As you surely recognized from php-ids.org and BlogSecurity.net already I made a new release of WPIDS. This release fixes several problems with the usability of WordPress, further it fixes some internal bugs and WPIDs comes now with HTML Purifier.

At least one minor release is supposed to happen before entering v.2.0 of WPIDS, as some Problems were reported for the current version. The upcoming Version .2 will be completely rewritten. It will offer more granular Option settings than before, it will give you more information and a much better Documentation will take place as well.

If someone is interested into Beta Testing the latest Version feel free to contact me.

Tags: none

Tags: WPIDS

Comments 2 Comments »

I’m proud to announce that the latest Version of PhBad Behave is now available. Anyway the changes are quit minor and are limited to the changed Bad Behavior Script Version which is now 2.0.12. With this Version some possible problems on Webserver with PHP5 should be gone. As well as the latest problem with locking out legit Users from the Backend(or in general) should be gone as well. Delicious is although no longer blocked by Bad Behavior, but that shouldn’t be much of a problem for a Forum if it would be so.

You can get the latest version as Usual, here.

Some last point I want to mention: I’m planning to stop the support of PhBad Behave for phpBB 2, as the latest version of phpBB is already available, which offers alot more features and security. Therefore I recommend everyone to switch to phpBB 3. Anyway it may be possible that I release some newer Version of PhBad Behave if I think it’s worth the time.

Tags: none
Tags: Bad Behavior, Update

Comments No Comments »

Problems

I just checked my Blog today and what did I notice? At First my Template was set back to the default one, don’t know what caused that…but mostly it has the same reason as the cause of this MySQL error:
WordPress Database Error: WordPress isn’t able to create the following temporary SQL file #sql.2076.txt
or something like that was the Message. I was surprised, as well as I had no clue what the cause was. So I started a search on my Server to find some tmp folders, and luckily I found some. I changed to the /tmp dir, and there was already some #sql file in it. After I dropped the file everything was working fine again. The reason for this issue was mostly caused by the latest Server restart, maybe it was restarted after the file was created, but before the file was dropped again…At least that would it explain for me, as the file wasn’t there any more although after several visits of my website.

New WP version

Since one day there’s a new WordPress Version of the latest trunk available, the version 2.3.2 fixes a possible XSS attack, as well as several information leaks are closed. One of the biggest surprises(positive ones) is that WordPress Error messages are now only displayed if your Blog runs in WP_DEBUG mode, so it’s now by default not so easy to gain Informations about your Database structure in order to perform successful SQL Injection attacks on your Website.

So anyone who runs already WP 2.3 should upgrade to the latest release in order to have the biggest possible Protection. For everyone who uses an earlier version, should run BlogSecurity’s bs-wp-noerrors to have this feature as well.

Download WordPress 2.3.2

Tags: none
Tags: BlogSec, release, Security, Wordpress

Comments No Comments »

The last few days I had problems to enter the Backend of my WordPress account. I just read what the reason was.
Michael dropped some Blacklist from his Server, so every checked IP was reported as bad one, and therefore blocked, although legit Users and the Site owner as well. I fought that problem by disabling the Plugin as I wasn't able to locate the reason of the problem.

Anyway I just read a post where the cause is explained and where a new Version is made public which fixes the Problem. Mostly it will as well influence the usage of phBadBehave(although I can't verify it as I don't run any phpBB 2.x board anymore) Although I planed to stop the Support for phBad Behave, I'm releasing another Version which will fix the problems, but that will mostly be the last Version for phpBB 2.x.

As phpBB 3.0 is now finally available, I'm starting the offical work on the BadBehavior Port for this Version, I hope that I can release a first version soon. But as I'm currently quite busy with my studies and other stuff it could take a while, but I'm optimistic.

Tags: none
Tags: Bad Behaviour, phBad Behave, release

Comments 2 Comments »

Everyone who does some working for Americans or work on US freelance Websites will know this problem mostly. You get payed with $, but your countries currency isn’t the Dollar, it’s the Euro, Yen, Pound or whatever so you need to get your money changed, which is a losely deal, by the current exchange rates of 1.44$=1€ and higher. We need a way out of that misery, while one or two years ago by exchange rates of ~1.10$=1€ you were able to compensate these rates by slightly increased prices for your work.
But nowadays you wouldn’t get any job if you would still behave like that(or much less that before). My current way is take the Dollars, then I’m gonna Buy stuff from American websites and let it be shipped to me home(although if I have to pay some additional taxes for my country, I’m getting it cheaper). But the problem for that is directly next to it, you surely can’t get everything from the US, like your bread, your bills payed and so on. So we still need another one.

One would be to use some other Freelance websites, where the allowed currency isn’t limited to Dollar only, so at least people from outside the Dollar world could profit from it. But that’s hard to find, as well as to get the success from the global players as well to your local Freelance Websites. Personally I wouldn’t say that I master the problem perfectly, and it will get more worse as the fall of the Dollar didn’t stopped nor it’s likely that it will happen soon.
Do you have some real good approach, or something you really recommend? Feel free to tell it.

Tags: none
Tags: Dollar, fight, loss

Comments 2 Comments »

Just the latest example how stupid I can be sometimes:
I’ve dropped yesterday my Linux Partition from my laptop. It wouldn’t be that problematic if it hadn’t the Boot session on it. Anyway I didn’t noticed that big mistake until I restarted my Laptop and encounter some Error while Loading GRUB.
After the first seconds of thinking, what happened, I started to knock my head against the table(not really:)). As soon as I stopped to hate myself I made a search for a solution and quickly found an Answer: Start your PC with your Recovery CD and run fixmbr and fixboot. Ok, no big deal…as long as you have your Recovery CD with you, but I didn’t…(second time some knocking, was hearable).

So my next try was to get some Recovery Application on the base of some small DOS Boot, I found quickly something, anyway it didn’t worked for XP(at least for my PC it didn’t).
Next I’ve inserted the Vista Recovery from some friend( I would like to mention that without any Install you can run already some Safe-Mode like Vista…with working Notepad, aso.). I was even able to start a Cmd.exe, but the next shock wasn’t far as I noticed that fixmbr&fixboot didn’t worked within Vista. A new search was on the way, on how to get fixmbr&fixboot working on Vista Recovery CDs, again I had luck and found soon, a solution…you have to call them as Parameter through some other application:

bootrec.exe /fixmbr
bootrec.exe /fixboot

I’ve applied both commands, the had be done correctly and after a Restart I was able to Boot Windows again. The only good point is that I don’t have to take care on startup if the correct OS is selected, anymore :D .
A side note for the next time I make any changes to an OS, be sure to have the recovery CD near myself!

Tags: none
Tags: Bootloader, recovery, Windows

Comments No Comments »

Some of you may be visiting my Blog, to get some Info about the status of BlogSecurity.net, as it’s now already a few days down.
But I can assure you that’s only temporary, we’re not gone and we don’t plan to disappear! We have currently only some problems with the move of the Website to a new server, and we hope that it’s fixed soon.
So stay tuned as many new things will come!
Update: The Website is back on duty, we’ve got the DNS Problems fixed(temporary) and we hope that no further problems arise.

Tags: none
Tags: BlogSecurity, down, temporary

Comments No Comments »

Ever got Comments you don’t understand, because they’re in some language you’re not able to speak? Ever asked why someone writes a Comment in Russian to some post, which is let’s say written in english, german, french or whatever( at the same time I want to notice that I don’t talk about Comments made to some .de, .fr, .ru Blog, in the depending language where the owner of the Blog is able to speak that language as well. Where a commenter could believe it would be better to write in their native language as possible missunderstandings could be avoided because of better knowledge of this language).
What could be the reason to behave like that? In general they should be able to write some basic text in english, german, french, as it seems that they’re able to read the text, quite good enough to be able to add their own comment/opinion. So why don’t they do so?

Let’s try to get behind the reason. Following I’ll show you how I handle comments in languages I don’t understand, with an example I received the last day:

The Comment

So let’s take a look at the given Comment(to avoid contribution to this Spammer/Hacker, I replaced some Data):
1000 Ñ„?¾Ñ€Ñƒ?¼?¾?² 2 ?´?¾?»?»?°Ñ€?° 5000 Ñ„?¾Ñ€Ñƒ?¼?¾?² 8 ?´?¾?»?»?°Ñ€?¾?² 10000 Ñ„?¾Ñ€Ñƒ?¼?¾?² 13 ?´?¾?»?»?°Ñ€?¾?² 50000 Ñ„?¾Ñ€Ñƒ?¼?¾?² 50 ?´?¾?»?»?°Ñ€?¾?²
?‘?¾?½ÑƒÑ? ?¿Ñ€?µ?´?»?¾?¶?µ?½?¸?µ ?´?»Ñ? Ñ‚?µÑ… ?ºÑ‚?¾ ?·?°?º?°?¶?µÑ‚ 20000 Ñ„?¾Ñ€Ñƒ?¼?¾?² ч?µÑ€?µ?· ?½?µ?´?µ?»ÑŽ ?¿?¾?²Ñ‚?¾Ñ€?½?°Ñ? ?¾Ñ‚?¿Ñ€?°?²?º?°
? ?µÑ„?¿Ñ€?µ?´?»?¾?¶?µ?½?¸?µ: ч?µ?»?¾?²?µ?º ?º?¾Ñ‚?¾Ñ€Ñ‹?¹ ?¿Ñ€?¸?²?µ?´?µÑ‚ ?¼?½?µ ?º?»?¸?µ?½Ñ‚?° ?±Ñƒ?´?µÑ‚ ?¿?¾?»ÑƒÑ‡?°Ñ‚ÑŒ 10% ?¾Ñ‚ ?·?°?º?°?·?° ?º?»?¸?µ?½?º?°!!!
?ž?±Ñ€?°Ñ‰?°Ñ‚ÑŒÑ?Ñ? ?² ?°Ñ?ÑŽ 3?¿Ñ?Ñ‚ÑŒ3-8ш?µÑ?Ñ‚ÑŒ7-0?½?¾?»ÑŒ1 ?¼Ñ‹?»?¾ mymail(?³?°?²)example.com

That one made me curious as there are quite some numbers added, as well as an additional email is added which doesn’t fit to the input in the Email field. Let’s check that Comment by translating it in our native language or some language we understand.

Translating the Comment

In general I can recommend to translate it into your native language, as you mostly understand that one best. On the other hand the chosen translator, has maybe your language not available(or the dictionary is quite limited), or it’s not possible to translate between these languages directly.

You should avoid to have the text translated more than once before it’s in some language you understand, as the general problem with automatic translations are: that not the best sentence structure and word choosing is done. So you could end upon two or three translations steps within some nonsense text(that wouldn’t be better). The best way maybe, to let it translate to English, and if you don’t understand some english words let them be translated to your native language.

for the example above we would get something like that:
1000 forums 2 dollars of 5000 forums of 8 dollars of 10000 forums of 13 dollars of 50000 forums of 50 dollars the Bonus the offer for those who will order 20000 forums in a week repeated sending ? ?µÑ„?¿Ñ€?µ?´?»?¾?¶?µ?½?¸?µ: the person which will result to me the client will receive 10 % from the order ?º?»?¸?µ?½?º?°!!! To address in ?°Ñ?ÑŽ 3»nÃ?ý3-8ÞÑßÃ?ý7-0¡«½ý1 soap mymail (?³?°?²) example.com
That makes now quite more sense, doesn’t it? It seems as that’s the pricelist for Spamming of Forums, we even see that we get 10% of the profit from something!

Translate unknown words

Now we know quite surely that this is a Spam comment, but as you can see as well, we have some not translated words, like ?º?»?¸?µ?½?º?°(these can be sometimes important) so let’s have them translated as well, don’t we want to know how to receive our 10%?

If you’re using some good Translator, you should have the option to have unknown words transliterated into the target language. So for our ?º?»?¸?µ?½?º?° we would get something like:klienka that sounds like client. Let’s guess that we receive 10% of the Money the client pay for his contract.

Deciding dropping or keeping?

Now you should have enough information to decide if it’s a Spam comment or some legit one. If it’s Spammy it shouldn’t be hard to decide, if it’s some legit Comment I advice to keep the initial comment and add below it the translation. If you like you can as well improve the comment, but note explicit where you made changes!

Some good online Translators

Where can I get my text translated to some other language?
Just search for some Translate/Translation From-Language to-language and you should find some useful result. A good translator is PROMT, there you’re able to translate some texts as whole(no word for word translations) of some languages, or Babelfish. If you need to get some words translated into your language search for some dictionary for the given languages.

Conclusion

As you see, it’s better to prove comments of other languages as well(these will often pass Spamfilter) for Spam. If you can’t get the comment translated, it’s mostly better to keep the comment back or to drop it. From my point of view it’s better to have one or two legit comments less than to have one Spammy.

Tags: none
Tags: approve, Comment, Language, SPAM

Comments No Comments »

As Spam is a real big Problem within the Internet, today nearly no one gets around it, as Internet consumer(someone who doesn’t offer own communication platforms) you may not notice that Problem too much, maybe you didn’t even noticed it really. But it’s definitely a real Problem, Spam is everywhere.
You get it with your Daily Emails, already when you input your Email once to some untrustworthy Mailing list or application, and from that date it never will stop again. If you’re lucky that’s everything where you get into contact with Spam, as soon as you own some Blog/Forum aso. your Spam contact will be much bigger. How can I now prevent these platforms from Spam?

Registered Users only

One Option which is widely used is to allow Postings only to registered Users. This keeps out every Spambot who doesn’t have a routine to register to this platform(or to register in general). Additional many registering processes require that the email is validated, if that doesn’t happen the account will not be able to use this Account. Again that will prevent many Spambots from Posting Spam, as many Bots do have some registering routine, but they don’t use valid Email Accounts and/or don’t do the needed steps to activate the platform account.

What’s the reason that they don’t do this?

Mostly it’s the reason that there are enough platforms outside who still doesn’t use such a protection mechanism. Sadly that method may take away some Users, who would like to post some Comment/Post, but they’re not willed to create therefore some Useraccount just for one or two single contributions. The reason why they’re not willed to do so is,(you will know it mostly as you’ll surely think similar) is that they’re afraid of getting Spammed on their Email. And that only because he registered at some small website who delivers your Email to some Spam mailer.

Fortunately there’s a way to receive Contributions from non-Members, and that without a big level of Spam you’ll have to fight with.

Spamblock and -labeling

One reason wasn’t mentioned above explicit, but you could read it between the lines. Maybe you, the platform owner, want although to catch the users who don’t want to register at your site just for a single post. But this position don’t needs to be negative for you. There are many solutions out who are really nice and widely used, so proved to work well.

In general I see three different kinds of applications, who mostly differ between what needs to be done in future by yours:

Install and care yourself about

These kinds of Software is just installed, then the User needs to add what words will block the user contribution, that kind of blocking was more commonly in the early days of spam, where no services where available to Check Messages for Spam. You have to take care of the filter list, as the spam messages get changed regularly. At some point you’re within a dead end, the spam messages doesn’t contain any words you can block without blocking potentially legit posts. This kind of App, isn’t doing too well any more as Spam gets changed regularly, and sometimes don’t even appear a human to be Spam on the first moment. The mentioned problem is more likely to happen on Websites which handle common Spam themes like Real Estate, Pharmacy and so on.

An example Can be get here for phpBB

Human or Bot Tests

Some quite well working approach is to decide upon a Message, is Spam or not, is to ask for something which is only doable by a human. The best example is the CAPTCHA, the user is asked to type in some Letters and Numbers from a picture in order to be able to post the Message(or tagging it as no-Spam). But you need to be careful, there are already some Bots out who can read early CAPTCHAs or weak ones. On the other hand there are newer CAPTCHAs out which are quite hard to solve even for no handy caped people(just imagine how hard it would be for handy caped ones). Some good CAPTCHA method was developed by Microsoft you’re given 9 Photos of Dogs and Cats and you have to select only the Cats/or Dog ones. The project is called Asirra(Animal Species Image Recognition for Restricting Access) and is powered with photos by Petfinder.com

Then you have some Checkboxes you need to click if you’re a human(this is nowadays no problem for Bots any more, as they fill in every field). Another idea is to ask to calculate two values together through some addition, subtraction. This one is quite hard to solve for them, a newer version of it is to ask some questions which needs to be answered.

Spamlabeling as Service

Nowadays you’re served with Webservices who check your Email/Comments. These are used by many users and do catch the latest Spam quite fast, every User is able to improve the Ruleset as he can report false positives or not caught Spam. The best Example would be the well known Akismet.

These services are mostly the future of Spamblocking as your work is quite low at all, and you have a real good rate of false positives to catched Spam.

Conclusion

Spam is a really heavy Problem, since some years and will mostly stay another few years as long as no worldwide antispam act is done, so the Spammer can be suit everywhere one the world. But you have since the start some really good Protect mechanism, and fighting Spam was never easier before with Services like Akismet. Don’t belong to the People who loose time and money through Spam. Fight it, you’ll not regret it!

Tags: none
Tags: fight, SPAM

Comments No Comments »

I never thought about such an step by myself, maybe as I never encountered such a thing upto date.
But if you run your own Webspace you should never steal any ones content or bandwidth. Then as soon as he notice it you can get some real problems, maybe he starts a lawsuite against yours(you maybe ignored some copyright laws, you caused some additional costs for him(bandwidth)). What does happen if he simply replaces the content/redirects your website to something which does harm your visitors, or does blame you?

On the Following WordPress Topic you’ll can read that someone linked to some JS of Website_A. This JS is the Output of some public free available WP Plugin, the JS code even mentions that it’s generated by some Plugin. But somehow the owner of Website_B was too lazy, or wanted to save some bandwidth that he simply linked to this JS file, on Website_A.
After the owner of Website_A recognized that someone was stealing his Bandwidth he created some mod_Rewrite Rule which redirected the Request from this JS to some other JS file, which contained an alertbox which appeared in front of the Visitor and told him that this Website steals some Traffic from another one. After one month the owner of Website_B discovered that JS change and removed the JS.

But it’s important to say that theoretically the owner of Website_A could have written any JS code into that file. So he could steal some Cookies of the Users of Website_B or anything else he would like, he could even start some Phishing attack.
The owner of Website_B made his website vulnerable because he was to lazy to get the script itself.

Every good Webmaster/Site owner does not steal any content, as this is unethical and maybe more important dangerous!

Tags: none
Tags: mod_Rewrite, Steal, Webmaster, Wordpress

Comments 1 Comment »

Bad Behavior has blocked 18245 access attempts in the last 7 days.