Mar 27, 2008

Installing autoban script in PHPNUKE

>> >> From : ___@gmail.com
> > in the phpnuke setup, it mentions adding something above $modfiles in the >>modules.php file, I can\'t see that in mine, any ideas on where to put this extra >>piece of code to stop the union injections?


Since your email address is no good I will answer you here.


Be sure you have v3.8 and the latest BB
After you have installed the script and have it running.
Click on setup.
Click on phpnuke setup. This generates the strings to insert..

Insert the green line listed on that page into your script to activate protection.
The red lines use the built in phpnuke detection to ban any hacker it finds.

The union injection hacks can be added but are no longer needed because the script now does that inside the hacker scan module and you can add any hacks you find to that scan.

Mar 20, 2008

What is blogged_crawl/0.3

Just what is this blogged crawler.

Agent: blogged_crawl/0.2
74.52.1.194 c2.1.344a.static.theplanet.com


Agent: blogged_crawl/0.3
74.54.159.147 93.9f.364a.static.theplanet.com

Mar 13, 2008

speedy.telkom.net.id union injections

Joker from speedy.telkom.net.id atempted union injection into database.


ALARM: union%20select injection string=[ name=Downloads&d_op=viewdownload&cid=2%20UNION%20select%20counter,%20aid,%20concat(pwd,0x7c,0x4861636B2042792053694 ]

IP: [125.163.204.65 65.subnet125-163-204.speedy.telkom.net.id ]
Agent: [mozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sv1; fdm)]

Mar 9, 2008

Full story on Shareaza (www.shareaza.com no longer is Shareaza go to >> shareaza.sourceforge.net

The full story and history on Shareaza.


Beginnings Are a Good Place To Start

In mid 2002, a lone programmer by the name of Micheal Stokes released the first version of a Gnutella client he had written and dubbed "Shareaza". Over the next two years Micheal added to his client and coded in support for the eDonkey 2000 network, BitTorrent and a rewritten Gnutella-based protocol which he named Gnutella2. Shareaza gradually became more and more popular and Mike started to receive job offers based on the strength of his work on Shareaza. He eventually decided that continuing to work on a p2p application in an increasingly hostile legal climate was too risky, but he did the honorable thing and released the Shareaza source code under the GNU GPLv2 on June 1, 2004 (which coincided with the release of Shareaza version 2.0).

Mike stopped working on Shareaza and went on to develop a new p2p-based streaming radio project named Mercora. As part of distancing himself from Shareaza, he transfered the shareaza[DOT]com domain to one of his old alpha testers named Jon Nilson who continued to administer the domain until late 2007.

The French Connection

In late 2007 the Shareaza website went down for several weeks, but eventually came back online. Not long after that, the shareaza[DOT]com domain began pointing to a different website which several sharp-eyed community members recognized as identical to shareazaweb.com, a known scam site purporting to offer users "legal p2p downloads". It soon emerged that Jon Nilson had been forced to relinquish control of the domain as part of a settlement with La Societe Des Producteurs De Phonogrammes En France (the French version of the RIAA). Jon's name was the only one connected with Shareaza that the SPPF could find and due to Shareaza's popularity in France he had been named in a lawsuit along with Azureus and Morpheus. See (viewtopic.php?f=46&t=85) for more information.

A Dump for Ill-Gotten Gains

Members of the Shareaza community managed to track the new "owners" of the shareaza[DOT]com domain to MusicLab LLC, based in New York. MusicLab now distribute the "new and legal" iMesh p2p client after the original Gnutella-based iMesh developers were sued by the RIAA and were forced to settle for $4.1 million and a promise to turn their app into a paid download service. A similar legal fate befell another popular Gnutella appliction called Bearshare which was then rolled into the RIAA-approved iMesh. Nobody has managed to ascertain whether the original iMesh developers are still involved, but the merging of Bearshare seems to indicate that MusicLab is a vehicle used by the recording industry to dump assets acquired through lawsuits into.

It would seem that since Shareaza is developed by anonymous group of individuals and organized via "ad-hocracy", there was no company to sue, so stealth tactics were employed against the weakest link in the chain: Jon Nilson. iMesh, Bearshare and the fake Shareaza being distributed from shareaza[DOT]com are all the same application with appropriate rebranding.


Threats of C&D

As you can imagine, the members of the Shareaza community were rather upset about all of this and set up a new website with user forums. After two users made some offhand remarks about a distributed denial of service attack against the servers in Israel where the hijacked shareaza[DOT]com site is located, our forum administrator received an email from one Jeffrey A. Kimmel of Meister Seelig & Fein, in his capacity as a representative of Discordia Ltd, the new new "owners" of Shareaza. Mr Kimmel stated that DDoS attacks are illegal and any further talk by "users [who] begin to promote the destruction of a legitimate business" would result in Discordia Ltd "tak[ing] all necessary action to vigorously and relentlessly protect its rights." He went on to state that "if this action is not immediately taken and, as result, our client's business is harmed, we will not only pursue, locate and hold fully responsible each and every one of those who have implemented this, or any similar DoS, but also those responsible for maintaining your site and the forums."

The posts in question had actually been taken down by forum moderators already (as per forum rules on objectionable content), however this email was cause for great concern: not only were the domain hijackers starting to create a series of shell companies to avoid being identified, but they had engaged lawyers to monitor our forums and threaten anyone making disparaging statements about them.

(Full text here: viewtopic.php?f=46&t=752)

A Tangled Web

More research by community members revealed that Discordia Ltd is registered in Cyprus, possibly owned by MusicLab but at arm's length to avoid as much fallout as possible. Meister Seelig & Fein's Kimmel also appears to have a long history of dealings with the recording industry, notably in the participation of the iMesh and Bearshare lawsuits and an interesting Amicus Curiae brief in the MGM vs Grokster which details how the new iMesh software has all the answers to stopping piracy and creating a wonderful legal download service.

Making The Takeover Official

In what is possibly the most audacious step so far, Discordia Ltd filed for a trademark on "Shareaza" with the USPTO on January 10, 2008. (See: http://tmportal.uspto.gov/external/port ... T=77368229)

If granted, our use of the Shareaza name will immediately infringe upon Discordia Ltd's official trademark and we will doubtless be subject to legal action until we stop any infringing action i.e. we rename the project, remove all references to "Shareaza" and forget about the whole thing.


The Danger Posed To Open Source Software

Unless we are able to prevent the trademark being granted and regain control of the domain, our project will die. It really is as simple as that. Seven-odd years worth of brand recognition as "Open Source, Spyware, Malware and Advertising Free" will disappear and although we can (and have) dealt with "clones" who take our OS code base, add some spyware and release a "new" client as their own (breaking the GPLv2 in the process by not releasing the source) there is no possible way that we can survive having our identity stolen like this. Unlike a run-of-the-mill copyright violation, we are going to be permanently deprived of something. Our code is open to whoever wants to see it, we charge no money for the use of the program; the only thing of value that we have is the name and recognition that goes with it. The worst of it all is that this "software identity theft" could signal the beginning of hostile corporate takeovers of common property - the fact that we are in this predicament proves it to some extent.

What we need to know is if the people who stood up for an open culture by hacking copyright law will help protect that culture where it comes to trademarks and halting the advancement of encroaching corporate interests. If "common law" trademarks can't be protected there is a very real danger that what happened to us will happen again and again and again. Many of us who work on the Shareaza project can foresee things becoming so that people will stop bothering to work on OS projects: open source software is, by it's nature, more useful that closed source software and the more useful something is, the more popular it becomes...and then someone with expensive lawyers will come along and take it all away from the people who actually created it.

We recently asked for donations from our users for a legal defense fund and (very) quickly raised $2000. In our public thank you letter we wrote the following:

"In all discussions regarding intellectual property, there is one fundamental right that is never in dispute: the right to be recognized as a creator. This moral right transcends arguments on whether copyright should last for 50 years or a hundred, whether software should be patentable or not, or even what a fair price price for an MP3 file is. Being able to say to the world "I made this" and be acknowledged for it is, for many people, the only reward they receive for their work. To deny that right is to insult to the creative forces flowing through every writer, performer, musician, actor and programmer who brings their work to the world."

We have a section dedicated to this whole situation on our new forums (viewforum.php?f=46) which includes full details of all the events that have taken place so far.

Any help you are able to provide would be very, very gratefully accepted. Any advice, introductions or referrals to others who may be able to help us will be a great help.

Kind regards,

Shareaza Community