Jump to content
xisto Community

Spectre

Members
  • Content Count

    1,034
  • Joined

  • Last visited

Everything posted by Spectre

  1. Not a great idea, but it is on the right track. You would need to ensure the search term doesn't contain anything it shouldn't before querying the database.You may also want to allow for 'advanced' searching features, such as enclosing phrases in quotes or using AND and OR operators etc.
  2. It is far easier than that. I believe there are various scripts floating around the web that make it easy to do, but regardless, you don't do it by editing your server configuration files. Ever. That is time consuming, difficult and dangerous. The way I would do it is by adding an 'A' record to my domain pointing to my server's IP address and handle all requests via a script by looking at the 'Host' header. But that's just what I'd do.
  3. Indeed. Apparently, there are a lot of people that have managed to get their hands on it. There was talk of a project some time ago by the name of OpenSDK which would be completely legal - but I haven't stayed up to date on it.I read somewhere quite a while ago that the authors of the Avalaunch dashboard had obtained permission from Microsoft to create the program, provided they didn't distribute it (which they evidently have). Of course, that may be complete rubbish.
  4. *Sigh.There's no getting to some people. Is that a thread removal I see on the horizon?For the record, if I happened to require a security consultant, I would not use one that is unable to construct a proper web site and uses a host such as BraveHost. No offense.
  5. No. When you login in to cPanel, look in one of the bottom corners (not being hosted here, I can't check myself) - it should give a quick description of the system, including which PHP version is currently in use. Public hosting servers cannot afford to update the second a new release comes out, as it is likely (or at least possible) that it will contain bugs and vulnerabilities. The version being used is most likely a version that is known to be stable and reliable, or has been patched and updated to make it so. There is almost nothing that you can do in PHP 5 that you can't do in PHP 4 with a little 'hacking'. Some of the functions obviously don't exist in earlier versions, but there are ways to get around this. Checking the PHP Manual would probably be a good place to start. For example: // PHP5:file_put_contents('file.ext','Data');// PHP <= 4:$file = fopen('file.ext','w');fputs($file,'Data');fclose($file);
  6. Not entirely true. It could be done on a shared server - although you probably need a unique IP address (which doesn't require a dedicated server). Anyway... as has been mentioned, doing something like this will cost a bit of money to get off the ground. In other words, if you are looking for free hosting at Xisto, you probably aren't going to be able to do it.
  7. Regarding MD5 double hashing, how do you know this is how Yahoo! stores their passwords? I'm not saying it's not feasible, but it is very unlikely that Yahoo! would disclose information concerning password hashing and storing. That would just make 'it' all the easier. As for people trying to steal Yahoo! passwords - that is just pathetic. Whilst he may have other motives - such as seeking out passwords from confirmation signup emails, credit card numbers from receipts or statements, and other sensitive information - it is most likely some idiot teen trying to prove to his equally lame pseudo-'hacking' friends how much of a 'c00l d00d h4x0r' he is. What an idiot. It's people like that who give the outlawing of murder a bad name.
  8. Generally speaking (at least to the extent of my knowledge), the hardware itself is yours to do what you will with. Modifying isn't illegal, per se, provided it doesn't explicitly violate any license agreements (for example, bypassing game copy security is illegal without exception). Most modchips are not illegal in themselves - as for the BIOS, however, it may be a different story. As has been mentioned, the Cromwell BIOS for the Xbox is legal, but most BIOSes are outright illegal. Most programs for the Xbox - 'homebrew' applications or dashboards etc - have been compiled in XBE form, which is illegal (or at least, the compiled forms are illegal to distribute). Anyway, my knowledge of such areas is fairly limited, so don't take what I say as absolute fact.
  9. Unless anything has changed since I was of any significance at Xisto, you're not supposed to advertise other free hosts at all (whether actually advertising or just mentioning). Just a note.
  10. Most often, people complain about Google not paying when it is in fact the user's fault - a lot of sites which brandish AdSense frames are clearly in violation of Google's Terms of Service, and they can't understand why their accounts get terminated and the payments forfeited. Google is a well established company, and they couldn't afford to not be paying people what they have promised (if they did so, AdSense would most likely have died out in the first few months, and Google Inc. would probably be facing charges of fraud).That said, there are exceptions - the user is not always at fault if they don't get paid, but Google does not intentionally refrain from paying publishers just for the sake of not losing money. When Xisto was first starting off, OpaQue's AdSense account was cancelled because some brilliant member decided it would be a good idea to fraudulently generate clicks on the advertisements; so that's obviously unfair and not at all the fault of the user, but Google doesn't see it that way.Anyway, to make a long post short: No, Google Incorporated is not a fraudulent company, and if you stick by the publisher rules (and have decent site traffic), you will be paid. Just for the record, if you run a small, personal site, AdSense is probably not worth the trouble - you may be better off finding an easier to manage advertising program which pays on a different model.
  11. Again, using parentheses will do little to provide any sort of protection. Take this, for example: mysql_query('SELECT * FROM members WHERE user_name = ("' . $_POST['user_name'] . '")');// The query would become:mysql_query('SELECT * FROM members WHERE user_name = ("Spectre")'); This could easily have values injected into it as follows: // In the user_name field, simply place '") OR user_name = ("admin"'.// The query would become:mysql_query('SELECT * FROM members WHERE user_name = ("Spectre") OR user_name = ("admin")'); One of the reasons that some scripts are so 'easy' to exploit is because they display MySQL errors. Take, for example, IPB (I don't know about this version, but previous versions are guilty as charged) - when a MySQL error occurs, it displays the exact error returned from MySQL, which gives away database structure information and displays which values are being added where. If the attacker doesn't know what MySQL queries are taking place, and isn't aware of the field names and structure of the database, it makes it more difficult for him to effectively inject any SQL statements or modify any conditionals etc. (certainly not impossible, just more difficult). Extracting information can also be tricky if no returned results are sent as output.
  12. I use about 1.x% of my Gmail space. As great as it is having gigabytes of free space, is it really required? The average email (which isn't an irritating chain mail or something that has been forwarded and added to hundreds of times) contains, say, 10,000 characters - which comes to nearly 10KB. Right now, Google is boasting [over] 2652.890334MB of space for all accounts - which works out to be 2,716,560KB. Divide that by 10, you have nearly 271,656 - who receives that many emails in a short space of time? I think the whole huge space thing is mostly gimmicky hype and isn't really as important as people seem to make out it is.
  13. Oh, and am I the only one that notices the irony in one who does not believe in things beyond the normal using the name 'Spectre'?
  14. He said he was just about to go to sleep. So he most likely didn't 'just wake up', and it is presumedly not at a time of the day when the sunlight is visible.Anyway, I'm a logical thinker (or at least, I like to tell myself that, anyway), and I don't believe in 'paranormal' stuff or whatever, so I'm sure there's some kind of reasonable explanation. People do sometimes see funny things - and it doesn't mean they are 'crazy' or at all neurologically damaged.So anyway, here's my theory - based entirely on what you posted (and assuming you aren't just making it up for a reaction). Seeing as you were about to go to sleep, you were probably tired. Your eyes tend to do funny things when you are tired, and I know myself that they sometimes 'play tricks' on me and I think I see things which I know don't exist when my eyes are heavy, especially if I've been sitting in front of a glaring screen for extended periods of time. As I'm sure you would know, you can also physically react in funny ways to certain situations - and your heart rate increasing or seeming to stop or otherwise be affected is certainly not uncommon, especially in circumstances where you might be shocked or suprised (or excited or scared etc etc). So I think it's possible you may have been a bit startled, and noticed your heart rate had altered - I think that it is more likely you suddenly became aware of your heart rate after being oblivious to it, creating the illusion that it had stopped and then started again, rather than it actually happening. Like when you look at a light from a funny angle and sometimes don't notice it - you may then change your view and suddenly notice it, making it appear as though it was just switched on as you changed your perspective.Anyway, I'm tired and am starting to mumble about who knows what. So I'll stop here. Draw your own conclusions.
  15. If your site is big, then I would recommend either writing your own, or commissioning someone to write one for you. As good as all the CMS' floating around may be, they are generically built to cater for many different types of websites - having one designed especially for your website to do everything that only you require it to do can be very beneficial. That's my two cents worth, anyway.
  16. Ugh. I hate smilies. My apologies, but that irritating, smirking character with sunglasses is intended to appear as ''.
  17. How about a) Providing some more input into the topic - your opinions on the issue etc. ('I can't believe this...' doesn't really qualify as an 'opinion'), and Providing a link to where you obtained the information, or to where others can find out more about it? Personally, this doesn't suprise me. It seems if you have money, you can patent anything - and money is something that Microsoft certainly has a lot of. Although I haven't read into it extensively, this sounds similar to the software patent problem that's been creating waves in the development community for some time now. See: United States Patent Application 20050156873.
  18. How does that help? Not that I'm saying you're wrong, but double quotes are just as easily broken out of as single quotes. qwertyiscool, in order for it to be effective, you need to thouroughly 'sanitize' the user's input. One way of doing so may be to check for any characters which you know should not appear in the string - or, as is sometimes easier, making sure there are only characters that can appear in the string. For example, a person's name is only going to contain letters, with the possibility of one or more spaces or full stops (if the name is abreviated) - so something like this could be used: // Will match if the string contains any characters that are NOT alphabeticall, a period, or a space.if( preg_match('/[^a-zA-Z\. ]/', $_POST['name']) ) { // Contains invalid characters.} There isn't really a single universal solution for weeding out SQL injection - it really depends on the situation, and what sorts of data the user is going to input.
  19. No offense intended, but this is pointless and 'lame'. The way I see it, where exploits and vulnerabilities are concerned, there are two kinds of people - the ones that scour the Internet for exploits other people have written and then try and find hosts vulnerable to that exploit so they can prove how incredibly good they are, and the ones that find a specific host they wish to target and then attempt to discover any vulnerabilities for themselves and exploit them accordingly. I'm sure you can figure out which one would be considered a 'script kiddie'.But, you're obviously free to post all the proof of concept code you wish (provided you give credit where due, of course).
  20. No offense intended, but this sounds like a typical response from someone who does not understand the operating system or is unable to use it effectively. I'm not arrogant or foolish enough to think that using Linux automatically makes you 'elite' or any better than someone who uses Windows, but there is no denying that Linux is quite excellent - and it's free.
  21. Oh, and this probably isn't the best section to post such a thread in.
  22. I don't think this is the 'appropriate section'. Anyway... epox, it depends on what your 'client' is (by which I'm assuming you mean some form of application that requires MySQL database usage). I think you need to provide a little more detail before anyone can really help you.
  23. eBay bought PayPal some time ago.Anyway, xadoflitan, what kind of profit do you make? And how much time and energy do you need to invest in order to receive this profit? Just curious. It sounds like a workable business venture.
  24. Paying for your advertisement to be displayed in Google does not affect your rankings at all. They cannot afford to let things like this alter page posisitioning or the PageRank value - it would severely undermine the value of the company. I believe they state somewhere in their policies that using AdSense - whether as a publisher or an advertiser - will have absolutely no direct influence on your rankings at all (although to be accepted as a publisher, you need to have semi-decent content and not violate any of Google's terms of service, and these are factors which can lead to getting well ranked) There is single 'most important' factor when it comes to getting better rankings. You can put all the keywords you like in your title and meta description tag, but it doesn't mean you are going to get good rankings for them. A lot of different things are considered when weighing up the 'value' of your web site, and it isn't necessarily the same for every search engine (the Inktomi Slurp/Yahoo! spider, for example, may 'love' a certain site and give it excellent rankings where Google has removed it from their index - it's happened to me before).
  25. If you're asking what I think you're asking - which is how to do you set up subdomains automatically without using cPanel (eg. through a script), in this case for the purpose of URL forwarding such as provided by CJB.net or CO.nr - then the short answer is, you can't.The slightly longer answer is that you can add an 'A' record to your domain name (which is done via your domain registrar) to point all subdomains to yoursite.com (eg. *.yoursite.com -> xxx.xxx.xxx.xxx/your IP address) and have a script which would process requests according to the 'Host' header sent by the client. That way, virtual hosts are not set up on the server in the same way you would do with cPanel (or in your server configuration file, if you had access), and don't really 'exist'.I hope that makes a little sense.
×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.