|
|
front page
|
Thursday, 14 June 2007 |
As some of you may know, I recently installed the Page Cache extension for Joomla by ircmaxwell. It is simply amazing. Although I was using a tiny fraction of my Dreamhost-alloted bandwidth to begin with, this is amazing. The difference between the bandwidth usage, as well as my conquery usage are astounding. I can't believe it! It seems bandwidth usage and conqueries have decreased DRASTICALLY, and page load time has never been better! It is a win-win extension, and its free! Go install it!
|
|
|
Wednesday, 13 June 2007 |
At 9512 signatures at the writing time, the Petition for iTunes on Linux seems to be faring well. I know that many people who use Linux prefer GTKPod, and Amarok, among others, do some good for your other Linux using brethren and please sign the petition. No one program that I know of for Linux so far is capable of interfacing with the iPod as iTunes does, and no other works with the iTMS, which may or may not be good in your opinion, but note that the DRM can be removed. Whatever type of user you are, if you use Linux, please look at, and sign the petition.
|
|
Read more...
|
|
|
Tuesday, 12 June 2007 |
As everyone who has ever read my blog probably knows by know, I have noticed a large increase in the number of hack attempts upon my Joomla based site. I currently have a little fun with these hackers, and have decided to make my noindex page a bit of a honeypot experiment. In the recent zipfile I posted of strings these hackers use, as well as their scripts, I copied the strings and pasted them in the bottom of my noindex.html page. Then, I stuffed the page with Google ads (may as well try to make a buck off of them, huh?), and ran it through the QUIT indexing tool. Hopefully, my site's hack attempts will all be constrained to only my noindex.html page, rather than my actual site from now on.
Some friends of mine, as well as myself have been discussing measures to further mess with these would-be hackers. Don't get me wrong, I consider myself a hacker, but more of a white/greyhat, and not a cracker or defacer. We are eventually going to build a noindex page to rule them all, one that will do lots of fun things to the attacker's browser/script, hopefully shutting or slowing him/her down. Some ideas we have had include the following:
- Millions of popup windows, going to user chosen locations, like ads, affiliate sites, Goatse, etc...
- Refresh every x seconds, popping up all of the windows again
- Create a memory leak somehow
- Have the hacker's machine attempt to calculate Pi through their browser
- Use portions of other crash scripts from around the web
- Offer to install weather spyware, bonzi buddy, etc...
- The list goes on
The only problem is that I stink at PHP, as well as Java. I can do templates, but that is about the full extent of my web language abilities. Anybody have any ideas, or code you would like to contribute? If so, just leave a comment and we can get in touch. Otherwise, go to I-Hacked and submit a worthwhile article to get a free membership. Then, you can discuss the project in there with us.
|
|
|
Monday, 11 June 2007 |
I updated the Sharp Fonts in KDE article today with information on improving fonts within some GTK applications. Here it is, in case you don't want to scroll to the bottom of that article:
Some GTK Apps
For some GTK apps, it is possible to make the fonts look nice. For example, without the next tweak, Automatix's fonts would look like garbage. Open a terminal and type "sudo vim ~/.gtkrc.mine" then hit the "I" key. Copy and paste the below text into the terminal:
style "user-font"
{
fontset="-microsoft-tahoma-medium-r-normal-*-10-&#-*-p-&#"
}
widget_class "*" style "user-font"
Then, hit the "Esc" key, and type :wq (colon "w" "q"), and hit enter. All done!
|
|
|
Sunday, 10 June 2007 |
I have had lots of code injection attempts as of late, and none have been successful. What the people behind these attacks are doing fit into two categories:
1. They are hacking sites just to display a "hacked by" page, to get more cred among the hacker community
2. They are using these injection scripts to run shell scripts to control the server which is then used for DoS, as well as other nefarious activities.
How do "they" find potentially vulnerable sites? They use a list of strings to search for in Google, and I happen to have it. Get it here, and block all of these URLs (or those that apply to your CMS) in your .htaccess file, or by some other means.
I have gone through my server logs, and posted my Joomla URLs that people attempt to inject code into, with the hope that people will block them in .htaccess to prevent security issues. Also, I highly suggest you make sure the PHP fopen() function is disabled in your php.ini, to prevent remote files from being opened by your server.
Alongside these URLs, I have grabbed copies of all of the scripts these hackers are using, most of which are hosted on hacked sites. In the downloads area, you will find a zipped pack of these scripts, which also has places they are hosted. I hope that someone more skilled in security and PHP can use these for the benefit of webmasters like myself.
One More Example
|
|
| | << Start < Prev 11 12 13 14 15 16 17 18 19 20 Next > End >>
| | Results 91 - 99 of 231 |
|
