Date: 04/09/06 (PHP Community)    Keywords: php, html, xml, web, linux, spam, apache

Hi there.

I'm trying to load an XHTML file as a DOMDocument, and get its

Body

query($path, $context);

        $obj = new ReflectionObject($list);
        print("
Search from \"" . $context->nodeName
            . "\" for \"" . $path
            . "\" (" . $obj->getName() . ")
\n");

        print("
\n");
        for ($i = 0; $i < $list->length; ++$i)
        {
            print("
" . $list->item($i)->nodeName . "
\n");
        }
        print("
\n");
    }

    $dom = new DOMDocument();
    $dom->load("page1.php");
    print("
Document Element node name: "
        . $dom->documentElement->nodeName . "
\n");

    pathsearch($dom, $dom, "/html/head/title");

    pathsearch($dom, $dom, "/");
    pathsearch($dom, $dom->documentElement, "/");

    pathsearch($dom, $dom, "/*");
    pathsearch($dom, $dom, "/html");
    pathsearch($dom, $dom, "//html");

    pathsearch($dom, $dom->documentElement, ".");
    pathsearch($dom, $dom->documentElement, "./*");
    pathsearch($dom, $dom->documentElement, "./head");
    pathsearch($dom, $dom->documentElement, ".//head");

    pathsearch($dom, $dom->documentElement, ".//head/*");
    pathsearch($dom, $dom->documentElement, ".//head/title");
    pathsearch($dom, $dom->documentElement, ".//head//title");
?>

Source: http://community.livejournal.com/php/436121.html

Date: 04/11/06 (Security)    Keywords: technology, spam

Technology may have made spam in e-mail manageable, but it is not quite there yet when it comes to blogs.

Source: http://news.zdnet.com/2100-1009_22-6059672.html

Date: 04/20/06 (Security)    Keywords: spam

The spam-fighting technique is valuable, but implementing it incorrectly could damage a company's e-mail system.

Source: http://news.zdnet.com/2100-1009_22-6062953.html

Date: 04/21/06 (Java Web)    Keywords: security, spam

The US and China are competing for leadership as the top spam relaying countries. This is a leadership which I am sure US wouldn't mind relinquising and it is improving. Security vendor Sophos has revealed in latest report for Q1 2006that while the United States has continued to make good progress in its efforts to reduce [...]

Source: http://blog.taragana.com/index.php/archive/usa-and-china-tops-dirty-dozen-list-of-spammers/

Date: 04/24/06 (PHP Community)    Keywords: php, mysql, html, sql, security, web, spam

Hi everyone,

I'm looking for some advice on some simple security measures. I deal with a political web site that wouldn't necessarily be sticking its neck out for malicious attacks but has received some spam attention on its forms already, and I worry as we store more data in a MySQL db (is it wrong to store a mailing list there?) that an injection could get in and send out sensitive information or potentially attack our larger parent organization that provides us with server space.

Basically I have the same kind of simple form doing the same thing in a few instances of the web site. The form has about 20 fields, most type text some textarea, and a few of type file (for resumes, applications, etc). I don't currently copy any of the files to the server because I don't have access to, so I email them (via PHP) to myself or whoever the coordinator is. I don't currently have anything in place except for strip slashes and/or remove html in some cases, but I know that these measly little concoctions don't do anything to protect me from a sophisticated (or hell, even newbie) attack.

What kinds of things should I be doing? I should probably be processing strings to make sure that they don't have any sql in them or make it so that the user is blocked from having access to damaging things, but I don't know what signifiers to look for or even what functions to use. Anyone have any basic suggestions or advice, or a link to a source that might help me beef up my data police? Thanks in advance!

Source: http://community.livejournal.com/php/443711.html

Date: 04/25/06 (Security)    Keywords: security, spam

But a large percentage of the traffic is spam, experts at security conference say.

Source: http://news.zdnet.com/2100-1009_22-6064869.html

Date: 04/30/06 (Java Web)    Keywords: spam

I have been using Akismet plugin for about a month. One of the key deficiency of the plugin is occassional false positives (falsely flagging non-spam as spam) & false negatives (failing to identify spam). As a result I need to occassionally check Akismet Spam tab (under Manage) to identify any false positives. Spams / hams are [...]

Source: http://blog.taragana.com/index.php/archive/akismet-plugin-update-for-better-spam-ham-identification/

Date: 05/02/06 (PHP Community)    Keywords: php, java, spam

Hi,
I dont really know cookies very much (In Javascript, reading a cookie was mind boggling so I never really learned them).

I was looking at setcookie() and cookies at PHP.net for a means to read the expiration time of the cookie. I am using cookies to keep people from spamming my site but would like to tell them when they can come back.

$HTTP_COOKIE_VARS and $_COOKIE doesnt seem to list the expiration time of the cookie. How can I access the expiration time of the cookie?

Source: http://community.livejournal.com/php/446432.html

Date: 05/04/06 (Security)    Keywords: spam

They may've signed up for the service to stay free of unsolicited e-mail, but people in a "Do Not Intrude Registry" are getting spammed.

Source: http://news.zdnet.com/2100-1009_22-6068392.html

Date: 05/04/06 (Security)    Keywords: security, hosting, spam

The DDoS attack on the antispam campaigner was redirected to blog-hosting firm Six Apart, forcing it offline, a Net security firm says.

Source: http://news.zdnet.com/2100-1009_22-6068607.html

Date: 05/14/06 (Java Web)    Keywords: spam

This blog is being flooded with P0ker spam comments. Obviously they aren’t getting through. Still it is painful to see bandwidth being wasted by these scumbags. The other pain with such spams is that it prevents me from going through my Akismet spam queue to check the spams manually as Akismet sometimes gives false positives, [...]

Source: http://blog.taragana.com/index.php/archive/facing-a-p0ker-flood/

Date: 05/17/06 (Java Web)    Keywords: security, spam

Blue Security came with an innovative solution to target spammers - by spamming them with opt-out requests. It worked surprisingly well and spammer’s were naturally not happy. Unfortunately the company has decided to call it quits following the series of attacks it faced a couple weeks ago. A spammer figured out Blue Security’s “opt-out” list and [...]

Source: http://blog.taragana.com/index.php/archive/spammer-wins-blue-security-shuts-down/

Date: 05/18/06 (Security)    Keywords: spam

Eran Reshef, who asked people to bury spammers simply by replying to spam e-mails, falls victim to mass online attack.

Source: http://news.zdnet.com/2100-1009_22-6073625.html

Date: 05/19/06 (WebDesign)    Keywords: virus, web, hosting, spam

A pal recommended DotEasy for my webhost and I'm happy with their service but I just got the following info from them because it's time to renew. Almost another $100/yr for spam/virus protection? Also, can I do better than 100MB for storage? Thanks for the advice. This community is most helpful!

- Unlimited Hosting: $119.40 / 12 Month(s)
- Free 100MB Storage Upgrade (option will auto renew)
- Spam & Email Virus Protection: US$41.70 / 6 Month(s)

TOTAL : US$161.10 (plus another $41.70 for the full 12 months of spam/virus protection) so $202.80

Source: http://community.livejournal.com/webdesign/1110976.html

Date: 05/19/06 (Web Development)    Keywords: html, asp, web, spam

Hey guys,

I'm looking for your advice and help on an email related question. Specifically, I want to create a system that allows visitors to my website to send email messages to third parties using their own email address with one-click. I heard that this is a questionable practice, used by spammers, no less--but I've seen it used also on a lot of legitimate websites, which usually encourage you to fill in your name and emaill address and click to send a prewritten text to a government official. Case in point: http://www.transalt.org/e-bulletin/2006/May/0518.html#parks

That is one site among many that implement this stuff. I guess what I'm trying to find out is how do they do it? You'd have to rig up the protocols of the email server to accept sending email to third parties, right? I have no problem setting up the form itself, but am confused about these two things: 1) how to rig up an email server to send email from a different email account (and not just one time only!) and 2) how to relay the information a visitor types from the website to the email server. (I guess I need to use something like asp to sort that out?)

At any rate, please help. If this is not the right forum, can anyone direct me to a forum where I can pose this question????

Thank you!!!

Source: http://community.livejournal.com/webdev/321339.html

Date: 05/25/06 (Security)    Keywords: spam

Okopipi project aims to continue antispam campaign launched by now-defunct Blue Frog effort, which suffered a DOS attack.

Source: http://news.zdnet.com/2100-1009_22-6076617.html

Date: 05/29/06 (Java Web)    Keywords: spam

Akismet is a spam prevention plugin from the WordPress author, Matt Mullenweg. It uses collective wisdom in filtering spams. Essentially you, blog owner, help it learn by marking comments as spam. It then uses the knowledge to filter spams from other blogs and your too. There are two major problems with this approach. First it can [...]

Source: http://blog.taragana.com/index.php/archive/the-death-of-akismet-wordpress-spam-prevention-plugin/

Date: 05/29/06 (Java Web)    Keywords: spam

I briefly reviewed my corpus of 4569 comment spams in my Akismet queue. Of them over 53% of the spam has been contributed by Top 100 spamming IP addresses. Here is the list of top 100 IP addresses of spammers: 212.0.138.30 83.149.74.179 66.186.173.166 209.128.101.244 210.93.13.77 203.115.1.134 82.160.4.68 213.237.161.9 69.45.68.245 217.219.128.69 195.175.37.71 125.243.207.130 61.5.146.74 61.219.84.212 201.0.4.148 218.188.0.178 61.19.242.37 195.175.37.70 125.244.22.130 195.13.59.228 125.246.186.66 125.247.129.130 202.82.19.173 70.60.165.154 83.138.56.246 65.66.55.12 62.2.219.18 63.219.4.74 69.19.14.12 82.234.138.4 70.88.104.170 125.245.203.22 200.237.79.194 82.127.20.220 217.219.224.69 59.120.112.141 125.240.200.194 219.93.174.105 84.204.232.115 200.76.36.195 80.255.63.30 200.65.127.163 140.127.139.248 213.149.96.214 125.246.109.67 196.200.181.3 85.18.252.145 80.53.207.66 200.122.153.34 125.244.125.131 200.225.194.49 217.219.221.5 62.111.171.159 202.175.58.10 125.241.53.228 43.253.80.135 195.39.134.26 208.50.69.80 212.52.139.94 66.192.30.22 82.138.62.154 80.76.63.72 222.228.173.153 201.209.249.45 208.34.72.8 193.220.51.5 62.50.80.2 132.248.103.131 196.32.134.38 200.188.219.164 61.108.37.2 199.104.191.20 200.55.42.230 201.28.15.226 66.160.176.201 68.109.225.171 200.32.72.202 69.65.134.7 222.151.204.242 203.133.33.170 202.69.192.50 195.77.157.10 200.237.79.193 125.243.145.2 196.40.31.234 210.212.254.2 200.122.153.10 125.245.19.253 200.250.84.155 220.110.189.242 195.39.170.102 83.16.148.52 203.169.251.29 200.65.0.27 61.155.112.174 202.88.129.254 205.160.32.38 210.124.165.54 200.149.78.243 125.246.213.195 Feel free to add them to your IP filter / block list. It indicates that, even [...]

Source: http://blog.taragana.com/index.php/archive/wordpress-comment-spamming-over-50-contributed-by-top-100-ip-addresses/

Date: 05/31/06 (Java Web)    Keywords: spam

I made a small change in commenting policy. I am experimentally blocking comments from “open and insecure proxies”. This is to prevent the deluge of comment spam I have been getting lately on this blog (over 3000 per day). If you find yourself unable to comment on my blog please email me at angsuman[at]taragana[dot]com and [...]

Source: http://blog.taragana.com/index.php/archive/change-in-commenting-policy/

Date: 05/31/06 (Web Development)    Keywords: web, spam

This is an Outlook question. Well, it may also be useful if you know anything about web based email clients.

How does one insert an animated image (like in a .gif format or maybe another format?) into the body of an email message? I can insert still images, but I haven't figured out how these emails that I get from spammers have inserted moving images in the white area. Not to say attached, but inserted them for display immediately as one views the email.

Source: http://community.livejournal.com/webdev/325314.html