Coding Tips,Online Security,Programming 23 January 2011

Apache web servers offer a flexible way to control the server settings by using .htaccess file. This tiny is being read and translated by apache before serving the actual web pages or files. Here is a list of a few simple and useful .htaccess commands.

Changing the default index file

DirectoryIndex index.html

This code changes the default index file. An index file is the first page that will be loaded up hen visiting mywebsite.com or even mywebsite/foo/. In this case visiting mywebsite.com will load up mywebsite.com/index.html.

DirectoryIndex index.html index.php index.htm

You can also give a list of options such as shown in the snipper above. This command will search for index.html, index.php and index.htm in the exact order. If you have index.php and index.html sitting on the same folder, the one that will be loaded is index.html.

Custom error pages

ErrorDocument 404 errors/404.html

 Coding Tips,Online Security,Programming 30 October 2010

Today’s modern time, code can be easily shared and reuse specially those released as open source. From time to time, developers will try to protect their work by encoding their source codes. This can be a hindrance to a newbie but totally less effective to advance users.

The most favorite method of encoding the files was to encode them using base64 _encode() and applying gzdeflate(). This will prevent some users from reading the source code but it can be easily reversed by issuing the commands

gzinflate(base64_decode());

It may sound easy but in reality, there are nested encoding being performed in hopes that the user will stop decoding them or at least make it harder until they give up. An ordinary decoding human will try around 3-5 attempts, a persistent one will try at least around 20 attempts. Sadly, experienced developers do encode their source code more than 25 and some encode them more than 50 times.

 Online Security,Programming 7 August 2010

http://www.dbm.gov.ph/

A Philippine website have been attacked and defaced by a group calling themselves “Xentrix Cyber Team and Soldier of Allah”. The attackers have injected codes on the Department of Budget and Management (DBM) which in turn seems to be running on FrontPage a product from Microsoft.

The site was currently displaying a frameset that was overlaid on the normal page with reference links to

../../../profil.php?id=

which seems to fail.  The double dot and a forward slash is a directory command that tells the browser or computer to go up one directory. The 3 “../” may mean that the attackers are trying to locate the root folders there are also some chance that this is just a script error.

There seems to be a replace command that was run when viewing the source as there are a few lines that have links turned invalid by padding this web URL (address)

http://1.1.1.5/bmi/

 General,Online Security,Programming,Views 29 June 2010

The U.S. Federal Trade Commission has disrupted a long running online scam that allows fraudster to steal millions of dollars from U.S. consumers for approximately 4 years by taking a few pennies up to a few dollars a day.

It was a patient scam designed for less detection which perfectly evaded fraud detection software as the cash charges are neglected by most anti-fraud mechanisms. The actual charge being done was between $0.25 and $9.00 per card and making sure no card was charged multiple of times. The fraudsters have a total of 1.35 credit cards on file and %94 of the total charged was neglected by the victims.

To further hide the trail, the fraudsters have created a few bogus companies where the money was being passed back and forth. It was also found that they have money mules that open bank accounts across the globe which was recruited by spam e-mails claiming they need some help to operate their business offshore.