May 8, 2008

vBulletin needs to tackle Private Message Spam

Thanks to the Black Hat community not keeping a lid on their activities I’ve been made aware of a spamming system targetted at the DigitalPoint forums. It can, however, be used on any vBulletin forum - I would assume. Some have implemented different rules around when you can send a private message, and some might even have captcha - but it’s all circumventable. (more…)

April 24, 2008

LiveMesh - the end of PHP?

Microsoft’s .Net applications have failed to dominate the web world. Certainly there are alot of sites using it, and alot of very good applications built in it but the closed door, clip the ticket approach has blocked alot of interest. Add to that the lower hosting costs of PHP and you’re onto a winner with smaller enterprises.

Now Microsoft are announcing that their focus has moved away from the PC and onto the Web and that LiveMesh is their new baby. We’re yet to see what LiveMesh actually is but LiveSide define it as: (more…)

April 11, 2008

Dear Google, It’s my site, let me scan!

I’ve just discovered the Goolag Scanner.

It’s a handy dandy tool for using Google queries to identify if there are any known holes in a website. Googlebot has already checked every crevice in the site, I just want to know what it knows!

Now Google, being all security conscious and that, gets a bit sensitive about you running these queries. They know that it’s possible you’re going to use the results to do bad things. (more…)

December 17, 2007

Domain registration changes we need!

I check the whois records for domains reasonably often. Whoisguard type systems are commonly in place to protect the identity of the domain owner. No problems there.

What irks, though, is the people who give completely false information… like this one where the info is incomplete and gives an Australian address yet I know that the actual owner is in India. By saying he’s in Melbourne he aquires a western credibility he perceives as superior to his Indian identity. (more…)

August 22, 2007

Exploiting the Adult Industry

This is a big topic in Auckland right now as our City Council Elections are hijacked by a supposed candidate promoting his porn empire. It’s hard to separate the “no harm done” side of the industry from the exploitive and damaging side and to understand, in the long run, where to draw the line.

Aside from the obvious industry fronts of websites, movies, magazines and gadgets there are the rogues that exploit the demand for the product. I guess anytime you have something popular there are going to be people who trick and connive.

Take Captcha - it’s a great way to bot proof your website and unless (more…)

August 11, 2007

Protecting your forum logins from hackers

This is a hot topic at DigitalPoint right now as there is a bot working it’s way down the memberslist and doing bruteforce or dictionary attacks on the logins. Because the forum uses vBulletin it only gets 5 shots before there’s a lockout and it has to move onto the next member and then remember to return later. But it’s keen and has been running for a couple of days now. Reports indicate that it’s tried some other forums too.

Why? (more…)

July 20, 2007

Newbies, don’t upload exploits with your images!

Manuel Lemos from phpClasses.org has written an excellent post about about the risks when allowing users to upload images. It’s not something I’ve done alot but lets say you have a generated image such as this one - with a .php extension. I could upload it to your server and have it served from there - not much use to me because it would fail to update.

The next guy, however, might be uploading a malicious script that might take over your server, send spam etc.

Read his post here: PHP security exploit with GIF images

Next Page »

Pages

Categories:

Other Resources

Subscribe in NewsGator Online
GeoURL