Follow these instructions and you will be fine:
Home
>
Security Security
Malwares & Spywares Detected In _avast5_/temp/ Folder
This is very interesting, the reason for this is that you have multiple anti-malware programs but I still don’t like the fact that this happens because Avast uses this folder to unpack stuff and test them for malware, but it either fails to find these malwares or finds them and doesn’t report them…
Let me know if I’m missing something…
Must Have Free Anti-Spyware, Anti-Malware Software
Sadly, you will need more than one, not all of them will detect everything so here is the list I suggest:
1 – Microsoft Security Essentials; this one is the lamest but provides real-time protection, maybe Microsoft will assign a team of real developers to this one day; I truly think that this was done by a team of interns as a summer project 
Download it here: http://www.microsoft.com/security_essentials/
2 – SUPERAntiSpyware, this one is the real deal, it detects and removes Spyware, Adware and Remove Malware, Trojans, Dialers, Worms, KeyLoggers, HiJackers, Parasites, Rootkits, Rogue Security Products and many other types of threats, not the easy ones but also the hard ones, the ones that Security Essentials, Norton and McAfee can’t detect!
The paid version provides real-time protection and it’s only $9.99, I think it’s worth it.
Download it here: http://www.superantispyware.com/
3 – Malwarebytes, this one is also a great one.
Download it here: http://www.malwarebytes.org/
And yes, you need them all, make sure to update them right before every scan and you know what? I think you should install #2 and #3 now, update them then boot into Safe Mode and run a full system scan, I promise that you will be surprised!
Malware/Spyware/Virus Keeps Coming Back; how to remove Malware/Spyware/Virus from your computer for free…
To fix this, you must follow all these instructions without missing even one.
Note: do this at your own risk, these worked for me and if by doing these something
happens to your computer, I’m not responsible!
Preparing
0 – Remove your browser’s proxy settings: http://www.library.kent.edu/page/14299 if you have special proxy settings, make sure it wasn’t altered…
1 – Restart your computer, hit f8 while booting and login to “Safe Mode With Networking”
2 – Download and install the free version of: http://www.superantispyware.com/
3 – Download and install the free version of: http://www.malwarebytes.org/
4 – Download and install: http://free.antivirus.com/hijackthis/
5 – Download and install: http://housecall.trendmicro.com/
6 – Download and install: http://forums.majorgeeks.com/chaslang/files/MGtools.exe
Save this file to c:\MGtools.exe and run it.
7 – Download and install: http://www.piriform.com/ccleaner
Updating
8 – Launch superantispyware and update it to the latest version.
9 – Launch malwarebytes and update it to the latest version.
10 – Removed for now due to potential error…
11 – Goto c:\MGtools and double click on DisableUAC.reg confirm the action.
UPDATE:
These additional steps were added on 6/9/2010 and must be taken at this stage
a – You must rewrite your MBR (master boot record) this won’t delete your files but it’s required.
b – Instructions on how to do it could be found here: (or you could search on Google)
http://helpdeskgeek.com/how-to/fix-mbr-xp-vista/
http://www.ehow.com/how_4836283_repair-mbr-windows.html
c – *After this stage, do not boot into normal mode.*
Continue
12 – Restart your computer to “Safe Mode” (no networking this time)
Scanning And Cleaning
13 – Run ccleaner, don’t touch the options just hit “run cleaner”
14 – Launch superantispyware and run a “complete scan” if asked let it remove everything
15 – Launch malwarebytes and run a “full scan” if asked let it remove everything
16 – Restart your computer to “Safe Mode With Networking”
17 – Run hijackthis, hit “scan” and then “save log” a notepad window opens, copy and paste
the contents into the textbox here: http://www.hijackthis.de/ and hit analyze.
18 – You will get a list of entries with a check box, or another icon in front of it, the ones
that get an X mark are problems so go back to hijackthis and check the box next to those
and hit: “fix checked”.
19 – Restart your computer to “Safe Mode With Networking” again.
20 – Launch trendmicro housecall and run a full scan, let it clean everything.
Updating Your Computer
21 – Restart your computer to “Normal Mode”. Don’t open anything…
22 – Uninstall Java (all instances) then go here and download and install the latest version: http://www.java.com/en/download/manual.jsp. Don’t restart yet.
23 – Go to: http://windowsupdate.microsoft.com/ run the update, update *everything*. Don’t restart yet.
24 – Update your browser to it’s latest version if you use IE, then step 23 should take care of it
but if you use other browsers go to www.google.com and search for: “update X” where X should be
whatever browser you have, like: update google chrome
25 – Goto: c:\MGtools and double click on EnableUAC.reg confirm the action.
26 – Turn off system restore so that it deletes the old restore points then turn it back on right away: http://www.pchell.com/virus/systemrestore.shtml
(Make sure that you create a new restore point right away)
Final Cleanup
27 – Restart your computer into “Normal Mode”
28 – Run hijackthis, hit “scan” and then “save log” a notepad window opens, copy and paste
the contents into the textbox here: http://www.hijackthis.de/ and hit analyze.
29a – If you don’t get any Xs then you are probably safe and you should run a full system scan using
superantispyware and malwarebytes over night; again…
29b – If you get Xs then you will need more help, a good place to seek help is here:
http://forums.majorgeeks.com/forumdisplay.php?f=35
30 – If this doesn’t take care of it, then goto: http://forums.majorgeeks.com/forumdisplay.php?f=35 and
seek help.
I hope this helps someone…
Good Luck
CentOS-Yum: warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 6b8d79e6
Try:
rpm –import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
rpm –import ftp://mirrors.easynews.com//linux/centos/RPM-GPG-K
How to write a permission system using bits and bitwise operations in PHP
I wrote this in PHP but you can use the same concept in other languages, I also assume an understanding of bits, bytes, binary to decimal conversion and vice-versa and bitwise operations on numbers like ‘or’, ‘and’ and ‘xor’ etc. if you have no idea, search and read about these first. You don’t have to be a guru but you should have an idea. Here are some pages to get you started:
http://en.wikipedia.org/wiki/Byte
http://en.wikipedia.org/wiki/Bitwise_operation
http://us.php.net/manual/en/language.operators.bitwise.php
Some binary to decimal calculators to make it easier
We will use simple numbers to represent different permissions and as you might know a number is a collection of bytes. For example: an integer is usually 4 bytes. Although you don’t have to worry about the size of a number in a high level language like PHP but a little understanding of representation of numbers will help you better understand this technique.
So let’s assume when I say:
<?php $user_perms = 7; ?>
Internally the variable $user_perms looks like this:
|0|0|0|0|0|0|0|0|0|0|0|0|0|1|1|1|
This is a 2 byte representation of number 7, although, it might not look like this internally – it looks similar. Just assume this for now.
Let’s say that your application supports 4 functions that a user can use:
1 – Post a blog post
2 – Comment on blog posts
3 – Edit posts
4 – Delete posts
Normally, you could have 4 fields in your database table (structure or whatever) for a user titled:
1 – can_post
2 – can_comment
3 – can_edit
4 – can_delete
This is not good, 4 additional fields for your user table and who knows, what if your application has 100 functions? Do you want to add 100 fields to your user table?
With bits, you can have only 1 column and track all the permissions.
1 – perms
To do this, we will have to assign numbers for each of the functions: (Tip: use one of the calculators in the above list 
)
1 – Post a blog post |0|0|0|0|0|0|0|1| is 1 in decimal
2 – Comment on blog posts |0|0|0|0|0|0|1|0| is 2 in decimal
3 – Edit posts |0|0|0|0|0|1|0|0| is 4 in decimal
4 – Delete posts |0|0|0|0|1|0|0|0| is 8 in decimal
So you could have an array like this:
<?php $perms = array( 'can_post' => 1, 'can_comment' => 2, 'can_edit' => 4, 'can_delete' => 8 ); ?>
Almost there, let’s look at user’s perms field now.
I hope you know about bitwise ‘or’, when you ‘or’ 1 and 1 you get 1; 0 ‘or’ 1 is 1; 1 ‘or’ 0, is 1 and finally 0 ‘or’ 0 is 0, it’s just like the meaning of ‘or’ in the English language.
Similarly, bitwise ‘and’; when you ‘and’ 1 and 1 you get 1; 0 ‘and’ 1 is 0; 1 ‘and’ 0, is 0 and finally 0 ‘and’ 0 is 0, again it’s just like the meaning of ‘or’ in the English language.
Bitwise ‘xor’; when you ‘xor’ 1 and 1 you get 0; 0 ‘xor’ 1 is 1; 1 ‘xor’ 0, is 1 and finally 0 ‘xor’ 0 is 0.
So suppose you want to give a user permissions to post a blog post, post a comment and edit posts but not delete posts, you do it like this:
<?php $user_perms = $perms['can_post'] | $perms['can_comment'] | $perms['can_edit']; ?>
Note that, in PHP ‘|’ means ‘or’, so what just happened is something like this:
|0|0|0|0|0|0|0|1| ‘or’
|0|0|0|0|0|0|1|0| ‘or’
|0|0|0|0|0|1|0|0|
_______________________
|0|0|0|0|0|1|1|1|
Now $user_perms has the value 7 and |0|0|0|0|0|1|1|1| in it internally.
Suppose that this is on top of your post_blog.php or where ever you want to handle permissions for posting a blog, the only thing you need to do is:
<?php if ($user_perms & $perms['can_post']) { /* He/She has permissios to do this */ } else { /* He/She doesn't */ } ?>
In PHP ‘&’ is for bitwise ‘and’, please also note that ‘&&’ is logical ‘and’ and doesn’t operate on individual bits.
This is exactly what just happened:
|0|0|0|0|0|1|1|1| ‘and’
|0|0|0|0|0|0|0|1|
_______________________
|0|0|0|0|0|0|0|1|
So that’s ‘one’ not ‘0′, which means ‘if’ passes and the user has permissions to do this. But when it comes to deleting posts:
<?php if ($user_perms & $perms['can_delete']) { /* He/She does permissios to do this */ } else { /* He/She doesn't */ } ?>
Thus:
|0|0|0|0|0|1|1|1| ‘and’
|0|0|0|0|1|0|0|0|
_______________________
|0|0|0|0|0|0|0|0|
It’s ‘zero’ so ‘if’ fails and you show an error message or whatever it is you do.
To add ‘delete’ permissions, you use ‘or’ again:
<?php $user_perms |= $perms['can_delete']; ?>
So this happens:
|0|0|0|0|0|1|1|1| ‘or’
|0|0|0|0|1|0|0|0|
_______________________
|0|0|0|0|1|1|1|1|
To take away permissions you use ‘xor’:
<?php $user_perms ^= $perms['can_delete']; ?>
And this will happen:
|0|0|0|0|1|1|1|1| ‘xor’
|0|0|0|0|1|0|0|0|
_______________________
|0|0|0|0|0|1|1|1|
And delete permissions are gone!
Now let’s take away post permissions:
<?php $user_perms ^= $perms['can_post']; ?>
Thus:
|0|0|0|0|0|1|1|1| ‘xor’
|0|0|0|0|0|0|0|1|
_______________________
|0|0|0|0|0|1|1|0|
So this was just the basics, you can build on this and do more once you understand.
I hope this post will help someone
A PHP script for dealing with DoS attacks
Here is a simple script that will show you what IP addresses are making how many requests to your server.
<?php ## Functions ## function getIP($line) { ereg("[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}",$line,$regMatch); $ip = $regMatch[0]; if($ip) return $ip; else return "false"; } function processString($string, $size = 18) { $string = "[ ".$string; $length = strlen($string); $toAdd = $size - $length; for($x = 0; $x < $toAdd; $x++) { $string = $string." "; } $string = $string."]"; return $string; } ## Code ## while (true) { $cmd = "netstat -n | awk '{ print $5 }'"; exec($cmd, $netstatArray); $ipArray = array(); foreach($netstatArray as $line) { $ip = getIP($line); if($ip != "false" && ip != "127.0.0.1") { if(array_key_exists($ip, $ipArray)) { $ipArray[$ip]+=1; } else // if not, count=1 { $ipArray[$ip] = 1; } } } asort($ipArray); system("clear"); foreach($ipArray as $ip => $count) { if ($count < 15) continue; echo processString($ip); echo "\t" .processString(gethostbyaddr($ip), 55); echo "\tTimes Accessed: " .$count ."\n"; } echo str_repeat("-", 50) ."\n"; exec("top -n 1", $top_str); preg_match("#load average:(.+)#i", $top_str[0], $match); echo "Load Average: " .$match[1] ."\n"; echo str_repeat("-", 50) ."\n"; echo 'Showing $count >= 15: (Escape with ctrl+c)' ."\n"; sleep(10); } ?>
After identifying the IP addresses that are sending many requests at once to crash your server, you can ban them using a firewall software. I personally recommend APF: http://rfxnetworks.com/apf.php
You can do:
apf -d THEIPADDRESS SOMECOMMENTLIKEPOSSIBLEDOS
This script was originally written by a former employee of Acenet Inc and was modified by me. Acenet Inc is a great web hosting company with great support and fantastic staff members who will help you 24×7.
Here is some info about Denial of Service attacks (DoS attacks).
http://en.wikipedia.org/wiki/Denial-of-service_attack
I hope this helps someone.
Web App Security: XSS Attacks
Today, I saw a funny comment on a website:
<script> alert('0wn3d by X - X') </script>
<meta HTTP-EQUIV=Refresh CONTENT="0; URL=Some URL">In case you don’t know about these types of attacks, an attacker will write this comment on a blog (or any sort of web application) and if the application doesn’t escape it before displaying it, this code will display an alert box and then redirects your visitors to whatever the URL is right away.
So again, if I visit this page, I see the alert box and will be redirected to another page on the Internet.
To prevent this, you will have to escape all user generated content before displaying them on your pages, in PHP:
function html_escape($str) { return htmlentities($str, ENT_QUOTES, 'utf-8'); }
In Python:
import cgi # ... def escape_html(value) return cgi.escape(value, True)
These types of attacks are called Cross-Site Scripting or XSS:
http://en.wikipedia.org/wiki/Cross-site_scripting
Good Luck
A PHP form obfuscator; secure and spam free PHP forms
Example usage:
<?php session_start(); require_once 'class_obfuscator.php'; $form_fields = array('username', 'password', 'email'); $obfuscator = new Form_Obfuscator($form_fields); $obfuscator->set_secret_key('My Secret Key - ET8439FSKJ - EDIT THIS'); if( empty($_POST) ) { $fields = $obfuscator->obfuscate(); $_SESSION['__enc_form__'] = $obfuscator->encode_form(); ?> <form action="" method="post"> Name:<br /><input type="text" name="<?php echo $fields['username']; ?>" /><br /><br /> Password:<br /><input type="password" name="<?php echo $fields['password']; ?>" /><br /><br /> Email:<br /><input type="email" name="<?php echo $fields['email']; ?>" /><br /><br /> <input type="submit" /> </form> <?php } else { foreach ($_POST as $key => $value) $_POST[ $key ] = trim(strip_tags($value)); /* Filter input */ $form = $obfuscator->decode_form($_SESSION['__enc_form__'], $_POST); foreach ($form as $key => $value) $form[ $key ] = htmlentities($value, ENT_QUOTES, 'utf-8'); /* Escape output */ echo "Username: {$form['username']}<br /> Password: {$form['password']}<br /> Email: {$form['email']}"; } ?>
This is a class I developed a while back while working on a project of mine and we already know that it’s very effective.
In order to understand what it does you need to first understand how a browser sends a POST request.
When a user submits a form, browser sends something like this to the server:
POST /somepage.php HTTP/1.1 Host: example.com Content-Type: application/x-www-form-urlencoded Content-Length: THE LENGTH username=blah&password=blah&email=some_email
There are 2 problems with this:
1 – Someone along the way can view the password and email address by looking at the packets that are going to the server. (take a look at Wireshark software)
2 – You can send automatic queries to servers, for example automated spam through contact forms works like this. (some spam software can also read Captcha images so you need more protection)
The class I developed will change this POST request to something like this:
POST /somepage.php HTTP/1.1 Host: example.com Content-Type: application/x-www-form-urlencoded Content-Length: THE LENGTH JDF8W9JHF=blah&OEROWF83=blah&VLKDSFOE=some_email
Note that the field names are changed to random strings, and they also change every time the form is shown, so:
1 – Even if a user in the middle can see the packets, he/she won’t know that OEROWF83 stands for “password”.
2 – A spam software won’t have a way of guessing the field names because they are random every time. There is also a secret encryption key which you only know what it is.
Questions and comments are welcome
Back To Top
Back To Previous Page
Author Bio
Hamid Alipour is a partner in Codehead, LLP with his wife, Tess. Hamid speaks 12 markup and programming languages [Yes, 12: PHP, CSS, Ajax, JavaScript, HTML/XHTML, Java, Python, C/C++, ASP, Visual Basic, Scheme and Action Script]; has a penchant for solving the unsolvable; an affinity for clean, hand-written code and is a Zend Certified 
Services
Blog
Tools
About
Contact
Blog Home