₦airaland Forum

Welcome, Guest: RegisterLoginWith GoogleTrendingRecentNew

Stats: 3,330,599 members, 8,446,240 topics. Date: Thursday, 16 July 2026 at 10:01 AM

Toggle theme

DualCore1's Posts

Nairaland ForumDualCore1's ProfileDualCore1's Posts

1 2 3 4 5 6 7 8 ... 102 103 104 105 106 107 108 109 110 (of 371 pages)

WebmastersRe: Picture Of My Hacked Site And How I Resolved The Problem by DualCore1: 12:18am On Jun 27, 2010
Albato:
I think most likely an sql injection was responsible for this drama. Only now do I remember that I had allowed registered users the use of full html in creating text entries. It was an error but I suspect this could have been a vulnerability. Users should only be allowed plain text or limited html tags usage.

Another source could have been any of the modules/ plugins I installed.  What puzzled me was that 3 different sites were affected simultheneously. Until someone identifies and reports a vulnerability. Some modules could remain a backdoor through which criminal hackers destroy a site.

I could also be that the attack was launched from any of the sites in the shared host am on. Am not going to blame Bluehost entirely but I did not get all the help I needed during this crises. Thier backup is completely useless.

I have completely reset my account. I am currently uploading stuff from my local backup. Should be ok by tommorrow. I have learnt my lesson.

I keep wondering what motivates someone to delibrately destroy someone else's work like this. I mean I could be depending on this for a living. Its not as if this hacker is getting any money out of this. Its just some devilish pleasure and bragging rights in some secret hacker's conclave.

I am now using the latest/ stable version of drupal 6. I will never ignore those security/update warnings again.
Opensource gives opportunity to learn how stuff works then vulnerabilities are found and exploited and posted. Script kids like the namma DZ-ZERO go out and look for a good testing ground. Sadly your site was a good ground to test his newly found toys.

With opensource a cracker has a mapped out plan since he knows just how it was done.
With closed source, the cracker only has a purpose and has to permute and combine different plans until one works. . .if it ever works and if he doesn't get exasperated.

Lets be careful with opensource, we are not the only ones who see the codes. While we read the codes from top to bottom, some crackheads are reading it from bottom to top.


tigerpaws:
Did the hacker leave an email address? 

You might have to contact him if he did. Sorry about what happened
Crackers are not scammers. They don't leave breadcrumbs just anyhow on the table.
There has to be something in bluehost's firewall logs or access logs to pin an IP address to the crime.
WebmastersRe: Free Temporary Email Facility by DualCore1: 8:20pm On Jun 26, 2010
LoL works grin
Hope you dont get into trouble when this thing starts getting abused by you know who.
WebmastersRe: Html Submit Form.pls Help! by DualCore1: 2:30pm On Jun 26, 2010
Gdcomms, you will be a good developer in a couple of months. You ask questions when you're stuck.

gdcomms:
What am I missin?
Unfortunately we are not psychic so we cant know what you are missing until we see what this thread is missing i.e the codes you have written. wink
WebmastersRe: Php Random Script To Generate Pin No. by DualCore1: 2:27pm On Jun 26, 2010
Donpuzo:
@webaplanet, Bros shey na recharge card sales the guy won start?
webaplanet:
cut the paper into recharge card size and use foil to cover the pin area
Take note of what I have put in bold.
ComputersRe: New Account: [n3rve] by DualCore1: 11:11am On Jun 26, 2010
What exactly has this got to do with Computers or the Internet?
WebmastersRe: Picture Of My Hacked Site And How I Resolved The Problem by DualCore1: 6:32am On Jun 26, 2010
Sorry.
WebmastersRe: Nigerian Web Hosts Vs Foreign Web Hosts by DualCore1: 12:52am On Jun 26, 2010
bytci:
we only have resellers in Nigeria so if there server is down your site also will be down.
Is this a fact you can prove or its just an on-the-fly statistic you made up all by yourself?
WebmastersRe: @dual Core by DualCore1: 7:21pm On Jun 25, 2010
That's a blog you can install by yourself and play around with. Please drop your email here.
WebmastersRe: Php Random Script To Generate Pin No. by DualCore1: 7:08pm On Jun 25, 2010
ajaxphp7:
Thanks very much for the contribution. I am really grateful but this is a school portal for a commercial secondary school. The answer to to the question doesn't really gives me what i need. I will need to generate pin no at random so that at the purchase of the cards users will be able to register with it. A unique pin No which can not be used by another person.
thanks I really appreciate
Brother you are a developer, think wild and make things happen for you!

This is a continuation of my post.

In the database where you will store the pins generated, add a field called "status" and a primary.

store the student's unique ID in a variable
store pin in a variable

if(user enter pin){
    select status from pins where pin = pin
        if(status = "used" or pin is tied to a different ID other that the student ID entered){
                echo "u no well o, c'mon go and buy new scratch card  angry "
                 header('Location: anywhere.php');
           }
       else{
                  header('Location: rightplace.php');   
                  set the status of this pin to "used" and tie that very pin to the students ID
              }

}

In the pin validation part of your code.

when user enters pin, check the status of the pin in the DB, if the pin's status is used, throw any kinda error u want at the user.
if its not used, voila!

during pin generation set all pin status to "not used".

My explanations are very rough but its for you to sit down with it and try to develop a solution out of it.

Donpuzo:
@Dual. Bros, I may need help with that too, I have never explored such, and will be developing a student portal that will need random ID generation, Shey u go assist with codes?
LoL why are we all about to develop the same thing. I will be developing a school portal after I am done with my next job. I dunno details yet, its actually a developer who took up the job and has dived into bricks so I have to dev it for him.
WebmastersRe: Php Random Script To Generate Pin No. by DualCore1: 3:48pm On Jun 25, 2010
My brother, how we go do. Ok, I am promising to do it the right way the next time I ever have to do it on any project. I am already concluding this already smiley
WebmastersRe: Nigerian Web Hosts Vs Foreign Web Hosts by DualCore1: 1:25pm On Jun 25, 2010
aabangs:
depends on the hosting company back-bone
For resellers, it depends on the upstream providers who may be running a master reseller account, a VPS or a Dedicated server
For hosts using VPSes, it depends on their upstream providers who control the server node where the VPSes are located.
For hosts using dedicated servers, it depends on their datacenter.

The customer service is also a factor.
There are very terrible and very good host companies everywhere in the world. The terrible thingy is not a Nigerian thing.

In my experience, having a good knowledge base on your site, stable service and enlightened clients saves a lot of customer request issues.
Just got off the phone with a client who's staff havnt been able to check their emails or access their website for about 2 days. They called me up and I am telling them I can access the site from my end and so can others at different locations. They (the staff) just don't understand a thing I say and are bent on the fact that there is something wrong with the service I am providing. Well the contact person I know in the company just got back from a journey and called to find out the problem. Good enough he has some experience with modern day machines so its easy to talk to him. He even confirmed he can access the site and mails from his mobile internet but couldnt access it from the company's internet. At once I knew it was an IP block. I turned of my firewall on that very server and told him to try again, it worked! I turned it back on and asked him to give me his IP address. He couldnt really get to it but I checked my logs and saw it. Voila, the IP was blocked 2 days ago because my server detected one of the staff trying to access an email account with the wrong password repeatedly. I explained to him and he was thankful, case resolved!

Bottom line, its not just the host we have to look at. Clients need to be enlightened.
WebmastersRe: Php Random Script To Generate Pin No. by DualCore1: 1:15pm On Jun 25, 2010
Use the php rand() function to generate random numbers.
Check the database (you have created for storing numbers) for an occurrence of the number generated.
If it exist in the database, generate another
Run through that cycle.
When it doesn't exist in the database
Store it in the database and use for whatever you want it for.


On a site I am developing, users are supposed to register and have a unique PIN sent to their email.
I store the pin in a database but I don't counter check it during generation to know if it exists.
What I do is take the first 2 letters of the user's first name and add it to a randomly generated number.
I don't see how there will ever be duplicates of that.

Here's what my code looks like

$initials = substr($firstname, 0, 2);
$id = $initials.rand();

Line 1 takes the first the characters in the user's first name which i chose to call the initials
Line 2 takes the initials and concatenates it with a randomly generated set of numbers and I choose to store it as a variable called "id"

Using "ken" as my first name, if you echo $id, the output will be something like "ke85793";
WebmastersRe: Need Someone To Take Me And A Friend Website Site Design: What's Ur Price by DualCore1: 5:01am On Jun 25, 2010
^^ You submit your own naw tongue
WebmastersRe: Help Out Pls by DualCore1: 4:20am On Jun 25, 2010
dmark4real:
I have a site for news generally but i want a software to edit the content any time without puttin the content into html or php page eah time.

Does anybody no what i cud use? pls
Hope you've gotten help somehow, if you havn't do come back and let's know how things go. Just a recap of the solutions: You can do this with the procedure I outlined. If however you dont want to get dirty with coded I will recommend you use a good CMS like drupal. You can read its documentation at drupal.org. If your site is already live then I think you should just stick with the first option of hardcoding it.
WebmastersRe: Nigerian Web Developers/masters/gurus/e.t.c by DualCore1: 7:18pm On Jun 24, 2010
Nice.
Here's is what I have as a concept for a forum for Nigerian webmasters. Not just a forum. Its more like a webmasters crib/haven/lounge/parlour.

Features:
Forum.
Personal Blogs.
Profile with portfolio, a profile which also shows jobs in progress and shows other members who are working on the same project too.
A chat engine.
A set standard of web development and design that all members must adhere to while working.
A badge, tshirts and other wears with the badge.
A freelance section. Online bids for jobs

There are so many things in my head.
WebmastersRe: Help Out Pls by DualCore1: 7:08pm On Jun 24, 2010
As I said to a friend who saw your comment and started laffing at your ignorance on y!m yesterday, the terms "broke" "poor" and "rich" are very relative. I am broke by some extraordinarily high standards and very rich (in fact too rich for my age) by some pretty high standards.
I dunno you personally, so if you think I am broke well let me give you the benefit of the doubt if that will make you sleep well at night. If Bill Gates can complain of being broke then who cant?

Its not about the money for me, its the passion.  Surprisingly more money comes from things I have a passion for than from things I did in my good old (and gone) employee days.
WebmastersRe: Help Out Pls by DualCore1: 6:55pm On Jun 24, 2010
^ That's why you are an end user and not a developer. I am sorry I put you through an argument you had no idea about. I was actually talking to you as a co dev but I was wrong. This is about the second time I am doing this. The first one was when I and others were trying to make a dude understand some things about linux server administration only to find out the guy didn't even have a server he was admin'ing, but a reseller account. Na soldier wey go war front na him know wetin e be like for bullet to fly pass him ear, not the one that sits in the office.

Omni sorry o  grin You know I am a very quiet person  cool cool

For others who may be thinking going CMS. I am not discouraging it o! I will like to see people use it and use it well i.e I want to see CMS working for people not people enslaving themselves to it cuz they bumped into it at break-neck speed. I have all the good books written for drupal (about 27 of them) ranging from normal administration of the core, theming, CCK to module dev and willing to give to anyone who needs it.
If I didnt know how to use my hands to get exactly what I want maybe I will be resorting to it also. All I have said here are strictly my opinions and not suggestions for anyone to follow.

1 2 3 4 5 6 7 8 ... 102 103 104 105 106 107 108 109 110 (of 371 pages)