tansqrx

On June 20th, 2008 Yahoo! went live with two new root domains for mail. The additional names are “@ymail.com” and “@rocketmail.com”. The two new domains are listed along with the standard “yahoo.com” in a new drop list on the account creation page (http://forums.xisto.com/no_longer_exists/?). The request has already been made and you should expect this added functionality in the next version of YCC Yahoo! Bot Maker.

My suggestion is to reformat if you know that you have been infected by any type of malware. This excludes some of the less lethal varieties such as tracking cookies or the sort but anything that you have to ask if you need to modify the registry certainly deserves a reformat.The first reason is that you can never trust your system after you have been infected. This wasnât necessarily the case several years ago but with the rapid proliferation of rootkits, you simply can not trust what your computer is telling you. A rootkit (http://forums.xisto.com/no_longer_exists/) is a piece of software that is designed to alter the way the operating system kernel works. A classic example is hiding files from the system. A rootkit will insert itself on the same level as the operating system and hook into the Windows APIs responsible for displaying files and directories. When requesting a file or directly the rootkit will remove certain entries (namely its own files and anything else you want hidden). This means that the rootkit and payload is hidden from Explorer and even antivirus programs. If the antivirus program canât even see the file or know if is on the system, how is it supposed to clean your system?The second reason for a reformat is time. In the end you will spend hours (days most likely) tracking down registry entries, randomly named files, and a whole slew of other ways that malware stays persistent on your system. After you think you have finally cleansed your system of the blight, the malware reappears and you are in the exact same position you were in before the hours of work Before you know it, is has taken longer than a reformat and complete installation of programs and settings.

I’m sure all the members here are happy to have you. I also have to agree that the features offered by Xisto beat even paid hosting sites.

Actually about 5 minutes after I talked to “Mich” I tried again and got another tech. I told him that I was talking to Mich and explained my problem again. This time the problem was resolved very quickly. Apparently the DNS entry was removed again and once it was corrected the site was back up within 30 seconds.I have learned that live support is the way to go and if you don’t get a solution on the first try just keep bugging them.

I just got done doing that and I think I got hung up on?

I have to say that the template is very impressive. I tried to customize my own CSS template before and I found it to be a nightmare. The template blends well with the site and the integrations appear to be seamless which are both great qualities.

I’m starting to get a complex because my site, ycoderscookbook.com is down again. I hate to SPAM the forums like this but I have a support ticket submitted and have not head anything in three days. From what I am seeing, the Gamma server is up but for some reason the DNS is not resolving to the domain. Ycoderscokbook.com has been down since Friday.Perhaps one of the admins can look into this for me I know that BuffloHELP was very nice after the server migration and pulled a few strings. I have the feeling that the DNS entry got yanked and that is the reason that the site is dead once again.

I drummed up enough courage to try the redirects but it didnât end like I expected. When browsing to the file to be redirected (or any file in the directory) I got an internal server error. Here is what I had: RewriteEngine On RewriteCond %{THE_REQUEST} YCC Bot Maker 1.2.rar [NC] RewriteRule .* /Files/YCC Yahoo Bot Maker 2.0.zip [L] I would like to redirect any request to http://forums.xisto.com/no_longer_exists/ Bot Maker 1.2.rar to http://forums.xisto.com/no_longer_exists/ Yahoo Bot Maker 2.0.zip I had the .htaccess file located in http://forums.xisto.com/no_longer_exists/. I hate to out right ask for a solution but like I said before I am having problems.

I have relied heavily on capture tools to produce what I have now. I primarily use Wireshark but most of the Yahoo! pages are SSL so Wireshark is useless. There is a way to decode SSL packets with Wireshark but you have to have the server private key which I donât think Yahoo! is willing to give up anytime soon. The next best thing is Fiddler (http://www.telerik.com/ fiddler) which is an Internet Explorer sniffer. It adds a certificate to the system that acts like a man in the middle attack and you are able to see all of the SSL traffic coming into and out of Internet Explorer. It does have a downside in that you can not see the entire packet but only the TCP payload which is usually enough. The best part is that it is free and the most powerful of this class of tool.Currently my httpWebRequest mimics Internet Explorer in all of the HTTP fields but not the order. The only thing left that I can see is that the COOKIE field is placed ahead of the KEEP-ALIVE field. No matter what I do I can not change the order to place the COOKIE at the end just before the /r/n/r/n. I suppose the httpWebRequest class automatically places the keep alive at the end during the automatic generation of the request headers and the placement is hard coded. From a specification standpoint this should not matter but this could be the thing that Yahoo! is punishing me for.My next task is to create my own httpWebRequest class where I can have finer control of the headers. This will be a lot of extra work but it looks like thatâs the only way to get around this problem. I have also been exploring using the .NET Webbrowser object to just script my way through the registration process but that has opened a whole new set of problems and I am not happy with the results. Even when using the unmanaged ActiveX control I keep getting scripting error pop-ups and it is about 10 times slower than using my current method. I have successfully created accounts using this method but it was not painless and there is much work to be done before this is a viable method. This just once again shows that there is some fundamental difference between using httpWebRequest and Internet Explorer to create Yahoo! accounts.P.S. I done some extra exploratory work this weekend to compare the results from HTTPHelper to Internet Explorer when requesting https://www.google.de/?gfe_rd=cr&ei=BwkjVKfAD8uH8QfckIGgCQ&gws_rd=ssl (because of the SSL problem mentioned earlier). When the captures from Wireshark are run through diff there is no difference at all. The packets are identical down to the smallest detail.

Thank you for your offer. Let me do some clarification. YCC Bot Maker is a program that signs up for Yahoo! accounts the same way you would if you used Internet Explorer or Firefox. One difference is that it is a VB.NET form that puts all the signup information in one spot and is much quicker than using a web browser. Another difference for this particular question is that YCC Bot Maker uses a series of HttpWebRequest objects and not the Webbrowser object (i.e. the Internet Explorer ActiveX control) to make the requests. I have all the code needed to create the HTTP requests and get valid responses back but I suspect that Yahoo! has added code on their servers to profile the type of âbrowserâ used ask for accounts. More specifically I have changed the UserAgent, Accept, AcceptLanguage, and UA-CPU properties of the HttpWebRequest to mimic Internet Explorer. Even with all of this the Yahoo! server some how knows that my program is not a regular web browser and rejects the request (more on this later). Up until about a month ago YCC Bot Maker was working fine. Then over night I started getting a prompt to reenter the CAPTCHA. After a through review of the Yahoo! signup page I found that nothing had changed. There is a series of three requests, get the mail login page which is used to grab the Yahoo! cookie, get the registration page where you actually enter the user data, and finally submit a HTML form POST with the user data and see if it was successful. The first two requests are still fine but when I send the POST, the account is denied and a prompt to enter a new CAPTCHA is shown. After playing around with the sequence I found that I can get a valid account if I reenter the second CAPTCHA and submit once again. An account is only granted if two successful CAPTCHAs are entered. Once again if I use Internet Explorer or FireFox, I do not have to enter the second CAPTCHA. Because I can finally get an account, but only after more verification, I have come to the conclusion that the Yahoo! server knows this is not actually Internet Explorer and adds extra validation. My question is how does this technology work and how can I get around it. NOTE: Here is the code that I use to generate my HTTP requests. It is not really needed but I did put a lot of hard work into it and it is a common question asked. The full library is called HTTPHelper and can be downloaded at http://forums.xisto.com/no_longer_exists/. The original intent was to make up for many of the short comings in version 1.1 of the .NET Framework but it is still very valuable even with the latest version. Here is an excerpt of a HTTP GET request. HTTPDataIn and HTTPDataOut are structures defined within the class and hold needed variables. Dim iIndex As Integer Try HTTPDataOut.bUnsucessful = False HTTPDataOut.strErrorCode = "" httpRequest = CType(WebRequest.Create(HTTPDataIn.strServer), HttpWebRequest) 'proxy If HTTPDataIn.bEnableProxy = True Then Dim wpRequest As New WebProxy Dim uriPrxy As New Uri(HTTPDataIn.piProxy.strServer + " linenums:0'>Public Shared Function HTTPGET(ByVal HTTPDataIn As HTTPDataIn) As HTTPDataOut Dim HTTPDataOut As New HTTPDataOut Dim httpRequest As HttpWebRequest Dim httpResponse As HttpWebResponse = Nothing Dim responseStream As Stream = Nothing Dim responseEncoding As Encoding Dim responseStreamReader As StreamReader = Nothing 'Dim cookieContainerTempOut As New CookieCollection Dim iIndex As Integer Try HTTPDataOut.bUnsucessful = False HTTPDataOut.strErrorCode = "" httpRequest = CType(WebRequest.Create(HTTPDataIn.strServer), HttpWebRequest) 'proxy If HTTPDataIn.bEnableProxy = True Then Dim wpRequest As New WebProxy Dim uriPrxy As New Uri(HTTPDataIn.piProxy.strServer + ":" + HTTPDataIn.piProxy.strPort) wpRequest.Address = uriPrxy If HTTPDataIn.piProxy.strUsername IsNot Nothing Then wpRequest.Credentials = New NetworkCredential(HTTPDataIn.piProxy.strUsername, HTTPDataIn.piProxy.strPassword) End If httpRequest.Proxy = wpRequest End If 'set the timeout If HTTPDataIn.bEnforceTimeout = True Then httpRequest.Timeout = HTTPDataIn.iTimeout * 1000 End If 'auto redirect If HTTPDataIn.bAllowAutoRedirect = True Then httpRequest.AllowAutoRedirect = True Else httpRequest.AllowAutoRedirect = False End If 'accept If HTTPDataIn.strAccept.Length > 0 Then httpRequest.Accept = HTTPDataIn.strAccept End If 'Referer If HTTPDataIn.strReferer IsNot Nothing Then httpRequest.Referer = HTTPDataIn.strReferer End If httpRequest.Headers.Add(HttpRequestHeader.AcceptLanguage, "en-us") httpRequest.Headers.Add("UA-CPU", "x86") 'useragent If HTTPDataIn.strUserAgent.Length > 0 Then httpRequest.UserAgent = HTTPDataIn.strUserAgent End If 'httpRequest.KeepAlive = True 'Cookies httpRequest.CookieContainer = New CookieContainer() If HTTPDataIn.cookieCollection IsNot Nothing Then For iIndex = 0 To HTTPDataIn.cookieCollection.Count - 1 httpRequest.CookieContainer.Add(HTTPDataIn.cookieCollection) Next End If httpRequest.ProtocolVersion = HttpVersion.Version10 'Console Logging Out LoggingOut(HTTPDataIn, httpRequest, HTTPDataIn.cookieCollection, True) httpResponse = CType(httpRequest.GetResponse(), HttpWebResponse) responseStream = httpResponse.GetResponseStream() responseEncoding = System.Text.Encoding.GetEncoding("utf-8") HTTPDataOut.strResponseCode = httpResponse.StatusCode.ToString 'Return header information Dim colHeaders As New System.Net.WebHeaderCollection colHeaders = httpResponse.Headers HTTPDataOut.strLocation = colHeaders("Location") HTTPDataOut.strEncoding = colHeaders("Content-Encoding") HTTPDataOut.strServer = httpResponse.ResponseUri.OriginalString 'Return cookies Dim ccTemp As CookieCollection = httpResponse.Cookies 'This is required because of a "bug" in the cookies class. Its not really a bug 'because it is RFC complient but not all cookies will be set in some cases. An 'example of this is http://www.aol.com/. When sending cookies to other subdomains such as 'new.aol.com the cookie will not be sent even though the PATH variable is set to '/' If HTTPDataIn.bSetCookieToRoot = True Then Dim strSplit() As String For iIndex = 0 To ccTemp.Count - 1 strSplit = ccTemp.Item(iIndex).Domain.Split("."c) 'Use only the domain, i.e. .aol.com ccTemp.Item(iIndex).Domain = "." + strSplit(strSplit.Length - 2) + "." + strSplit(strSplit.Length - 1) strSplit = Nothing Next End If HTTPDataOut.cookieContainer = ccTemp 'Decode if gzip is used If HTTPDataOut.strEncoding = "gzip" Then Dim gzipDLL As New ICSharpCode.SharpZipLib.GZip.GZipInputStream(responseStream) responseStreamReader = New StreamReader(gzipDLL, responseEncoding) Else responseStreamReader = New StreamReader(responseStream, responseEncoding) End If If Not responseStreamReader Is Nothing Then HTTPDataOut.strResponse = responseStreamReader.ReadToEnd Else HTTPDataOut.strResponse = "" HTTPDataOut.strErrorCode = "Null Response" HTTPDataOut.bUnsucessful = True End If 'Console Logging In LoggingIn(HTTPDataIn, HTTPDataOut, httpResponse) httpResponse.Close() 'handle thrown exceptions Catch ex As WebException WebExceptionHandling(ex, HTTPDataOut) Catch ex As InvalidOperationException HTTPDataOut.strResponse = "" HTTPDataOut.strErrorCode = "Invalid Operation Exception" HTTPDataOut.bUnsucessful = True Catch ex As UriFormatException HTTPDataOut.strResponse = "" HTTPDataOut.strErrorCode = "Uri Format Exception" HTTPDataOut.bUnsucessful = True Catch ex As NullReferenceException HTTPDataOut.strResponse = "" HTTPDataOut.strErrorCode = "Null Reference Exception" HTTPDataOut.bUnsucessful = True Catch ex As Exception HTTPDataOut.strResponse = "" HTTPDataOut.strErrorCode = "General Exception" HTTPDataOut.bUnsucessful = True Finally If Not httpResponse Is Nothing Then httpResponse.Close() End If If Not responseStream Is Nothing Then responseStream.Close() End If If Not responseStreamReader Is Nothing Then responseStreamReader.Close() End If End Try Return HTTPDataOut End Function Here is a simple call using HTTPHelper, in this case requesting the Yahoo! mail signin page. strSignupServer = HTTPStringFind(_HTTPDataOut.strResponse, "<p class=""yreglgsub""><a href=""", """>") requestSigninPage() End If Catch ex As Exception MessageBox.Show(ex.ToString) End Try End Function linenums:0'>Private Function requestMailPage() As Boolean _HTTPDataIn.strServer = strRegionalServer + "/config/mail" _HTTPDataIn.bAllowAutoRedirect = True _HTTPDataIn.cookieCollection = Nothing Try _HTTPDataOut = HTTPGET(_HTTPDataIn) If _HTTPDataOut.bUnsucessful = True Then BeginInvoke(_cmd_BeforeFailDeleg, New Object() {_strLoginName, _strPassword, _HTTPDataOut.strErrorCode}) Else _strReferer = _HTTPDataOut.strServer _cookieHomepage = _HTTPDataOut.cookieContainer 'Signup server _strSignupServer = HTTPStringFind(_HTTPDataOut.strResponse, "<p class=""yreglgsub""><a href=""", """>") requestSigninPage() End If Catch ex As Exception MessageBox.Show(ex.ToString) End Try End Function

And this is different from Photoshop how?

This is not specifically geared toward Xisto because it is a plea for help for one of the programs that I am working on. I know there are a lot of smart people here so I decided to give it a shot. About a week ago I received word that version 1.2 of YCC Bot Maker had stopped working. This was not a huge surprise as Yahoo! continuously changes its registration process and YCC Bot Maker is very dependant on the data held in the registration page. I hoped to have a fix put out fairly quickly but this time I am stuck and have yet to find a solution. From what I can gather, Yahoo! has not changed any of the pages or any of the processes used during registration. One day it was working and the next it was broken. This leads to be believe that Yahoo! is doing some sort of new browser profiling or timing analysis. YCC Bot Maker uses the HttpWebRequest object built into .NET. By adding accept, referer, user agent, and others I can fairly approximate the look of IE7. I start Fiddler (http://www.telerik.com/fiddler) and make a side by side comparison of a session with IE7 and then YCC Bot Maker. The requests are almost identical except a few header locations are swapped. Here is the last request during the registration process using IE7 on the India server. The response shows a congratulations page for creating a new account. POST /registration;_ylt=Amw.PhwB5E.stLUBnuRzxoSZ2PAI HTTP/1.0 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, application/x-silverlight, */* Accept-Language: en-us Content-Type: application/x-www-form-urlencoded UA-CPU: x86 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648) Host: edit.india.yahoo.com Content-Length: 807Connection: Keep-AlivePragma: no-cacheCookie: B=4dnko1h43ek4p&b=3&s=97u=5b178pd43ek5n&dracs=&t=x2F6Q4.MzeGZRlr35zVb1DkywcQjtqkCMrdWMjcL5jX.V6Y1do4hqQ8aOF2HAHDw3jr30lHHDANXTIXGXaohokYjurJtWrgBEDE3ucfh2EOavo0VGwzarjnQ4VJVw_kLYlX4.XVpbLNai8H1BhVbwb8.iOvNBnMSdx1yaaDHdSh6zml1DMIEHZ143m0LGzz8Rxn6nnHe8JcWdRh1en0AJC.s9eYumSrm1taEZAoQ_SoCEt00C8MtUQ--%7EB&done=http%3A%2F%2Fmail.yahoo.com&last=&partner=yahoo_default&intl=us&src=ym&.scrumb=&jsenabled=0&preferredcontent=us&firstname=sadfdas&secondname=ewerq&gender=m&mm=2&dd=1&yyyy=1981&country=us&postalcode=58443&yahooid=dfk58443lkalsdfk&domain=yahoo.com&password=bobobob&passwordconfirm=bobobob&altemail=&secquestion=Who+was+your+childhood+hero%3F&secquestionanswer=dsfdsfadfs&cword=fw8nyvl&cdata=ftqaZeJZFelVDTGYXguGQO75qbdYepa6qbxfs5c2jew_iXlBPSPrIVt8DMAhTLjTWv7KGDDVEErJLca0hg--&showc=1&tos_agreed=y&IAgreeBtn=Create+My+Account Here is the same output from YCC Bot Maker on the India server. This time I receive a âplease try this code insteadâ and a failed attempt. Additionally, if I make another request with the previous failed attempt using the new CAPTCHA, I get a successful account creation page. You can see that the requests are exactly the same with the exception of user data and Yahoo! specific variables. I have no way of explaining this because from everything I know it should. I need your help getting the next version of YCC Bot Maker working. If you have suggestions or know of some new technology Yahoo! is using please let me know.

It’s interesting that you mention this because I am just now finishing up my first freelance job. Much like Turbo I have an advertisement on my site for custom features or upgrades. I do have one large restriction which is that the work that I do has to be related to my interests and I get to turn down any bid. This is not a big deal to me because I have a regular 9-5 job and any freelance work I get on the side is just a hobby and possibly a little extra cash.My current job involves converting a program from Yahoo! to AOL. At first I was not that interested so I gave a fairly high price. To my surprise the customer said yes and I figured I would give it a shot. I went into the project intentionally blind to cost because I work in the industry and I know if this were a real program I would have charged at least 5 times more. One of the benefits of writing this program is that I get full rights to make it open source after 6 months and I will be posting it to my website. In the end I think it is has been a great project because I got to do something that I may have done on my own and get paid for it.

This one sounds fishy. It may be a great program but the other suggestions of msconfig and Autoruns are more than enough.

Agreed

Thank you very much BuffaloHELP. You are a gentleman and scholar. Ycoderscookbook.com is now completely available and it looks like everything is working as expected.

BuffaloHelp, that would be much appreciated. At least I am keeping my hosting credits healthy by posting so much in this thread

I sent the support ticket yesterday but there is still no response. I tried to change the DNS at Go Daddy but the help says “You can only use Total DNS Control if you are using our nameservers for your domain.”

P.S. I also tried to submit a support request but the pages says “The System Admin has not configured this feature yet.”

I think I am getting too old for this, my brain is just not wrapping around it.I can successfully get to cpanel. I do not think that parked or addon domains apply to me because of what the help says. A parked domain is a domain that points to your current domain. When I try to add ycoderscookbook.com it gives me an error of “Error from park wrapper: You cannot park your main domain!”. An addon domain is a domain that points to a directory in your site's document root. I only have one domain so this also does not apply.I only want to get my one and only domain, ycoderscookbook.com, working. The name servers are correct and all the files are waiting in my public_html/www folder. What else can I do?

I hate to say it but I have no idea what BuffalaHELP is saying. Is this something that I have to do at my domain register site? I have GoDaddy.

I hate to say it but this is starting to get really old. I can go to http://forums.xisto.com/no_longer_exists/ and get to my webpage but it is still dead to the rest of the Internet. There is no way to log in and open a support ticket because http://forums.xisto.com/no_longer_exists/ returns a 404 error. Just let me know if this is going to be fixed in the next day or so or I will be forced to buy hosting somewhere else which I am not looking forward to.

Many modern virus strains will use random file names as only one way to avoid antivirus detection and to make your life more difficult. Another method is to dynamically recompile themselves so they do not match any known antivirus signature. In order to detect the virus the antivirus vender has to use heuristics. The more important thing to note is that if you are already infected you can not trust your computer. The virus may have installed a rootkit and in that case your computer is lying to you and the antivirus. Files can be hiding at a lower level than the antivirus can read them. Most security experts agree that if you have been infected no matter what the variant of virus, you automatically reformat and restore from a known good backup. To be safe it sounds like you will be reformatting 200 computers.Before you do this I would want to know what the virus is so it doesn’t happen again. I would download an antivirus that is capable of making a boot CD. Update the definitions and run it on the infected machine without starting the infected OS (all of the prep work is of course done on a known good machine). A quick search of “rejoice virus” in Google shows one McAfee page that may be of interest. BackDoor-CXI (http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=138150)

The shares “slumping” after the offer was taken off the table is just hype. They returned to the same price that they were before Microsoft made the offer. This is completely expected and only the media trying to make a story. If you are an investor in Yahoo!, you have seen no net difference in your portfolio between January 1st and today. Stocks can fluctuate wildly in the short term but usually remain stable in the long term. This is why you should always think about investments as a process that takes at least 5 years and not 5 days.

Microsoft has receded itâs bid for Yahoo! in a surprise Saturday (May 3, 2008) announcement. When presented with offering more money or engaging in a hostel take-over, Microsoft decided to take a third route and just drop the whole thing. In a letter addressed to Yahoo! (http://forums.xisto.com/no_longer_exists/), Microsoft outlined several reasons why they let the offer slip. There are concerns that a deal between Yahoo! and Google would seriously throw a monkey wrench into things and regulatory bodies, the EU in particular, would frown upon the transaction. As expected the share price for Yahoo! dropped to its pre-bid price during Monday trading. From an outside perspective this feels better than having a nasty fight between Yahoo! and Microsoft. It looks like Yahoo! made themselves undesirable enough that Microsoft just decided to let the whole thing go. Is this the last that we will hear about a Yahoo!-Microsoft merger, most likely not. If Yahooâs share price slips considerably in the next few years I would expect Microsoft to smell the blood again make another bid. At any rate I am sure that this episode has scared the pants off of many at Yahoo! and it will not be as easy next time, especially if an outside entity tries to mount a hostel take-over. Sometimes fear is a good thing and a great motivational tool that spurs new innovation. Perhaps some of the folks over in the Messenger division got a little fear and will release some nice upgrades. http://forums.xisto.com/no_longer_exists/ http://www.zdnet.com/blog/btl/?p=8708 http://unsakred.net/2008/05/04/microsoft-w-bid-for-yahoo/