| Products & Services |
 sGB Hosted Guestbooks Our Products sURL URL redirection vURL Webpage dissection |
| Homepages |
|
I.T. Mate AB Archive Blog Product Support sURL vURL Online
|
| Friends ... |
 BugHunter FSpamlist Helen Benoist Wrightway Computers |
Date: 11 June 2006 Title: Ur I.T. Mate Group Newsletter #31 ********************************************************** In this edition: - vURL Desktop Edition - Wagner's VIP med's - Amici - semplicemente il la cosa migliore! - Frames, they're not all bad - Scotty has a birthday? - Index.dat Suite 3.0 - Help us help you! ********************************************************** Hello readers, and welcome to the June edition of the newsletter. I realise things have been rather quiet of late but can assure you, just because things are quiet, does not necessarily mean nothing is going on. Between work commitments and friends, my free time is extremely sparse at present so things are unfortunately, a little slower they were before I got my new job. 1. vURL Desktop Edition I am happy to report, the second Alpha of the vURL Desktop Edition (vURL DE) was released a couple of days ago and with the exception of a couple of upcoming features, is already pretty much ready for public consumption. To those not in the know, vURL is a web based service that was started some time ago to allow the world and their dog, to view potentially unsafe website's, without actually having to visit them. Whilst the service has proved extremely popular since it's inception, and remains so as of this writing, I've had quite a few requests for a non web based version - hence vURL DE. vURL brings most of the features of the online version, to your desktop, removing the need to visit the vURL website. At present, vURL DE does not provide for image extraction, nor does it fully support Javascript based references. However, these are to come in due course. In the meantime, for those that would like to try it, I would like to extend a request for feedback on both the current features, aswell as any suggestions you may have for future features. vURL DE is currently available in two packages. First, the basic setup. This allow for installation, including the usual shortcuts (start menu etc), but does not come with all of the dependancies. The second, is the no-install package. This package is the most popular, and allows a simple "download and run", without installation. The dependancies required will need to be pre-installed for both of these packages and include the Windows Scripting Host (WSH), MSXML 4 or above and of course, the VB6 SP5 Runtime files. To those wondering, whilst I could have used the URLDownloadToFile Windows API (Application Programming Interface) (the same API that the Index.dat Suite and PUI update utilities use), I chose MSXML both because it is the same as the online version uses, and most importantly, it allows webmasters to identify the requests as coming from the application (more a common courtesy than a mandatory requirement). This is also the reason for needing scripting enabled for this application. Features still awaiting implementation for this application, include; - Add image detection and extraction - Cleanup and improve links detection - Add e-mail source functionality - Add net-block information for queried domains - hpHosts Online query - Allow saving/printing of links found - Better graphics/icon - "Check for new version" utility - Command line support Download vURL Desktop Edition http://support.it-mate.co.uk/?mode=Products&p=vurldesktopedition vURL Online Edition: http://mysteryfcm.co.uk/?mode=vURL&sub-mode=About NOTE: This edition is an alpha release and thus, is recommended ONLY for those that feel comfortable using pre-beta software. 2. Wagner's VIP med's The receipt of spam offering meds is certainly not something new to myself, or indeed anyone else. However, I felt this one required a little extra advertisment both to serve as a note to webmasters running contact forms, aswell as website server security. Over the past few weeks, I have received hundreds of thousands of e-mails from spammers from god knows where, offering everything from Cialis to Viagra to whatever the hell "Adipex" is. Though normally ignored and deleted, these were not sent via the usual methods, but were received via one of my site's feedback forms. Being the curious person that I am, I decided to investigate. At first, they pointed to a wiki that was hosted by pbWiki (www.pbwiki.com), and online wiki provider. After a little word in Clif's (Clif Notes Newsletter) ear, this wiki was shutdown and the spammer's net-block banned. Almost instantly however, this suddenly resulted in the URL referenced in the spam, changing to an entirely different, and unrelated server - wagnersf.org. http://mysteryfcm.co.uk/misc/wagners_meds/imgWagner_forums.gif Usually when someone spams my forms, I tend to get annoyed and write a method to prevent it in future. This time however, I let it continue to come through (as it is continuing to do as of my writing this). Unfortunately for wagnersf (The Wagner Society of Northern California according to their website), this spam whilst not coming from themselves, has meant two things - firstly their webmaster has begun to get a major migraine, and second, it could very well lead to users blaming them instead of the spammer (how is the user to know?). Deciding to investigate this one, I took a merry little walk to one of the URL's in the e-mail. Low and behold, I was taken to the Wagners forums, and a post offering me a whole heap of meds. This was not the end however, as, buried in the post was a lovely bit of code that held an href link that you must click on - or so I thought. I decided to run the code through vURL and to my amazement, found they didn't want you to click the URL yourself (presumably because they knew you wouldn't), but instead, had taken the liberty of including an encoded script to do the clickity action for you. Screenshot: http://mysteryfcm.co.uk/misc/wagners_meds/imgEncJS.gif Javascript after being decoded: http://mysteryfcm.co.uk/misc/wagners_meds/wagners_meds.txt The URL itself, leads to search-vip.org which to the casual browser, would look as if it had been disabled - not so. Going to the search-vip.org website does indeed look as if it has been disabled but I know that they know that you know that this is obviously not the case. Sticking "in.cgi" after the search-vip.org domain results in something else. vURL Query: http://mysteryfcm.co.uk/?mode=vURL&lnk=&pcon=1&enc=1&url=http://search-vip.org/in.cgi .. and this is what the HREF link in the posts point to. It does not however, end there. As you can see from the above, search-vip.org whilst being a royal PITA itself, re-directs you to a different domain once again. This time, vip-pharmacy.org. Going on it's homepage, it doesn't look like much - just your average rubbish search engine. http://mysteryfcm.co.uk/misc/wagners_meds/imgVIP_Pharmacy_home.gif Looks can be deceiving however, as you don't see the homepage initially, but a pretty little website thats actually had some scheming spotty little spammer, take some time to make the site look atleast a little believable. http://mysteryfcm.co.uk/misc/wagners_meds/imgVIP_Pharmacy_adipex.gif This site is simply a meds spam catalogue that leads to a whole heap of the same rubbish, scattered on various servers, so I shall refrain from going any further on this for now. However, you are probably wondering why I am wasting my time rambling on about this, so I shall instead, direct my attention to something else. After a phone call to America to speak to the webmaster of wagnersf.org (David Dalto), it appeared he thought he had already disabled the board due to previous spam and reports of such, and thus was a little worried about what had happened. Perhaps he had already disabled it, perhaps had simply forgotten to - either way, after the phone call, I am sorry to say that he has been forced to take the forums for his site, offline. I can assure those that receive the spam pointing to his site, that it IS NOT coming from them but is instead, coming from a multitude of spammers. As a note to webmasters, I would like to give a little info to hopefully prevent the same problems on your own servers. First and foremost, if you are going to run a third party forum or script on your website, MAKE SURE IT IS SECURE!. Secondly, and specifically with regards to forums, whilst disabling guest posting is always a good thing, in the case of wagnersf.org this clearly did not help as the spammers used a program or script, to automatically register them. To prevent auto-registration, ALWAYS ensure your forum REQUIRES an e-mail activation before the account can actually be used - this alone will deter most spammers. Unfortunately, online forms are a little harder to secure as far as preventing spammers goes as there is only so much you can do. If you are not a coder, but are instead using a third party script or provider, ensure you speak to them about the security and anti-spam aspects of the forms as they will most likely be the only one's that can help you with this. If however, you use forms written by yourselves, please always ensure you have blocked direct posting to the processing script, from outside of your server - THIS IS VERY IMPORTANT!. Next, though not always possible, try and ensure your form and it's processor, will only work when filled out manually. Ensuring it's filled out manually unfortunately, almost always requires the use of Javascript (the only time this is not required as far as I know, is when .Net is employed in the form) so may not always either work, or be viable - mostly because alot users tend to have this disabled anyway. You could of course, employ filters on your forms at the server-side. However, most of us will already be aware that this can only help so much. Perhaps blocking posts that include URL's (i.e. by detecting "://") will be the best solution (though not always viable), using a script that runs through an array of banned words such as cialis, viagra etc is another solution. Again however, this is not foolproof as spammers tend to attempt to mask their spam. Of course, you could always remove the forms all together and use an image containing a link to your e-mail address - though this will make it easier for the spammer to get your e-mail address. Not including the link unfortunately, whilst preventing spam entirely via your server, will also put off alot of users as it means they cannot click a link, fill in a form, or copy and paste your e-mail address. If you are a user and receive spam that points to a URL, DO NOT click the URL - EVER. If you want to check whether it's hosted by an innocent party, copy and paste the URL instead, and ALWAYS ensure you have scripts DISABLED when visiting them. Alternatively of course, you can run the URL through vURL; Online: http://mysteryfcm.co.uk/?mode=vURL Desktop Edition*: http://support.it-mate.co.uk/?mode=Products&p=vurldesktopedition Anyway, as this is only meant to be a note and a tip or two, I shall leave this here. I hope in some small way atleast, that the above helps atleast some of you. * This edition is an alpha release and thus, is recommended ONLY for those that feel comfortable using pre-beta software. 3. Amici - semplicemente il la cosa migliore! So what is Amici's then?, and why am I mentioning it here?. Well, to be precise, Amici's is an Italian restaurant in Forest Hall, Newcastle (next door to my office), and is where I occasionally go (when I can afford to) for lunch when I am at work. Though I would not normally mention a restaurant here, I felt this one deserved a little more. Not only because the food they offer is without a doubt, the best I have ever had (at home or otherwise!), but because of the wonderful bunch of ladies and gents that own it and/or work there. They are most definately, the friendliest bunch of people I've ever met in a restaurant (normally I just get the "what would you like?", "are you paying by cash, card or cheque?" - extremely boring and annoying). If you happen to be in Newcastle and feel like Italian, drop by - you won't regret it. Though no-where near as friendly as the restaurant itself, their website can also be found at the URL below. http://www.amici.me.uk/ Tel: 0191 215 1115 Map: http://www.multimap.com/map/browse.cgi?pc=NE128AQ&title=Amici ... and if for some silly reason, you want to say hi, my office is quite literally just next door to Amici ... 4. Frames, they're not all bad When developing a website, one of the most important aspects has to be the layout. Now if you ask any of the alledged "professionals", you will always be told that frames are definately a bad thing, and should always be avoided. Whilst I agree to a point, there is no denying their usefulness. A while ago, I mentioned a site I am developing using CSS, and the problems I was experiencing with it. After days of frustration, I decided to make things a little easier by using a frame. This has not only solved a problem that I could not resolve with CSS, but has also for some reason, resolved another problem I was experiencing with scrollbars that shouldn't be there. Prior to this change, when a page scrolled off of the visible area of the browser, a scrollbar appeared to allow the viewing of the rest of the content - however, the scrollbar was not the main bar, but a secondary bar, just as if I'd used an iFrame. Why it wouldn't use the main scrollbar is beyond me, I tweaked and fiddled with the CSs until my fingers went numb. Infact, the only problem I actually have left is a floating image that will only work if given a static position (i.e. it won't work if given 70% as the value for the left position). Why CSS is such a pain in the rear is something that will always escape me as it's meant (according to the fanatics) to make things easier (the only reason I am actually using CSS is because the layout requires it). Not sure what I am rambling on about?, see the About Us page on the following; Non-framed: http://sandbox.makeport.co.uk Framed: http://sandbox.mysteryfcm.co.uk 5. Scotty has a birthday? Thats right folks, Scotty has had an unofficial birthday!. As you've no doubt read on places such as the Calendar Of Updates (www.calendarofupdates.com), WinPatrol has reached version 10, and what a version it is. Those using pre-10 releases will no doubt already be aware of it's usefulness in keeping your system safe, and I have to admit, prior to 10, I was extremely happy with version 9.x. Unfortunately however, after trying version 10 for the past few days, I now wouldn't go back to the 9.x series if you paid me. WinPatrol 10 offers even more for it's users in the form of the new Hidden Files tab, and most importantly, the date and time a file was first detected!. Instead of rambling, I'll let Bill explain it in detail for you. http://www.winpatrol.com/plus10.html Note: Unfortunately, at the time of writing, version 10 is only available to PLUS subscribers, but will be available to everyone else very soon, so keep your eye's on the watch. 6. Index.dat Suite 3.0 Though not released yet, I thought I'd provide a little info on what is to come in the next NON-beta of IDS. Since it's early versions, I've had a ton of requests for three very specific features, namely, secure deletion, and the ability to delete the index.dat files WITHOUT having to re-start Windows. Deleting these files without having to re-start windows is a feature I would very much, and am planning, to implement. At present, this will work by closing the main explorer task, running the batch file, then re-starting the explorer task. Though not what I would like, I've not yet found another way of doing this. Secure deletion however, is a little more difficult as it requires my learning a new language. The language IDS is written in, is Visual Basic 6. This is not like other languages in that it is a coding language, rather than the typical programming languages such as ASM (Assembly). However, I am currently planning to spend whatever free time I get, familiarising myself with a language capable of secure deletion as this MUST be done outside of Windows (NOT something VB6 is capable of doing). Last but by no means least, IDS 3 will also see the addition of support for alternate browsers such as Opera, Firefox and the likes. Though the latest beta now includes support for Orca Browser (developed by Anderson Che - of Avant Browser fame), it does not as yet include support for the other gecko browsers, and whilst I don't use them myself (MUCH prefer Avant and Orca Browser), this is something I am planning to add. In addition to the above, two other features are also in the pipeline to be included. Firstly the cleaning of the DNS cache - something I've had planned for a while but never gotten round to implementing (mainly because I kept forgetting about it), along with a monitor/scheduler. The monitor will allow you to keep track of the size of the index.dat files, temp and TIF etc folders in real-time, and the scheduler to have the program do it's work at a day(s)/time(s) of your choosing, without it having to be done manually. IDS 3 did have a release date initially, of June 1st. However, due to time constraints, this has been pushed back to August 1st, with a plan of releasing one or two beta's inbetween now and then to allow testing of new features. I would also like to take this opportunity to thank Wesley Vogul, Spy1 (Pete), Tom (TeMerc) and of course, Ken Howey, for their continued support and promoting of Index.dat Suite - I have been, and continue to be, extremely grateful. 7. Help us help you! Would you be interested in volunteering to design new graphics for one or more of our products, services and/or website's (e.g. logo's, banners and buttons)?, or perhaps simply giving feedback and suggestions for new and existing products/services?. For this and more ways you can help, please see our "Help us" document, located at; http://support.it-mate.co.uk/?mode=Documents&doc=Help See you next time, and don't forget to check the news page every so often as interim updates are posted there. News (Intranet): http://mysteryfcm.co.uk/?mode=News Regards Steven Burn Ur I.T. Mate Group www.it-mate.co.uk Keeping it FREE! |