Ok so i ran into this SQL injection attack today and I wanted to throw up some info on how to clean your database, what the code probably looked like and what you need to do to protect yourself in the future... this is the little code snippet that is injected onto all the string columns in the database you can see how they use the </title> to try and jump out of the title tag (if a column is title tag) so the script would be run in the head. it also doesnt check for previos infections so you can see on some sites its strung 2 or 3 times
]]>
based on what ive seen and found Im gonna take an educated guess and say that this is a hackers spider that has been designed to look for fingerprints of exploitable code and automates the hacking. doing a google search for the string it drops you can find pages of results that have been compromised. here are some of the victims of the attack
and not only that there arent many people talking about it... apparently it made it to itunes at some point and other people have mentioned it on forums so who knows how many domains have been affected... ill update this soon with a removal stored procedure... i forgot the code at the office
Im having to kinda roll my own simplest cms in the world for a customers contact script and they want to know how many business days are between the customer contact and when they responded. After some digging and optimization this is the DATEDIFF sql function I came up with that excludes weekends...
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE FUNCTION BDATEDIFF
(
@startdate as DATETIME,
@enddate as DATETIME
)
RETURNS INT
AS
BEGIN
DECLARE @res int
SET @res = (DATEDIFF(dd, @startdate, @enddate) + 1)
-(DATEDIFF(wk, @startdate, @enddate) * 2)
-(CASE WHEN DATEPART(dw, @startdate) = 1 THEN 1 ELSE 0 END)
-(CASE WHEN DATEPART(dw, @enddate) = 7 THEN 1 ELSE 0 END)
RETURN @res
END
GO
Ill add holiday support if i have time but it shouldn't be tough at all just select count of holidays that fall between the dates and subtract it from the total. Hope someone finds this usefull :)
Quick tip:
One of the things we wanted to add was a generic script to track pdf downloads as events in GA so i wrote this real quick... ill probably add in some other flavors based on prototype or another library later but for now this is a quick and easy post to try and get me in the habit of publishing again
you can easily modify this to also look for powerpoint or txt file whatever... just change the extension in the jQuery selector
Do you have any cool Google Analytics scripts you use around your sites? Id love to hear about some other ideas for what to track
A while ago doing a Mozinar I mentioned I had written a little snippet of JavaScript I used to enforce link attribution requirements on widgets or API I release (and for my clients). Heres what I came up with and optimized... it currently just checks for meta robots tag and a clean link but I may add a robots.txt check after I convert the rule parser into javascript
but this is what I came up with and how you can use it on your scripts and APIs. the first part where new RegExp("http://cartercole.com","i") thats the regular expression that checks the links on the page, then you got window.open("http://cartercole.com"); thats the line thats true when the page isnt passing rank... that means its meta robots is nofollow or it dint find a link matching requirements without a nofollow directive
Code:
I put this code on the end of my JSONP API responses. It requires 3ed parties consuming your API to have a clean link pointing back to you, which is really cool because links are like the money of the internet
if you want to hide your javascript tests a little better you can try using this popular packer but like all popular scripts it has been reversed and beautified shh :) its nice for formating JavaScript your reverse engineering too
if you have any questions: im @cartercole; follow me now.
recently i did a post about a forum spamming attack that I analyzed and included some exports from my Google analytics data...to create this report I used a HTTPhelper i created that wraps the WinHTTP object in ASP that makes it really easy to make external requests and pull data from the Google Data API. Its easy to pull different segments and data if you use the data feed query explorer to create the request url (the second test.url in the code below) then just parse the xml and output as desired... unfortunately i haven't found a good asp oauth (recommend one to @cartercole)
the code is here but i also have included it below in this post...
its easy to pull data from the other APIs but its sometimes hard to find the correct service string tp pass so heres my cheat sheet. im all for helping / suggestions so please leve your comments they are always appreciated (and so are links)
Google API
Service name
Google Analytics Data APIs
analytics
Google Apps Provisioning APIs
apps
Google Base Data API
gbase
Google Sites Data API
jotspot
Blogger Data API
blogger
Book Search Data API
print
Calendar Data API
cl
Google Code Search Data API
codesearch
Contacts Data API
cp
Documents List Data API
writely
Finance Data API
finance
Gmail Atom feed
mail
Health Data API
health weaver
Maps Data APIs
local
Picasa Web Albums Data API
lh2
Sidewiki Data API
annotateweb
Spreadsheets Data API
wise
Webmaster Tools API
sitemaps
YouTube Data API
youtube
and here is my HTTPhelper class... it does some cool stuff like build post data from a dictionary object and has all the stuff to do Authentication and setting headers for the request (much easier for me because i forget the methods and have to look them up) so if its helpfull for you please feel free to use it :) woohoo open source!
thanks for reading and i hope this helps you do more with the data APIs and get to your data more easily...
Social media sites have made it easy for the everyday user to share content and going viral is now the name of the game... as a SEO guy i was wanting to optimize my CTR for my Facebook links the same way I engineer the text in tweets to increase the likelihood a user will interact... I quickly found Facebook's useful article about what tags they use to generate the links users share and quickly whip something up and give it a test...
heres the code:
<head>
<title>Carter Tomorrow Fund Donations</title>
<meta name="title" content="Help Give to the Carter Tomorrow Fund" />
<meta name="description" content="Show your support and help out with a small gift" />
<link rel="image_src" href="http://cartercole.com/images/exp.png" />
and get this result:
Notice how i have overridden the default title, description and image Facebook would share for this document... this is very neat in itself :) it can help us get our shared links noticed more and makes sure the user doesn't use wrong image on the page they are sharing. But it does have one disadvantage :( we have to live with these meta titles and descriptions for the rest of our users(not cool) so we employ a trick known as cloaking. Cloaking is usually referring to showing different content to search engines than regular users and is frowned upon but this type of cloaking is good cloaking because it HELPS the user. We will cloak only these special tags in the head to show when the Facebook's UA [facebookexternalhit] requests the page and show our other meta tags(the ones optimized for SEO instead of social media) to everyone else.
Here's both flavors of the code:
ASP
<head>
<%if(instr(Request.ServerVariables("http_user_agent"),"facebookexternalhit") > 0) then
'facebook%>
<meta name="title" content="Custom Facebook title for share link" />
<meta name="description" content="Description of link Facebook uses" />
<link rel="image_src" href="http://site.com/betterimageforpage.png" />
<%else%>
<meta name="title" content="Different title than Facebook sees" />
<meta name="description" content="Whatever description you want search engines to see" />
<%end if%>
And the other version:
PHP
<head>
<?if (strrpos($_SERVER['HTTP_USER_AGENT'], "facebookexternalhit") === false){
//not facebook?>
<meta name="title" content="Different title than Facebook sees" />
<meta name="description" content="Whatever description you want search engines to see" />
<?}else{?>
<meta name="title" content="Custom Facebook title for share link" />
<meta name="description" content="Description of link Facebook uses" />
<link rel="image_src" href="http://site.com/betterimageforpage.png" />
<?}?>
this code will show the custom social media text to Facebook and give everyone else the correct meta title and description... if you have any questions get me on twitter im @cartercole
Hope it helps and have a great day / night / whenever you happen to be reading this
So ive finally come across an awesome syntax highlighter that i think will work well for most any application and it works well on Blogger Hosting which is even better. It uses a flash swf to do a click to copy button and has support for a variety of languages as well as a bunch of themes
here is the code you need to drop right before your <head> tag in the HTML of your blogger template (or wherever you may find yourself in a need of a syntax highlighter). just remove any lines for languages you don't use...
and a little about how to use it...
you can use a special <script> tag with CDATA around it
<script type="syntaxhighlighter" class="brush: html"><![CDATA[
<html>
<head>
<title>Carter Tomorrow Fund Donations</title>
<meta name="title" content="Help Give to the Carter Tomorrow Fund" />
<meta name="description" content="Show your support and help out with a small gift"
]]></script>
and this is my way cool theme switcher... just click the css theme below to see how it looks (you will need to change the second line that imports the style sheet to use the filename you want to use from below) check below the switcher to see theme with white background...
so thats about it. if you found the post helpful please consider linking to this post...
and you can see your linkback at the bottom :) thanks
Another note for blogger users...
you will see the following message if you you the
<script class="brush: html" type="syntaxhighlighter"> method
Your HTML cannot be accepted: Tag is broken: ![CDATA[ Stop showing HTML errors for the body of this post
just disregard it... im sending a message to blogger about it but it doesn't understand CDATA tag
it will also keep you from saving a draft of the post. its uncool but you can fix it by putting a space before the <![CDATA[ like this < ![CDATA[ (dont forget to add a space at end and change ]]> to ]] >) then it wont count it as a broken tag and you can save just remember to switch it back before you publish
We all love ourselves so when i saw this little flash ad that Cisco made i decided i would actually click on it this time. It connected to my webcam took my picture and made this awesome movie. they allow you to share on Facebook as well as Twitter and you can even embed it. This is free advertising and i wanted to make a point of how simple it can be make something everyone is going to want to share and then make it easy to do so. Retweet buttons as well as making sure your pages have the correct markup so Facebook can create a pretty link for you.
this is how my donation page looks when shared in Facebook
cool huh? it has a custom description and title different from what would normally be shared by Facebook.
i use 3 meta tags
so now you know how to add some support to share your page on Facebook and don't forget carter is a total web guru
there are tons of captcha solvers and sites that break images like here but i have been seeing a rise in math captchas so i wanted to real quick discuss something that i thought was kinda funny. its the idea that simple math problems are difficult for bots to solve. i found math captcha or a text based captcha that i thought would be really easy to solve so i decided i would break the captcha real quick.
basically an image captcha had a "textual riddle" version of the code in its alt tag.
one of the most difficult lines it returned was
(((((??? - 1) - 7) - 8) * 8) - 4) = -76
but i knew it had to be a number from 0 to 9 so i wrote a function to spit this out
computers are really good at math this takes no time to create and execute this simple vb
code:
so now this captcha whose images are actually kind of hard to segment and classify is broken because of 4 lines of vb code
im working on cracking my second image captcha this time the letters aren't fixed with and have a rotation. i plan to use a feed forward back propagation learning neural net so ill let you know how that goes and hopefully get to post again about another captcha ive cracked
Social media sites have made it easy for the everyday user to share content and going viral is now the name of the game... as a SEO guy i was wanting to optimize my CTR for my Facebook links the same way I engineer the text in tweets to increase the likelihood a user will interact... I quickly found Facebook's useful article about .png)
