Category Archives: Hacking & Threat Attack

Hotlinking/bandwidth theft, check hotlinking and preventing hotlinking

check-hotlinking-and-preventing-hotlinking

Hot linking can also be called as “leeching” or “bandwidth theft” is a term referring to when a webpage of one website is direct linking to the images/videos or other multimedia files on the web host of another website (usually without permission, thus can be called as stealing bandwidth).

 

E.g. Like an <img  alt=”” /> tag to display an image you found on someone else webpage so it will appear on your site, eBay auction listing, weblog, forum message post, etc.

 

Bandwidth can be referred as the amount of data transferred from a website to a user’s computer. Whenever you view a web page, you use that site’s bandwidth to display the files. Since web hosts charge based on the amount of data transferred, bandwidth is the issue. If a site is over its monthly bandwidth, it’s billed for the extra data or taken offline.

 

One of the most common occurrences of “hot linking” is when people post on a forum and they hotlink pictures from another website to use as avatars or signature images on the message boards.

 

Some disadvantages of hot linking are that the webpage generally loads slower when you link to images stored on a different server than the webpage is hosted on, and the owner of the image has full control to disable hot linking, or delete, rename, or make worst it, do a “switcheroo” (i.e. switching the file name to be another image which is sure to cause the hot linker embarrassment) of the hot-linked image.

 

Common methods of preventing hot linking are by using an .htaccess file, using the “Hotlink Protection” offered in control panels such as Cpanel, or simply renaming image files periodically.

 

HOW COULD YOU KNOW THAT YOU ARE HOTLINKING?

<img src=”image.jpg” height=”350″ width=”200″>
<img src=”http://notyourwebsite.com/image.jpg” height=”350″ width=”200″>

This img tag tells the site to request the image.jpg from a different server. Every time the page is loaded, the outside server has to use its bandwidth to display the image. To avoid this problem, don’t link to files on servers. To share images and files on your own web page, upload them to your own server’s directory or to a free image hosting service that allows direct linking.

Below are some free image/video hosting service providers

http://www.dropshots.com/
http://photobucket.com/

 

DRAWBACK OF HOTLINKING

Hot linking can have a lot of undesirable results. One is the so-called “switcheroo“.
Displaying an image or file that doesn’t belong to could be a violation of copyright, making you open to litigation. The owner of the file could utilize DMCA law to have your site shut down and your information given for use in legal proceedings.

 

HOW CAN YOU TEST YOUR WEBSITE HOTLINKED?

Enter the complete URL (ex: http://yoursitename.com/image.jpg) to see if your image can be loaded and hot linked by other server.
http://www.free-webhosts.com/hotlinking-checker.php

 

PREVENT HOTLINKING USING .htaccess

Below code can be written in .htaccess file to stop hot linking and bandwidth theft.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ http://www.yourdomain.com/badimage.jpg [R,L]

Replace yourdomain.com to your domain name and badimage.jpg to your image which you want to show instead of hot linked image.

Please be sure your mod_rewrite is ON on your server before above .htaccess updates.

 

Can not receive emails sent from my mail server to my test accounts on gmail, hotmail and yahoo, how to resolve this issue?

can-not-receive-emails-sent-from-my-mail-server

On a normal server, there is a limit of mails, that can be sent in a day, but due to error or some issue if a large number of mails sent automatically from your server, and then they (gmail, hotmail yahoo and other) block the incoming mails from that server.

 

This means that your IP address is blocked and reported as a spam IP, to remove it from the spam list,

 

1. Go to http://www.spamhaus.org/lookup.lasso
2. Check your IP/Domain if it is blocked
3. If it is blocked select to remove it from black list

 

Wait between half and one hour and then try again to send an email to hotmail, gmail or yahoo.

 

 

How to change or reset XAMPP MySQL root password?

xampp-mysql-root-password

If you want to reset or change xampp mysql password, or have forgot the password for accessing phpMyAdmin then just follow the below step to reset the password or change the password.

 

You can do this by two methods.

 

Method 1

The easiest way is to use the security console, which you can access at http://localhost/security/
This “console” creates a password for the MySQL user “root” and is adjusting the phpMyAdmin configuration.

http://localhost/security/xamppsecurity.php

 

Method 2

With the “XAMPP Shell” (command prompt) you can also reset the password. Open the shell and execute this command
mysqladmin.exe -u root password newpassword

 

Of course, your password should not be “newpassword”, too. In the next step you must adjust the phpMyAdmin configuration for this new password. In the file “D:\xampp\phpMyAdmin\config.inc.php” change the lines:

$cfg['Servers'][$i]['user']     = 'root';
$cfg['Servers'][$i]['password'] = '';

To:

$cfg['Servers'][$i]['user']     = 'root';
$cfg['Servers'][$i]['password'] = 'newpassword';

 

Instead in the XAMPP Shell, you can also change the password with phpMyAdmin, and then adjust the phpMyAdmin configuration.

I hope, it will help.

Use of Environment variables

environment-variables

Environment variables windows

 

Environment variables are a set of dynamic named values that can affect the way running processes will behave on a computer.

 

You can say, It is a dynamic “object” that stores a value, which in turn can be referenced by one or more software programs in Windows (OS). Environment variables help programs know what directory to install files in, where to store temporary files, where to find user profile settings, and many other things.

 

Variable names are NOT case sensitive in Windows OS.

 

Environment variables are dynamic because they can change. The values stored can be changed to match the current system’s setup and design (environment). They can also differ between computer systems because each computer can have a different setup.

 

There are a number of environment variables that get referenced by programs and can come in handy for a computer user to find needed information about their computer environment.

Below is the list of some common and important environment variables.

 

%appdata%
%commonprogramfiles%
%local%
%localappdata%
%programfiles%
%temp%
%userprofile%
%windir%

 

You can get some common information using environment variable quickly.

 

You can quickly access any of the above folders by entering the environment variable in the Windows Run box or Windows Search Box.
e.g: To get into the Application Data folder type %appdata% and then press Enter in the Run box.

 

%appdata%
The %appdata% environment variable contains the directory path to the Application Data folder for your user profile. This folder stores settings and logs, among other things, for various software programs. The settings and logs stored there are specific to your user profile.

 

%commonprogramfiles%
The %commonprogramfiles% environment variable contains the directory path to the Common Files folder, within the main Program Files folder. This folder contains various files for common programs and utilities on a computer, mostly system and services related. The default directory path this variable points to is c:\Program Files\Common Files.

 

%local%
The %local% environment variable points to where the security policies & rules are located for the user’s account, Windows in general, Windows Firewall, Network, and various software programs on the computer. This environment variable is native to Windows 7.

 

%localappdata%
The %localappdata% environment variable contains the directory path to where programs store their temporary files. Common temporary files to be stored here are Desktop Themes, Windows Error Reporting, program caching and Internet browser profiles. This environment variable is native to Windows Vista & Windows 7.

 

%programfiles%
The %programfiles% environment variable contains the directory path to where programs are installed. This directory contains sub-directories for each program, which contain the primary files needed by each program in order to run on a computer. The default directory path this variable points to is c:\Program Files.

 

%temp%
The %temp% environment variable contains the directory path to where temporary files stored. These temp files are often Internet temporary files and other user application temporary files (Microsoft Word, Excel, Outlook, etc.).

 

%userprofile%
The %userprofile% environment variable points to the current logged in user’s profile and the directory where user profile data is stored. It is in this directory that a user can find the following folders: My Documents, My Music, My Pictures, Desktop, and Favorites (Internet Explorer bookmarks).

 

%windir%
The %windir% environment variable points to the Windows directory, where Windows system files are located.The default directory path for most versions of Windows is c:\Windows (for Windows NT 4 and 2000, it is c:\WinNT).

 

Meta refresh redirect (tag) and Search Engines

The meta refresh tag or meta redirect is a tool for reloading and redirecting web pages. Meta refresh tag is easy to use, but most don’t know that innocent use of that tag may significantly lower your page rank or even get your pages banned in some of search engines.

 

The meta tag belongs within the <head> of your HTML document. When used to refresh the current page, the syntax looks like this:

 

<meta http-equiv="refresh" content="600">

 

<meta> – This is the HTML tag. It belongs in the <head> of your HTML document.

 

http-equiv=”refresh” – This attribute tells the browser that this meta tag is sending an HTTP command rather than a standard meta tag. Refresh is an actual HTTP header used by the web server. It tells the server that the page is going to be reload or redirect somewhere else.

 

content=”600″ – This is the amount of time, in seconds, until the browser should reload the current page.

 

However, when using this HTML redirect code, please ensure that you don’t use it to trick the Search Engines, as this could get your website banned. It is always best to work hard and learn quality ways in which to drive traffic to your web site.

 

Meta refresh tags have some drawbacks

 

  • Meta refresh redirects have been used by spammers to fool search engines. So search engines remove those sites from their database. If you use a lot of meta refresh tags to redirect pages, the search engines may decide your site is spam and delete it from their index. It’s better to use a 301 Server Redirect instead.
  • If the redirect happens quickly (less than 2-3 seconds), readers with older browsers can’t hit the “Back” button. This is a usability problem.
  • If the redirect happens quickly and goes to a non-existent page, your readers won’t be able to hit the “Back” button. This is a usability problem that will cause people to completely leave your site.
  • Refreshing the current page can confuse people. If they didn’t request the reload, some people can get concerned about security.
Alternatives of META Refresh  or best use of Meta Refresh Tag
  • Since search engines constantly change their algorithms and spam policies, a tag that may be fine one week could drop you to the bottom of the rankings the next. It’s best to not use the META refresh attribute on pages you want indexed, but if you do, set it to at least 10 seconds.
  • Server side redirection is a better way to ensure that visitors can still find your Web pages after you make changes because there are no spamming penalties associated with it. The most common use of server site redirects is to send visitors to a custom error document when they enter an invalid URL.
  • Although it’s a safer, more elegant solution, server side redirection is more technically demanding than using META tag or JavaScript redirects. But it won’t get you banned either! You’ll need to edit your .htaccess file on your server.
  • If you’re using a web host instead of running your own server, then the server administrator will probably have to make the change for you. Contact your Web host to see if they offer that service.

 

What is register_globals in PHP and how it affect website security?

PHP is a loosely typed language, i.e. you have to write less and can do/code whatever you want (structured programming) 🙂
PHP is used for quick web development, It’s library is very rich.

 

We can’t say that it is a good point or poor one, that PHP doesn’t required initialization of variables,but it is a bad habit.Let me explain what problem or issues happen if the user not initialize the variables?

 

In you php.ini file ,you can see the php settings and library installed and default values set in the flags.
You can view all these by inbuilt php function.

<?php echo phpinfo(); ?>

 

Now find register_globals,Check weather it’s value is set off or on.
By default in php >=4.2 It is set off, after a great discussion by the community it is decided to set it off by default.
What was the reason behind it ,let me explain.

 

If register_globals is on and you have initialized a variable suppose $var ,then on other page,if you use the same named variable ($var or $_SESSION[‘var’] or $_GET[‘var’] or $_POST[‘var’]) and haven’t initialized the variable then that variable automatically take value from $var from other page(implicitly).

 

Basically we have $GLOBALS, $_SESSION, $_GET, $_POST, $_COOKIE, $_REQUEST, $_SERVER, $_FILES, $_ENV variables in php.

 

If register_globals is on then it will inject your scripts with all sorts of variables, like request/post variables from HTML forms. PHP doesn’t require variable initialization means writing insecure code is much easier. It was a difficult decision, but the PHP community decided to disable this directive by default. When on, people use variables yet really don’t know or sure where they come from and can only assume. Internal variables that are defined in the script itself get mixed up with request data sent by users and disabling register_globals changes this.

 

if register global=off,reduces the chance of malicious users “leaking in” variables that have horrible content. Now you have to explicitly import these variables with $_GET, $_POST, or $_REQUEST, which cuts the chances that you’ve forgotten to give valid default values before importing the actual value (if any) with $_REQUEST etc. Of course, you still should validate a variable’s data before making use of it, to prevent injection attacks.It doesn’t matter how a variable used in your code arrived (explicitly via $_REQUEST, or implicitly via register global variables) if it contains bad content.

 

How can you set register_globals = off in your php.

1) Edit php.ini file and find register_globals

update that with  register_globals = off

 

2) Or you can do this by .htaccess file as well using the line below

php_flag register_globals off