Thanks to the Black Hat community not keeping a lid on their activities I’ve been made aware of a spamming system targetted at the DigitalPoint forums. It can, however, be used on any vBulletin forum - I would assume. Some have implemented different rules around when you can send a private message, and some might even have captcha - but it’s all circumventable. (more…)
Microsoft’s .Net applications have failed to dominate the web world. Certainly there are alot of sites using it, and alot of very good applications built in it but the closed door, clip the ticket approach has blocked alot of interest. Add to that the lower hosting costs of PHP and you’re onto a winner with smaller enterprises.
Now Microsoft are announcing that their focus has moved away from the PC and onto the Web and that LiveMesh is their new baby. We’re yet to see what LiveMesh actually is but LiveSide define it as: (more…)
I’ve just discovered the Goolag Scanner.
It’s a handy dandy tool for using Google queries to identify if there are any known holes in a website. Googlebot has already checked every crevice in the site, I just want to know what it knows!
Now Google, being all security conscious and that, gets a bit sensitive about you running these queries. They know that it’s possible you’re going to use the results to do bad things. (more…)
I check the whois records for domains reasonably often. Whoisguard type systems are commonly in place to protect the identity of the domain owner. No problems there.
What irks, though, is the people who give completely false information… like this one where the info is incomplete and gives an Australian address yet I know that the actual owner is in India. By saying he’s in Melbourne he aquires a western credibility he perceives as superior to his Indian identity. (more…)
This is a big topic in Auckland right now as our City Council Elections are hijacked by a supposed candidate promoting his porn empire. It’s hard to separate the “no harm done” side of the industry from the exploitive and damaging side and to understand, in the long run, where to draw the line.
Aside from the obvious industry fronts of websites, movies, magazines and gadgets there are the rogues that exploit the demand for the product. I guess anytime you have something popular there are going to be people who trick and connive.
Take Captcha - it’s a great way to bot proof your website and unless (more…)
This is a hot topic at DigitalPoint right now as there is a bot working it’s way down the memberslist and doing bruteforce or dictionary attacks on the logins. Because the forum uses vBulletin it only gets 5 shots before there’s a lockout and it has to move onto the next member and then remember to return later. But it’s keen and has been running for a couple of days now. Reports indicate that it’s tried some other forums too.
Why? (more…)
Manuel Lemos from phpClasses.org has written an excellent post about about the risks when allowing users to upload images. It’s not something I’ve done alot but lets say you have a generated image such as this one - with a .php extension. I could upload it to your server and have it served from there - not much use to me because it would fail to update.
The next guy, however, might be uploading a malicious script that might take over your server, send spam etc.
Read his post here: PHP security exploit with GIF images
