Jun 30, 2009

wrangler.websitewelcome.com bot

Agent: -NO AGENT-
74.52.200.178 wrangler.websitewelcome.com

Just what is this bot. It doesnt have a useragent and the website websitewelcome.com has no info on it just a email contact address.

websitewelcome.com added to the block list

useragent spamer www.ongarofrancesco.org

Agent: (a href="http://www.ongarofrancesco.org">Independent Security Researcher(/a> Independent Security Researcher(/a>" target=\_BLANK">
79.45.39.47 host47-39-dynamic.45-79-r.retail.telecomitalia.it

This bot tries to spam your useragent logs that some sites post with links to a website at www.ongarofrancesco.org

This looks to be some hacker ref site. The bot is from Italy

This just goes to show why you should not have scripts on your site that displays the useragents that you have logged to the internet. Because they can contain HTML

Jun 24, 2009

IE 8 breaks subdomains making them hard to read using domain highlighting

Domain Highlighting in Internet Explorer 8 (IE8) now blanks the subdomain and following text after the domain.

Image Hosted by ImageShack.us


This is nuts it makes this site read blogger.com and you can not see the subdomain who's lamo ideal is this. Its one thing to make the main domain a diff color its another to hide the entire URL.

Someone has to find a way around this must be some way you can higlight the URL bar using java so the subdomain will be visable. Or someway to force IE8 into ie7 mode. We own our subdomains and M$ has no right to blank them out. They are part of our domain names and part of our keywork usage.


This has to be fixed.

Microsoft is taking away our legal use of subdomains.
Websites who use subdomains are not crooks we are legaly using 1 domain to create many websites. Just because some crook used a subdomain they should not be hidden.


Zdnet says IE8 puts dim wits ahead of tech savvy.

aidanwalsh.net says
why do you have to obfuscate the rest of the URL information by default? No part of a URL is irrelevant, and information contained in URLs is becoming more and more relevant as time goes on (logically structured URLs, URL based identity management, etc). Why do I need to hold my mouse over the address bar to be able to see this? Surely there are better ways to emphasise the domain block of the URL? Embolden it. Change the colour of the domain, not the rest of the URL.



domain highlighting, ie 8 domain name greayed out, ie8 address bar subdomain, ie8 subdomains broken, making the subdomain visible in ie8

Jan 20, 2009

strange code on wp blog detected

mmautoban has detected the following code being used on a WP blog.

Antyone know what this is.

/functionnumber-%20iterator-%20context%20%7B%20%20%20%20iterator%20=%20iterator?%20iterator.bindcontext%20:%20Prototype.K;%20%20%20%20var%20index%20=%20-number-%20slices%20=%20-%20array%20=%20this.toArray;%20%20%20%20while%20index%20+=%20number%20%20array.length%20%20%20%20%20%20slices.pusharray.sliceindex-%20index+number;%20%20%20%20return%20slices.collectiterator-%20context;%20%20

/functionfilter-%20iterator-%20context%20%7B%20%20%20%20iterator%20=%20iterator?%20iterator.bindcontext%20:%20Prototype.K;%20%20%20%20var%20results%20=%20;%20%20%20%20if%20Object.isStringfilter%20%20%20%20%20%20filter%20=%20new%20RegExpfilter;%20%20%20%20this.eachfunctionvalue-%20index%20%20%20%20%20%20%20if%20filter.matchvalue%20%20%20%20%20%20%20%20results.pushiteratorvalue-%20index;%20%20%20%20;%20%20%20%20return%20results;%20%20

/functioniterator-%20context%20%7B%20%20%20%20iterator%20=%20iterator?%20iterator.bindcontext%20:%20Prototype.K;%20%20%20%20var%20result;%20%20%20%20this.eachfunctionvalue-%20index%20%20%20%20%20%20%20value%20=%20iteratorvalue-%20index;%20%20%20%20%20%20if%20result%20==%20undefined%20%20value%20=%20result%20%20%20%20%20%20%20%20result%20=%20value;%20%20%20%20;%20%20%20%20return%20result;%20%20


/functioniterator-%20context%20%7B%20%20%20%20iterator%20=%20iterator?%20iterator.bindcontext%20:%20Prototype.K;%20%20%20%20var%20result;%20%20%20%20this.eachfunctionvalue-%20index%20%20%20%20%20%20%20value%20=%20iteratorvalue-%20index;%20%20%20%20%20%20if%20result%20==%20undefined%20%20value%20%20result%20%20%20%20%20%20%20%20result%20=%20value;%20%20%20%20;%20%20%20%20return%20result;%20%20 GET

/functioniterator-%20context%20%7B%20%20%20%20iterator%20=%20iterator?%20iterator.bindcontext%20:%20Prototype.K;%20%20%20%20var%20trues%20=%20-%20falses%20=%20;%20%20%20%20this.eachfunctionvalue-%20index%20%20%20%20%20%20%20iteratorvalue-%20index%20?%20%20%20%20%20%20%20%20trues%20:%20falses.pushvalue;%20%20%20%20;%20%20%20%20return%20trues-%20falses;%20%20



/functioniterator-%20context%20%7B%20%20%20%20iterator%20=%20iterator.bindcontext;%20%20%20%20return%20this.mapfunctionvalue-%20index%20%7B%20%20%20%20%20%20return%20%7Bvalue:%20value-%20criteria:%20iteratorvalue-%20index%7D;%20%20%20%20%7D.sortfunctionleft-%20right%20%7B%20%20%20%20%20%20var%20a%20=%20left.criteria-%20b%20=%20right.criteria;%20%20%20%20%20%20return%20a%20%3C%20b?%20-1%20:%20a%20%20b%20?%201%20:%200;%20%20%20%20.pluckvalue;%20%20



%20null%20:%20fillWith;%20%20%20%20return%20this.eachSlice(number-%20function%20(slice)%20{while%20(slice.length%20%3C%20number)%20{slice.push(fillWith);}return%20slice;});}


It has about 15 other version I suspect it is some type of atack.
Unless some plugin is malfunctioning.
Anyone have any info what this code is?

Jan 15, 2009

OSCommerce mods

OScommerce Notes
===============
A rare bug has been detected in OScommerce. If the customer does not select a payment at checkout the browser is redirected to

/checkout_payment.php?error_message=Please+select+a+payment+method+for+your+order

This generates a +select+ injection hack detection in mmautoban.
To prevent this error edit your OSCommerce english.php file and change the error statement from
Please Select to Please Pick
this will prevent customers from getting banned.
It is unknown if other such errors exist in other places or other programs.
If you see any please report them.