Hackosis

I got hacked not too long ago, so I decided to setup snort patched with snortsam to stop the intruders. This acually works very well.

They got in by brute forcing a log in page for the web mail interface. The intruders also used the compose mail page to send spam after they broke in.

I wrote my own snort rule to detect and block brute forcing and sending spam through the web mail (It will only block if you have snortsam properly setup). This rule blocks anyone that does an HTTP POST more than 20 times within 10 seconds (I believe it is a ratio - average of 2 times per second).

HINT: Replace X.X.X.X with the IP of your web server. Take out the “fwsam: src, 5 minutes;” if you are not using snortsam (you should be ;p). Replace 123456789 with your own custom ID and make it large so it doesn’t conflict with default snort rules.

Have you wrote any custom snort rules or do you have a suggestion to improve this rule? Show us in the comments.

Open source PHPIDS is a customizable intrusion detection system for your web applications. PHPIDS uses a set of filter rules to detect specific strings in URLs that indicate a possible hacking attempt.

PHPIDS can do everything from log the attacks to email you the IP address of the attacker. Be sure to check out the example.php inside of the docs folder for instructions on installation.

Download PHPIDS @ php-ids.org.

PHPIDS too complicated for you? Try the simple .htaccess intrusion detection system.

Silvan over at techblog.tilllate.com has done some research results for us on the best ways of obfuscating email addresses on a web page.

The method used involved nine different code snippits and came up with three over a period of one and a half years that received zero spam.

The Three Methods:

1. Changing the code direction with CSS:
   HTML [Show Styled Code]:

   
   
   email@domain.com
   

   HTML [Show Plain Code]:

   1. <style type="text/css"> 
   2. span.codedirection { unicode-bidi:bidi-override; direction: rtl; } 
   3. </style> 
   4. <p><span class="codedirection">email@domain.com</span></p>

 

2. Using CSS display:none:
   HTML [Show Styled Code]:

   
   
   email@nulldomain.com
   

   HTML [Show Plain Code]:

   1. <style type="text/css"> 
   2. p span.displaynone { display:none; } 
   3. </style> 
   4. <p>email@<span class="displaynone">null</span>domain.com</p>

 

3. ROT13 Encryption (using rot13 or str_rot13):
   HTML [Show Styled Code]:

   silvanfoobar's Mail

   HTML [Show Plain Code]:

   1. <script type="text/javascript"> 
   2. document.write("<n uers=\"znvygb:fvyinasbbone10@gvyyyngr.pbz\" ery=\"absbyybj\">".replace(/[a-zA-Z]/g, function(c){return String.fromCharCode((c<="Z"?90:122)>=(cc=c.charCodeAt(0)+13)?c:c-26);})); 
   3. </script>silvanfoobar’s Mail</a>

See more about this at techblog.tilllate.com. I noticed he didn’t other methods that I’ve seen such as breaking out the email address in a non-visible table, etc.

Have any other tips to obfuscate email addresses? Let us know in the comments.

Hackosis.com just added Gravatars to the comments section! In light of the situation I decided to tell you how to add Gravatars to your custom Wordpress theme’s comment section if not already done. Most old themes won’t have this.

Gravatars can be used in Wordpress 2.5+ and must be enabled in the Wordpress settings under discussion.

From the Gravatar site:

What is a gravatar?

A gravatar, or globally recognized avatar, is quite simply an avatar image that follows you from weblog to weblog appearing beside your name when you comment on gravatar enabled sites. Avatars help identify your posts on web forums, so why not on weblogs?

To add Gravatars I simply added the following to my Wordpress theme’s comments.php file right before “<cite><?php comment_author_link() ?></cite> Says:”. Of course you do need to include the PHP opening and closing tags. Change the size variable to one suitable:

echo get_avatar( $comment, $size = '50' );

You can also change the default avatar by specifying it’s location like below :

echo get_avatar( $comment, $size = '50', $default="/path/to/url.jpg" );

I did also add a bit of styling to float it to the right and add a border, but I’ll let you be creative and do it yourself.

Let me know how it goes and if you have any questions I’ll do my best!

Feel free to test the Gravatars by commenting below (this is your one chance for free-for-all commenting). Happy Gravataring.

PHP and MySQL are one of the most used technologies on the web today. By using about 7 different script files we can add, update, and delete rows from a MySQL table.

Example of completed project:

Download the Simple PHP MySQL Table Editor.

Lets get started. I will explain each section of the script files so you have an understanding of how it works. You can download the project in a zip file above. The download also includes the example MySQL schema structure so you can test the script right away.

All examples in this post assume that you have already typed the php opening and closing tags. I cannot inlcude them on my page due to Wordpress plugins that I am running.

ALSO, because my PHP color coder sometimes runs off the page, you may have to click “show plain code” to view all typed PHP code.

HEADER.PHP:

Header.php stores the HTML header that include the title, etc. I am not going into detail since this is not a HTML tutorial.

I always start my PHP files with comments to indicate the purpose of the script and give contact details in case anyone has questions. Comments in PHP are indicated with ‘//’ for single lines and ‘/*’, ‘*/’ for multiple line comments:
Read the rest of this entry …

There might be many cases where different output would want to be displayed differently depending on where someone is accessing a web page from.

A HTTP referer “identifies, from the point of view of an internet webpage or resource, the address of the webpage, of the resource which links to it”.

Below is a simple way to change the output of your web page based on HTTP referrer:

$referrer = $_SERVER['HTTP_REFERER'];
if (preg_match("/hackosis.com/",$referrer)) {
      echo "Your referrer is correct.";
} else {
      header('Location: http://www.hackosis.com/');
};

What the above code will do is redirect anyone that doesn’t have a referrer that has ‘hackosis.com’ somewhere in the URL to your homepage. You could also state a message such as “Hotlinking images is not allowed”. In this case it would be appropriate to display the image in the first part of the if statement.

I hope you find this helpful and if you need any other tips on PHP code snippets, please let us know in the comments.

This may be old news, but not to me. You might also be surprised that you can edit any web page live in your browser by using a bit of javascript. It is limited to text only.

Paste the following into your address bar:

I noticed this did not work in Gmail. This is tested and is known to work in Firefox 3 and IE7. [via blogstorm.co.uk]

If you have a Wordpress blog it is crucial that you do certain things to keep it secure. Blogsecurify can help you accomplish this by scanning your Wordpress web blog for known vulnerabilities.

From the blogsecurify.com:

If you wish not to modify your template, they also provide a Wordpress plugin. Just drop it in your plugins directory and activate.

[via gnucitizen.com]

HP just announced the release of a new Windows security tool named Scrawlr - “SQL Injector and Crawler”.

image by cogdogblog

Scrawlr will crawl up to 1500 pages on your web site to check for the possibility of SQL injection points. More info:

Download Scrawlr from the HP site. [via hackademix.net]