Do good – help kill a spammer today.

Recommended link-of-the-day : [ The Lad Vampire ]

The Lad Vampire specially targeted fake bank websites. They seems to be quite careful not to target an innocent victim, and they have actually shut down scammers’ websites.
And they already got many applause – from The Register, Computer Times, Monterey Herald, The New York Times, etc.

Funny links:
# A scammer got scammed and lost his gold
# 419eater.com is a website which, among others, get scammers to make silly photos of themselves, and then posted for the world to see.

I have a feeling this won’t be the last post on this topic, so see you soon.

note:
do NOT use the alternate SpamVampire (the one located at feedbackarchive.com). It seems that they’re not a very careful bunch, at least they’ve targeted one innocent victim (123count.com) – and one victim is one too many already.

Hellacious Riders website is giving away 1 Terabyte email accounts.

Finally, an email account that’s bigger than the hard disks in my computer 🙂 but I got a feeling that this offer won’t last forever.
So better get one while it’s still hot ?

Blogs have been under massive attack from spammers lately; I totally didn’t expect to have so many posts about this single topic in this blog.
But with Trencaspammer users as the last casualties, I think investing in a heavy spam defense – such as Spaminator or WP-AuthImage is actually now worth the trouble of installing them.

I’ve installed WP-AuthImage here and it seems to be working, and for a long time I hope.
But with the spammers continuing to attack our defenses, I think it’s time to fight back.
Continue reading WordPress’ spammers →

Debian security team meng-klaim bahwa package php4 di Woody tidak perlu di-patch – walaupun tim PHP telah mengrilis PHP versi 4.3.10.

Dan padahal tim phpBB sudah menyatakan bahwa dengan PHP versi sebelum 4.3.10, phpBB menjadi vulnerable lagi

Duh….. 🙁 kelihatannya bakalan terpaksa pakai paket LAMP non-Woody nih 🙁 tapi, kalau tambah banyak saja paket non-Woody di server saya, makin berkurang alasan untuk menggunakan Debian stable/Woody dong ?

Just a quick plug for this very nice website:
[ http://www.debian-administration.org/ ]

A hacker’s story on dedication, with happy ending :

It’s midnight. I’ve been working sixteen hours a day, seven days a week. I’m not being paid. In fact, my project was canceled six months ago, so I’m evading security, sneaking into Apple Computer’s main offices in the heart of Silicon Valley, doing clandestine volunteer work for an eight-billion-dollar corporation.

Apparently, this graphing calculator quite successfully introduced kids & people to math, who wouldn’t otherwise.
Awesome. These are the kind of people I become jealous to.

Some excellent quotes:

“the first 90 percent of the work is easy, the second 90 percent wears you down, and the last 90 percent – the attention to detail – makes a good product.”

“The secret to programming is not intelligence, though of course that helps. It is not hard work or experience, though they help, too. The secret to programming is having smart friends.”

“Sitting behind a one-way mirror, watching first-time users struggle with our software, reminded me that programmers are the least qualified people to design software for novices.”

“It shipped on more than twenty million machines. It never officially existed.”

Too bad he failed on getting it into Microsoft Windows though. 🙂

This where another fun started to begin – ripped straight from Kevin Mitnick’s book, someone pretended to be a troll, by pretending to know the security in Microsoft campus. A Microsoft employee took the bait 😀 but a kind soul let him know of his mistake (fun spoilers!!) 😀

Oh man… easily the best laugh I’ve had in weeks, that one.

Itu adalah judul artikel yang ditulis oleh Rob Rosenberger.

Apa yang ditulisnya saya kira sebagian besar benar – jika pengguna Firefox / Thunderbird / Fedora / dll sudah menjadi mayoritas, maka para pembuat virus akan mulai mentargetkan mereka.
Namun, saya yakin mereka akan mengalami kesulitan untuk dapat mengakses komputer kita dengan leluasa — tetapi, bukannya mustahil.

Setelah sempat menjalankan server dengan sistim operasi OpenBSD, saya sadar bahwa masih banyak soal security yang perlu dibenahi pada berbagai software open source lainnya.
Dan bahkan OpenBSD pun masih bisa dijebol – misalnya, jika kita menjalankan phpBB versi lama di server tersebut.

Jadi solusi untuk keamanan komputer adalah perlindungan yang menyeluruh, titik.
Sehingga kalimat berikut ini dari penulis artikel tersebut sebetulnya tidak benar :

You can’t blame your security problems on the operating system you use, or on the email software you use, or on the browser you use.

Tentu saja bisa pak 🙂 kalau tidak percaya, silahkan saja tanyakan kepada kawan-kawan yang sudah saya pasangi Firefox di komputernya.

Menarik sekali – CinePaint adalah software image editing yang sudah bisa menyaingi Photoshop, untuk soal editing gambar. Wow…. tidak sangka akhirnya ada yang bisa menyaingi software kelas berat ini 🙂

Lebih detilnya bisa [ dibaca di komentar ini ].

ck, ck….

Berhubung waktu yang terbatas, akhirnya diputuskan untuk menggunakan Trencaspammer disini.

Eh, jadinya malah makan waktu 🙁 entah kenapa, walaupun kelihatan simple, Trencaspammer ngaco jalannya.

Pertama kali karena tidak ada support untuk lib GD di PHP – “apt-get install php4-gd”, lho kok masih gak jalan ? Ternyata harusnya “apt-get install php4-gd2” 🙂 baru muncul deh captcha-nya.

Tapi kemudian ada keanehan berikutnya, jika kita masukkan kode yang benar di form comment, tetap saja dibilang salah (huh?)
Setelah men-debug beberapa lama dan kesimpulannya tetap sama, yaitu Trencaspammer “seharusnya” berjalan tanpa masalah, akhirnya menyerah.

Tapi jadinya malah makin penasaran dengan captcha, dan kemudian mencoba AuthImage

Kali ini langsung berjalan dengan mulus 🙂 ya sudah, sementara ini dulu deh, hehe

note: AuthImage butuh lib GD dan FreeType — untuk di Debian, kelihatannya kedua-duanya sudah di-install ketika kita mengetikkan apt-get install php4-gd2, cukup menyenangkan.

Blog ini di-setup dengan Permalink aktif, tapi link di menu “Archives” (di kalender dan nama-nama bulan, di sebelah kanan) pada tidak berjalan.

Ternyata, dari kode yang dibuat oleh WordPress untuk ditaruh di .htaccess ada yang kurang, yaitu :

RewriteRule ^archives/([0-9]{4})?-([0-9]{1,2})?-([0-9]{1,2})?/?$ /index.php?year=$1&monthnum=$2&day=$3 [QSA]

RewriteRule ^archives/([0-9]{4})?-([0-9]{1,2})?/?$ /index.php?year=$1&monthnum=$2 [QSA]

Sekarang link-link di “Archives” sudah berjalan sebagaimana mestinya.

First there were Brazilian criminals. Now a phpBB worm is on the wild, defacing any websites still running old version of phpBB.

Idban already showed a quick fix for this to be placed in .htaccess file.
Alternatively, if you have mod_security installed, you can put this instead :

SecFilter "^(.*)2esystem(.*)"

/etc/init.d/apache restart, and you’re set.

I wish I knew Xdebug when I was having problems with my PHP code a few weeks ago – with debugging client, it sure beats using echo 🙂

I’m pretty scared using Windows nowadays, and here’s why.

I’ve had the luck of cleaning computers from CoolWebSearch, and let me tell you these things are damn close to impossible to get rid of.
Good thing CWS is still rather “harmless” – now imagine a keylogger as stealthy and deeply stuck as CWS; using Windows then could cause your bank / paypal account / etc to become empty mysteriously…

I’ve been rather dependent to Regex Coach when I need to create a regular expression.
But sometimes, some things are just too time consuming to be created from scratch. At these times, RegExpLib.com just may save your bottom from getting kicked by your boss.

Rsync on Windows

Previously, you need to install cygwin and then rsync, if you need to run rsync client from Windows. Unfortunately, it’s not exactly easy to use.

Thankfully, now you can use Sync2NAS instead. What’s more, it’s also has been developed with backing up user’s data in mind. Finally, it is an easy task to be done.

Amazing – we have a CRM system similar to OpenCRX; but ours costed tens of thousands dollars, and it’s proprietary.

Of course, most of the time you’ll need to have it customized to your exact needs. In this case, you can get in touch with CRIXP. OpenCRX will be still free, while they provide you with the customization that you need.

Looks really sweet.
And talking about sweet, SugarCRM is another one that looks quite good as well.

It enraged me to see how spammers are spamming blogs – comment spam, trackback spam, referral spam, or just overload your server.

And they’re eroding our defenses quite swiftly – comment preview no longer protects against spammer, and they can even beat CAPTCHA now.

As the case with email spam, I think combined defense would work best – something like CAPTCHA and RBL for blogs. Let’s see if such thing exist for WordPress.

Being a newbie in Java, I thought it as a solid, foolproof language, which doesn’t break under newbie’s foolish coding style.

It seems that I’m wrong – there are ways to bog down Java app servers with stupid code.

Well, not too surprised though, I guess I just have seen too many example already of human stupidity overwhelming even the best computer systems out there.