Yesterday I received an email from my hosts saying they had received a report of email spam coming from my site. They said they had removed the offending script and suggested my site had been exploited. Like a good webmaster I logged in and checked my files. Nothing was amiss except a new directory with a random name like rbdfghydhf. I deleted the directory then started checking my server logs to see what requests had been made around the time the directory was created. I found nothing so began the process of deleting old files and scripts, which is something we should do regularly anyway.
So four hours later, after some Battlefield 4, I log back in to find a whole bunch of new directories had been made and again nothing in the logs to indicate how they were created. So I contacted my hosts and asked them to check the ownership of the directories and the files they contained. They eventually got back and told me they had been created via my FTP account from an an IP address in Poland, 77.114.120.185. Given my username and password are not simple things I scanned my computer to make sure it hadn’t been compromised. Two different anti virus programs and no malware found. Then I remembered that about a month or so ago I tested three FTP apps on my Android phone. One didn’t seem to work but the other two worked just fine after some messing with the settings. So by logical deduction I suspect this is how my account details got compromised. I checked the Play Store and only two of the three apps I tested are still listed which is another sign that this was the problem.
The moral of the story, if you need to FTP from your mobile device or anything else that requires your sites login details stick with trusted names or those that have a lot of reviews both good and bad. I was lucky but they could of done some serious damage.
]]>I also added a new function, toggleSlide, which means instead of needing a link to call the slideDown and then one to call the slideUp you can just call toggleSlide and it will either slide it up or down depending on it’s current state.
And so I am offering my version of the script here since I think some people might be in the same boat as me and find my solution useful and also because the original source is no longer available.
/* Originally from http://www.harrymaugans.com/2007/03/06/how-to-create-an-animated-sliding-collapsible-div-with-javascript-and-css/ Update by Carbonize - http://carbonize.co.uk Date: Sun, 10 March 2013 20:15:24 GMT To use simply use slidedown(objects ID) to slide it down/open or slideup(object ID) to make it slide up/closed Or simpler yet I have added toggleSlide(object ID) so you can just call one function and it will automatically slide the object up or down depending on it's current situation Please remember to set the elements overflow to hidden as in overflow: hidden; otherwise it's contents will be visible. And you might want to add return: false; when you call it to stop the link you are using from doing anything. */ var timerlen = 5; var slideAniLen = 250; var timerID = new Array(); var startTime = new Array(); var obj = new Array(); var endHeight = new Array(); var moving = new Array(); var dir = new Array(); function slidedown(objname){ if(moving[objname]) return; if(document.getElementById(objname).style.display != "none") return; // cannot slide down something that is already visible moving[objname] = true; dir[objname] = "down"; startslide(objname); } function slideup(objname){ if(moving[objname]) return; if(document.getElementById(objname).style.display == "none") return; // cannot slide up something that is already hidden moving[objname] = true; dir[objname] = "up"; startslide(objname); } function startslide(objname){ obj[objname] = document.getElementById(objname); startTime[objname] = (new Date()).getTime(); if(dir[objname] == "down"){ obj[objname].style.height = "1px"; } obj[objname].style.display = "block"; endHeight[objname] = parseInt(obj[objname].scrollHeight); timerID[objname] = setInterval('slidetick(\'' + objname + '\');',timerlen); } function slidetick(objname){ var elapsed = (new Date()).getTime() - startTime[objname]; if (elapsed > slideAniLen) endSlide(objname) else { var d =Math.round(elapsed / slideAniLen * endHeight[objname]); if(dir[objname] == "up") d = endHeight[objname] - d; obj[objname].style.height = d + "px"; } return; } function endSlide(objname){ clearInterval(timerID[objname]); if(dir[objname] == "up") obj[objname].style.display = "none"; obj[objname].style.height = endHeight[objname] + "px"; delete(moving[objname]); delete(timerID[objname]); delete(startTime[objname]); delete(endHeight[objname]); delete(obj[objname]); delete(dir[objname]); return; } function toggleSlide(objname) { // Pointless going any further if we are already sliding the object if(moving[objname]) return; if (document.getElementById(objname).style.display == 'none') { // div is hidden, so let's slide down slidedown(objname); } else { // div is not hidden, so slide up slideup(objname); } } |
Here’s some example HTML
<a onclick="toggleSlide('myDiv'); return false;" href="somewhere.php">Toggle Div</a> |
In the European Union alone, thousands of children are still missing. They run away from conflicts at home, are the victims of parental abductions, disappear after having travelled across the EU alone, or are abducted by criminals. But there is a way you can help, namely by installing the Notfound application. By doing this, automatically, a picture of a missing child will be posted on every 404 page of your website. This is how you can help Child Focus spread a maximum number of photos and help all missing children find their way home.
Discover the application on www.notfound.org.
]]>function randomString($strLen = 32) { // Create our character arrays $chrs = array_merge(range('a', 'z'), range('A', 'Z'), range(0, 9)); // Just to make the output even more random shuffle($chrs); // Create a holder for our string $randStr = ''; // Now loop through the desired number of characters for our string for($i=0; $i<$strLen; $i++) { $randStr .= $chrs[mt_rand(0, (count($chrs) - 1))]; } return $randStr; } |
Using it is simply a case of calling it and specifying how long to make the string otherwise it uses the default length of 32 characters.
echo randomString(12);
To also make it use symbols you just change the array_merge to
// If we want letters, numbers and symbols
$chrs = array_merge(range('a', 'z'), range('A', 'Z'), range(0, 9), array('!','£','$','%','^','&','*','(',')','-','=','+','@','#','~','?'));
Now for the JavaScript version. JavaScript has neither a range() function nor an easy way to shuffle an array so the code here is a little longer.
function randomString(len) { // Just an array of the characters we want in our random string var chrs = ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9']; // Check that a length has been supplied and if not default to 32 len = (isNaN(len)) ? 32 : len; // The following section shuffles the array just to further randomise the output var tmp, current, top = chrs.length; if(top) { while(--top) { current = Math.floor(Math.random() * (top + 1)); tmp = chrs[current]; chrs[current] = chrs[top]; chrs[top] = tmp; } } // Just a holder for our random string var randomStr = ''; // Loop through the required number of characters grabbing one at random from the array each time for(i=0;i<len;i++) { randomStr = randomStr + chrs[Math.floor(Math.random()*chrs.length)]; } // Return our random string return randomStr; } |
Just remember the code is far from perfect and was created to do a simple job.
It also has one nice extra function you might find useful…
The directMail function will look up the recipients SMTP server and try to deliver the email directly to it thereby bypassing the need for you to have access to an SMTP server to send through. Just remember your host may frown upon the use of this function.
/* * SMTP Email Sending * By Stewart Souter * Date Created: Thurs, 11 August 2011 17:15:37 GMT * Last Updated: Fri, 19 August 2011 10:54:35 GMT * email: [email protected] * * By using this script you are agreeing to leave this * comment and agreement in place and untouched. If you * use any part of this code you must make it clear where * it came from and give credit where it is due. */ $mailCfg['Server'] = ''; // Servername $mailCfg['User'] = ''; // SMTP username if needed $mailCfg['Pass'] = ''; // SMTP Password if needed $mailCfg['Port'] = 25; // SMTP server port. 25 is the usual and 465 if using SSL $mailCfg['popServer'] = ''; // Name of the pop server. Leave empty if POP Auth not required $mailCfg['popPort'] = 110; // Port for the pop server. 110 is the usual and 995 if using SSL $mailCfg['SSL'] = 0; // Does your SMTP server need you to use SSL or TLS? 0 = no, 1 = SSL, 2 = TLS // This function delivers the email directly to the recipients mail server so bypassing the need for your own function directMail($mailTo, $mailSubject, $mailMsg, $mailHeaders = '', $mailFrom = '', $mailCfg) { if(empty($mailFrom)) { return false; // No from address == no sending } $mailParts = explode('@', $mailTo); // Seperate the parts of the email address @getmxrr($mailParts[1], $mxHosts, $mxWeight); // Get the MX records for the emails domain for($i=0;$i<count($mxHosts);$i++) // Put the records and weights into an array { $mxServers[$mxHosts[$i]] = $mxWeight[$i]; } asort($mxServers); // Sort the array so they are in weighted order foreach($mxServers as $key => $value) { $mailCfg['Server'] = $key; // Set the SMTP server to the current MX record if(smtpMail($mailTo, $mailSubject, $mailMsg, $mailHeaders, $mailFrom, $mailCfg)) // Send the email using the MX server { return true; // The email was successfully sent } } return false; // Houston we have a problem } // This function connects to the SMTP server and does the AUTH if needed. Can also do a POP login if server requires that. function smtpMail($mailTo, $mailSubject, $mailMsg, $mailHeaders = '', $mailFrom = '', $mailCfg ) { if(empty($mailFrom)) { return false; // No from address == no sending } $timeout = '30'; // How long to keep trying to connect $localhost = 'localhost'; // How to identify ourselves $logArray = array(); // For storing the replies /* * * * POP Login if required * * */ if(!empty($mailCfg['popServer'])) // Can't really do POP Auth without a server { $ssl = ($mailCfg['SSL'] != 0) ? (($mailCfg['SSL'] == 1) ? 'ssl://' : 'tls://') : ''; // If SSL or TLS add it $popConnect = @fsockopen($ssl.$mailCfg['popServer'], $mailCfg['popPort'], $errno, $errstr, $timeout); // Connect if(!$popConnect) // If we fail to connect... { $logArray['POPconnect'] = $errstr . '(' . $errno . ')'; // Log the given reason... logMailError($logArray); // And output to the log file. return false; } else { $logArray['POPconnect'] = @fgets($popConnect, 515)); // POP servers only return single line replies. Or should. if(!mailPackets('AUTH LOGIN', $popConnect, 'SMTPauth')) //Request Auth Login { return false; } if(!mailPackets('USER ' . $smtpUser, $popConnect, 'POPuser')) // Send username. POP is plaintext { return false; } if(!mailPackets('PASS ' . $smtpPass, $popConnect, 'POPpass')) // Send password, again in plaintext { return false; } if(!mailPackets('QUIT', $popConnect, 'POPquit')) // Say bye to the server { return false; } fclose($popConnect); // Close connection } } /* * * * End of POP Login * * * * */ /* * * * Start of SMTP stuff * * * */ $ssl = ($mailCfg['SSL'] != 0) ? (($mailCfg['SSL'] == 1) ? 'ssl://' : 'tls://') : ''; // Set the encryption if needed $smtpConnect = @fsockopen($ssl.$mailCfg['Server'], $mailCfg['Port'], $errno, $errstr, $timeout); // Connect if(!$smtpConnect) // If we fail to connect... { $logArray['SMTPconnect'] = $errstr . '(' . $errno . ')'; // Add the reason to the log... logMailError($logArray); // Then output the log return false; } else { $cnectKey = 0; // A counter for when we receive multiple lines in reply do { $smtpResponse = @fgets($smtpConnect, 515); // Get the reply $cnectKey++; // Increment the counter $logArray['SMTPconnect' . $cnectKey] = $smtpResponse; // Log the response $responseCode = substr($smtpResponse, 0, 3); // Grab the response code from start of the response // If we get an error terminate the connection and log the results so far if($responseCode >= 400) { logMailError($logArray, $smtpConnect); return false; } } while((strlen($smtpResponse) > 3) && (strpos($smtpResponse, ' ') != 3)); // Loop until we get told it's the last line $ehlo = mailPackets('EHLO ' . $localhost, $smtpConnect, $logArray, 'SMTPehlo'); // Let's try using EHLO first if($ehlo != 250) // Server said it didn't like EHLO so drop back to HELO { if(!mailPackets('HELO ' . $localhost, $smtpConnect, $logArray, 'SMTPhelo')) // Send HELO. No EHLO means server doesn't support AUTH { return false; } } if(!empty($mailCfg['User']) && ($ehlo == 250)) // We have a username and server supports EHLO so send login credentials { if(!mailPackets('AUTH LOGIN', $smtpConnect, $logArray, 'SMTPauth')) // Request Auth Login { return false; } if(!mailPackets(base64_encode($mailCfg['User']), $smtpConnect, $logArray, 'SMTPuser')) // Send username { return false; } if(!mailPackets(base64_encode($mailCfg['Pass']), $smtpConnect, $logArray, 'SMTPpass')) // Send password { return false; } } if(!mailPackets('MAIL FROM:<' . $mailFrom . '>', $smtpConnect, $logArray, 'SMTPfrom')) // Email From { return false; } if(!mailPackets('RCPT TO:<' . $mailTo . '>', $smtpConnect, $logArray, 'SMTPrcpt')) // Email To { return false; } if(!mailPackets('DATA', $smtpConnect, $logArray, 'SMTPmsg')) // We are about to send the message { return false; } // First lets make sure both the message and additional headers do not contain anythign that might be seen as end of message marker $mailMsg = preg_replace(array("/(?<!\r)\n/", "/\r(?!\n)/", "/\r\n\./"), array("\r\n", "\r\n", "\r\n.."), $mailMsg); $mailHeaders = (!empty($mailHeaders)) ? "\r\n" . preg_replace(array("/(?<!\r)\n/", "/\r(?!\n)/", "/\r\n\./"), array("\r\n", "\r\n", "\r\n.."), $mailHeaders) : ''; // Create the default headers, attach any additonal headers $mailHeaders = "To: <".$mailCfg['To'].">\r\nFrom: <".$mailCfg['From'].">\r\nSubject: ".$mailCfg['Subject']."\r\nDate: " . gmdate('D, d M Y H:i:s') . " -0000".$mailHeaders; if(!mailPackets($mailHeaders."\r\n\r\n".$mailMsg."\r\n.", $smtpConnect, $logArray, 'SMTPbody')) // The message { return false; } mailPackets('QUIT', $smtpConnect, $logArray, 'SMTPquit'); // Say Bye to SMTP server fclose($smtpConnect); // Be nice and close the connection return true; // Return the fact we sent the message } } // This function sends the actual packets then logs the reponses and parses the reponse code function mailPackets($sendStr,$mailConnect,&$logArray,$logName = '') { $newLine = "\r\n"; // LEAVE THIS ALONE $keyCount = 0; // Just an incremental counter for when we get more than a single line response @fputs($mailConnect,$sendStr . $newLine); // Send the packet do // Start grabbing the responses until we either get a terminal error or told we are at the end { $mailResponse = @fgets($mailConnect, 515); // Receive the response $keyCount++; // Incrememnt the key count $logArray[$logName . $keyCount] = $mailResponse; // Put the response in to the log array $responseCode = substr($smtpResponse, 0, 3); // Grab the response code from start of the response // Check for error codes except on ehlo, auth, and user details as they are not always fatal if((($logName != 'SMTPauth') && ($logName != 'SMTPuser') && ($logName != 'SMTPehlo') && ($logName != 'SMTPpass')) && ($responseCode >= 400)) { logMailError($logArray,$mailConnect); return false; } elseif((substr($responseCode, 0, 1) == 4) || ($responseCode >= 521) && ($logName != 'SMTPehlo')) { logMailError($logArray,$mailConnect); return false; } } while((strlen($mailResponse) > 3) && (strpos($mailResponse, ' ') != 3)); // Loop until we get the end response return $responseCode; // Return the response code } function logMailError(&$logArray, $mailServer = false) { if($mailServer) { fclose($mailServer); // Be nice and close the connection } $fd = @fopen ('smtplog.txt', 'a'); // open the log file $mailResults = print_r($logArray, true); // Create a nice printable version of logArray @fwrite($fd,$mailResults); // Write the log @fclose ($fd); // Close the file } |
Also Mozilla has released a new version of Firefox 3.5. It is marked as beta 99 but is basically something between a beta and a release candidate. it has improvements to Tracemonkey, the engine used to clean up memory usage but not sure it works that good at removing things from memory it no longer requires.
Now Google Chrome has excellent memory handling it’s just a shame it’s options are sparse, it has no extension support (even IE supports extensions/plug ins) (apparently as of version 2 it does) and the rendering engine, WebKit, is far from perfect. Sites like Facebook can prove a nightmare at times when it’s divs disappear behind it’s ad bar.
I’ve personally decided to give Firefox a break and use Flock for a few weeks.
]]> order allow,deny
deny from 9.120.161.206
allow from all
And that will block the computer at ip address 9.120.161.206 from being able to access your site. But what if you want to block a whole range of ip addresses such as 9.120.161.0 to 9.120.161.255? Well then we just leave off the end number like this
order allow,deny
deny from 9.120.161.
allow from all
Ok so now we get to the clever and damn fiddly bit. As of Apache 1.3 we can use CIDR codes to specify ranges of ip addresses. So another way of writing the above code would be
order allow,deny
deny from 9.120.161.0/24
allow from all
and that would do exactly the same as 9.120.161. but we can do so much more. After the break (ie click the read more link) I will show a list of the CIDR codes and what they do.
Ok first thing we need to do is explain that CIDR goes from 0 to 32. 0 covers every possible ip address, all 4,294,967,296 of them so doesn’t really get used much. As CIDR is based on bits the number of ip addresses blocked doubles as we go down the list.
32 only block the single ip address so is a bit pointless
31 blocks 2 address so would block 127.0.0.1 and 127.0.0.2. Could just as easily be like 127.0.0.19/31 as you can start from any ip address
30 blocks 4 ip address so 127.0.0.1 to 127.0.0.4
29 blocks 8 ip address so 127.0.0.1/29 would block 127.0.0.1 to 127.0.0.8 (starting to see a pattern?)
28 down to 25 I’m sure you can figure out. It’s from 24 it gets interesting.
24 blocks a whole sub set of ip addresses (thats 256 addresses) so we can use 127.0.0.0/24 to block 127.0.0.0 to 127.0.0.255
23 blocks 512 address so that’s 2 entire subsets. 127.0.0.0/23 would block 127.0.0.0 to 127.0.1.255
22 is 1024 addresses or 4 sub sets
21 is 2048 or 8 sub sets
20 is 4096 address or 16 sub sets (like 127.0.0.0 to 127.0.15.255)
19 would be 8192 address so 32 sub sets. I used this one when blocking keyweb.de servers
18 is 16384 or 64 sub sets
17 equals 32768 addresses and I used it to block some layeredtech
16 is the lowest CIDR code I have used and that covers 65536 addresses or 256 sub sets. This is again used to block LayeredTech.
I’m pretty sure you can work the rest out for yourself from here on. I got my information from this Wikipedia entry. I will now post a couple I have used in my own htaccess and say why.
# These two are for layeredtech. Well known friend to spammers.
deny from 72.232.0.0/16
deny from 72.233.0.0/17
# Keyweb.de servers. Plenty of spam attempts from them
deny from 87.118.96.0/19
# Dragonara.net just started getting spam attempts from them
deny from 194.8.74.0/23
. If you write Javascript then you will find atleast one of the functions useful.
And I know it was written in 2005 but the functions are just as valid today.
]]>Now we get to the main reason I swiftly uninstalled it. I downloaded the Eicar test file which is a standard file that all antivirus programs recognise as a test file so you can test if your antivirus is working or not. So I put the eicar.com file on my desktop and ran it. Rising Antivirus did absolutely nothing. I can accept it not detecting it during the download because my favourite free antivirus, AntiVir, only scans files when they are opened or read. To not detect the test file when run makes me wonder what else it doesn’t detect. I told it to scan the eicar.com file and it alerted me that it was a virus (well a test file which is what it should report it as) but not even a beep from Rising Antivirus when I run the file. In fact I had to turn Rising’s detection level up to high to get it to report it as a virus when I opened it. Even then I could see the command window in the background that eicar.com opens so I’m not even sure that if it had been a virus Rising Antivirus would of stopped it doing anything.
So my advice is avoid this anti virus like the plague. The best free anti virus, in my opinion, is AntiVir and the next best free one is Avast. I can no longer even recommend AVG as third place because all reports say as of version 8 AVG has become a resource hog that slows your computer down.
]]>My main gripe at the moment is sites that require you to have cookies enabled but have terrible code in place for if you don’t.
A good example is Game who put you in to an infinite redirect loop if you have cookies disabled. In fact you have to enable cookies on their site to see the page that tells you that you needs cookies enabled to view the site 
Another bad one I just found, and this one is really really bad, is download.com. You don’t need cookies to view the site but if you have them disabled and click through to view a programs page your browsers memory usage goes through the roof. I tested this in Firefox 3.1 b3, IE8 and Chrome. With all three browsers I had to use task manager to close them thanks to download.com’s sloppy web code.
So please, if you are going to write a site that requires that visitors accept cookies, make sure you have good code in place to handle people like me who have cookies disabled.
]]>