Jump to content

phil

Anti-Spyware Brigade
  • Content Count

    1,222
  • Joined

  • Last visited

About phil

  • Rank
    Advanced Member
  • Birthday 06/20/1989

Contact Methods

  • MSN
    lavinpj1@hotmail.com
  • Website URL
    http://www.pchowtos.co.uk
  • ICQ
    0
  • Yahoo
    lavinpj1

Profile Information

  • Location
    Warwick, England

Previous Fields

  • System Specifications:
    AMD Turion64 X2 2.00Ghz 2Gb PC5200 DDR2
  • Teams:
    Linux Users Club
  1. The license fee goes primarily towards funding the running of the BBC which provides a varying range of programs including unbiased news reporting. This all has the added benefit of not requiring 4x5 min advert breaks in a 30 min show. On the point of the question, a simple paid proxy service won't work as iPlayer is flash. I have managed to get it to work from Ireland by using puTTY to create a local SOCKS5 proxy tunneled over an SSH connection and then using an app like sockscap or freecap to proxy all connections (including Flash) from Firefox. Was a little buggy and crashy though. Phil
  2. Debian + lighty + vsftpd + (postfix for smtp, courier for imap(s), saslauthd) is the combination I've used happily for a few years. Phil
  3. This kind of thing is not uncommon. In shared hosting environments with no suphp every php thread/process runs as the same user. Thus any user can potentially edit any other users files with a php script. Check the user:group owners of your files and if they are yourusername:httpdgroup (e.g. phil:www-data) ensure that their chmod values are 640. Only use 770 where a file must be writable. If this is not the case (i.e. the user:group owner is yourusername:yourusergroup) then you likely have some bad code within your own site that is allowing RFI attacks - ensure all of your 3rd party code installs (forums, CMS, bug trackers, etc.) are all fully updated to the latest versions. It's not an all very good idea to use a shared host which does not use suphp since any user/exploited site on the box can read your config files and access your databases. Sadly most shared hosting services are run by idiots who think installing CPanel makes them a sys admin. I suggest spending a little more money and choosing a well administrated host. Phil
  4. I'm not entirely sure what the "RPC Server" does. It may be related to remote desktop which uses RPC. If your devices are behind a NAT enabled router (i.e. you have 1 public IP from your ISP and each of your devices has a private* IP) then you should be safe providing you have no unnecessary port forwards. * Private IPs being... 10.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16 Phil
  5. 445 is SMB. It looks like someone is probing you to see if you have any Windows file shares open. If your router uses NAT (if you're not sure it probably does) then the attacks won't get through. Phil
  6. Other than the fact you don't sanitize user input to avoid yourself being used as an open relay for spam, what is the issue with the code? Phil
  7. I tried 3 different browsers at the time, however it seems to work in all now. Phil
  8. Hrmm... Am attempting to create a new topic in the networking forum however it is saying I don't have permission. I can create a topic in other forums. Any idea what the issue is? Phil
  9. The majority of spam these days is sent from infected machines or open relay mail servers. The party who owns the hardware that sends them typically has nothing to do with sending them. For this reason, it is near impossible to track down spammers and because of the huge number of infected machines, it is near impossible to block them. I use a quite effective DNSBL filtering machanism on my e-mail server that blocks known spammer IP addresses as well as all dynamic IP addresses. This works in blocking malware spam as the majority of users have dynamic IPs and nobody in their right mind runs a mail server on a dynamic IP. However in the case of your site, I imagine most of your legit users have dynamic IPs so this will not work. Phil
  10. You'll need both a domain name and web hosting. I've always found namecheap.com good for domain names but haven't had much luck with shared hosting providers. Perhaps someone else can recommend a good one for you. Phil
  11. Thanks for the replies guys. I realise I'm not in the class however the e-mail perplexed me such that I thought I'd run it by you all for clarification. Phil
  12. This one landed in my inbox today and has royally stumped me. It looks absolutely flawless and I cannot even remotely prove it to be a scam of any sorts. I'm currently consulting a New York lawyer about the legitimacy of the "Garden City Group" but he hasn't gotten back to me yet. See what you think: The Original E-Mail... The site it links to in the e-mail is www.steelesettlement.com. This has direct links to gardencitygroup.com both by whois records and actual DNS records. Both sites are hosted by twtelecom.net which appears to be a managed network provider in CO. The e-mail was sent as being apparently from steelesettlement@tgcginc.com. The tgcginc.com domain has the same links to The Garden City Group as teelesettlement.com. The headers of the mail are as follows. They show that the mail does indeed originate from tgcginc.com but is sent through an elaborate internal mail relay system before finally being sent from an IP sub-assigned by Level 3 Communications to openaccessinc.com. As you can see, my spam filter loves it - giving it a more nagative score than mails from my own mother. Is this legit or the most elaborately hatched Internet scam ever? Phil
  13. Along the right lines but... The password input by the user will be sent in plain text over The Internet when it is sent to the server for auth confirmation. The way around this would be to have the page that the form posts to encrypted with ssl (https) e.g. submit from http://yoursite.com/login.php to https://yoursite.com/logincheck.php and then back to http://yoursite.com/loggedin.php. I recommend godaddy's basic ssl certificate as a cheap way of adding https support to your site. Phil
  14. Cookie's in php are extremely easy. Here's a tutorial I wrote a while ago: http://www.pchowtos.co.uk/index.php?page=t...=view&id=51 Phil
  15. The best policy would be to disable the wireless card. Phil
×
×
  • Create New...