I’m so excited that my order will be coming soon!
“We promised to ship them on or before the 1st of February and
I’m delighted to be able to let you know that they
will all ship out by the middle of next week.”
I also ordered a free sample of shapelock. Its a low melting point plastic, it melts at 150 degrees Fahrenheit, really cool stuff.
pictures to come!
Currently I have to put my projects on hold, due to personal reasons, next month i will finish and polish and write up a few more.
more PHP classes will be added as well.
Look for a few more new Ideas, like my Dawn clock- a silent alarm clock that uses bright lite to simulate dawn…..for those 3 rd shift people ……the other idea was a large fish tank filled with small swimming robots , instead of water , mineral oil will be used, since it is a non conducting liquid. No need to waterproof any of the robots for the tank….just a few ideas that i want flesh out and create…….
Hope to see you Next month when i start up again
Justin
I recently found this site selling this weird putty that reminded me of Mighty Putty, But this stuff is so much better than that.
It dries flexible and stays flexible at all temperatures. So i decided to buy some here http://sugru.com/ . So i bought 2 of there multi colored multi hack pack. I just hope it ships before February 2010. Next i will have to find a place that sells polymorph.
Last Post i was talking about how to clean up a hacked web server, hopeful your server is clean now and you can get back to what you do best. But what was the hacker trying to do? What does that long string mean? I will tell you how to decode the string the safe way, and understand how it was constructed.
The Example that I am going to use is from a real hacked website, the code that I will display is only partial but the construct will be complete. Any identifiable URLs will be changed to prevent identification and your safety.
Lets start by identifying the code, this is what i had found at the very beginning of the page.
<? /**/eval(base64_decode(aWYoZnVuY3Rpb25<–>KTt9fX0=)); ?>
lets start with /**/, it looks innocent but its a way to hide the code, what the code usually used for is large blocks of comments instead of using // on each line you would start it with /* and end with */ but what i noticed is that in bluefish and notepad++ when these are highlighted the whole line appears to be a comment, my guess is that other code scanners will look like one long comment on that line and skip it. But this is just my conclusion and testing, very clever way to use comments.
almost forgot the first thing to notice is the use of short tags(<?) that they use, on my personal server I have short tags disabled, I had learned that it should be disabled for security purposes, I don’t know if this holds true today. but the reason they use it is it helps hide it as a comment adding php to it (<?php),makes it show up as php code not a comment, now its starting to unravel………
eval — Evaluate a string as PHP code
very simple right, they need something to run there code, eval does this trick, you can even add html to the string. just another peice of the pie.
base64_decode – it decodes base64 code, now what is base64? It was originally for email to send binary data in emails, and other uses like binary data in urls and other variables but newest use is hiding php code in a long string, the string was 2692 characters long. So what did that string have in it.
Recently a Client/friend asked me to help him with his site after he found out he was hacked, in a situation like that i would gladly volunteer my time to help assess and fix the issue and prevent it from happening again. All the Guides from the major CMSs or other frameworks all have help guides to helped you when you get hacked. WordPress and Zen cart both have very good guides, but this guide should be a general help guide to getting back on track, you may have better site specific info from the company that developed the framework. Also check the forums as well for other people that have been hacked and how they fixed it and what the cause was.
I wanted to share this fun and interesting tool that I use and to test certain aspects of some of my applications, User Agent Switcher Is a Firefox plug in that changes the user agent to the one selected. For those who don’t know, a user agent is the name that the browser gives to the website to make sure it is compatible, another use is for search engine crawlers to identifies them to the site that they visited and added your site.
My original use for it was to bypass a governments website restriction to IE only so i searched for the best possible way to change my user agent, there are other ways to hack Firefox to have the same out come but takes a little bit of know how, so i found user agent switcher for this purpose, next i turn it on and change my user agent to IE 7, then go to the website with that restriction, and i get through with out a problem, this doesnt always work and may crash your browser so try that at your own risk.
Now for the fun part, ever wanted to see what some sites show google but not you, So download the ltest list of user agents here, import it and change your user agent to google’s bot and explore to see what sites show google or yahoo, or change your user agent to some ancient browser, like MSIE 3.0; AOL 4.0;, see what sites depend on such things to work, you would be surprised to find that Facebook and MySpace depend on user agents and ask you to upgrade your browser, other sites just say that support for your browser is coming soon, or get back at those people that look at browser statistics from sites and you start seeing profanity driven browsers…
Another Use i found was for work, there are a few web applications that we use and they dont play well with Firefox, so i load up User Switcher Agent and turn on IE 7 and load the apps up and they start working……..well almost one, worked fine, the other…..the one that I really wanted working Bombed and froze Firefox……..well you can’t win them all but at least I tried.
So Try out User Agent Switcher and add it to your toolbox.
