http://www.whatsthetide.com

Love it! :)

I needed this for the upcoming release of http://www.whatsthetide.com

Base64 Encoded (Makes it easy to cut and paste):

PD9waHAKZm9yKCRpPTA7JGk8MjQ7JGkrKykKewoJaWYoJGk9PT0
wKQoJewoJCWVjaG8gJzEyJzsKCX0KCWVsc2VpZigkaT4xMikKCXsKCQ
llY2hvIGFicygxMi0kaSk7Cgl9CgllbHNlCgl7CgkJZWNobyAkaTsKCX0KC
WVjaG8gJygnLiRpLicpPGJyIC8+JzsKfQo/Pg==

License?

This code was written by Steven Roddis and has been placed in the public domain.

Have a look that this source code:

// Lowercase via is used by open proxies/referrer spammers
// Exceptions: Clearswift uses lowercase via (refuses to fix;
// may be blocked again in the future)
if (array_key_exists(’via’, $package['headers']) &&
!strstr($package['headers']['via'],’Clearswift Web Policy Engine’)) {
return “9c9e4979″;
}

Hm….

4.2 Message Headers

   HTTP header fields, which include general-header (section 4.5),
   request-header (section 5.3), response-header (section 6.2), and
   entity-header (section 7.1) fields, follow the same generic format as
   that given in Section 3.1 of RFC 822 [9]. Each header field consists
   of a name followed by a colon (”:”) and the field value. Field names
   are case-insensitive. 

Well, it seems that: Clearswift, Coral CDN, etc are getting blocked because of this…

If you use Bad Behavior let me know you experiences with it, and if this is affecting you, you might want to contact them.

Yesterday I made a nother presentation at the Sydney PHP Group February Meeting.

This time we did not get access to our room, hence my slides were useless, and a roll play was under taken insted of a diagram! No slides, nothing, all off my head.

For those who are interested my slides are in S5 format (xHTML + CSS + JScript).

Many web apps use code similar to this:

header(’Content-Disposition: attachment;filename=’.$name);

Forgetting about header splitting here…

What is wrong? If the name has a space in it is violates RFC 2231.

Why? RFC 2231 allows for the use of extended characters within the filename, for example international characters.
Internet Explorer does not support internationalisation, and thus will read till the end of the line. (:: rolls eyes ::)

A fixed example:

rmnl() removes occurrences of \r and \n.

header(’Content-Disposition: attachment;filename=”‘.str_replace(’”‘, ‘-’, rmnl($name.’.m3u”‘)));

You also use addslashes() on $name, but be aware that some file systems won’t allow quotes (eg. NTFS) Firefox in that case automatically converts the ” into a -.

Regards,

Steven Roddis

Today I needed to use curl, but this time via a http proxy that required authentication:

curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
curl_setopt($ch, CURLOPT_PROXY, ‘proxy.mybusiness.null:8080′);
curl_setopt($ch, CURLOPT_PROXYUSERPWD, ‘user:password’);

Easy, huh? Just add those three lines before you call curl_exec().

Steven.

Stefan Esser of the Hardened-PHP Project posted a security advisory of a flaw in ModSecurity regarding POST Data NULL Byte Rule Bypass.

The problem is that it is possible to bypass rules by adding NULL bytes to POST data with the application/x-www-form-urlencoded media type.

Now the funny part:

SOLUTION:
Do not rely solely on ModSecurity to block attacks.

ModSecurity isn’t a magical anti-hack solution, and the people who use it know that. Kinda stating a very obvious fix. How about “turn off scripting” :) [IE]

Steven.

The guys over at the Hardened-PHP Project have started a months of PHP Bugs. Whereby they set out to find vulnerabilities in the PHP Core (not any specific application). At the time of writing, they are up-to their 9th flaw. You can see all the action at php-security.org.

Yesterday I made a nother presentation at the Sydney PHP Group February Meeting.

This time about dealing with comment spam.

For those who are interested my slides are in S5 format (xHTML + CSS + JScript).

Yesterday I made a presentation at the Sydney PHP Group February Meeting.

For those who are interested my slides are in S5 format (xHTML + CSS + JScript).