” when it should be “Digital Restrictions Management”. Yes that’s right it is about putting Restrictions on what you can do & thanks to DMCA (PDF warning) you can’t legally go around the DRM.

Sphere: Related Content

FrontPage Server Extensions October 15, 2007

Posted by Joker in : FrontPage, blog, work , add a comment

Well I guess it is time I make another post.

Here is what I know about the Microsoft FrontPage Server Extensions & how to troubleshoot them.

1) Go to http://www.yourdomain.com/_vti_bin/shtml.exe (replace “www.yourdomain.com” with the domain in question. This works on Windows based web servers, Unix based web servers, & Linux based web servers.). You should get the following message ‘Cannot run the FrontPage Server Extensions on this page: “”‘, anything other then that indicates the server extensions are broken, that means they need to be reinstalled. The exact procedure depends on your web host so I won’t post directions for doing that.

2) If you are not able to open site with http://www.yourdomain.com (replace “www.yourdomain.com” with the domain in question.). If this lets you sign in, only asks for user name & password once. They are working otherwise they are broken or something is preventing you from signing in. The causes of it not signing in are vast and many if the extensions are not truly broken. On Linux & Unix servers it is frequently the .htaccess file has something screwed up in it. On Windows servers I’m not sure because I never had this happen with the extensions not being broken.

3) You can’t publish in FrontPage on a 16-bit TCP/IP stack as it requires a 32-bit stack, I’m not sure which version this started with, but I know that at least FrontPage 98 required it & above. This means AOL customers, unless AOL decided to actually use a 32-bit TCP/IP stack.

Oh Microsoft has a good article on how to tell if the FrontPage Server Extensions are installed & working. OH & yes I did write the article, I have no idea why they said it is for FrontPage as it is for the FrontPage Server Extensions versions 98, 2000, & 2002. That’s right even though Microsoft made FrontPage 2003 the last extensions were the 2002 extensions.

Well thats all for now I’ll post more another time.

Sphere: Related Content

New job August 14, 2007

Posted by Joker in : blog, work , add a comment

Well I’ve got a new job doing technical support for Blue Host. Obviously they are a web host. So far I’ve been learning a lot about Linux, SSH, & more about how the Internet works.

Sphere: Related Content

Bad Behavior has blocked 12 access attempts in the last 7 days.

It seems you're using an unsafe, out-of-date browser. Click here to upgrade to Firefox for free.