Roger Davies - Online Citizens Intweb Experience

Sinclair ZX Spectrum (48K) ROM represented as a bitmap...

Thu, 19 Apr 2012 08:22:40 -0400

Sinclair ZX Spectrum (48K) ROM represented as a bitmap (visualisation) - humbling to think the entire memory now fits in a tiny square of your video display!! 4 Days until the 30th Anniversary of this great machine!

Rage Against the Machine is the ONLY music to listen to while...

Sat, 24 Mar 2012 22:28:02 -0400

Rage Against the Machine is the ONLY music to listen to while codebreaking. WAR WITHIN A BREATH!

Hahahahahaha oh wow! Moron alert! @JonMwords claims: SEO is about tailoring page titles, URLs, topic...

Sat, 17 Mar 2012 13:11:00 -0400

Hahahahahaha oh wow! Moron alert! @JonMwords claims:

SEO is about tailoring page titles, URLs, topic tags and body text to the words and phrases people use to search the Web. Google only has to match the keywords in the query to the keywords on the Web using a lexical database. That’s relatively easy, and it allows humans to game the system

Hahaha Protip: Learn what SEO is before writing a column for ReadWriteWeb and bringing both you and the news source into disrepute. Another one for the album along with other great theologians like Derek Powazek’s “SEO is a scam”! blog post. I love you, sir. You just made my day :)

STOP #SOPA! rogerdavies.com, manchester-seo-blog.co.uk and michaelwharton.co.uk will be offline...

Wed, 18 Jan 2012 07:49:19 -0500

STOP #SOPA! rogerdavies.com, manchester-seo-blog.co.uk and michaelwharton.co.uk will be offline today in protest

Blackout Protest SOPA Without Risking Your Rankings With HTTP 503 Response

Tue, 17 Jan 2012 16:37:00 -0500

The Internet has chosen tomorrow for a day of blackouts in protest of controversial new SOPA laws designed to combat online piracy. Wikipedia had mulled the idea over, Reddit came out and lead the charge while Wikipedia closely followed with many other notable websites coming along. Even Facebook is rumored to have a media event planned while Google says it will use it’s homepage to inform people of dangers of SOPA.

So if like me, you plan to join the protest, how do you black your website out without hurting your SEO and rankings? Simple, use a 503 Temporarily Unavailable HTTP response code. This will tell search engines that you are aware of the outage and even gives you a chance to indicate an ETA for when you expect to be back up and running again. Google does usually aim to come back and index you shortly after the time you specify, though results will vary. If you are running Apache, you can achieve this by creating a simple .htaccess file in your web root (or simply modifying the one you have to read something like:

RewriteEngine On RewriteCond %{REQUEST_URI} !=/sopa.php RewriteRule ^ /sopa.php [R=301]

So that all incoming requests are rewritten to simply sopa.php. Then in sopa.php I recommend using something like:

<?php

header("HTTP/1.1 503 Service Temporarily Unavailable"); header("Status: 503 Service Temporarily Unavailable"); header("Retry-After: 43200"); header("Connection: Close");

?>

Note that Retry-After: is an extra directive (EPOCH time in seconds) that tell search engines when they should come back. 43200 is the number of seconds in 12 hours.

A lot of great templates have been suggest and even templates for Drupal, Joomla!, Wordpress and other good CMS systems.

Safe .htaccess 301 Redirects for SEO

Fri, 02 Dec 2011 08:31:33 -0500

Try including just one unsupported directive in the Apache’s .htaccess file and it is likely to take the entire site offline with: Internal Server Error 500. Yet this is rarely discussed in any SEO blogs when instructing people to setup 301 redirects this way.

The answer? Simply slap the IfModule statement around your rewrite rules:

<ifmodule mod_rewrite.c> RewriteCond %{HTTP_HOST} !^www\.someaddress.co.uk/ [NC] RewriteRule ^(.*)$ http://www.someaddress.co.uk/$1 [L,R=301] </ifmodule>

If Apache does not notice mod_rewrite.c module enabled, it will skip over the rules you put in place, making it a completely safe way to setup a 301 redirect from an .htaccess file.

In 99% of situations, you will probably have access to the websites files, and can easily take the lines out, but this is a neat trick if for any reason you are relying on someone else to upload the files.

Just treated my computer to a GeForce GTX 560 Ti Overclock (1Gb GDDR5) video card! Fantastic for...

Wed, 19 Oct 2011 14:23:00 -0400

Just treated my computer to a GeForce GTX 560 Ti Overclock (1Gb GDDR5) video card! Fantastic for gaming.

Creating a Disk Image of a Jailbroken iPhone, How to Backup Jailbroken iPhone with Linux via SSH

Mon, 10 Oct 2011 08:22:00 -0400

If you have a jailbroken iPhone and (like me!) absolutely hate iTunes with a passion - but are also frightened you may goose it at some point - leaving it non-bootable, do not fear! Here is a quick and effective way I found to use Linux to create and export a disk image from your jailbroken iPhone’s filesystem for backup purposes.

Firstly, ensure that you have SSH installed in your iPhone (see here for how to do this)
Second, make sure you have SSH installed on your Linux system (most cases the command: `sudo apt-get install openssh-server openssh-client` will do this for you)
Then, simply SSH into your iPhone using your Linux system and run the following command:
dd if=/dev/disk0 | ssh -l <username> <your Linux box host address> "dd of=~/myiphoneback.img"

e.g: dd if=/dev/disk0 | ssh -l thefraj 192.168.1.123 "dd of=~/myiphoneback.img"

As an added bonus you can ask dd to just export the master boot record (MBR) of your drive by simply doing:

dd if=/dev/disk0 | ssh -l <username> <linux host> "dd of=~/myiphoneback.img bs=512 count=1

Doing this will export the first 512 bytes of your filesystem - a neat way of just backing up the MBR on your phone.

Possibly the strangest placement for a job advert: the HTTP header response from wordpress.com...

Fri, 07 Oct 2011 08:21:07 -0400

Possibly the strangest placement for a job advert: the HTTP header response from wordpress.com contains the following line: “If you’re reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.” Lol

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 07 Oct 2011 12:14:59 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Last-Modified: Fri, 07 Oct 2011 12:12:03 +0000
Cache-Control: max-age=124, must-revalidate
Vary: Cookie
X-hacker: If you’re reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.

X-Pingback: http://wordpress.com/xmlrpc.php

Link: ; rel=shortlink

X-nananana: Batcache

Beyond Raw FTP Access - The Folder With No Name This week I had to remove a folder from a hacked...

Sat, 01 Oct 2011 07:03:00 -0400

Beyond Raw FTP Access - The Folder With No Name

This week I had to remove a folder from a hacked server. The only problem? The file had no name at all! It was simply a blank whitespace character ’ ’ inside which the attacker had concealed an entire website frontend (The Santander’s banking login page, for phishing people’s details!)

It was clever, this folder could neither be removed, renamed or edited because the command my FTP Client (Filezilla) was sending had no way of expressing a blank folder name without making a request that looked like an invalid command (missing parameter) with the server returning 501 ‘Syntax Error or Invalid Argument’ for what it saw as a malformed request (See here for list of common FTP response codes).

Unhacking Invalid Folder Names

To fix it, I was able to talk directly to the FTP server using TELNET on port 21:

telnet ftp.someftpaddress.com 21 USER myusername PASS mypassword

(See the complete list of Raw FTP commands here. I was able to send RNFR - which should be accompanied by the folder name (to rename from). Sent by itself, this particular server then asked you for the folder name and then I just had to copy and paste this particular whitespace into the telnet console (and therefore directly into the stream to the FTP server).

I then did RNTO ‘fred’ (rename to ‘fred’) then simply RMD ‘fred’ (remove directory ‘fred’).

Proof of Concept

Fascinated by this exploitation of the FTP protocol I was able to re-engineer this process and create a series of folders on my own server using the same technique which you can browse at : http://www.rogerdavies.com/whitespace-test/ you will see all manner of folders that violate both FTP and Apache’s typically allowed filenames.

These files also cannot be deleted or edited by FTP - though oddly, they can be moved (which may be down to the specific syntax and behavior of this server). It should be possible to pull this trick off with either telnet FTP access or via SSH. (I was not lucky enough to have SSH available on the particular server that was hacked!)

Who’s Responsible This

The group responsible is ZCompany / ZHC who have been busy recently and here is another website they hacked to give you an idea of the content. My greets go out to you, Assalamu alaykum! Say hello to Team Poison in East London for me :) Also see here and also their more recent 9/11 special. Yes brothers, I know who you are. You had fun, but I advise you not to make enemies of the British public - many of us believe the Palestinians’s have a right to UN membership, and many within the international community recognise how unfairly Israel is treating your people. Do not alienate yourselves - there is nothing heroic about attacking business websites that will not fight back, especially those that are in no way affiliated with either Israel or the U.S. There is nothing gallant about stealing money by phishing - even if you do believe it is going to a good cause.

This was gratuitous and simply harms people who are not your enemy. If its a show of force or jolly good Lulz you’re after - come after me and my servers! I’ll give you a good run for your money :)

Thank you again for being my teachers.

List of raw FTP commands

(Warning: this is a technical document, not necessary for most FTP use.)

Note that commands marked with a * are not implemented in a number of FTP servers.

Common commands

ABOR - abort a file transfer
CWD - change working directory
DELE - delete a remote file
LIST - list remote files
MDTM - return the modification time of a file
MKD - make a remote directory
NLST - name list of remote directory
PASS - send password
PASV - enter passive mode
PORT - open a data port
PWD - print working directory
QUIT - terminate the connection
RETR - retrieve a remote file
RMD - remove a remote directory
RNFR - rename from
RNTO - rename to
SITE - site-specific commands
SIZE - return the size of a file
STOR - store a file on the remote host
TYPE - set transfer type
USER - send username

Less common commands

ACCT* - send account information
APPE - append to a remote file
CDUP - CWD to the parent of the current directory
HELP - return help on using the server
MODE - set transfer mode
NOOP - do nothing
REIN* - reinitialize the connection
STAT - return server status
STOU - store a file uniquely
STRU - set file transfer structure
SYST - return system type

Couple of people giving away free Powerade energy drink bottles (375ml) on Oxford Road (near...

Wed, 28 Sep 2011 03:42:32 -0400

Couple of people giving away free Powerade energy drink bottles (375ml) on Oxford Road (near The Salisbury!) Woohoo, morning caffeine fix sorted :) Couldn’t believe my luck!

RESOLVE EXTRA : The fast, effective DNS hangover remedy!

Mon, 26 Sep 2011 03:44:35 -0400

RESOLVE EXTRA : The fast, effective DNS hangover remedy!

Just utterly 3p1c w1n!

Sun, 25 Sep 2011 13:50:41 -0400

Just utterly 3p1c w1n!

Photo

Tue, 20 Sep 2011 08:04:23 -0400

How to connect to SMTP mail server directling using telnet on...

Tue, 23 Aug 2011 17:24:40 -0400

How to connect to SMTP mail server directling using telnet on the bash console

GNU C Compiler (gcc) for iPhone iOS

Sun, 07 Aug 2011 12:32:00 -0400

Exploring the limits of a jailbroken iPhone, I wondered if it was possible to get a full GNU C compiler (gcc) working so I can build my own programs natively on the iPhone itself. The package in Cydia’s repositories is mostly a writeoff that won’t even let you install it (and when you can trick it into installing it will be badly broken). Well, late last night I think I found the solution!

First, downloaded fake-libgcc which I found here (my mirror here) and install it using the Debian package manager in your iPhone command line:

dpkg -i libgcc_1.0_iphoneos-arm.deb

Cydia should now let you install the “GNU C Compiler” package, follow the tutorial I used here and also install “Make” (ignore the iPhone headers part, they were also broken for me).

I just needed to find the right header includes and eventually found them (download here), copy them into /usr/local/include and we are almost done!

I knew I was getting close because now because was getting errors from the linker (not the compiler!):

ld: library not found for -lgcc_s.10.5 collect2: ld returned 1 exit status

Fortunately, I was not the only one and as the thread suggested, you just need to download the libraries here (or see my mirror here). Copy these files into /user/lib this seemed to do this trick and gcc worked fine on my iPhone!

Admittedly, I’ve not tested it with anything complex yet, just the “hello world” example as above and there are some other useful tutorials which I didn’t follow, but think they may work for some (I’m not sure how different the versions of iOS are) but there is help out there!

Access Tor Dark Web through 3G / Edge with iPhone - O2 Fail

Wed, 03 Aug 2011 12:47:00 -0400

Ahoy thar Interwebs! Ever wondered if you can sail Tor’s Dark Web using your iPhone through 3G or Edge? First you will need to install Tor, and Sid77 has a great build for iOS and all iDevices (see the how to here).

Tor Onion Domains With 3G and Edge

However, while this is fine for Wi-Fi - how do I access Dark Web through 3G or Edge? There is no technical reason for not being able to configure a browser to access localhost/127.0.0.1 as an HTTP proxy, however, no such option exists in the iPhone (I suspect this is no accident!).

To get around this, you can simply setup a VPN on your iPhone. Simply scroll down to the bottom where it says ‘Proxy’ and put 127.0.0.1 and port 8118 and so long as you have started Tor, you should be good to go! If you do not have a VPN you pay for, you can always set one up on your home PC if necessary.

Testing

For the purposes of this test, I could have requested ANY web page from the Internet or Dark Web, and my network provider O2 would not be able to even identify me - much less stop me. Despite this, I decided to go with something tasteful and loaded the homepage the Hidden Wiki at kpvz7ki2v5agwt35.onion (see 2nd image).

What is actually happening of course is that the VPN provides a secure IP tunnel through 3G’s networks to the target machine. The iPhone’s browser contacts localhost Tor HTTP proxy, which routes the packets through this tunnel and out into Tor’s Dark Web as normal.

Even though the data passes through O2’s network, they will have no way of knowing what I am browsing (as packets along the IP tunnel are encrypted), nor will they be able to identify me (due to the nature of Tor’s Dark Web) and the network of machines that lie between me and the target.

O2 once told me I would have to ‘verify my age’ to have full access to the Internet. Not only are they wrong, but this new method means they are no longer privy to any of my online activities - even though I use their networks! Lol #fail

edwardspoonhands: caturday: Cat vs. Satan What did people...

Fri, 22 Jul 2011 08:04:38 -0400

edwardspoonhands:

caturday:

Cat vs. Satan

What did people even do with cats before laser pointers.

http://bit.ly/oRQfK1

Tue, 12 Jul 2011 19:17:07 -0400

http://bit.ly/oRQfK1:

Curious! Former Police chief @andy_hayman deleted his Twitter, GO SUPER FREEZE SPELL: http://bit.ly/oRQfK1 #notw #thisisnowevidence

More Fun with Dark Internet - I2P2 Proxy and .I2P Domains

Sun, 10 Jul 2011 07:59:21 -0400

More Fun with Dark Internet - I2P2 Proxy and .I2P Domains:

Last week I wrote a brief bit about the Tor Routing Network and how to access .onion domains and one type of Dark Internet / Dark Web

Today I have been busy playing around with I2P2 as another great way to anonymize all transactions and also allow you to access .i2p domains (see Wikipedia here). It is very similar to Tor, but more flexible and can be used with a variety of different applications. This video tutorial will show you how get this working.

It takes a little time to locate peers (a good few minutes for me). You can see the addition to my updated blog post about the Dark Web / Dark Internet here