Sinclair ZX Spectrum (48K) ROM represented as a bitmap (visualisation) - humbling to think the entire memory now fits in a tiny square of your video display!! 4 Days until the 30th Anniversary of this great machine!

Rage Against the Machine is the ONLY music to listen to while codebreaking. WAR WITHIN A BREATH!

Hahahahahaha oh wow! Moron alert! @JonMwords claims:

SEO is about tailoring page titles, URLs, topic tags and body text to the words and phrases people use to search the Web. Google only has to match the keywords in the query to the keywords on the Web using a lexical database. That’s relatively easy, and it allows humans to game the system

Hahaha Protip: Learn what SEO is before writing a column for ReadWriteWeb and bringing both you and the news source into disrepute.  Another one for the album along with other great theologians like Derek Powazek’s “SEO is a scam”! blog post. I love you, sir. You just made my day :)

STOP #SOPA! rogerdavies.com, manchester-seo-blog.co.uk and michaelwharton.co.uk will be offline today in protest

The Internet has chosen tomorrow for a day of blackouts in protest of controversial new SOPA laws designed to combat online piracy. Wikipedia had mulled the idea over, Reddit came out and lead the charge while Wikipedia closely followed with many other notable websites coming along. Even Facebook is rumored to have a media event planned while Google says it will use it’s homepage to inform people of dangers of SOPA.

So if like me, you plan to join the protest, how do you black your website out without hurting your SEO and rankings? Simple, use a 503 Temporarily Unavailable HTTP response code. This will tell search engines that you are aware of the outage and even gives you a chance to indicate an ETA for when you expect to be back up and running again.  Google does usually aim to come back and index you shortly after the time you specify, though results will vary. If you are running Apache, you can achieve this by creating a simple .htaccess file in your web root (or simply modifying the one you have to read something like:

RewriteEngine On
RewriteCond %{REQUEST_URI} !=/sopa.php
RewriteRule ^ /sopa.php [R=301]

So that all incoming requests are rewritten to simply sopa.php. Then in sopa.php I recommend using something like:

<?php

header("HTTP/1.1 503 Service Temporarily Unavailable");
header("Status: 503 Service Temporarily Unavailable");
header("Retry-After: 43200");
header("Connection: Close");

?>

Note that Retry-After: is an extra directive (EPOCH time in seconds) that tell search engines when they should come back. 43200 is the number of seconds in 12 hours.

A lot of great templates have been suggest and even templates for Drupal, Joomla!, Wordpress and other good CMS systems.

Try including just one unsupported directive in the Apache’s .htaccess file and it is likely to take the entire site offline with: Internal Server Error 500. Yet this is rarely discussed in any SEO blogs when instructing people to setup 301 redirects this way.

The answer?  Simply slap the IfModule statement around your rewrite rules:

<ifmodule mod_rewrite.c>
RewriteCond %{HTTP_HOST} !^www\.someaddress.co.uk/ [NC]
RewriteRule ^(.*)$ http://www.someaddress.co.uk/$1 [L,R=301]
</ifmodule>

If Apache does not notice mod_rewrite.c module enabled, it will skip over the rules you put in place, making it a completely safe way to setup a 301 redirect from an .htaccess file.

In 99% of situations, you will probably have access to the websites files, and can easily take the lines out, but this is a neat trick if for any reason you are relying on someone else to upload the files.

Just treated my computer to a GeForce GTX 560 Ti Overclock (1Gb GDDR5) video card! Fantastic for gaming.

If you have a jailbroken iPhone and (like me!) absolutely hate iTunes with a passion - but are also frightened you may goose it at some point - leaving it non-bootable, do not fear!  Here is a quick and effective way I found to use Linux to create and export a disk image from your jailbroken iPhone’s filesystem for backup purposes.

• Firstly, ensure that you have SSH installed in your iPhone (see here for how to do this)
• Second, make sure you have SSH installed on your Linux system (most cases the command: `sudo apt-get install openssh-server openssh-client` will do this for you)
• Then, simply SSH into your iPhone using your Linux system and run the following command:
• dd if=/dev/disk0 | ssh -l <username> <your Linux box host address> "dd of=~/myiphoneback.img"

e.g: dd if=/dev/disk0 | ssh -l thefraj 192.168.1.123 "dd of=~/myiphoneback.img"

As an added bonus you can ask dd to just export the master boot record (MBR) of your drive by simply doing:

dd if=/dev/disk0 | ssh -l <username> <linux host> "dd of=~/myiphoneback.img bs=512 count=1

Doing this will export the first 512 bytes of your filesystem - a neat way of just backing up the MBR on your phone.

Possibly the strangest placement for a job advert: the HTTP header response from wordpress.com contains the following line: “If you’re reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.” Lol

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 07 Oct 2011 12:14:59 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Last-Modified: Fri, 07 Oct 2011 12:12:03 +0000
Cache-Control: max-age=124, must-revalidate
Vary: Cookie
X-hacker: If you’re reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.

X-Pingback: http://wordpress.com/xmlrpc.php

Link: ; rel=shortlink

X-nananana: Batcache

Beyond Raw FTP Access - The Folder With No Name

This week I had to remove a folder from a hacked server. The only problem? The file had no name at all! It was simply a blank whitespace character ’ ’ inside which the attacker had concealed an entire website frontend (The Santander’s banking login page, for phishing people’s details!)

It was clever, this folder could neither be removed, renamed or edited because the command my FTP Client (Filezilla) was sending had no way of expressing a blank folder name without making a request that looked like an invalid command (missing parameter) with the server returning 501 ‘Syntax Error or Invalid Argument’ for what it saw as a malformed request (See here for list of common FTP response codes).

Unhacking Invalid Folder Names

To fix it, I was able to talk directly to the FTP server using TELNET on port 21:

telnet ftp.someftpaddress.com 21
USER myusername
PASS mypassword

(See the complete list of Raw FTP commands here. I was able to send RNFR - which should be accompanied by the folder name (to rename from). Sent by itself, this particular server then asked you for the folder name and then I just had to copy and paste this particular whitespace into the telnet console (and therefore directly into the stream to the FTP server).

I then did RNTO ‘fred’ (rename to ‘fred’) then simply RMD ‘fred’ (remove directory ‘fred’).

Proof of Concept

Fascinated by this exploitation of the FTP protocol I was able to re-engineer this process and create a series of folders on my own server using the same technique which you can browse at : http://www.rogerdavies.com/whitespace-test/ you will see all manner of folders that violate both FTP and Apache’s typically allowed filenames.

These files also cannot be deleted or edited by FTP - though oddly, they can be moved (which may be down to the specific syntax and behavior of this server).  It should be possible to pull this trick off with either telnet FTP access or via SSH.  (I was not lucky enough to have SSH available on the particular server that was hacked!)

Who’s Responsible This

The group responsible is ZCompany / ZHC who have been busy recently and here is another website they hacked to give you an idea of the content.  My greets go out to you, Assalamu alaykum! Say hello to Team Poison in East London for me :) Also see here and also their more recent 9/11 special. Yes brothers, I know who you are. You had fun, but I advise you not to make enemies of the British public - many of us believe the Palestinians’s have a right to UN membership, and many within the international community recognise how unfairly Israel is treating your people. Do not alienate yourselves - there is nothing heroic about attacking business websites that will not fight back, especially those that are in no way affiliated with either Israel or the U.S.  There is nothing gallant about stealing money by phishing - even if you do believe it is going to a good cause.

 This was gratuitous and simply harms people who are not your enemy.  If its a show of force or jolly good Lulz you’re after - come after me and my servers! I’ll give you a good run for your money :)

Thank you again for being my teachers.

List of raw FTP commands

(Warning: this is a technical document, not necessary for most FTP use.)

Note that commands marked with a * are not implemented in a number of FTP servers.

Common commands

• ABOR - abort a file transfer
• CWD - change working directory
• DELE - delete a remote file
• LIST - list remote files
• MDTM - return the modification time of a file
• MKD - make a remote directory
• NLST - name list of remote directory
• PASS - send password
• PASV - enter passive mode
• PORT - open a data port
• PWD - print working directory
• QUIT - terminate the connection
• RETR - retrieve a remote file
• RMD - remove a remote directory
• RNFR - rename from
• RNTO - rename to
• SITE - site-specific commands
• SIZE - return the size of a file
• STOR - store a file on the remote host
• TYPE - set transfer type
• USER - send username

Less common commands

• ACCT* - send account information
• APPE - append to a remote file
• CDUP - CWD to the parent of the current directory
• HELP - return help on using the server
• MODE - set transfer mode
• NOOP - do nothing
• REIN* - reinitialize the connection
• STAT - return server status
• STOU - store a file uniquely
• STRU - set file transfer structure
• SYST - return system type