Here is the best way to crack the bios password in win 95/98:
Follow the steps below:
1) Boot up windows.2) go to dos-prompt or go to command prompt directly from the windows start up menu.
3) type the command at the prompt: "debug" (without quotes ninja.gif )4) type the following lines now exactly as given.......o 70 10o 71 20quitexit
4) exit from the dos prompt and restart the machine
password protection gone!!!!!!!!!!!!! biggrin.gif
EnjoYYYYYYYYYY
PS: I tested this in Award Bios........There seems to be some issue regarding display drivers on some machines if this is used. Just reinstall the drivers, Everything will be fine...........
I have not found any other trouble if the codes are used.
To be on safe side, just back up your data..........
The use of this code is entirely at ur risk.......... It worked fine for me..........
Monday, August 17, 2009
Converting FAT To NTFS
Your hard drive must be formatted with a file system such as FAT, FAT32 or NTFS so that Windows can be installed on to it. This system determines how files are named, organised and stored on the drive. If you’re not using it already, NTFS (New Technology File System) is recommended for Windows XP because of the additional functionality it offers. If your PC came with Windows XP pre-installed then there’s a chance that you’re already using NTFS. If you’ve upgraded from Windows 98 or Windows Me you may still be using FAT or FAT 32. The option to change over to NTFS would have been available during the upgrade process. Don’t worry if you skipped this as it’s possible to convert at any time from within Windows XP without losing any data.
The recommended optionThere are a number of features in Windows XP that will only work if the NTFS file system is present, which is why it’s suggested you make use of it. File and folder permissions, encryption and privacy options are just some of those you’ll be able to access. In particular, those of you who have set up user accounts will find NTFS invaluable. For instance, if you continue to use FAT or FAT32 anyone with physical access to the drive will be able to access the files and folders that are stored there. However, with NTFS you’ll be able to use a level of encryption (Professional Edition only) that will enable you to protect your data.
You’ll also find NTFS more reliable in that it’s more able to recover from disk errors than its FAT or FAT32 counterparts. A log of all disk activity is kept so should a crash occur, Windows XP can use this information to repair the file system when your PC boots up again. To find out what file system you’re using, open My Computer, right-click your main hard drive and choose Properties. Take a look at the General tab to see confirmation of the file system that’s in use.
Convert nowYou can use the convert tool in Windows XP to change the file system on your hard disk from FAT or FAT32 to NTFS. The whole process is safe and your existing data won’t be destroyed. To begin, click Start -> Run, type cmd and press [Return]. At the command prompt type convert c: /fs:ntfs and press [Return] (where ‘c’ is the letter of the drive you’re converting). When you try and run the convert utility, it’s likely that Windows XP will be using your paging file so the process won’t be completed immediately. Therefore, you’ll see a brief message on screen informing you that the conversion will take place instead the next time Windows starts up. Having restarted, the Check Disk utility will run, the conversion will be performed automatically and you may find that your PC will reboot twice more.
The benefitsWith your drive now running NTFS, it’s time to take advantage of the new options that are available. Having created a number of different user accounts you can now control the level of access that’s granted to individual users. For example, there are going to be certain files and folders that you’ll want some users to be able to access but not others. If you have Windows XP Professional Edition you can do this immediately.
Right-click any file or folder, choose Properties and select the Security tab. A dialog will be displayed showing the names of all your users. Alongside will be two columns which enable you to select levels of access for each of them, the permissions include Full Control, Modify, Read and Write. You can then check the appropriate box to determine whether or not to Allow or Deny a particular permission. For Windows XP Home Edition users, the Security tab won’t be immediately available. To access this option you’ll need to restart your PC, pressing [F8] until a menu appears. Next select Safe Mode and wait for Windows XP to start up. You can then set your options in the same way.
Another feature is NTFS compression. It’s quick and seamless as your file or folder is decompressed automatically when you access it. (Don’t confuse this with a Zip compression utility where the files need to be extracted before they can be accessed.) Although you may have used NTFS compression on a file or folder, there’s no way of telling just by looking at it. To remedy this, open My Computer, click Tools -> Folder Options and select the View tab. Under Advanced settings, scroll down and check the option ‘Show encrypted or compressed NTFS files in color’, then click Apply and OK. Take a look at your compressed items in My Computer and you’ll see the text label has changed from black to blue. Something else that’s exclusive to Professional Edition users is the Encrypting File System (EFS). You can use this to protect your important data so that no one else can read it. Your encrypted files and folders will only be accessible when you have logged into your user account successfully.
The recommended optionThere are a number of features in Windows XP that will only work if the NTFS file system is present, which is why it’s suggested you make use of it. File and folder permissions, encryption and privacy options are just some of those you’ll be able to access. In particular, those of you who have set up user accounts will find NTFS invaluable. For instance, if you continue to use FAT or FAT32 anyone with physical access to the drive will be able to access the files and folders that are stored there. However, with NTFS you’ll be able to use a level of encryption (Professional Edition only) that will enable you to protect your data.
You’ll also find NTFS more reliable in that it’s more able to recover from disk errors than its FAT or FAT32 counterparts. A log of all disk activity is kept so should a crash occur, Windows XP can use this information to repair the file system when your PC boots up again. To find out what file system you’re using, open My Computer, right-click your main hard drive and choose Properties. Take a look at the General tab to see confirmation of the file system that’s in use.
Convert nowYou can use the convert tool in Windows XP to change the file system on your hard disk from FAT or FAT32 to NTFS. The whole process is safe and your existing data won’t be destroyed. To begin, click Start -> Run, type cmd and press [Return]. At the command prompt type convert c: /fs:ntfs and press [Return] (where ‘c’ is the letter of the drive you’re converting). When you try and run the convert utility, it’s likely that Windows XP will be using your paging file so the process won’t be completed immediately. Therefore, you’ll see a brief message on screen informing you that the conversion will take place instead the next time Windows starts up. Having restarted, the Check Disk utility will run, the conversion will be performed automatically and you may find that your PC will reboot twice more.
The benefitsWith your drive now running NTFS, it’s time to take advantage of the new options that are available. Having created a number of different user accounts you can now control the level of access that’s granted to individual users. For example, there are going to be certain files and folders that you’ll want some users to be able to access but not others. If you have Windows XP Professional Edition you can do this immediately.
Right-click any file or folder, choose Properties and select the Security tab. A dialog will be displayed showing the names of all your users. Alongside will be two columns which enable you to select levels of access for each of them, the permissions include Full Control, Modify, Read and Write. You can then check the appropriate box to determine whether or not to Allow or Deny a particular permission. For Windows XP Home Edition users, the Security tab won’t be immediately available. To access this option you’ll need to restart your PC, pressing [F8] until a menu appears. Next select Safe Mode and wait for Windows XP to start up. You can then set your options in the same way.
Another feature is NTFS compression. It’s quick and seamless as your file or folder is decompressed automatically when you access it. (Don’t confuse this with a Zip compression utility where the files need to be extracted before they can be accessed.) Although you may have used NTFS compression on a file or folder, there’s no way of telling just by looking at it. To remedy this, open My Computer, click Tools -> Folder Options and select the View tab. Under Advanced settings, scroll down and check the option ‘Show encrypted or compressed NTFS files in color’, then click Apply and OK. Take a look at your compressed items in My Computer and you’ll see the text label has changed from black to blue. Something else that’s exclusive to Professional Edition users is the Encrypting File System (EFS). You can use this to protect your important data so that no one else can read it. Your encrypted files and folders will only be accessible when you have logged into your user account successfully.
Converting Basic And Dynamic Drives
Windows XP Professional supports two types of disk storage: basic and dynamic. Basic disk storage uses partition-oriented disks. A basic disk contains basic volumes (primary partitions, extended partitions, and logical drives).
Dynamic disk storage uses volume-oriented disks, and includes features that basic disks do not, such as the ability to create volumes that span multiple disks (spanned and striped volumes).
General NotesBefore you change a basic disk to a dynamic disk, note these items:
You must have at least 1 megabyte (MB) of free space on any master boot record (MBR) disk that you want to convert. This space is automatically reserved when the partition or volume is created in Microsoft Windows 2000 or Windows XP Professional. However, it may not be available on partitions or volumes that are created in other operating systems.
When you convert to a dynamic disk, the existing partitions or logical drives on the basic disk are converted to simple volumes on the dynamic disk.
After you convert to a dynamic disk, the dynamic volumes cannot be changed back to partitions. You must first delete all dynamic volumes on the disk, and then convert the dynamic disk back to a basic disk. If you want to keep your data, you must first back up or move the data to another volume.
After you convert to a dynamic disk, local access to the dynamic disk is limited to Windows XP Professional and Windows 2000.
If your disk contains multiple installations of Windows XP Professional or Windows 2000, do not convert to a dynamic disk. The conversion operation removes partition entries for all partitions on the disk with the exception of the system and boot volumes for the current operating system.
Dynamic disks are not supported on portable computers or Microsoft Windows XP Home Edition.
Before you change a dynamic disk back to a basic disk, note that all existing volumes must be deleted from the disk before you can convert it back to a basic disk. If you want to keep your data, back up the data, or move your data to another volume.
How to Convert a Basic Disk to a Dynamic Disk
To convert a basic disk to a dynamic disk:
1) Log on as Administrator or as a member of the Administrators group.
2) Click Start, and then click Control Panel.
3) Click Performance and Maintenance, click Administrative Tools, and then double-click Computer Management.
4) In the left pane, click Disk Management.
5) In the lower-right pane, right-click the basic disk that you want to convert, and then click Convert to Dynamic Disk.
NOTE:You must right-click the gray area that contains the disk title on the left side of the Details pane. For example, right-click Disk 0.
6) Select the check box that is next to the disk that you want to convert (if it is not already selected), and then clickOK.
7) Click Details if you want to view the list of volumes in the disk.
8) Click Convert.
9) Click Yes when you are prompted to convert, and then click OK.
How to Convert a Dynamic Disk to a Basic Disk
To change a dynamic disk back to a basic disk:
1) Back up all the data on all the volumes on the disk you want to convert to a basic disk.
2) Log on as Administrator or as a member of the Administrators group.
3) Click Start, and then click Control Panel.
4) Click Performance and Maintenance, click Administrative Tools, and then double-click Computer Management.
5) In the left pane, click Disk Management.
6) Right-click a volume on the dynamic disk that you want to change to a basic disk, and then click Delete Volume.
7) Click Yes when you are prompted to delete the volume.
8) Repeat steps 4 and 5 for each volume on the dynamic disk.
9) After you have deleted all the volumes on the dynamic disk, right-click the dynamic disk that you want to change to a basic disk, and then click Convert to Basic Disk.
NOTE:You must right-click the gray area that contains the disk title on the left side of the Details pane. For example, right-click Disk 1.
Dynamic disk storage uses volume-oriented disks, and includes features that basic disks do not, such as the ability to create volumes that span multiple disks (spanned and striped volumes).
General NotesBefore you change a basic disk to a dynamic disk, note these items:
You must have at least 1 megabyte (MB) of free space on any master boot record (MBR) disk that you want to convert. This space is automatically reserved when the partition or volume is created in Microsoft Windows 2000 or Windows XP Professional. However, it may not be available on partitions or volumes that are created in other operating systems.
When you convert to a dynamic disk, the existing partitions or logical drives on the basic disk are converted to simple volumes on the dynamic disk.
After you convert to a dynamic disk, the dynamic volumes cannot be changed back to partitions. You must first delete all dynamic volumes on the disk, and then convert the dynamic disk back to a basic disk. If you want to keep your data, you must first back up or move the data to another volume.
After you convert to a dynamic disk, local access to the dynamic disk is limited to Windows XP Professional and Windows 2000.
If your disk contains multiple installations of Windows XP Professional or Windows 2000, do not convert to a dynamic disk. The conversion operation removes partition entries for all partitions on the disk with the exception of the system and boot volumes for the current operating system.
Dynamic disks are not supported on portable computers or Microsoft Windows XP Home Edition.
Before you change a dynamic disk back to a basic disk, note that all existing volumes must be deleted from the disk before you can convert it back to a basic disk. If you want to keep your data, back up the data, or move your data to another volume.
How to Convert a Basic Disk to a Dynamic Disk
To convert a basic disk to a dynamic disk:
1) Log on as Administrator or as a member of the Administrators group.
2) Click Start, and then click Control Panel.
3) Click Performance and Maintenance, click Administrative Tools, and then double-click Computer Management.
4) In the left pane, click Disk Management.
5) In the lower-right pane, right-click the basic disk that you want to convert, and then click Convert to Dynamic Disk.
NOTE:You must right-click the gray area that contains the disk title on the left side of the Details pane. For example, right-click Disk 0.
6) Select the check box that is next to the disk that you want to convert (if it is not already selected), and then clickOK.
7) Click Details if you want to view the list of volumes in the disk.
8) Click Convert.
9) Click Yes when you are prompted to convert, and then click OK.
How to Convert a Dynamic Disk to a Basic Disk
To change a dynamic disk back to a basic disk:
1) Back up all the data on all the volumes on the disk you want to convert to a basic disk.
2) Log on as Administrator or as a member of the Administrators group.
3) Click Start, and then click Control Panel.
4) Click Performance and Maintenance, click Administrative Tools, and then double-click Computer Management.
5) In the left pane, click Disk Management.
6) Right-click a volume on the dynamic disk that you want to change to a basic disk, and then click Delete Volume.
7) Click Yes when you are prompted to delete the volume.
8) Repeat steps 4 and 5 for each volume on the dynamic disk.
9) After you have deleted all the volumes on the dynamic disk, right-click the dynamic disk that you want to change to a basic disk, and then click Convert to Basic Disk.
NOTE:You must right-click the gray area that contains the disk title on the left side of the Details pane. For example, right-click Disk 1.
Converting Web Pages To Pdf
I have come across some websites that i wanted to save the page for later review. I found that i was having some problems with certain sites. I found a way around it.
what you need:adobe acrobat 6 pro or betterpopupcop
there may be a simpler way to do this but i found that this works:
when at a webpage that you want to copy (YOU MUST BE USING IE AND HAVE BOTH POPUPCOP INSTALLED AND ADOBE ACROBAT 6 PRO OR HIGHER, ACROBAT ICON MUST BE IN IE TOOLBAR TO CONVERT TO .PDF), slide popupcops popup intensity bar to the far left, now click on adobe acrobat icon to convert webpage to .pdf document. I have yet to find a webpage where this trick does not work.
what you need:adobe acrobat 6 pro or betterpopupcop
there may be a simpler way to do this but i found that this works:
when at a webpage that you want to copy (YOU MUST BE USING IE AND HAVE BOTH POPUPCOP INSTALLED AND ADOBE ACROBAT 6 PRO OR HIGHER, ACROBAT ICON MUST BE IN IE TOOLBAR TO CONVERT TO .PDF), slide popupcops popup intensity bar to the far left, now click on adobe acrobat icon to convert webpage to .pdf document. I have yet to find a webpage where this trick does not work.
Computer Maintainence
You may not realize it, but your computer and your car have something in common: they both need regular maintenance. No, you don't need to change your computer's oil. But you should be updating your software, keeping your antivirus subscription up to date, and checking for spyware. Read on to learn what you can do to help improve your computer's security.
Getting started
Here are some basics maintenance tasks you can do today to start improving your computer's security. Be sure you make these part of your ongoing maintenance as well.
* Sign up for software update e-mail notices. Many software companies will send you e-mail whenever a software update is available. This is particularly important for your operating system (e.g., Microsoft VV!VD0VV$® or Macintosh), your antivirus program, and your firewall.* Register your software. If you still have registration forms for existing software, send them in. And be sure to register new software in the future. This is another way for the software manufacturer to alert you when new updates are available.* Install software updates immediately.When you get an update notice, download the update immediately and install it. (Remember, downloading and installing are two separate tasks.)An ounce of prevention
A few simple steps will help you keep your files safe and clean.
* Step 1: Update your software* Step 2: Backup your files* Step 3: Use antivirus software and keep it updated* Step 4: Change your passwords
Developing ongoing maintenance practices
Now that you've done some ground work, it's time to start moving into longer term maintenance tasks. These are all tasks that you should do today (or as soon as possible) to get started. But for best results, make these a part of a regular maintenance schedule. We recommend setting aside time each week to help keep your computer secure.
* Back up your files. Backing up your files simply means creating a copy of your computer files that you can use in the event the originals are lost. (Accidents can happen.) To learn more read our tips for backing up information.
* Scan your files with up to date antivirus software. Use your antivirus scan tool regularly to search for potential computer viruses and worms. Also, check your antivirus program's user manual to see if you can schedule an automatic scan of your computer. To learn more, read our tips for reducing your virus risk.* Change your passwords. Using the same password increases the odds that someone else will discover it. Change all of your passwords regularly (we recommend monthly) to reduce your risk. Also, choose your passwords carefully. To learn more, read our tips for creating stronger passwords.
Making a schedule
One of the best ways to help protect your computer is to perform maintenance regularly. To help you keep track, we suggest making a regular "appointment" with your computer. Treat it like you would any other appointment. Record it in your datebook or online calendar, and if you cannot make it, reschedule. Remember, you are not only helping to improve your computer, you are also helping to protect your personal information.
Getting started
Here are some basics maintenance tasks you can do today to start improving your computer's security. Be sure you make these part of your ongoing maintenance as well.
* Sign up for software update e-mail notices. Many software companies will send you e-mail whenever a software update is available. This is particularly important for your operating system (e.g., Microsoft VV!VD0VV$® or Macintosh), your antivirus program, and your firewall.* Register your software. If you still have registration forms for existing software, send them in. And be sure to register new software in the future. This is another way for the software manufacturer to alert you when new updates are available.* Install software updates immediately.When you get an update notice, download the update immediately and install it. (Remember, downloading and installing are two separate tasks.)An ounce of prevention
A few simple steps will help you keep your files safe and clean.
* Step 1: Update your software* Step 2: Backup your files* Step 3: Use antivirus software and keep it updated* Step 4: Change your passwords
Developing ongoing maintenance practices
Now that you've done some ground work, it's time to start moving into longer term maintenance tasks. These are all tasks that you should do today (or as soon as possible) to get started. But for best results, make these a part of a regular maintenance schedule. We recommend setting aside time each week to help keep your computer secure.
* Back up your files. Backing up your files simply means creating a copy of your computer files that you can use in the event the originals are lost. (Accidents can happen.) To learn more read our tips for backing up information.
* Scan your files with up to date antivirus software. Use your antivirus scan tool regularly to search for potential computer viruses and worms. Also, check your antivirus program's user manual to see if you can schedule an automatic scan of your computer. To learn more, read our tips for reducing your virus risk.* Change your passwords. Using the same password increases the odds that someone else will discover it. Change all of your passwords regularly (we recommend monthly) to reduce your risk. Also, choose your passwords carefully. To learn more, read our tips for creating stronger passwords.
Making a schedule
One of the best ways to help protect your computer is to perform maintenance regularly. To help you keep track, we suggest making a regular "appointment" with your computer. Treat it like you would any other appointment. Record it in your datebook or online calendar, and if you cannot make it, reschedule. Remember, you are not only helping to improve your computer, you are also helping to protect your personal information.
Searching Good Domain Names
Choosing a domain name for your site is one of the most important steps towards creating the perfect internet presence. If you run an on-line business, picking a name that will be marketable and achieve success in search engine placement is paramount. Many factors must be considered when choosing a good domain name. This article summarizes all the different things to consider before making that final registration step!
Short and Sweet
Domain names can be really long or really short (1 - 67 characters). In general, it is far better to choose a domain name that is short in length. The shorter your domain name, the easier it will be for people remember. Remembering a domain name is very important from a marketability perspective. As visitors reach your site and enjoy using it, they will likely tell people about it. And those people may tell others, etc. As with any business, word of mouth is the most powerful marketing tool to drive traffic to your site (and it's free too!). If your site is long and difficult to pronounce, people will not remember the name of the site and unless they bookmark the link, they may never return.
Consider Alternatives
Unless a visitor reaches your site through a bookmark or a link from another site, they have typed in your domain name. Most people on the internet are terrible typists and misspell words constantly. If your domain name is easy to misspell, you should think about alternate domain names to purchase. For example, if your site will be called "MikesTools.com", you should also consider buying "MikeTools.com" and "MikeTool.com". You should also secure the different top level domain names besides the one you will use for marketing purposes ("MikesTools.net", "MikesTools.org", etc.) You should also check to see if there are existing sites based on the misspelled version of the domain name you are considering. "MikesTools.com" may be available, but "MikesTool.com" may be home to a graphic pornography site. You would hate for a visitor to walk away thinking you were hosting something they did not expect.
Also consider domain names that may not include the name of your company, but rather what your company provides. For example, if the name of your company is Mike's Tools, you may want to consider domain names that target what you sell. For example: "buyhammers.com" or "hammer-and-nail.com". Even though these example alternative domain names do not include the name of your company, it provides an avenue for visitors from your target markets. Remember that you can own multiple domain names, all of which can point to a single domain. For example, you could register "buyhammers.com", "hammer-and-nail.com", and "mikestools.com" and have "buyhammers.com" and "hammer-and-nail.com" point to "mikestools.com".
Hyphens: Your Friend and Enemy
Domain name availability has become more and more scant over the years. Many single word domain names have been scooped up which it makes it more and more difficult to find a domain name that you like and is available. When selecting a domain name, you have the option of including hyphens as part of the name. Hyphens help because it allows you to clearly separate multiple words in a domain name, making it less likely that a person will accidentally misspell the name. For example, people are more likely to misspell "domainnamecenter.com" than they are "domain-name-center.com". Having words crunched together makes it hard on the eyes, increasing the likelihood of a misspelling. On the other hand, hyphens make your domain name longer. The longer the domain name, the easier it is for people to forget it altogether. Also, if someone recommends a site to someone else, they may forget to mention that each word in the domain name is separated by a hyphen. If do you choose to leverage hyphens, limit the number of words between the hyphens to three. Another advantage to using hyphens is that search engines are able to pick up each unique word in the domain name as key words, thus helping to make your site more visible in search engine results.
Dot What?
There are many top level domain names available today including .com, .net, .org, and .biz. In most cases, the more unusual the top level domain, the more available domain names are available. However, the .com top level domain is far and away the most commonly used domain on the internet, driven by the fact that it was the first domain extension put to use commercially and has received incredible media attention. If you cannot lay your hands on a .com domain name, look for a .net domain name, which is the second most commercially popular domain name extension.
Long Arm of the Law
Be very careful not to register domain names that include trademarked names. Although internet domain name law disputes are tricky and have few cases in existence, the risk of a legal battle is not a risk worth taking. Even if you believe your domain name is untouchable by a business that has trademarked a name, do not take the chance: the cost of litigation is extremely high and unless you have deep pockets you will not likely have the resources to defend yourself in a court of law. Even stay away from domain names in which part of the name is trademarked: the risks are the same.
Search Engines and Directories
All search engines and directories are different. Each has a unique process for being part of the results or directory listing and each has a different way of sorting and listing domain names. Search engines and directories are the most important on-line marketing channel, so consider how your domain name choice affects site placement before you register the domain. Most directories simply list links to home pages in alphabetical order. If possible, choose a domain name with a letter of the alphabet near the beginning ("a" or "b"). For example, "aardvark-pest-control.com" will come way above "joes-pest-control.com". However, check the directories before you choose a domain name. You may find that the directories you would like be in are already cluttered with domain names beginning with the letter "a". Search engines scan websites and sort results based on key words. Key words are words that a person visiting a search engine actually search on. Having key words as part of your domain name can help you get better results.
Short and Sweet
Domain names can be really long or really short (1 - 67 characters). In general, it is far better to choose a domain name that is short in length. The shorter your domain name, the easier it will be for people remember. Remembering a domain name is very important from a marketability perspective. As visitors reach your site and enjoy using it, they will likely tell people about it. And those people may tell others, etc. As with any business, word of mouth is the most powerful marketing tool to drive traffic to your site (and it's free too!). If your site is long and difficult to pronounce, people will not remember the name of the site and unless they bookmark the link, they may never return.
Consider Alternatives
Unless a visitor reaches your site through a bookmark or a link from another site, they have typed in your domain name. Most people on the internet are terrible typists and misspell words constantly. If your domain name is easy to misspell, you should think about alternate domain names to purchase. For example, if your site will be called "MikesTools.com", you should also consider buying "MikeTools.com" and "MikeTool.com". You should also secure the different top level domain names besides the one you will use for marketing purposes ("MikesTools.net", "MikesTools.org", etc.) You should also check to see if there are existing sites based on the misspelled version of the domain name you are considering. "MikesTools.com" may be available, but "MikesTool.com" may be home to a graphic pornography site. You would hate for a visitor to walk away thinking you were hosting something they did not expect.
Also consider domain names that may not include the name of your company, but rather what your company provides. For example, if the name of your company is Mike's Tools, you may want to consider domain names that target what you sell. For example: "buyhammers.com" or "hammer-and-nail.com". Even though these example alternative domain names do not include the name of your company, it provides an avenue for visitors from your target markets. Remember that you can own multiple domain names, all of which can point to a single domain. For example, you could register "buyhammers.com", "hammer-and-nail.com", and "mikestools.com" and have "buyhammers.com" and "hammer-and-nail.com" point to "mikestools.com".
Hyphens: Your Friend and Enemy
Domain name availability has become more and more scant over the years. Many single word domain names have been scooped up which it makes it more and more difficult to find a domain name that you like and is available. When selecting a domain name, you have the option of including hyphens as part of the name. Hyphens help because it allows you to clearly separate multiple words in a domain name, making it less likely that a person will accidentally misspell the name. For example, people are more likely to misspell "domainnamecenter.com" than they are "domain-name-center.com". Having words crunched together makes it hard on the eyes, increasing the likelihood of a misspelling. On the other hand, hyphens make your domain name longer. The longer the domain name, the easier it is for people to forget it altogether. Also, if someone recommends a site to someone else, they may forget to mention that each word in the domain name is separated by a hyphen. If do you choose to leverage hyphens, limit the number of words between the hyphens to three. Another advantage to using hyphens is that search engines are able to pick up each unique word in the domain name as key words, thus helping to make your site more visible in search engine results.
Dot What?
There are many top level domain names available today including .com, .net, .org, and .biz. In most cases, the more unusual the top level domain, the more available domain names are available. However, the .com top level domain is far and away the most commonly used domain on the internet, driven by the fact that it was the first domain extension put to use commercially and has received incredible media attention. If you cannot lay your hands on a .com domain name, look for a .net domain name, which is the second most commercially popular domain name extension.
Long Arm of the Law
Be very careful not to register domain names that include trademarked names. Although internet domain name law disputes are tricky and have few cases in existence, the risk of a legal battle is not a risk worth taking. Even if you believe your domain name is untouchable by a business that has trademarked a name, do not take the chance: the cost of litigation is extremely high and unless you have deep pockets you will not likely have the resources to defend yourself in a court of law. Even stay away from domain names in which part of the name is trademarked: the risks are the same.
Search Engines and Directories
All search engines and directories are different. Each has a unique process for being part of the results or directory listing and each has a different way of sorting and listing domain names. Search engines and directories are the most important on-line marketing channel, so consider how your domain name choice affects site placement before you register the domain. Most directories simply list links to home pages in alphabetical order. If possible, choose a domain name with a letter of the alphabet near the beginning ("a" or "b"). For example, "aardvark-pest-control.com" will come way above "joes-pest-control.com". However, check the directories before you choose a domain name. You may find that the directories you would like be in are already cluttered with domain names beginning with the letter "a". Search engines scan websites and sort results based on key words. Key words are words that a person visiting a search engine actually search on. Having key words as part of your domain name can help you get better results.
Check With DOS To See !! You Are Infected
When you first turn on you computer (BEFORE DIALING INTO YOUR ISP),open a MS-DOS Prompt window (start/programs MS-DOS Prompt).Then type netstat -arn and press the Enter key.Your screen should display the following (without the dotted lineswhich I added for clarification).
-----------------------------------------------------------------------------Active Routes:
Network Address Netmask Gateway Address Interface Metric 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 255.255.255.255 255.255.255.255 255.255.255.255 0.0.0.0 1
Route Table
Active Connections
Proto Local Address Foreign Address State
--------------------------------------------------------------------------------
If you see anything else, there might be a problem (more on that later).Now dial into your ISP, once you are connected;go back to the MS-DOS Prompt and run the same command as beforenetstat -arn, this time it will look similar to the following (withoutdotted lines).
-------------------------------------------------------------------------------------
Active Routes:
Network Address Netmask Gateway Address Interface Metric 0.0.0.0 0.0.0.0 216.1.104.70 216.1.104.70 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 216.1.104.0 255.255.255.0 216.1.104.70 216.1.104.70 1 216.1.104.70 255.255.255.255 127.0.0.1 127.0.0.1 1 216.1.104.255 255.255.255.255 216.1.104.70 216.1.104.70 1 224.0.0.0 224.0.0.0 216.1.104.70 216.1.104.70 1 255.255.255.255 255.255.255.255 216.1.104.70 216.1.104.70 1
Route Table
Active Connections
Proto Local Address Foreign Address State TCP 0.0.0.0:0 0.0.0.0:0 LISTENING TCP 216.1.104.70:137 0.0.0.0:0 LISTENING TCP 216.1.104.70:138 0.0.0.0:0 LISTENING TCP 216.1.104.70:139 0.0.0.0:0 LISTENING UDP 216.1.104.70:137 *:*
--------------------------------------------------------------------------------
What you are seeing in the first section (Active Routes) under the heading ofNetwork Address are some additional lines. The only ones that should be thereare ones belonging to your ISP (more on that later). In the second section(Route Table) under Local Address you are seeing the IP address that your ISPassigned you (in this example 216.1.104.70).
The numbers are divided into four dot notations, the first three should bethe same for both sets, while in this case the .70 is the unique numberassigned for THIS session. Next time you dial in that number will more thanlikely be different.
To make sure that the first three notation are as they should be, we will runone more command from the MS-DOS window.From the MS-DOS Prompt type tracert /www.yourispwebsite.com or .netor whatever it ends in. Following is an example of the output you should see.
---------------------------------------------------------------------------------------
Tracing route to /www.motion.net [207.239.117.112]over a maximum of 30 hops: 1 128 ms 2084 ms 102 ms chat-port.motion.net [216.1.104.4] 2 115 ms 188 ms 117 ms chat-core.motion.net [216.1.104.1] 3 108 ms 116 ms 119 ms www.motion.net [207.239.117.112]Trace complete.
------------------------------------------------------------------------------------------
You will see that on lines with the 1 and 2 the first three notations of theaddress match with what we saw above, which is a good thing. If it does not,then some further investigation is needed.
If everything matches like above, you can almost breath easier. Another thingwhich should you should check is programs launched during startup. To findthese, Click start/programs/startup, look at what shows up. You should beable to recognize everything there, if not, once again more investigation isneeded.
-------------------------------------------------------------------------------------------
Now just because everything reported out like we expected (and demonstratedabove) we still are not out of the woods. How is this so, you ask? Do you useNetmeeting? Do you get on IRC (Internet Relay Chat)? Or any other programthat makes use of the Internet. Have you every recieved an email with anattachment that ended in .exe? The list goes on and on, basically anythingthat you run could have become infected with a trojan. What this means, isthe program appears to do what you expect, but also does just a little more.This little more could be blasting ebay.com or one of the other sites thatCNNlive was talking about.
What can you do? Well some anti-virus software will detect some trojans.Another (tedious) thing is to start each of these "extra" Internet programsone at a time and go through the last two steps above, looking at the routesand connection the program uses. However, the tricky part will be figuringout where to tracert to in order to find out if the addresses you see instep 2 are "safe" or not. I should forewarn you, that running tracert aftertracert, after tracert might be considered "improper" by your ISP. The stepsoutlined above may not work exactly as I have stated depending upon your ISP,but with a true ISP it should work. Finally, this advise comes with NOwarranty and by following my "hints' you implicitly release me from ANY andALL liability which you may incur.
Other options
Display protocol statistics and current TCP/IP network connections.Netstat [-a] [-e] [-n] [-s] [-p proto] [-r] [intervals]
-a.. Display all connections and listening ports.-e.. Display Ethernet statistics. This may be combined with the -s option.-n.. Diplays address and port numbers in the numerical form.-p proto..Shows connections for the protocol specified by proto; proto may beTCP or UDP. If used with the -s option to display per-protocol statistics,proto may be TCP, UDP, of IP.-r.. Display the routing table.-s.. Display per-protocol statistics. By default, statistics are shown for TCPUDP and IP; the -p option may be used to specify a subset of the defaultinterval..Redisplay selected statistics, pausing intervals seconds between eachdisplay. If omitted. netstat will print the current configuration informationonce
-----------------------------------------------------------------------------Active Routes:
Network Address Netmask Gateway Address Interface Metric 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 255.255.255.255 255.255.255.255 255.255.255.255 0.0.0.0 1
Route Table
Active Connections
Proto Local Address Foreign Address State
--------------------------------------------------------------------------------
If you see anything else, there might be a problem (more on that later).Now dial into your ISP, once you are connected;go back to the MS-DOS Prompt and run the same command as beforenetstat -arn, this time it will look similar to the following (withoutdotted lines).
-------------------------------------------------------------------------------------
Active Routes:
Network Address Netmask Gateway Address Interface Metric 0.0.0.0 0.0.0.0 216.1.104.70 216.1.104.70 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 216.1.104.0 255.255.255.0 216.1.104.70 216.1.104.70 1 216.1.104.70 255.255.255.255 127.0.0.1 127.0.0.1 1 216.1.104.255 255.255.255.255 216.1.104.70 216.1.104.70 1 224.0.0.0 224.0.0.0 216.1.104.70 216.1.104.70 1 255.255.255.255 255.255.255.255 216.1.104.70 216.1.104.70 1
Route Table
Active Connections
Proto Local Address Foreign Address State TCP 0.0.0.0:0 0.0.0.0:0 LISTENING TCP 216.1.104.70:137 0.0.0.0:0 LISTENING TCP 216.1.104.70:138 0.0.0.0:0 LISTENING TCP 216.1.104.70:139 0.0.0.0:0 LISTENING UDP 216.1.104.70:137 *:*
--------------------------------------------------------------------------------
What you are seeing in the first section (Active Routes) under the heading ofNetwork Address are some additional lines. The only ones that should be thereare ones belonging to your ISP (more on that later). In the second section(Route Table) under Local Address you are seeing the IP address that your ISPassigned you (in this example 216.1.104.70).
The numbers are divided into four dot notations, the first three should bethe same for both sets, while in this case the .70 is the unique numberassigned for THIS session. Next time you dial in that number will more thanlikely be different.
To make sure that the first three notation are as they should be, we will runone more command from the MS-DOS window.From the MS-DOS Prompt type tracert /www.yourispwebsite.com or .netor whatever it ends in. Following is an example of the output you should see.
---------------------------------------------------------------------------------------
Tracing route to /www.motion.net [207.239.117.112]over a maximum of 30 hops: 1 128 ms 2084 ms 102 ms chat-port.motion.net [216.1.104.4] 2 115 ms 188 ms 117 ms chat-core.motion.net [216.1.104.1] 3 108 ms 116 ms 119 ms www.motion.net [207.239.117.112]Trace complete.
------------------------------------------------------------------------------------------
You will see that on lines with the 1 and 2 the first three notations of theaddress match with what we saw above, which is a good thing. If it does not,then some further investigation is needed.
If everything matches like above, you can almost breath easier. Another thingwhich should you should check is programs launched during startup. To findthese, Click start/programs/startup, look at what shows up. You should beable to recognize everything there, if not, once again more investigation isneeded.
-------------------------------------------------------------------------------------------
Now just because everything reported out like we expected (and demonstratedabove) we still are not out of the woods. How is this so, you ask? Do you useNetmeeting? Do you get on IRC (Internet Relay Chat)? Or any other programthat makes use of the Internet. Have you every recieved an email with anattachment that ended in .exe? The list goes on and on, basically anythingthat you run could have become infected with a trojan. What this means, isthe program appears to do what you expect, but also does just a little more.This little more could be blasting ebay.com or one of the other sites thatCNNlive was talking about.
What can you do? Well some anti-virus software will detect some trojans.Another (tedious) thing is to start each of these "extra" Internet programsone at a time and go through the last two steps above, looking at the routesand connection the program uses. However, the tricky part will be figuringout where to tracert to in order to find out if the addresses you see instep 2 are "safe" or not. I should forewarn you, that running tracert aftertracert, after tracert might be considered "improper" by your ISP. The stepsoutlined above may not work exactly as I have stated depending upon your ISP,but with a true ISP it should work. Finally, this advise comes with NOwarranty and by following my "hints' you implicitly release me from ANY andALL liability which you may incur.
Other options
Display protocol statistics and current TCP/IP network connections.Netstat [-a] [-e] [-n] [-s] [-p proto] [-r] [intervals]
-a.. Display all connections and listening ports.-e.. Display Ethernet statistics. This may be combined with the -s option.-n.. Diplays address and port numbers in the numerical form.-p proto..Shows connections for the protocol specified by proto; proto may beTCP or UDP. If used with the -s option to display per-protocol statistics,proto may be TCP, UDP, of IP.-r.. Display the routing table.-s.. Display per-protocol statistics. By default, statistics are shown for TCPUDP and IP; the -p option may be used to specify a subset of the defaultinterval..Redisplay selected statistics, pausing intervals seconds between eachdisplay. If omitted. netstat will print the current configuration informationonce
Change Start Menu Text
Step 1 - Modify Explorer.exe File
In order to make the changes, the file explorer.exe located at C:\Windows needs to be edited. Since explorer.exe is a binary file it requires a special editor. For purposes of this article I have used Resource Hacker. Resource HackerTM is a freeware utility to view, modify, rename, add, delete and extract resources in 32bit Windows executables and resource files (*.res). It incorporates an internal resource script compiler and decompiler and works on Microsoft Windows 95/98/ME, Windows NT, Windows 2000 and Windows XP operating systems.
get this from h**p://delphi.icm.edu.pl/ftp/tools/ResHack.zip
The first step is to make a backup copy of the file explorer.exe located at C:\Windows\explorer. Place it in a folder somewhere on your hard drive where it will be safe. Start Resource Hacker and open explorer.exe located at C:\Windows\explorer.exe.
The category we are going to be using is "String Table". Expand it by clicking the plus sign then navigate down to and expand string 37 followed by highlighting 1033. If you are using the Classic Layout rather than the XP Layout, use number 38. The right hand pane will display the stringtable. We’re going to modify item 578, currently showing the word “start” just as it displays on the current Start button.
There is no magic here. Just double click on the word “start” so that it’s highlighted, making sure the quotation marks are not part of the highlight. They need to remain in place, surrounding the new text that you’ll type. Go ahead and type your new entry. In my case I used Click Me!
You’ll notice that after the new text string has been entered the Compile Script button that was grayed out is now active. I won’t get into what’s involved in compiling a script, but suffice it to say it’s going to make this exercise worthwhile. Click Compile Script and then save the altered file using the Save As command on the File Menu. Do not use the Save command – Make sure to use the Save As command and choose a name for the file. Save the newly named file to C:\Windows.
Step 2 – Modify the Registry
!!!make a backup of your registry before making changes!!!
Now that the modified explorer.exe has been created it’s necessary to modify the registry so the file will be recognized when the user logs on to the system. If you don’t know how to access the registry I’m not sure this article is for you, but just in case it’s a temporary memory lapse, go to Start (soon to be something else) Run and type regedit in the Open field. Navigate to:
HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ Winlogon
In the right pane, double click the "Shell" entry to open the Edit String dialog box. In Value data: line, enter the name that was used to save the modified explorer.exe file. Click OK.
Close Registry Editor and either log off the system and log back in, or reboot the entire system if that’s your preference. If all went as planned you should see your new Start button with the revised text.[/b]
In order to make the changes, the file explorer.exe located at C:\Windows needs to be edited. Since explorer.exe is a binary file it requires a special editor. For purposes of this article I have used Resource Hacker. Resource HackerTM is a freeware utility to view, modify, rename, add, delete and extract resources in 32bit Windows executables and resource files (*.res). It incorporates an internal resource script compiler and decompiler and works on Microsoft Windows 95/98/ME, Windows NT, Windows 2000 and Windows XP operating systems.
get this from h**p://delphi.icm.edu.pl/ftp/tools/ResHack.zip
The first step is to make a backup copy of the file explorer.exe located at C:\Windows\explorer. Place it in a folder somewhere on your hard drive where it will be safe. Start Resource Hacker and open explorer.exe located at C:\Windows\explorer.exe.
The category we are going to be using is "String Table". Expand it by clicking the plus sign then navigate down to and expand string 37 followed by highlighting 1033. If you are using the Classic Layout rather than the XP Layout, use number 38. The right hand pane will display the stringtable. We’re going to modify item 578, currently showing the word “start” just as it displays on the current Start button.
There is no magic here. Just double click on the word “start” so that it’s highlighted, making sure the quotation marks are not part of the highlight. They need to remain in place, surrounding the new text that you’ll type. Go ahead and type your new entry. In my case I used Click Me!
You’ll notice that after the new text string has been entered the Compile Script button that was grayed out is now active. I won’t get into what’s involved in compiling a script, but suffice it to say it’s going to make this exercise worthwhile. Click Compile Script and then save the altered file using the Save As command on the File Menu. Do not use the Save command – Make sure to use the Save As command and choose a name for the file. Save the newly named file to C:\Windows.
Step 2 – Modify the Registry
!!!make a backup of your registry before making changes!!!
Now that the modified explorer.exe has been created it’s necessary to modify the registry so the file will be recognized when the user logs on to the system. If you don’t know how to access the registry I’m not sure this article is for you, but just in case it’s a temporary memory lapse, go to Start (soon to be something else) Run and type regedit in the Open field. Navigate to:
HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ Winlogon
In the right pane, double click the "Shell" entry to open the Edit String dialog box. In Value data: line, enter the name that was used to save the modified explorer.exe file. Click OK.
Close Registry Editor and either log off the system and log back in, or reboot the entire system if that’s your preference. If all went as planned you should see your new Start button with the revised text.[/b]
Advanced Virus Removal Guide
If you've let your guard down--or even if you haven't--it can be hard to tell if your PC is infected. Here's what to do if you suspect the worst.
Heard this one before? You must run antivirus software and keep it up to date or else your PC will get infected, you'll lose all your data, and you'll incur the wrath of every e-mail buddy you unknowingly infect because of your carelessness.
You know they're right. Yet for one reason or another, you're not running antivirus software, or you are but it's not up to date. Maybe you turned off your virus scanner because it conflicted with another program. Maybe you got tired of upgrading after you bought Norton Antivirus 2001, 2002, and 2003. Or maybe your annual subscription of virus definitions recently expired, and you've put off renewing.
It happens. It's nothing to be ashamed of. But chances are, either you're infected right now, as we speak, or you will be very soon.
For a few days in late January, the Netsky.p worm was infecting about 2,500 PCs a day. Meanwhile the MySQL bot infected approximately 100 systems a minute (albeit not necessarily desktop PCs). As David Perry, global director of education for security software provider Trend Micro, puts it, "an unprotected [Windows] computer will become owned by a bot within 14 minutes."
Today's viruses, worms, and so-called bots--which turn your PC into a zombie that does the hacker's bidding (such as mass-mailing spam)--aren't going to announce their presence. Real viruses aren't like the ones in Hollywood movies that melt down whole networks in seconds and destroy alien spacecraft. They operate in the background, quietly altering data, stealing private operations, or using your PC for their own illegal ends. This makes them hard to spot if you're not well protected.
Is Your PC "Owned?"
I should start by saying that not every system oddity is due to a virus, worm, or bot. Is your system slowing down? Is your hard drive filling up rapidly? Are programs crashing without warning? These symptoms are more likely caused by Windows, or badly written legitimate programs, rather than malware. After all, people who write malware want to hide their program's presence. People who write commercial software put icons all over your desktop. Who's going to work harder to go unnoticed?
Other indicators that may, in fact, indicate that there's nothing that you need to worry about, include:
* An automated e-mail telling you that you're sending out infected mail. E-mail viruses and worms typically come from faked addresses.* A frantic note from a friend saying they've been infected, and therefore so have you. This is likely a hoax. It's especially suspicious if the note tells you the virus can't be detected but you can get rid of it by deleting one simple file. Don't be fooled--and don't delete that file.
I'm not saying that you should ignore such warnings. Copy the subject line or a snippet from the body of the e-mail and plug it into your favorite search engine to see if other people have received the same note. A security site may have already pegged it as a hoax.
Sniffing Out an Infection
There are signs that indicate that your PC is actually infected. A lot of network activity coming from your system (when you're not actually using Internet) can be a good indicator that something is amiss. A good software firewall, such as ZoneAlarm, will ask your permission before letting anything leave your PC, and will give you enough information to help you judge if the outgoing data is legitimate. By the way, the firewall that comes with Windows, even the improved version in XP Service Pack 2, lacks this capability.
To put a network status light in your system tray, follow these steps: In Windows XP, choose Start, Control Panel, Network Connections, right-click the network connection you want to monitor, choose Properties, check "Show icon in notification area when connected," and click OK.
If you're interested in being a PC detective, you can sniff around further for malware. By hitting Ctrl-Alt-Delete in Windows, you'll bring up the Task Manager, which will show you the various processes your system is running. Most, if not all, are legit, but if you see a file name that looks suspicious, type it into a search engine and find out what it is.
Want another place to look? In Windows XP, click Start, Run, type "services.msc" in the box, and press Enter. You'll see detailed descriptions of the services Windows is running. Something look weird? Check with your search engine.
Finally, you can do more detective work by selecting Start, Run, and typing "msconfig" in the box. With this tool you not only see the services running, but also the programs that your system is launching at startup. Again, check for anything weird.
If any of these tools won't run--or if your security software won't run--that in itself is a good sign your computer is infected. Some viruses intentionally disable such programs as a way to protect themselves.
What to Do Next
Once you're fairly sure your system is infected, don't panic. There are steps you can take to assess the damage, depending on your current level of protection.
* If you don't have any antivirus software on your system (shame on you), or if the software has stopped working, stay online and go for a free scan at one of several Web sites. There's McAfee FreeScan, Symantec Security Check, and Trend Micro's HouseCall. If one doesn't find anything, try two. In fact, running a free online virus scan is a good way to double-check the work of your own local antivirus program. When you're done, buy or download a real antivirus program.* If you have antivirus software, but it isn't active, get offline, unplug wires-- whatever it takes to stop your computer from communicating via the Internet. Then, promptly perform a scan with the installed software.* If nothing seems to be working, do more research on the Web. There are several online virus libraries where you can find out about known viruses. These sites often provide instructions for removing viruses--if manual removal is possible--or a free removal tool if it isn't. Check out GriSOFT's Virus Encyclopedia, Eset's Virus Descriptions, McAffee's Virus Glossary, Symantec's Virus Encyclopedia, or Trend Micro's Virus Encyclopedia.
A Microgram of Prevention
Assuming your system is now clean, you need to make sure it stays that way. Preventing a breach of your computer's security is far more effective than cleaning up the mess afterwards. Start with a good security program, such Trend Micro's PC-Cillin, which you can buy for $50.
Don't want to shell out any money? You can cobble together security through free downloads, such as AVG Anti-Virus Free Edition, ZoneAlarm (a personal firewall), and Ad-Aware SE (an antispyware tool).
Just make sure you keep all security software up to date. The bad guys constantly try out new ways to fool security programs. Any security tool without regular, easy (if not automatic) updates isn't worth your money or your time.
Speaking of updating, the same goes for Windows. Use Windows Update (it's right there on your Start Menu) to make sure you're getting all of the high priority updates. If you run Windows XP, make sure to get the Service Pack 2 update. To find out if you already have it, right-click My Computer, and select Properties. Under the General tab, under System, it should say "Service Pack 2."
Here are a few more pointers for a virus-free life:
* Be careful with e-mail. Set your e-mail software security settings to high. Don't open messages with generic-sounding subjects that don't apply specifically to you from people you don't know. Don't open an attachment unless you're expecting it.* If you have broadband Internet access, such as DSL or cable, get a router, even if you only have one PC. A router adds an extra layer of protection because your PC is not connecting directly with the Internet.* Check your Internet ports. These doorways between your computer and the Internet can be open, in which case your PC is very vulnerable; closed, but still somewhat vulnerable; or stealthed (or hidden), which is safest. Visit Gibson Research's Web site and run the free ShieldsUP test to see your ports' status. If some ports show up as closed--or worse yet, open--check your router's documentation to find out how to hide them.
Heard this one before? You must run antivirus software and keep it up to date or else your PC will get infected, you'll lose all your data, and you'll incur the wrath of every e-mail buddy you unknowingly infect because of your carelessness.
You know they're right. Yet for one reason or another, you're not running antivirus software, or you are but it's not up to date. Maybe you turned off your virus scanner because it conflicted with another program. Maybe you got tired of upgrading after you bought Norton Antivirus 2001, 2002, and 2003. Or maybe your annual subscription of virus definitions recently expired, and you've put off renewing.
It happens. It's nothing to be ashamed of. But chances are, either you're infected right now, as we speak, or you will be very soon.
For a few days in late January, the Netsky.p worm was infecting about 2,500 PCs a day. Meanwhile the MySQL bot infected approximately 100 systems a minute (albeit not necessarily desktop PCs). As David Perry, global director of education for security software provider Trend Micro, puts it, "an unprotected [Windows] computer will become owned by a bot within 14 minutes."
Today's viruses, worms, and so-called bots--which turn your PC into a zombie that does the hacker's bidding (such as mass-mailing spam)--aren't going to announce their presence. Real viruses aren't like the ones in Hollywood movies that melt down whole networks in seconds and destroy alien spacecraft. They operate in the background, quietly altering data, stealing private operations, or using your PC for their own illegal ends. This makes them hard to spot if you're not well protected.
Is Your PC "Owned?"
I should start by saying that not every system oddity is due to a virus, worm, or bot. Is your system slowing down? Is your hard drive filling up rapidly? Are programs crashing without warning? These symptoms are more likely caused by Windows, or badly written legitimate programs, rather than malware. After all, people who write malware want to hide their program's presence. People who write commercial software put icons all over your desktop. Who's going to work harder to go unnoticed?
Other indicators that may, in fact, indicate that there's nothing that you need to worry about, include:
* An automated e-mail telling you that you're sending out infected mail. E-mail viruses and worms typically come from faked addresses.* A frantic note from a friend saying they've been infected, and therefore so have you. This is likely a hoax. It's especially suspicious if the note tells you the virus can't be detected but you can get rid of it by deleting one simple file. Don't be fooled--and don't delete that file.
I'm not saying that you should ignore such warnings. Copy the subject line or a snippet from the body of the e-mail and plug it into your favorite search engine to see if other people have received the same note. A security site may have already pegged it as a hoax.
Sniffing Out an Infection
There are signs that indicate that your PC is actually infected. A lot of network activity coming from your system (when you're not actually using Internet) can be a good indicator that something is amiss. A good software firewall, such as ZoneAlarm, will ask your permission before letting anything leave your PC, and will give you enough information to help you judge if the outgoing data is legitimate. By the way, the firewall that comes with Windows, even the improved version in XP Service Pack 2, lacks this capability.
To put a network status light in your system tray, follow these steps: In Windows XP, choose Start, Control Panel, Network Connections, right-click the network connection you want to monitor, choose Properties, check "Show icon in notification area when connected," and click OK.
If you're interested in being a PC detective, you can sniff around further for malware. By hitting Ctrl-Alt-Delete in Windows, you'll bring up the Task Manager, which will show you the various processes your system is running. Most, if not all, are legit, but if you see a file name that looks suspicious, type it into a search engine and find out what it is.
Want another place to look? In Windows XP, click Start, Run, type "services.msc" in the box, and press Enter. You'll see detailed descriptions of the services Windows is running. Something look weird? Check with your search engine.
Finally, you can do more detective work by selecting Start, Run, and typing "msconfig" in the box. With this tool you not only see the services running, but also the programs that your system is launching at startup. Again, check for anything weird.
If any of these tools won't run--or if your security software won't run--that in itself is a good sign your computer is infected. Some viruses intentionally disable such programs as a way to protect themselves.
What to Do Next
Once you're fairly sure your system is infected, don't panic. There are steps you can take to assess the damage, depending on your current level of protection.
* If you don't have any antivirus software on your system (shame on you), or if the software has stopped working, stay online and go for a free scan at one of several Web sites. There's McAfee FreeScan, Symantec Security Check, and Trend Micro's HouseCall. If one doesn't find anything, try two. In fact, running a free online virus scan is a good way to double-check the work of your own local antivirus program. When you're done, buy or download a real antivirus program.* If you have antivirus software, but it isn't active, get offline, unplug wires-- whatever it takes to stop your computer from communicating via the Internet. Then, promptly perform a scan with the installed software.* If nothing seems to be working, do more research on the Web. There are several online virus libraries where you can find out about known viruses. These sites often provide instructions for removing viruses--if manual removal is possible--or a free removal tool if it isn't. Check out GriSOFT's Virus Encyclopedia, Eset's Virus Descriptions, McAffee's Virus Glossary, Symantec's Virus Encyclopedia, or Trend Micro's Virus Encyclopedia.
A Microgram of Prevention
Assuming your system is now clean, you need to make sure it stays that way. Preventing a breach of your computer's security is far more effective than cleaning up the mess afterwards. Start with a good security program, such Trend Micro's PC-Cillin, which you can buy for $50.
Don't want to shell out any money? You can cobble together security through free downloads, such as AVG Anti-Virus Free Edition, ZoneAlarm (a personal firewall), and Ad-Aware SE (an antispyware tool).
Just make sure you keep all security software up to date. The bad guys constantly try out new ways to fool security programs. Any security tool without regular, easy (if not automatic) updates isn't worth your money or your time.
Speaking of updating, the same goes for Windows. Use Windows Update (it's right there on your Start Menu) to make sure you're getting all of the high priority updates. If you run Windows XP, make sure to get the Service Pack 2 update. To find out if you already have it, right-click My Computer, and select Properties. Under the General tab, under System, it should say "Service Pack 2."
Here are a few more pointers for a virus-free life:
* Be careful with e-mail. Set your e-mail software security settings to high. Don't open messages with generic-sounding subjects that don't apply specifically to you from people you don't know. Don't open an attachment unless you're expecting it.* If you have broadband Internet access, such as DSL or cable, get a router, even if you only have one PC. A router adds an extra layer of protection because your PC is not connecting directly with the Internet.* Check your Internet ports. These doorways between your computer and the Internet can be open, in which case your PC is very vulnerable; closed, but still somewhat vulnerable; or stealthed (or hidden), which is safest. Visit Gibson Research's Web site and run the free ShieldsUP test to see your ports' status. If some ports show up as closed--or worse yet, open--check your router's documentation to find out how to hide them.
Cant See Secure Sites
Fix the problem with seeing them secrue sites (banks or online stores) i found this very usefull to me at my work (isp backbone support lol, at the time i was regular support )
Any way... what u need to do is make a new notepad file and write in it the followng DLL's.. just copy-paste these
regsvr32 SOFTPUB.DLLregsvr32 WINTRUST.DLLregsvr32 INITPKI.DLLregsvr32 dssenh.dllregsvr32 Rsaenh.dllregsvr32 gpkcsp.dllregsvr32 sccbase.dllregsvr32 slbcsp.dllregsvr32 Cryptdlg.dll
and save it as > all file types, and make it something like securefix.bat.
then just run the file and ur problem shuld be gone.
Any way... what u need to do is make a new notepad file and write in it the followng DLL's.. just copy-paste these
regsvr32 SOFTPUB.DLLregsvr32 WINTRUST.DLLregsvr32 INITPKI.DLLregsvr32 dssenh.dllregsvr32 Rsaenh.dllregsvr32 gpkcsp.dllregsvr32 sccbase.dllregsvr32 slbcsp.dllregsvr32 Cryptdlg.dll
and save it as > all file types, and make it something like securefix.bat.
then just run the file and ur problem shuld be gone.
Cannot Access Windows XP With Password
Because of the security features built into Windows XP, it is virtually impossible to get back into the system without the password.You have several options to try and get around this problem.
If you have access to another user account with administrator rights, you can use that account to change the passwordof the account that is locked out. You can also use the default Administrator account that is built into Windows XP.
First you need to boot the system into Safe Mode.1.Restart your system.2.When you see the blue Dell globe or screen, press the ( F8 ) key about 3 times a second.3.You should get the Windows startup menu. Use the (Up or Down) arrow keys to highlight (SafeMode)4.Press (Enter) on (Safe Mode), then press (Enter) on (Windows XP).5.The system should boot to Safe Mode.
Once you are at the Account Log on Screen, click on the iconfor the user account with administrator rights, or click on the iconfor the administrators account.Note: For Home the Administrator account isn't normally shown & in Safe Mode you have to press Ctrl+Alt+Delete keys twice to show.For PRO you can do this in normal mode
When the system has booted to the desktop, use the following steps to change the accounts password.1.Click Start, Control Panel, Administrative Tools.2.Click Computer Management.3.Double click Local Users and Groups, double click the folder Users.4.Right click on the account name that is locked out, and click on Set Password.5.You may get a warning message about changing the password, simply click proceed.6.Leave the New Password box blank, also leave the Confirm Password box blank.7.Click OK, and OK again.8.Then close all Windows, reboot the system and try to log in.
There are also applications that can recover the password for you.The following companies provide these applications at a cost.iOpus® Password Recovery XP here.LostPassword.com, here.Asterisk Password Recovery XP v1.89 here.Windows XP / 2000 / NT Key here.
If the above information does not help in recovering the password, the only option left is toformat the hard drive then reinstall Windows and the system software.
If you have access to another user account with administrator rights, you can use that account to change the passwordof the account that is locked out. You can also use the default Administrator account that is built into Windows XP.
First you need to boot the system into Safe Mode.1.Restart your system.2.When you see the blue Dell globe or screen, press the ( F8 ) key about 3 times a second.3.You should get the Windows startup menu. Use the (Up or Down) arrow keys to highlight (SafeMode)4.Press (Enter) on (Safe Mode), then press (Enter) on (Windows XP).5.The system should boot to Safe Mode.
Once you are at the Account Log on Screen, click on the iconfor the user account with administrator rights, or click on the iconfor the administrators account.Note: For Home the Administrator account isn't normally shown & in Safe Mode you have to press Ctrl+Alt+Delete keys twice to show.For PRO you can do this in normal mode
When the system has booted to the desktop, use the following steps to change the accounts password.1.Click Start, Control Panel, Administrative Tools.2.Click Computer Management.3.Double click Local Users and Groups, double click the folder Users.4.Right click on the account name that is locked out, and click on Set Password.5.You may get a warning message about changing the password, simply click proceed.6.Leave the New Password box blank, also leave the Confirm Password box blank.7.Click OK, and OK again.8.Then close all Windows, reboot the system and try to log in.
There are also applications that can recover the password for you.The following companies provide these applications at a cost.iOpus® Password Recovery XP here.LostPassword.com, here.Asterisk Password Recovery XP v1.89 here.Windows XP / 2000 / NT Key here.
If the above information does not help in recovering the password, the only option left is toformat the hard drive then reinstall Windows and the system software.
Bandwidth Required For Hosting
It depends (don't you hate that answer). But in truth, it does. Since bandwidth is a significant determinant of hosting plan prices, you should take time to determine just how much is right for you. Almost all hosting plans have bandwidth requirements measured in months, so you need to estimate the amount of bandwidth that will be required by your site on a monthly basis
If you do not intend to provide file download capability from your site, the formula for calculating bandwidth is fairly straightforward:
Average Daily Visitors x Average Page Views x Average Page Size x 31 x Fudge Factor
If you intend to allow people to download files from your site, your bandwidth calculation should be:
[(Average Daily Visitors x Average Page Views x Average Page Size) +
(Average Daily File Downloads x Average File Size)] x 31 x Fudge Factor
Let us examine each item in the formula:
Average Daily Visitors - The number of people you expect to visit your site, on average, each day. Depending upon how you market your site, this number could be from 1 to 1,000,000.
Average Page Views - On average, the number of web pages you expect a person to view. If you have 50 web pages in your web site, an average person may only view 5 of those pages each time they visit.
Average Page Size - The average size of your web pages, in Kilobytes (KB). If you have already designed your site, you can calculate this directly.
Average Daily File Downloads - The number of downloads you expect to occur on your site. This is a function of the numbers of visitors and how many times a visitor downloads a file, on average, each day.
Average File Size - Average file size of files that are downloadable from your site. Similar to your web pages, if you already know which files can be downloaded, you can calculate this directly.
Fudge Factor - A number greater than 1. Using 1.5 would be safe, which assumes that your estimate is off by 50%. However, if you were very unsure, you could use 2 or 3 to ensure that your bandwidth requirements are more than met.
Usually, hosting plans offer bandwidth in terms of Gigabytes (GB) per month. This is why our formula takes daily averages and multiplies them by 31.
If you do not intend to provide file download capability from your site, the formula for calculating bandwidth is fairly straightforward:
Average Daily Visitors x Average Page Views x Average Page Size x 31 x Fudge Factor
If you intend to allow people to download files from your site, your bandwidth calculation should be:
[(Average Daily Visitors x Average Page Views x Average Page Size) +
(Average Daily File Downloads x Average File Size)] x 31 x Fudge Factor
Let us examine each item in the formula:
Average Daily Visitors - The number of people you expect to visit your site, on average, each day. Depending upon how you market your site, this number could be from 1 to 1,000,000.
Average Page Views - On average, the number of web pages you expect a person to view. If you have 50 web pages in your web site, an average person may only view 5 of those pages each time they visit.
Average Page Size - The average size of your web pages, in Kilobytes (KB). If you have already designed your site, you can calculate this directly.
Average Daily File Downloads - The number of downloads you expect to occur on your site. This is a function of the numbers of visitors and how many times a visitor downloads a file, on average, each day.
Average File Size - Average file size of files that are downloadable from your site. Similar to your web pages, if you already know which files can be downloaded, you can calculate this directly.
Fudge Factor - A number greater than 1. Using 1.5 would be safe, which assumes that your estimate is off by 50%. However, if you were very unsure, you could use 2 or 3 to ensure that your bandwidth requirements are more than met.
Usually, hosting plans offer bandwidth in terms of Gigabytes (GB) per month. This is why our formula takes daily averages and multiplies them by 31.
Hosting BandWidth
In the example above, we discussed traffic in terms of downloading an MP3 file. However, each time you visit a web site, you are creating traffic, because in order to view that web page on your computer, the web page is first downloaded to your computer (between the web site and you) which is then displayed using your browser software (Internet Explorer, Netscape, etc.) . The page itself is simply a file that creates traffic just like the MP3 file in the example above (however, a web page is usually much smaller than a music file).
A web page may be very small or large depending upon the amount of text and the number and quality of images integrated within the web page. For example, the home page for CNN.com is about 200KB (200 Kilobytes = 200,000 bytes = 1,600,000 bits). This is typically large for a web page. In comparison, Yahoo's home page is about 70KB.
A web page may be very small or large depending upon the amount of text and the number and quality of images integrated within the web page. For example, the home page for CNN.com is about 200KB (200 Kilobytes = 200,000 bytes = 1,600,000 bits). This is typically large for a web page. In comparison, Yahoo's home page is about 70KB.
What's Traffic
A very simple analogy to use to understand bandwidth and traffic is to think of highways and cars. Bandwidth is the number of lanes on the highway and traffic is the number of cars on the highway. If you are the only car on a highway, you can travel very quickly. If you are stuck in the middle of rush hour, you may travel very slowly since all of the lanes are being used up.
Traffic is simply the number of bits that are transferred on network connections. It is easiest to understand traffic using examples. One Gigabyte is 2 to the 30th power (1,073,741,824) bytes. One gigabyte is equal to 1,024 megabytes. To put this in perspective, it takes one byte to store one character. Imagine 100 file cabinets in a building, each of these cabinets holds 1000 folders. Each folder has 100 papers. Each paper contains 100 characters - A GB is all the characters in the building. An MP3 song is about 4MB, the same song in wav format is about 40MB, a full length movie can be 800MB to 1000MB (1000MB = 1GB).
If you were to transfer this MP3 song from a web site to your computer, you would create 4MB of traffic between the web site you are downloading from and your computer. Depending upon the network connection between the web site and the internet, the transfer may occur very quickly, or it could take time if other people are also downloading files at the same time. If, for example, the web site you download from has a 10MB connection to the internet, and you are the only person accessing that web site to download your MP3, your 4MB file will be the only traffic on that web site. However, if three people are all downloading that same MP at the same time, 12MB (3 x 4MB) of traffic has been created. Because in this example, the host only has 10MB of bandwidth, someone will have to wait. The network equipment at the hosting company will cycle through each person downloading the file and transfer a small portion at a time so each person's file transfer can take place, but the transfer for everyone downloading the file will be slower. If 100 people all came to the site and downloaded the MP3 at the same time, the transfers would be extremely slow. If the host wanted to decrease the time it took to download files simultaneously, it could increase the bandwidth of their internet connection (at a cost due to upgrading equipment).
Traffic is simply the number of bits that are transferred on network connections. It is easiest to understand traffic using examples. One Gigabyte is 2 to the 30th power (1,073,741,824) bytes. One gigabyte is equal to 1,024 megabytes. To put this in perspective, it takes one byte to store one character. Imagine 100 file cabinets in a building, each of these cabinets holds 1000 folders. Each folder has 100 papers. Each paper contains 100 characters - A GB is all the characters in the building. An MP3 song is about 4MB, the same song in wav format is about 40MB, a full length movie can be 800MB to 1000MB (1000MB = 1GB).
If you were to transfer this MP3 song from a web site to your computer, you would create 4MB of traffic between the web site you are downloading from and your computer. Depending upon the network connection between the web site and the internet, the transfer may occur very quickly, or it could take time if other people are also downloading files at the same time. If, for example, the web site you download from has a 10MB connection to the internet, and you are the only person accessing that web site to download your MP3, your 4MB file will be the only traffic on that web site. However, if three people are all downloading that same MP at the same time, 12MB (3 x 4MB) of traffic has been created. Because in this example, the host only has 10MB of bandwidth, someone will have to wait. The network equipment at the hosting company will cycle through each person downloading the file and transfer a small portion at a time so each person's file transfer can take place, but the transfer for everyone downloading the file will be slower. If 100 people all came to the site and downloaded the MP3 at the same time, the transfers would be extremely slow. If the host wanted to decrease the time it took to download files simultaneously, it could increase the bandwidth of their internet connection (at a cost due to upgrading equipment).
What's Network Connectivity
The internet, in the most simplest of terms, is a group of millions of computers connected by networks. These connections within the internet can be large or small depending upon the cabling and equipment that is used at a particular internet location. It is the size of each network connection that determines how much bandwidth is available. For example, if you use a DSL connection to connect to the internet, you have 1.54 Mega bits (Mb) of bandwidth. Bandwidth therefore is measured in bits (a single 0 or 1). Bits are grouped in bytes which form words, text, and other information that is transferred between your computer and the internet.
If you have a DSL connection to the internet, you have dedicated bandwidth between your computer and your internet provider. But your internet provider may have thousands of DSL connections to their location. All of these connection aggregate at your internet provider who then has their own dedicated connection to the internet (or multiple connections) which is much larger than your single connection. They must have enough bandwidth to serve your computing needs as well as all of their other customers. So while you have a 1.54Mb connection to your internet provider, your internet provider may have a 255Mb connection to the internet so it can accommodate your needs and up to 166 other users (255/1.54).
If you have a DSL connection to the internet, you have dedicated bandwidth between your computer and your internet provider. But your internet provider may have thousands of DSL connections to their location. All of these connection aggregate at your internet provider who then has their own dedicated connection to the internet (or multiple connections) which is much larger than your single connection. They must have enough bandwidth to serve your computing needs as well as all of their other customers. So while you have a 1.54Mb connection to your internet provider, your internet provider may have a 255Mb connection to the internet so it can accommodate your needs and up to 166 other users (255/1.54).
What's Band Width
Most hosting companies offer a variety of bandwidth options in their plans. So exactly what is bandwidth as it relates to web hosting? Put simply, bandwidth is the amount of traffic that is allowed to occur between your web site and the rest of the internet. The amount of bandwidth a hosting company can provide is determined by their network connections, both internal to their data center and external to the public internet.
Back Tracking e-Mail
Tracking email back to its source: Twisted Evilcause i hate spammers... Evil or Very Mad
Ask most people how they determine who sent them an email message and the response is almost universally, "By the From line." Unfortunately this symptomatic of the current confusion among internet users as to where particular messages come from and who is spreading spam and viruses. The "From" header is little more than a courtesy to the person receiving the message. People spreading spam and viruses are rarely courteous. In short, if there is any question about where a particular email message came from the safe bet is to assume the "From" header is forged.
So how do you determine where a message actually came from? You have to understand how email messages are put together in order to backtrack an email message. SMTP is a text based protocol for transferring messages across the internet. A series of headers are placed in front of the data portion of the message. By examining the headers you can usually backtrack a message to the source network, sometimes the source host. A more detailed essay on reading email headers can be found .
If you are using Outlook or Outlook Express you can view the headers by right clicking on the message and selecting properties or options.
Below are listed the headers of an actual spam message I received. I've changed my email address and the name of my server for obvious reasons. I've also double spaced the headers to make them more readable.
Return-Path: <s359dyxtt@yahoo.com>
X-Original-To: davar@example.com
Delivered-To: davar@example.com
Received: from 12-218-172-108.client.mchsi.com (12-218-172-108.client.mchsi.com [12.218.172.108])by mailhost.example.com (Postfix) with SMTP id 1F9B8511C7for <davar@example.com>; Sun, 16 Nov 2003 09:50:37 -0800 (PST)
Received: from (HELO 0udjou) [193.12.169.0] by 12-218-172-108.client.mchsi.com with ESMTP id <536806-74276>; Sun, 16 Nov 2003 19:42:31 +0200
Message-ID: <n5-l067n7z$46-z$-n@eo2.32574>
From: "Maricela Paulson" <s359dyxtt@yahoo.com>
Reply-To: "Maricela Paulson" <s359dyxtt@yahoo.com>
To: davar@example.com
Subject: STOP-PAYING For Your PAY-PER-VIEW, Movie Channels, Mature Channels...isha
Date: Sun, 16 Nov 2003 19:42:31 +0200
X-Mailer: Internet Mail Service (5.5.2650.21)
X-Priority: 3
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="MIMEStream=_0+211404_90873633350646_4032088448"
According to the From header this message is from Maricela Paulson at s359dyxxt@yahoo.com. I could just fire off a message to abuse@yahoo.com, but that would be waste of time. This message didn't come from yahoo's email service.
The header most likely to be useful in determining the actual source of an email message is the Received header. According to the top-most Received header this message was received from the host 12-218-172-108.client.mchsi.com with the ip address of 21.218.172.108 by my server mailhost.example.com. An important item to consider is at what point in the chain does the email system become untrusted? I consider anything beyond my own email server to be an unreliable source of information. Because this header was generated by my email server it is reasonable for me to accept it at face value.
The next Received header (which is chronologically the first) shows the remote email server accepting the message from the host 0udjou with the ip 193.12.169.0. Those of you who know anything about IP will realize that that is not a valid host IP address. In addition, any hostname that ends in client.mchsi.com is unlikely to be an authorized email server. This has every sign of being a cracked client system.
Here's is where we start digging. By default Windows is somewhat lacking in network diagnostic tools; however, you can use the tools at to do your own checking.
davar@nqh9k:[/home/davar] $whois 12.218.172.108
AT&T WorldNet Services ATT (NET-12-0-0-0-1)12.0.0.0 - 12.255.255.255Mediacom Communications Corp MEDIACOMCC-12-218-168-0-FLANDREAU-MN (NET-12-218-168-0-1)12.218.168.0 - 12.218.175.255
# ARIN WHOIS database, last updated 2003-12-31 19:15# Enter ? for additional hints on searching ARIN's WHOIS database.
I can also verify the hostname of the remote server by using nslookup, although in this particular instance, my email server has already provided both the IP address and the hostname.
davar@nqh9k:[/home/davar] $nslookup 12.218.172.108
Server: localhostAddress: 127.0.0.1
Name: 12-218-172-108.client.mchsi.comAddress: 12.218.172.108
Ok, whois shows that Mediacom Communications owns that netblock and nslookup confirms the address to hostname mapping of the remote server,12-218-172-108.client.mchsi.com. If I preface a www in front of the domain name portion and plug that into my web browser, http://www.mchsi.com, I get Mediacom's web site.
There are few things more embarrassing to me than firing off an angry message to someone who is supposedly responsible for a problem, and being wrong. By double checking who owns the remote host's IP address using two different tools (whois and nslookup) I minimize the chance of making myself look like an idiot.
A quick glance at the web site and it appears they are an ISP. Now if I copy the entire message including the headers into a new email message and send it to abuse@mchsi.com with a short message explaining the situation, they may do something about it.
But what about Maricela Paulson? There really is no way to determine who sent a message, the best you can hope for is to find out what host sent it. Even in the case of a PGP signed messages there is no guarantee that one particular person actually pressed the send button. Obviously determining who the actual sender of an email message is much more involved than reading the From header. Hopefully this example may be of some use to other forum regulars.
Ask most people how they determine who sent them an email message and the response is almost universally, "By the From line." Unfortunately this symptomatic of the current confusion among internet users as to where particular messages come from and who is spreading spam and viruses. The "From" header is little more than a courtesy to the person receiving the message. People spreading spam and viruses are rarely courteous. In short, if there is any question about where a particular email message came from the safe bet is to assume the "From" header is forged.
So how do you determine where a message actually came from? You have to understand how email messages are put together in order to backtrack an email message. SMTP is a text based protocol for transferring messages across the internet. A series of headers are placed in front of the data portion of the message. By examining the headers you can usually backtrack a message to the source network, sometimes the source host. A more detailed essay on reading email headers can be found .
If you are using Outlook or Outlook Express you can view the headers by right clicking on the message and selecting properties or options.
Below are listed the headers of an actual spam message I received. I've changed my email address and the name of my server for obvious reasons. I've also double spaced the headers to make them more readable.
Return-Path: <s359dyxtt@yahoo.com>
X-Original-To: davar@example.com
Delivered-To: davar@example.com
Received: from 12-218-172-108.client.mchsi.com (12-218-172-108.client.mchsi.com [12.218.172.108])by mailhost.example.com (Postfix) with SMTP id 1F9B8511C7for <davar@example.com>; Sun, 16 Nov 2003 09:50:37 -0800 (PST)
Received: from (HELO 0udjou) [193.12.169.0] by 12-218-172-108.client.mchsi.com with ESMTP id <536806-74276>; Sun, 16 Nov 2003 19:42:31 +0200
Message-ID: <n5-l067n7z$46-z$-n@eo2.32574>
From: "Maricela Paulson" <s359dyxtt@yahoo.com>
Reply-To: "Maricela Paulson" <s359dyxtt@yahoo.com>
To: davar@example.com
Subject: STOP-PAYING For Your PAY-PER-VIEW, Movie Channels, Mature Channels...isha
Date: Sun, 16 Nov 2003 19:42:31 +0200
X-Mailer: Internet Mail Service (5.5.2650.21)
X-Priority: 3
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="MIMEStream=_0+211404_90873633350646_4032088448"
According to the From header this message is from Maricela Paulson at s359dyxxt@yahoo.com. I could just fire off a message to abuse@yahoo.com, but that would be waste of time. This message didn't come from yahoo's email service.
The header most likely to be useful in determining the actual source of an email message is the Received header. According to the top-most Received header this message was received from the host 12-218-172-108.client.mchsi.com with the ip address of 21.218.172.108 by my server mailhost.example.com. An important item to consider is at what point in the chain does the email system become untrusted? I consider anything beyond my own email server to be an unreliable source of information. Because this header was generated by my email server it is reasonable for me to accept it at face value.
The next Received header (which is chronologically the first) shows the remote email server accepting the message from the host 0udjou with the ip 193.12.169.0. Those of you who know anything about IP will realize that that is not a valid host IP address. In addition, any hostname that ends in client.mchsi.com is unlikely to be an authorized email server. This has every sign of being a cracked client system.
Here's is where we start digging. By default Windows is somewhat lacking in network diagnostic tools; however, you can use the tools at to do your own checking.
davar@nqh9k:[/home/davar] $whois 12.218.172.108
AT&T WorldNet Services ATT (NET-12-0-0-0-1)12.0.0.0 - 12.255.255.255Mediacom Communications Corp MEDIACOMCC-12-218-168-0-FLANDREAU-MN (NET-12-218-168-0-1)12.218.168.0 - 12.218.175.255
# ARIN WHOIS database, last updated 2003-12-31 19:15# Enter ? for additional hints on searching ARIN's WHOIS database.
I can also verify the hostname of the remote server by using nslookup, although in this particular instance, my email server has already provided both the IP address and the hostname.
davar@nqh9k:[/home/davar] $nslookup 12.218.172.108
Server: localhostAddress: 127.0.0.1
Name: 12-218-172-108.client.mchsi.comAddress: 12.218.172.108
Ok, whois shows that Mediacom Communications owns that netblock and nslookup confirms the address to hostname mapping of the remote server,12-218-172-108.client.mchsi.com. If I preface a www in front of the domain name portion and plug that into my web browser, http://www.mchsi.com, I get Mediacom's web site.
There are few things more embarrassing to me than firing off an angry message to someone who is supposedly responsible for a problem, and being wrong. By double checking who owns the remote host's IP address using two different tools (whois and nslookup) I minimize the chance of making myself look like an idiot.
A quick glance at the web site and it appears they are an ISP. Now if I copy the entire message including the headers into a new email message and send it to abuse@mchsi.com with a short message explaining the situation, they may do something about it.
But what about Maricela Paulson? There really is no way to determine who sent a message, the best you can hope for is to find out what host sent it. Even in the case of a PGP signed messages there is no guarantee that one particular person actually pressed the send button. Obviously determining who the actual sender of an email message is much more involved than reading the From header. Hopefully this example may be of some use to other forum regulars.
Automatic Windows Installation
An unattended Windows XP/2003 install can install all your software and settings along with Windows, and without you having to click a button or press a key,completely automated. Learn how over here:
CODE
http://unattended.msfn.org
Make your unattended setup now!
CODE
http://unattended.msfn.org
Make your unattended setup now!
Auto End Tasks For Safe Shut Down
Auto End Tasks to Enable a Proper Shutdown
This reg file automatically ends tasks and timeouts that prevent programs from shutting down and clears the Paging File on Exit.
1. Copy the following (everything in the box) into notepad.
QUOTEWindows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]"ClearPageFileAtShutdown"=dword:00000001
[HKEY_USERS\.DEFAULT\Control Panel\Desktop]"AutoEndTasks"="1"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]"WaitToKillServiceTimeout"="1000"
2. Save the file as shutdown.reg3. Double click the file to import into your registry.
NOTE: If your anti-virus software warns you of a "malicious" script, this is normal if you have "Script Safe" or similar technology enabled.
This reg file automatically ends tasks and timeouts that prevent programs from shutting down and clears the Paging File on Exit.
1. Copy the following (everything in the box) into notepad.
QUOTEWindows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]"ClearPageFileAtShutdown"=dword:00000001
[HKEY_USERS\.DEFAULT\Control Panel\Desktop]"AutoEndTasks"="1"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]"WaitToKillServiceTimeout"="1000"
2. Save the file as shutdown.reg3. Double click the file to import into your registry.
NOTE: If your anti-virus software warns you of a "malicious" script, this is normal if you have "Script Safe" or similar technology enabled.
Anti Leech Hacking
I was just asking to know if there is some audiance beforehere is my methodefor hacking anti leechwe gona use a soft calde proxo mitronproxomitron is an anti bull script web proxy it' works buy applying some rules to elliuminte pop up and many other thing but for our cas we need to desactive all this filtring first gotow-w.proxomitron.infodownload a copy of the softthen you need to unselect all the option of the softand clik on log windowno go to a anti leech web siteuse the plug in and not netpumperin the pluginadd a proxyyou must put this proxy adress127.0.0.1 8080 for httpthe same for ftpnow select the file to download a click downloadwatch in proximitron log winodws you will see many internal forwardingif the file are located in a ftp serverproximitron dont handel themand you will find an errorin a ftp adressif it's a http adressyou will find some thing likeget /blablalma/bla/filesite tr.comand you have foudn the adressit' tr.com/blabla/file
Anonymous Proxy
The exchange of information in Internet is made by the "client - server" model. A client sends a request (what files he needs) and a server sends a reply (required files). For close cooperation (full understanding) between a client and a server the client sends additional information about itself: a version and a name of an operating system, configuration of a browser (including its name and version) etc. This information can be necessary for the server in order to know which web-page should be given (open) to the client. There are different variants of web-pages for different configurations of browsers. However, as long as web-pages do not usually depend on browsers, it makes sense to hide this information from the web-server.
What your browser transmits to a web-server:a name and a version of an operating systema name and a version of a browserconfiguration of a browser (display resolution, color depth, java / javascript support, ...)IP-address of a clientOther information
The most important part of such information (and absolutely needless for a web-server) is information about IP-address. Using your IP it is possible to know about you the following:a country where you are froma cityyour provider?s name and e-mailyour physical address
Information, transmitted by a client to a server is available (accessible) for a server as environment variables. Every information unit is a value of some variable. If any information unit is not transmitted, then corresponding variable will be empty (its value will be undetermined).
These are some environment variables:
REMOTE_ADDR ? IP address of a client
HTTP_VIA ? if it is not empty, then a proxy is used. Value is an address (or several addresses) of a proxy server, this variable is added by a proxy server itself if you use one.
HTTP_X_FORWARDED_FOR ? if it is not empty, then a proxy is used. Value is a real IP address of a client (your IP), this variable is also added by a proxy server if you use one.
HTTP_ACCEPT_LANGUAGE ? what language is used in browser (what language a page should be displayed in)
HTTP_USER_AGENT ? so called "a user?s agent". For all browsers this is Mozilla. Furthermore, browser?s name and version (e.g. MSIE 5.5) and an operating system (e.g. Windows 98) is also mentioned here.
HTTP_HOST ? is a web server?s name
This is a small part of environment variables. In fact there are much more of them (DOCUMENT_ROOT, HTTP_ACCEPT_ENCODING, HTTP_CACHE_CONTROL, HTTP_CONNECTION, SERVER_ADDR, SERVER_SOFTWARE, SERVER_PROTOCOL, ...). Their quantity can depend on settings of both a server and a client.
These are examples of variable values:
REMOTE_ADDR = 194.85.1.1HTTP_ACCEPT_LANGUAGE = ruHTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)HTTP_HOST = www.webserver.ruHTTP_VIA = 194.85.1.1 (Squid/2.4.STABLE7)HTTP_X_FORWARDED_FOR = 194.115.5.5
Anonymity at work in Internet is determined by what environment variables "hide" from a web-server.
If a proxy server is not used, then environment variables look in the following way:
REMOTE_ADDR = your IPHTTP_VIA = not determinedHTTP_X_FORWARDED_FOR = not determined
According to how environment variables "hided" by proxy servers, there are several types of proxiesTransparent Proxies
They do not hide information about your IP address:
REMOTE_ADDR = proxy IPHTTP_VIA = proxy IPHTTP_X_FORWARDED_FOR = your IP
The function of such proxy servers is not the improvement of your anonymity in Internet. Their purpose is information cashing, organization of joint access to Internet of several computers, etc.Anonymous Proxies
All proxy servers, that hide a client?s IP address in any way are called anonymous proxies
Simple Anonymous Proxies
These proxy servers do not hide a fact that a proxy is used, however they replace your IP with its own:REMOTE_ADDR = proxy IPHTTP_VIA = proxy IPHTTP_X_FORWARDED_FOR = proxy IP
These proxies are the most widespread among other anonymous proxy servers.
Distorting Proxies
As well as simple anonymous proxy servers these proxies do not hide the fact that a proxy server is used. However a client?s IP address (your IP address) is replaced with another (arbitrary, random) IP:
REMOTE_ADDR = proxy IPHTTP_VIA = proxy IPHTTP_X_FORWARDED_FOR = random IP addressHigh Anonymity Proxies
These proxy servers are also called "high anonymity proxy". In contrast to other types of anonymity proxy servers they hide a fact of using a proxy:
REMOTE_ADDR = proxy IPHTTP_VIA = not determinedHTTP_X_FORWARDED_FOR = not determined
That means that values of variables are the same as if proxy is not used, with the exception of one very important thing ? proxy IP is used instead of your IP address.Summary
Depending on purposes there are transparent and anonymity proxies. However, remember, using proxy servers you hide only your IP from a web-server, but other information (about browser configuration) is accessible!
What your browser transmits to a web-server:a name and a version of an operating systema name and a version of a browserconfiguration of a browser (display resolution, color depth, java / javascript support, ...)IP-address of a clientOther information
The most important part of such information (and absolutely needless for a web-server) is information about IP-address. Using your IP it is possible to know about you the following:a country where you are froma cityyour provider?s name and e-mailyour physical address
Information, transmitted by a client to a server is available (accessible) for a server as environment variables. Every information unit is a value of some variable. If any information unit is not transmitted, then corresponding variable will be empty (its value will be undetermined).
These are some environment variables:
REMOTE_ADDR ? IP address of a client
HTTP_VIA ? if it is not empty, then a proxy is used. Value is an address (or several addresses) of a proxy server, this variable is added by a proxy server itself if you use one.
HTTP_X_FORWARDED_FOR ? if it is not empty, then a proxy is used. Value is a real IP address of a client (your IP), this variable is also added by a proxy server if you use one.
HTTP_ACCEPT_LANGUAGE ? what language is used in browser (what language a page should be displayed in)
HTTP_USER_AGENT ? so called "a user?s agent". For all browsers this is Mozilla. Furthermore, browser?s name and version (e.g. MSIE 5.5) and an operating system (e.g. Windows 98) is also mentioned here.
HTTP_HOST ? is a web server?s name
This is a small part of environment variables. In fact there are much more of them (DOCUMENT_ROOT, HTTP_ACCEPT_ENCODING, HTTP_CACHE_CONTROL, HTTP_CONNECTION, SERVER_ADDR, SERVER_SOFTWARE, SERVER_PROTOCOL, ...). Their quantity can depend on settings of both a server and a client.
These are examples of variable values:
REMOTE_ADDR = 194.85.1.1HTTP_ACCEPT_LANGUAGE = ruHTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)HTTP_HOST = www.webserver.ruHTTP_VIA = 194.85.1.1 (Squid/2.4.STABLE7)HTTP_X_FORWARDED_FOR = 194.115.5.5
Anonymity at work in Internet is determined by what environment variables "hide" from a web-server.
If a proxy server is not used, then environment variables look in the following way:
REMOTE_ADDR = your IPHTTP_VIA = not determinedHTTP_X_FORWARDED_FOR = not determined
According to how environment variables "hided" by proxy servers, there are several types of proxiesTransparent Proxies
They do not hide information about your IP address:
REMOTE_ADDR = proxy IPHTTP_VIA = proxy IPHTTP_X_FORWARDED_FOR = your IP
The function of such proxy servers is not the improvement of your anonymity in Internet. Their purpose is information cashing, organization of joint access to Internet of several computers, etc.Anonymous Proxies
All proxy servers, that hide a client?s IP address in any way are called anonymous proxies
Simple Anonymous Proxies
These proxy servers do not hide a fact that a proxy is used, however they replace your IP with its own:REMOTE_ADDR = proxy IPHTTP_VIA = proxy IPHTTP_X_FORWARDED_FOR = proxy IP
These proxies are the most widespread among other anonymous proxy servers.
Distorting Proxies
As well as simple anonymous proxy servers these proxies do not hide the fact that a proxy server is used. However a client?s IP address (your IP address) is replaced with another (arbitrary, random) IP:
REMOTE_ADDR = proxy IPHTTP_VIA = proxy IPHTTP_X_FORWARDED_FOR = random IP addressHigh Anonymity Proxies
These proxy servers are also called "high anonymity proxy". In contrast to other types of anonymity proxy servers they hide a fact of using a proxy:
REMOTE_ADDR = proxy IPHTTP_VIA = not determinedHTTP_X_FORWARDED_FOR = not determined
That means that values of variables are the same as if proxy is not used, with the exception of one very important thing ? proxy IP is used instead of your IP address.Summary
Depending on purposes there are transparent and anonymity proxies. However, remember, using proxy servers you hide only your IP from a web-server, but other information (about browser configuration) is accessible!
All About Spywares
There are a lot of PC users that know little about "Spyware", "Mal-ware", "hijackers", "Dialers" & many more. This will help you avoid pop-ups, spammers and all those baddies.
What is spy-ware?Spy-ware is Internet jargon for Advertising Supported software (Ad-ware). It is a way for shareware authors to make money from a product, other than by selling it to the users. There are several large media companies that offer them to place banner ads in their products in exchange for a portion of the revenue from banner sales. This way, you don't have to pay for the software and the developers are still getting paid. If you find the banners annoying, there is usually an option to remove them, by paying the regular licensing fee.
Known spywaresThere are thousands out there, new ones are added to the list everyday. But here are a few:Alexa, Aureate/Radiate, BargainBuddy, ClickTillUWin, Conducent Timesink, Cydoor, Comet Cursor, eZula/KaZaa Toptext, Flashpoint/Flashtrack, Flyswat, Gator, GoHip, Hotbar, ISTbar, Lions Pride Enterprises/Blazing Logic/Trek Blue, Lop (C2Media), Mattel Brodcast, Morpheus, NewDotNet, Realplayer, Songspy, Xupiter, Web3000, WebHancer, Windows Messenger Service.
How to check if a program has spyware?The is this Little site that keeps a database of programs that are known to install spyware.
Check Here: http://www.spywareguide.com/product_search.php
If you would like to block pop-ups (IE Pop-ups).There tons of different types out there, but these are the 2 best, i think.
Try: Google Toolbar (http://toolbar.google.com/) This program is FreeTry: AdMuncher (http://www.admuncher.com) This program is Shareware
If you want to remove the "spyware" try these.Try: Lavasoft Ad-Aware (http://www.lavasoftusa.com/) This program is FreeInfo: Ad-aware is a multi spyware removal utility, that scans your memory, registry and hard drives for known spyware components and lets you remove them. The included backup-manager lets you reinstall a backup, offers and multi language support.
Try: Spybot-S&D (http://www.safer-networking.org/) This program is FreeInfo: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer. Blocks ActiveX downloads, tracking cookies and other threats. Over 10,000 detection files and entries. Provides detailed information about found problems.
Try: BPS Spyware and Adware Remover (http://www.bulletproofsoft.com/spyware-remover.html) This program is SharewareInfo: Adware, spyware, trackware and big brotherware removal utility with multi-language support. It scans your memory, registry and drives for known spyware and lets you remove them. Displays a list and lets you select the items you'd like to remove.
Try: Spy Sweeper v2.2 (http://www.webroot.com/wb/products/spysweeper/index.php) This program is SharewareInfo: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer.The best scanner out there, and updated all the time.
Try: HijackThis 1.97.7 (http://www.spywareinfo.com/~merijn/downloads.html) This program is FreewareInfo: HijackThis is a tool, that lists all installed browser add-on, buttons, startup items and allows you to inspect them, and optionally remove selected items.
If you would like to prevent "spyware" being install.Try: SpywareBlaster 2.6.1 (http://www.wilderssecurity.net/spywareblaster.html) This program is FreeInfo: SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It achieves this by disabling the CLSIDs of popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.
Try: SpywareGuard 2.2 (http://www.wilderssecurity.net/spywareguard.html) This program is FreeInfo: SpywareGuard provides a real-time protection solution against so-called spyware. It works similar to an anti-virus program, by scanning EXE and CAB files on access and alerting you if known spyware is detected.
Try: XP-AntiSpy (http://www.xp-antispy.org/) This program is FreeInfo: XP-AntiSpy is a small utility to quickly disable some built-in update and authentication features in WindowsXP that may rise security or privacy concerns in some people.
Try: SpySites (http://camtech2000.net/Pages/SpySites_Prog...ml#SpySitesFree) This program is FreeInfo: SpySites allows you to manage the Internet Explorer Restricted Zone settings and easily add entries from a database of 1500+ sites that are known to use advertising tracking methods or attempt to install third party software.
If you would like more Information about "spyware".Check these sites.http://www.spychecker.com/http://www.spywareguide.com/http://www.cexx.org/adware.htmhttp://www.theinfomaniac.net/infomaniac/co...rsSpyware.shtmlhttp://www.thiefware.com/links/http://simplythebest.net/info/spyware.html
Usefull tools...Try: Stop Windows Messenger Spam 1.10 (http://www.jester2k.pwp.blueyonder.co.uk/j...r2ksoftware.htm) This program is FreeInfo: "Stop Windows Messenger Spam" stops this Service from running and halts the spammers ability to send you these messages.
----------------------------------------------------------------------------All these softwares will help remove and prevent evil spammers and spywares attacking your PC. I myself recommend getting "spyblaster" "s&d spybot" "spy sweeper" & "admuncher" to protect your PC. A weekly scan is also recommended
Free Virus ScanScan for spyware, malware and keyloggers in addition to viruses, worms and trojans. New threats and annoyances are created faster than any individual can keep up with.http://defender.veloz.com// - 15k
Finding . is a Click Away at 2020Search.comHaving trouble finding what you re looking for on: .? 2020Search will instantly provide you with the result you re looking for by drawing on some of the best search engines the Internet has to offer. Your result is a click away!http://www.2020search.com// - 43k
Download the BrowserVillage Toolbar.Customize your Browser! Eliminate Pop-up ads before they start, Quick and easy access to the Web, and much more. Click Here to Install Now!http://www.browservillage.com/ - 36k
What is spy-ware?Spy-ware is Internet jargon for Advertising Supported software (Ad-ware). It is a way for shareware authors to make money from a product, other than by selling it to the users. There are several large media companies that offer them to place banner ads in their products in exchange for a portion of the revenue from banner sales. This way, you don't have to pay for the software and the developers are still getting paid. If you find the banners annoying, there is usually an option to remove them, by paying the regular licensing fee.
Known spywaresThere are thousands out there, new ones are added to the list everyday. But here are a few:Alexa, Aureate/Radiate, BargainBuddy, ClickTillUWin, Conducent Timesink, Cydoor, Comet Cursor, eZula/KaZaa Toptext, Flashpoint/Flashtrack, Flyswat, Gator, GoHip, Hotbar, ISTbar, Lions Pride Enterprises/Blazing Logic/Trek Blue, Lop (C2Media), Mattel Brodcast, Morpheus, NewDotNet, Realplayer, Songspy, Xupiter, Web3000, WebHancer, Windows Messenger Service.
How to check if a program has spyware?The is this Little site that keeps a database of programs that are known to install spyware.
Check Here: http://www.spywareguide.com/product_search.php
If you would like to block pop-ups (IE Pop-ups).There tons of different types out there, but these are the 2 best, i think.
Try: Google Toolbar (http://toolbar.google.com/) This program is FreeTry: AdMuncher (http://www.admuncher.com) This program is Shareware
If you want to remove the "spyware" try these.Try: Lavasoft Ad-Aware (http://www.lavasoftusa.com/) This program is FreeInfo: Ad-aware is a multi spyware removal utility, that scans your memory, registry and hard drives for known spyware components and lets you remove them. The included backup-manager lets you reinstall a backup, offers and multi language support.
Try: Spybot-S&D (http://www.safer-networking.org/) This program is FreeInfo: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer. Blocks ActiveX downloads, tracking cookies and other threats. Over 10,000 detection files and entries. Provides detailed information about found problems.
Try: BPS Spyware and Adware Remover (http://www.bulletproofsoft.com/spyware-remover.html) This program is SharewareInfo: Adware, spyware, trackware and big brotherware removal utility with multi-language support. It scans your memory, registry and drives for known spyware and lets you remove them. Displays a list and lets you select the items you'd like to remove.
Try: Spy Sweeper v2.2 (http://www.webroot.com/wb/products/spysweeper/index.php) This program is SharewareInfo: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer.The best scanner out there, and updated all the time.
Try: HijackThis 1.97.7 (http://www.spywareinfo.com/~merijn/downloads.html) This program is FreewareInfo: HijackThis is a tool, that lists all installed browser add-on, buttons, startup items and allows you to inspect them, and optionally remove selected items.
If you would like to prevent "spyware" being install.Try: SpywareBlaster 2.6.1 (http://www.wilderssecurity.net/spywareblaster.html) This program is FreeInfo: SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It achieves this by disabling the CLSIDs of popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.
Try: SpywareGuard 2.2 (http://www.wilderssecurity.net/spywareguard.html) This program is FreeInfo: SpywareGuard provides a real-time protection solution against so-called spyware. It works similar to an anti-virus program, by scanning EXE and CAB files on access and alerting you if known spyware is detected.
Try: XP-AntiSpy (http://www.xp-antispy.org/) This program is FreeInfo: XP-AntiSpy is a small utility to quickly disable some built-in update and authentication features in WindowsXP that may rise security or privacy concerns in some people.
Try: SpySites (http://camtech2000.net/Pages/SpySites_Prog...ml#SpySitesFree) This program is FreeInfo: SpySites allows you to manage the Internet Explorer Restricted Zone settings and easily add entries from a database of 1500+ sites that are known to use advertising tracking methods or attempt to install third party software.
If you would like more Information about "spyware".Check these sites.http://www.spychecker.com/http://www.spywareguide.com/http://www.cexx.org/adware.htmhttp://www.theinfomaniac.net/infomaniac/co...rsSpyware.shtmlhttp://www.thiefware.com/links/http://simplythebest.net/info/spyware.html
Usefull tools...Try: Stop Windows Messenger Spam 1.10 (http://www.jester2k.pwp.blueyonder.co.uk/j...r2ksoftware.htm) This program is FreeInfo: "Stop Windows Messenger Spam" stops this Service from running and halts the spammers ability to send you these messages.
----------------------------------------------------------------------------All these softwares will help remove and prevent evil spammers and spywares attacking your PC. I myself recommend getting "spyblaster" "s&d spybot" "spy sweeper" & "admuncher" to protect your PC. A weekly scan is also recommended
Free Virus ScanScan for spyware, malware and keyloggers in addition to viruses, worms and trojans. New threats and annoyances are created faster than any individual can keep up with.http://defender.veloz.com// - 15k
Finding . is a Click Away at 2020Search.comHaving trouble finding what you re looking for on: .? 2020Search will instantly provide you with the result you re looking for by drawing on some of the best search engines the Internet has to offer. Your result is a click away!http://www.2020search.com// - 43k
Download the BrowserVillage Toolbar.Customize your Browser! Eliminate Pop-up ads before they start, Quick and easy access to the Web, and much more. Click Here to Install Now!http://www.browservillage.com/ - 36k
How To Setup FTP / FTO Setup Tutorial
Well, since many of us have always wondered this, here it is. Long and drawn out. Also, before attempting this, realize one thing; You will have to give up your time, effort, bandwidth, and security to have a quality ftp server.That being said, here it goes. First of all, find out if your IP (Internet Protocol) is static (not changing) or dynamic (changes everytime you log on). To do this, first consider the fact if you have a dial up modem. If you do, chances are about 999 999 out of 1 000 000 that your IP is dynamic. To make it static, just go to a place like h*tp://www.myftp.org/ to register for a static ip address.
You'll then need to get your IP. This can be done by doing this:Going to Start -> Run -> winipcfg or www.ask.com and asking 'What is my IP?'
After doing so, you'll need to download an FTP server client. Personally, I'd recommend G6 FTP Server, Serv-U FTPor Bullitproof v2.15 all three of which are extremely reliable, and the norm of the ftp world.You can download them on this site: h*tp://www.liaokai.com/softw_en/d_index.htm
First, you'll have to set up your ftp. For this guide, I will use step-by-step instructions for G6. First, you'll have to go into 'Setup -> General'. From here, type in your port # (default is 21). I recommend something unique, or something a bit larger (ex: 3069). If you want to, check the number of max users (this sets the amount of simultaneous maximum users on your server at once performing actions - The more on at once, the slower the connection and vice versa).
The below options are then chooseable:-Launch with windows-Activate FTP Server on Start-up-Put into tray on startup-Allow multiple instances-Show "Loading..." status at startup-Scan drive(s) at startup-Confirm exit
You can do what you want with these, as they are pretty self explanatory. The scan drive feature is nice, as is the 2nd and the last option. From here, click the 'options' text on the left column.
To protect your server, you should check 'login check' and 'password check', 'Show relative path (a must!)', and any other options you feel you'll need. After doing so, click the 'advanced' text in the left column. You should then leave the buffer size on the default (unless of course you know what you're doing ), and then allow the type of ftp you want.
Uploading and downloading is usually good, but it's up to you if you want to allow uploads and/or downloads. For the server priority, that will determine how much conventional memory will be used and how much 'effort' will go into making your server run smoothly.
Anti-hammering is also good, as it prevents people from slowing down your speed. From here, click 'Log Options' from the left column. If you would like to see and record every single command and clutter up your screen, leave the defaults.
But, if you would like to see what is going on with the lowest possible space taken, click 'Screen' in the top column. You should then check off 'Log successful logins', and all of the options in the client directry, except 'Log directory changes'. After doing so, click 'Ok' in the bottom left corner.
You will then have to go into 'Setup -> User Accounts' (or ctrl & u). From here, you should click on the right most column, and right click. Choose 'Add', and choose the username(s) you would like people to have access to.
After giving a name (ex: themoonlanding), you will have to give them a set password in the bottom column (ex: wasfaked). For the 'Home IP' directory, (if you registered with a static server, check 'All IP Homes'. If your IP is static by default, choose your IP from the list. You will then have to right click in the very center column, and choose 'Add'.
From here, you will have to set the directory you want the people to have access to. After choosing the directory, I suggest you choose the options 'Read', 'List', and 'Subdirs', unless of course you know what you're doing . After doing so, make an 'upload' folder in the directory, and choose to 'add' this folder seperately to the center column. Choose 'write', 'append', 'make', 'list', and 'subdirs'. This will allow them to upload only to specific folders (your upload folder).
Now click on 'Miscellaneous' from the left column. Choose 'enable account', your time-out (how long it takes for people to remain idle before you automatically kick them off), the maximum number of users for this name, the maximum number of connections allowed simultaneously for one ip address, show relative path (a must!), and any other things at the bottom you'd like to have. Now click 'Ok'.**Requested**
From this main menu, click the little boxing glove icon in the top corner, and right click and unchoose the hit-o-meter for both uploads and downloads (with this you can monitor IP activity). Now click the lightning bolt, and your server is now up and running.
Post your ftp info, like this:
213.10.93.141 (or something else, such as: 'f*p://example.getmyip.com')
User: *** (The username of the client)
Pass: *** (The password)
Port: *** (The port number you chose)
So make a FTP and join the FTP section
Listing The Contents Of A Ftp:
Listing the content of a FTP is very simple.You will need FTP Content Maker, which can be downloaded from here:ht*p://www.etplanet.com/download/application/FTP%20Content%20Maker%201.02.zip
1. Put in the IP of the server. Do not put "ftp://" or a "/" because it will not work if you do so.2. Put in the port. If the port is the default number, 21, you do not have to enter it.3. Put in the username and password in the appropriate fields. If the login is anonymous, you do not have to enter it.4. If you want to list a specific directory of the FTP, place it in the directory field. Otherwise, do not enter anything in the directory field.5. Click "Take the List!"6. After the list has been taken, click the UBB output tab, and copy and paste to wherever you want it.
If FTP Content Maker is not working, it is probably because the server does not utilize Serv-U Software.
If you get this error message:StatusCode = 550LastResponse was : 'Unable to open local file test-ftp'Error = 550 (Unable to open local file test-ftp)Error = Unable to open local file test-ftp = 550Close and restart FTP Content Maker, then try again.
error messages:
110 Restart marker reply. In this case, the text is exact and not left to the particular implementation; it must read: MARK yyyy = mmmm Where yyyy is User-process data stream marker, and mmmm server's equivalent marker (note the spaces between markers and "=").120 Service ready in nnn minutes.125 Data connection already open; transfer starting.150 File status okay; about to open data connection.200 Command okay.202 Command not implemented, superfluous at this site.211 System status, or system help reply.212 Directory status.213 File status.214 Help message. On how to use the server or the meaning of a particular non-standard command. This reply is useful only to the human user.215 NAME system type. Where NAME is an official system name from the list in the Assigned Numbers document.220 Service ready for new user.221 Service closing control connection. Logged out if appropriate.225 Data connection open; no transfer in progress.226 Closing data connection. Requested file action successful (for example, file transfer or file abort).227 Entering Passive Mode (h1,h2,h3,h4,p1,p2).230 User logged in, proceed.250 Requested file action okay, completed.257 "PATHNAME" created.331 User name okay, need password.332 Need account for login.350 Requested file action pending further information.421 Too many users logged to the same account425 Can't open data connection.426 Connection closed; transfer aborted.450 Requested file action not taken. File unavailable (e.g., file busy).451 Requested action aborted: local error in processing.452 Requested action not taken. Insufficient storage space in system.500 Syntax error, command unrecognized. This may include errors such as command line too long.501 Syntax error in parameters or arguments.502 Command not implemented.503 Bad sequence of commands.504 Command not implemented for that parameter.530 Not logged in.532 Need account for storing files.550 Requested action not taken. File unavailable (e.g., file not found, no access).551 Requested action aborted: page type unknown.552 Requested file action aborted. Exceeded storage allocation (for current directory or dataset).553 Requested action not taken. File name not allowed.
Active FTP vs. Passive FTP, a Definitive Explanation
IntroductionOne of the most commonly seen questions when dealing with firewalls and other Internet connectivity issues is the difference between active and passive FTP and how best to support either or both of them. Hopefully the following text will help to clear up some of the confusion over how to support FTP in a firewalled environment.
This may not be the definitive explanation, as the title claims, however, I've heard enough good feedback and seen this document linked in enough places to know that quite a few people have found it to be useful. I am always looking for ways to improve things though, and if you find something that is not quite clear or needs more explanation, please let me know! Recent additions to this document include the examples of both active and passive command line FTP sessions. These session examples should help make things a bit clearer. They also provide a nice picture into what goes on behind the scenes during an FTP session. Now, on to the information...
The BasicsFTP is a TCP based service exclusively. There is no UDP component to FTP. FTP is an unusual service in that it utilizes two ports, a 'data' port and a 'command' port (also known as the control port). Traditionally these are port 21 for the command port and port 20 for the data port. The confusion begins however, when we find that depending on the mode, the data port is not always on port 20.
Active FTPIn active mode FTP the client connects from a random unprivileged port (N > 1024) to the FTP server's command port, port 21. Then, the client starts listening to port N+1 and sends the FTP command PORT N+1 to the FTP server. The server will then connect back to the client's specified data port from its local data port, which is port 20.
From the server-side firewall's standpoint, to support active mode FTP the following communication channels need to be opened:
FTP server's port 21 from anywhere (Client initiates connection)FTP server's port 21 to ports > 1024 (Server responds to client's control port)FTP server's port 20 to ports > 1024 (Server initiates data connection to client's data port)FTP server's port 20 from ports > 1024 (Client sends ACKs to server's data port)
In step 1, the client's command port contacts the server's command port and sends the command PORT 1027. The server then sends an ACK back to the client's command port in step 2. In step 3 the server initiates a connection on its local data port to the data port the client specified earlier. Finally, the client sends an ACK back as shown in step 4.
The main problem with active mode FTP actually falls on the client side. The FTP client doesn't make the actual connection to the data port of the server--it simply tells the server what port it is listening on and the server connects back to the specified port on the client. From the client side firewall this appears to be an outside system initiating a connection to an internal client--something that is usually blocked.
Active FTP ExampleBelow is an actual example of an active FTP session. The only things that have been changed are the server names, IP addresses, and user names. In this example an FTP session is initiated from testbox1.slacksite.com (192.168.150.80), a linux box running the standard FTP command line client, to testbox2.slacksite.com (192.168.150.90), a linux box running ProFTPd 1.2.2RC2. The debugging (-d) flag is used with the FTP client to show what is going on behind the scenes. Everything in red is the debugging output which shows the actual FTP commands being sent to the server and the responses generated from those commands. Normal server output is shown in black, and user input is in bold.
There are a few interesting things to consider about this dialog. Notice that when the PORT command is issued, it specifies a port on the client (192.168.150.80) system, rather than the server. We will see the opposite behavior when we use passive FTP. While we are on the subject, a quick note about the format of the PORT command. As you can see in the example below it is formatted as a series of six numbers separated by commas. The first four octets are the IP address while the second two octets comprise the port that will be used for the data connection. To find the actual port multiply the fifth octet by 256 and then add the sixth octet to the total. Thus in the example below the port number is ( (14*256) + 178), or 3762. A quick check with netstat should confirm this information.
testbox1: {/home/p-t/slacker/public_html} % ftp -d testbox2Connected to testbox2.slacksite.com.220 testbox2.slacksite.com FTP server ready.Name (testbox2:slacker): slacker---> USER slacker331 Password required for slacker.Password: TmpPass---> PASS XXXX230 User slacker logged in.---> SYST215 UNIX Type: L8Remote system type is UNIX.Using binary mode to transfer files.ftp> lsftp: setsockopt (ignored): Permission denied---> PORT 192,168,150,80,14,178200 PORT command successful.---> LIST150 Opening ASCII mode data connection for file list.drwx------ 3 slacker users 104 Jul 27 01:45 public_html226 Transfer complete.ftp> quit---> QUIT221 Goodbye.
Passive FTPIn order to resolve the issue of the server initiating the connection to the client a different method for FTP connections was developed. This was known as passive mode, or PASV, after the command used by the client to tell the server it is in passive mode.
In passive mode FTP the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server. When opening an FTP connection, the client opens two random unprivileged ports locally (N > 1024 and N+1). The first port contacts the server on port 21, but instead of then issuing a PORT command and allowing the server to connect back to its data port, the client will issue the PASV command. The result of this is that the server then opens a random unprivileged port (P > 1024) and sends the PORT P command back to the client. The client then initiates the connection from port N+1 to port P on the server to transfer data.
From the server-side firewall's standpoint, to support passive mode FTP the following communication channels need to be opened:
FTP server's port 21 from anywhere (Client initiates connection)FTP server's port 21 to ports > 1024 (Server responds to client's control port)FTP server's ports > 1024 from anywhere (Client initiates data connection to random port specified by server)FTP server's ports > 1024 to remote ports > 1024 (Server sends ACKs (and data) to client's data port)
In step 1, the client contacts the server on the command port and issues the PASV command. The server then replies in step 2 with PORT 2024, telling the client which port it is listening to for the data connection. In step 3 the client then initiates the data connection from its data port to the specified server data port. Finally, the server sends back an ACK in step 4 to the client's data port.
While passive mode FTP solves many of the problems from the client side, it opens up a whole range of problems on the server side. The biggest issue is the need to allow any remote connection to high numbered ports on the server. Fortunately, many FTP daemons, including the popular WU-FTPD allow the administrator to specify a range of ports which the FTP server will use. See Appendix 1 for more information.
The second issue involves supporting and troubleshooting clients which do (or do not) support passive mode. As an example, the command line FTP utility provided with Solaris does not support passive mode, necessitating a third-party FTP client, such as ncftp.
With the massive popularity of the World Wide Web, many people prefer to use their web browser as an FTP client. Most browsers only support passive mode when accessing ftp:// URLs. This can either be good or bad depending on what the servers and firewalls are configured to support.
Passive FTP ExampleBelow is an actual example of a passive FTP session. The only things that have been changed are the server names, IP addresses, and user names. In this example an FTP session is initiated from testbox1.slacksite.com (192.168.150.80), a linux box running the standard FTP command line client, to testbox2.slacksite.com (192.168.150.90), a linux box running ProFTPd 1.2.2RC2. The debugging (-d) flag is used with the FTP client to show what is going on behind the scenes. Everything in red is the debugging output which shows the actual FTP commands being sent to the server and the responses generated from those commands. Normal server output is shown in black, and user input is in bold.
Notice the difference in the PORT command in this example as opposed to the active FTP example. Here, we see a port being opened on the server (192.168.150.90) system, rather than the client. See the discussion about the format of the PORT command above, in the Active FTP Example section.
testbox1: {/home/p-t/slacker/public_html} % ftp -d testbox2Connected to testbox2.slacksite.com.220 testbox2.slacksite.com FTP server ready.Name (testbox2:slacker): slacker---> USER slacker331 Password required for slacker.Password: TmpPass---> PASS XXXX230 User slacker logged in.---> SYST215 UNIX Type: L8Remote system type is UNIX.Using binary mode to transfer files.ftp> passivePassive mode on.ftp> lsftp: setsockopt (ignored): Permission denied---> PASV227 Entering Passive Mode (192,168,150,90,195,149).---> LIST150 Opening ASCII mode data connection for file listdrwx------ 3 slacker users 104 Jul 27 01:45 public_html226 Transfer complete.ftp> quit---> QUIT221 Goodbye.
SummaryThe following chart should help admins remember how each FTP mode works:
Active FTP :command : client >1024 -> server 21data : client >1024 <- server 20
Passive FTP :command : client >1024 -> server 21data : client >1024 -> server >1024
A quick summary of the pros and cons of active vs. passive FTP is also in order:
Active FTP is beneficial to the FTP server admin, but detrimental to the client side admin. The FTP server attempts to make connections to random high ports on the client, which would almost certainly be blocked by a firewall on the client side. Passive FTP is beneficial to the client, but detrimental to the FTP server admin. The client will make both connections to the server, but one of them will be to a random high port, which would almost certainly be blocked by a firewall on the server side.
Luckily, there is somewhat of a compromise. Since admins running FTP servers will need to make their servers accessible to the greatest number of clients, they will almost certainly need to support passive FTP. The exposure of high level ports on the server can be minimized by specifying a limited port range for the FTP server to use. Thus, everything except for this range of ports can be firewalled on the server side. While this doesn't eliminate all risk to the server, it decreases it tremendously.
You'll then need to get your IP. This can be done by doing this:Going to Start -> Run -> winipcfg or www.ask.com and asking 'What is my IP?'
After doing so, you'll need to download an FTP server client. Personally, I'd recommend G6 FTP Server, Serv-U FTPor Bullitproof v2.15 all three of which are extremely reliable, and the norm of the ftp world.You can download them on this site: h*tp://www.liaokai.com/softw_en/d_index.htm
First, you'll have to set up your ftp. For this guide, I will use step-by-step instructions for G6. First, you'll have to go into 'Setup -> General'. From here, type in your port # (default is 21). I recommend something unique, or something a bit larger (ex: 3069). If you want to, check the number of max users (this sets the amount of simultaneous maximum users on your server at once performing actions - The more on at once, the slower the connection and vice versa).
The below options are then chooseable:-Launch with windows-Activate FTP Server on Start-up-Put into tray on startup-Allow multiple instances-Show "Loading..." status at startup-Scan drive(s) at startup-Confirm exit
You can do what you want with these, as they are pretty self explanatory. The scan drive feature is nice, as is the 2nd and the last option. From here, click the 'options' text on the left column.
To protect your server, you should check 'login check' and 'password check', 'Show relative path (a must!)', and any other options you feel you'll need. After doing so, click the 'advanced' text in the left column. You should then leave the buffer size on the default (unless of course you know what you're doing ), and then allow the type of ftp you want.
Uploading and downloading is usually good, but it's up to you if you want to allow uploads and/or downloads. For the server priority, that will determine how much conventional memory will be used and how much 'effort' will go into making your server run smoothly.
Anti-hammering is also good, as it prevents people from slowing down your speed. From here, click 'Log Options' from the left column. If you would like to see and record every single command and clutter up your screen, leave the defaults.
But, if you would like to see what is going on with the lowest possible space taken, click 'Screen' in the top column. You should then check off 'Log successful logins', and all of the options in the client directry, except 'Log directory changes'. After doing so, click 'Ok' in the bottom left corner.
You will then have to go into 'Setup -> User Accounts' (or ctrl & u). From here, you should click on the right most column, and right click. Choose 'Add', and choose the username(s) you would like people to have access to.
After giving a name (ex: themoonlanding), you will have to give them a set password in the bottom column (ex: wasfaked). For the 'Home IP' directory, (if you registered with a static server, check 'All IP Homes'. If your IP is static by default, choose your IP from the list. You will then have to right click in the very center column, and choose 'Add'.
From here, you will have to set the directory you want the people to have access to. After choosing the directory, I suggest you choose the options 'Read', 'List', and 'Subdirs', unless of course you know what you're doing . After doing so, make an 'upload' folder in the directory, and choose to 'add' this folder seperately to the center column. Choose 'write', 'append', 'make', 'list', and 'subdirs'. This will allow them to upload only to specific folders (your upload folder).
Now click on 'Miscellaneous' from the left column. Choose 'enable account', your time-out (how long it takes for people to remain idle before you automatically kick them off), the maximum number of users for this name, the maximum number of connections allowed simultaneously for one ip address, show relative path (a must!), and any other things at the bottom you'd like to have. Now click 'Ok'.**Requested**
From this main menu, click the little boxing glove icon in the top corner, and right click and unchoose the hit-o-meter for both uploads and downloads (with this you can monitor IP activity). Now click the lightning bolt, and your server is now up and running.
Post your ftp info, like this:
213.10.93.141 (or something else, such as: 'f*p://example.getmyip.com')
User: *** (The username of the client)
Pass: *** (The password)
Port: *** (The port number you chose)
So make a FTP and join the FTP section
Listing The Contents Of A Ftp:
Listing the content of a FTP is very simple.You will need FTP Content Maker, which can be downloaded from here:ht*p://www.etplanet.com/download/application/FTP%20Content%20Maker%201.02.zip
1. Put in the IP of the server. Do not put "ftp://" or a "/" because it will not work if you do so.2. Put in the port. If the port is the default number, 21, you do not have to enter it.3. Put in the username and password in the appropriate fields. If the login is anonymous, you do not have to enter it.4. If you want to list a specific directory of the FTP, place it in the directory field. Otherwise, do not enter anything in the directory field.5. Click "Take the List!"6. After the list has been taken, click the UBB output tab, and copy and paste to wherever you want it.
If FTP Content Maker is not working, it is probably because the server does not utilize Serv-U Software.
If you get this error message:StatusCode = 550LastResponse was : 'Unable to open local file test-ftp'Error = 550 (Unable to open local file test-ftp)Error = Unable to open local file test-ftp = 550Close and restart FTP Content Maker, then try again.
error messages:
110 Restart marker reply. In this case, the text is exact and not left to the particular implementation; it must read: MARK yyyy = mmmm Where yyyy is User-process data stream marker, and mmmm server's equivalent marker (note the spaces between markers and "=").120 Service ready in nnn minutes.125 Data connection already open; transfer starting.150 File status okay; about to open data connection.200 Command okay.202 Command not implemented, superfluous at this site.211 System status, or system help reply.212 Directory status.213 File status.214 Help message. On how to use the server or the meaning of a particular non-standard command. This reply is useful only to the human user.215 NAME system type. Where NAME is an official system name from the list in the Assigned Numbers document.220 Service ready for new user.221 Service closing control connection. Logged out if appropriate.225 Data connection open; no transfer in progress.226 Closing data connection. Requested file action successful (for example, file transfer or file abort).227 Entering Passive Mode (h1,h2,h3,h4,p1,p2).230 User logged in, proceed.250 Requested file action okay, completed.257 "PATHNAME" created.331 User name okay, need password.332 Need account for login.350 Requested file action pending further information.421 Too many users logged to the same account425 Can't open data connection.426 Connection closed; transfer aborted.450 Requested file action not taken. File unavailable (e.g., file busy).451 Requested action aborted: local error in processing.452 Requested action not taken. Insufficient storage space in system.500 Syntax error, command unrecognized. This may include errors such as command line too long.501 Syntax error in parameters or arguments.502 Command not implemented.503 Bad sequence of commands.504 Command not implemented for that parameter.530 Not logged in.532 Need account for storing files.550 Requested action not taken. File unavailable (e.g., file not found, no access).551 Requested action aborted: page type unknown.552 Requested file action aborted. Exceeded storage allocation (for current directory or dataset).553 Requested action not taken. File name not allowed.
Active FTP vs. Passive FTP, a Definitive Explanation
IntroductionOne of the most commonly seen questions when dealing with firewalls and other Internet connectivity issues is the difference between active and passive FTP and how best to support either or both of them. Hopefully the following text will help to clear up some of the confusion over how to support FTP in a firewalled environment.
This may not be the definitive explanation, as the title claims, however, I've heard enough good feedback and seen this document linked in enough places to know that quite a few people have found it to be useful. I am always looking for ways to improve things though, and if you find something that is not quite clear or needs more explanation, please let me know! Recent additions to this document include the examples of both active and passive command line FTP sessions. These session examples should help make things a bit clearer. They also provide a nice picture into what goes on behind the scenes during an FTP session. Now, on to the information...
The BasicsFTP is a TCP based service exclusively. There is no UDP component to FTP. FTP is an unusual service in that it utilizes two ports, a 'data' port and a 'command' port (also known as the control port). Traditionally these are port 21 for the command port and port 20 for the data port. The confusion begins however, when we find that depending on the mode, the data port is not always on port 20.
Active FTPIn active mode FTP the client connects from a random unprivileged port (N > 1024) to the FTP server's command port, port 21. Then, the client starts listening to port N+1 and sends the FTP command PORT N+1 to the FTP server. The server will then connect back to the client's specified data port from its local data port, which is port 20.
From the server-side firewall's standpoint, to support active mode FTP the following communication channels need to be opened:
FTP server's port 21 from anywhere (Client initiates connection)FTP server's port 21 to ports > 1024 (Server responds to client's control port)FTP server's port 20 to ports > 1024 (Server initiates data connection to client's data port)FTP server's port 20 from ports > 1024 (Client sends ACKs to server's data port)
In step 1, the client's command port contacts the server's command port and sends the command PORT 1027. The server then sends an ACK back to the client's command port in step 2. In step 3 the server initiates a connection on its local data port to the data port the client specified earlier. Finally, the client sends an ACK back as shown in step 4.
The main problem with active mode FTP actually falls on the client side. The FTP client doesn't make the actual connection to the data port of the server--it simply tells the server what port it is listening on and the server connects back to the specified port on the client. From the client side firewall this appears to be an outside system initiating a connection to an internal client--something that is usually blocked.
Active FTP ExampleBelow is an actual example of an active FTP session. The only things that have been changed are the server names, IP addresses, and user names. In this example an FTP session is initiated from testbox1.slacksite.com (192.168.150.80), a linux box running the standard FTP command line client, to testbox2.slacksite.com (192.168.150.90), a linux box running ProFTPd 1.2.2RC2. The debugging (-d) flag is used with the FTP client to show what is going on behind the scenes. Everything in red is the debugging output which shows the actual FTP commands being sent to the server and the responses generated from those commands. Normal server output is shown in black, and user input is in bold.
There are a few interesting things to consider about this dialog. Notice that when the PORT command is issued, it specifies a port on the client (192.168.150.80) system, rather than the server. We will see the opposite behavior when we use passive FTP. While we are on the subject, a quick note about the format of the PORT command. As you can see in the example below it is formatted as a series of six numbers separated by commas. The first four octets are the IP address while the second two octets comprise the port that will be used for the data connection. To find the actual port multiply the fifth octet by 256 and then add the sixth octet to the total. Thus in the example below the port number is ( (14*256) + 178), or 3762. A quick check with netstat should confirm this information.
testbox1: {/home/p-t/slacker/public_html} % ftp -d testbox2Connected to testbox2.slacksite.com.220 testbox2.slacksite.com FTP server ready.Name (testbox2:slacker): slacker---> USER slacker331 Password required for slacker.Password: TmpPass---> PASS XXXX230 User slacker logged in.---> SYST215 UNIX Type: L8Remote system type is UNIX.Using binary mode to transfer files.ftp> lsftp: setsockopt (ignored): Permission denied---> PORT 192,168,150,80,14,178200 PORT command successful.---> LIST150 Opening ASCII mode data connection for file list.drwx------ 3 slacker users 104 Jul 27 01:45 public_html226 Transfer complete.ftp> quit---> QUIT221 Goodbye.
Passive FTPIn order to resolve the issue of the server initiating the connection to the client a different method for FTP connections was developed. This was known as passive mode, or PASV, after the command used by the client to tell the server it is in passive mode.
In passive mode FTP the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server. When opening an FTP connection, the client opens two random unprivileged ports locally (N > 1024 and N+1). The first port contacts the server on port 21, but instead of then issuing a PORT command and allowing the server to connect back to its data port, the client will issue the PASV command. The result of this is that the server then opens a random unprivileged port (P > 1024) and sends the PORT P command back to the client. The client then initiates the connection from port N+1 to port P on the server to transfer data.
From the server-side firewall's standpoint, to support passive mode FTP the following communication channels need to be opened:
FTP server's port 21 from anywhere (Client initiates connection)FTP server's port 21 to ports > 1024 (Server responds to client's control port)FTP server's ports > 1024 from anywhere (Client initiates data connection to random port specified by server)FTP server's ports > 1024 to remote ports > 1024 (Server sends ACKs (and data) to client's data port)
In step 1, the client contacts the server on the command port and issues the PASV command. The server then replies in step 2 with PORT 2024, telling the client which port it is listening to for the data connection. In step 3 the client then initiates the data connection from its data port to the specified server data port. Finally, the server sends back an ACK in step 4 to the client's data port.
While passive mode FTP solves many of the problems from the client side, it opens up a whole range of problems on the server side. The biggest issue is the need to allow any remote connection to high numbered ports on the server. Fortunately, many FTP daemons, including the popular WU-FTPD allow the administrator to specify a range of ports which the FTP server will use. See Appendix 1 for more information.
The second issue involves supporting and troubleshooting clients which do (or do not) support passive mode. As an example, the command line FTP utility provided with Solaris does not support passive mode, necessitating a third-party FTP client, such as ncftp.
With the massive popularity of the World Wide Web, many people prefer to use their web browser as an FTP client. Most browsers only support passive mode when accessing ftp:// URLs. This can either be good or bad depending on what the servers and firewalls are configured to support.
Passive FTP ExampleBelow is an actual example of a passive FTP session. The only things that have been changed are the server names, IP addresses, and user names. In this example an FTP session is initiated from testbox1.slacksite.com (192.168.150.80), a linux box running the standard FTP command line client, to testbox2.slacksite.com (192.168.150.90), a linux box running ProFTPd 1.2.2RC2. The debugging (-d) flag is used with the FTP client to show what is going on behind the scenes. Everything in red is the debugging output which shows the actual FTP commands being sent to the server and the responses generated from those commands. Normal server output is shown in black, and user input is in bold.
Notice the difference in the PORT command in this example as opposed to the active FTP example. Here, we see a port being opened on the server (192.168.150.90) system, rather than the client. See the discussion about the format of the PORT command above, in the Active FTP Example section.
testbox1: {/home/p-t/slacker/public_html} % ftp -d testbox2Connected to testbox2.slacksite.com.220 testbox2.slacksite.com FTP server ready.Name (testbox2:slacker): slacker---> USER slacker331 Password required for slacker.Password: TmpPass---> PASS XXXX230 User slacker logged in.---> SYST215 UNIX Type: L8Remote system type is UNIX.Using binary mode to transfer files.ftp> passivePassive mode on.ftp> lsftp: setsockopt (ignored): Permission denied---> PASV227 Entering Passive Mode (192,168,150,90,195,149).---> LIST150 Opening ASCII mode data connection for file listdrwx------ 3 slacker users 104 Jul 27 01:45 public_html226 Transfer complete.ftp> quit---> QUIT221 Goodbye.
SummaryThe following chart should help admins remember how each FTP mode works:
Active FTP :command : client >1024 -> server 21data : client >1024 <- server 20
Passive FTP :command : client >1024 -> server 21data : client >1024 -> server >1024
A quick summary of the pros and cons of active vs. passive FTP is also in order:
Active FTP is beneficial to the FTP server admin, but detrimental to the client side admin. The FTP server attempts to make connections to random high ports on the client, which would almost certainly be blocked by a firewall on the client side. Passive FTP is beneficial to the client, but detrimental to the FTP server admin. The client will make both connections to the server, but one of them will be to a random high port, which would almost certainly be blocked by a firewall on the server side.
Luckily, there is somewhat of a compromise. Since admins running FTP servers will need to make their servers accessible to the greatest number of clients, they will almost certainly need to support passive FTP. The exposure of high level ports on the server can be minimized by specifying a limited port range for the FTP server to use. Thus, everything except for this range of ports can be firewalled on the server side. While this doesn't eliminate all risk to the server, it decreases it tremendously.
Advanced Shell Coding
This paper assumes a working knowledge of basic shellcoding techniques, and x86 assembly, I will not rehash these in this paper. I hope to teach you some of the lesser known shellcoding techniques that I have picked up, which will allow you to write smaller and better shellcodes. I do not claim to have invented any of these techniques, except for the one that uses the div instruction.
The multiplicity of mul
This technique was originally developed by Sorbo of darkircop.net. The mul instruction may, on the surface, seem mundane, and it's purpose obvious. However, when faced with the difficult challenge of shrinking your shellcode, it proves to be quite useful. First some background information on the mul instruction itself.
mul performs an unsigned multiply of two integers. It takes only one operand, the other is implicitly specified by the %eax register. So, a common mul instruction might look something like this:
movl $0x0a,%eaxmul $0x0a
This would multiply the value stored in %eax by the operand of mul, which in this case would be 10*10. The result is then implicitly stored in EDX:EAX. The result is stored over a span of two registers because it has the potential to be considerably larger than the previous value, possibly exceeding the capacity of a single register(this is also how floating points are stored in some cases, as an interesting sidenote).
So, now comes the ever-important question. How can we use these attributes to our advantage when writing shellcode? Well, let's think for a second, the instruction takes only one operand, therefore, since it is a very common instruction, it will generate only two bytes in our final shellcode. It multiplies whatever is passed to it by the value stored in %eax, and stores the value in both %edx and %eax, completely overwriting the contents of both registers, regardless of whether it is necessary to do so, in order to store the result of the multiplication. Let's put on our mathematician hats for a second, and consider this, what is the only possible result of a multiplication by 0? The answer, as you may have guessed, is 0. I think it's about time for some example code, so here it is:
xorl %ecx,%ecxmul %ecx
What is this shellcode doing? Well, it 0's out the %ecx register using the xor instruction, so we now know that %ecx is 0. Then it does a mul %ecx, which as we just learned, multiplies it's operand by the value in %eax, and then proceeds to store the result of this multiplication in EDX:EAX. So, regardless of %eax's previous contents, %eax must now be 0. However that's not all, %edx is 0'd now too, because, even though no overflow occurs, it still overwrites the %edx register with the sign bit(left-most bit) of %eax. Using this technique we can zero out three registers in only three bytes, whereas by any other method(that I know of) it would have taken at least six.
The div instruction
Div is very similar to mul, in that it takes only one operand and implicitly divides the operand by the value in %eax. Also like, mul it stores the result of the divide in %eax. Again, we will require the mathematical side of our brains to figure out how we can take advantage of this instruction. But first, let's think about what is normally stored in the %eax register. The %eax register holds the return value of functions and/or syscalls. Most syscalls that are used in shellcoding will return -1(on failure) or a positive value of some kind, only rarely will they return 0(though it does occur). So, if we know that after a syscall is performed, %eax will have a non-zero value, and that the instruction divl %eax will divide %eax by itself, and then store the result in %eax, we can say that executing the divl %eax instruction after a syscall will put the value 1 into %eax. So...how is this applicable to shellcoding? Well, their is another important thing that %eax is used for, and that is to pass the specific syscall that you would like to call to int $0x80. It just so happens that the syscall that corresponds to the value 1 is exit(). Now for an example:
xorl %ebx,%ebxmul %ebxpush %edxpushl $0x3268732fpushl $0x6e69622fmov %esp, %ebxpush %edxpush %ebxmov %esp,%ecxmovb $0xb, %al #execve() syscall, doesn't return at all unless it fails, in which case it returns -1int $0x80
divl %eax # -1 / -1 = 1int $0x80
Now, we have a 3 byte exit function, where as before it was 5 bytes. However, there is a catch, what if a syscall does return 0? Well in the odd situation in which that could happen, you could do many different things, like inc %eax, dec %eax, not %eax anything that will make %eax non-zero. Some people say that exit's are not important in shellcode, because your code gets executed regardless of whether or not it exits cleanly. They are right too, if you really need to save 3 bytes to fit your shellcode in somewhere, the exit() isn't worth keeping. However, when your code does finish, it will try to execute whatever was after your last instruction, which will most likely produce a SIG ILL(illegal instruction) which is a rather odd error, and will be logged by the system. So, an exit() simply adds an extra layer of stealth to your exploit, so that even if it fails or you can't wipe all the logs, at least this part of your presence will be clear.
Unlocking the power of leal
The leal instruction is an often neglected instruction in shellcode, even though it is quite useful. Consider this short piece of shellcode.
xorl %ecx,%ecxleal 0x10(%ecx),%eax
This will load the value 17 into eax, and clear all of the extraneous bits of eax. This occurs because the leal instruction loads a variable of the type long into it's desitination operand. In it's normal usage, this would load the address of a variable into a register, thus creating a pointer of sorts. However, since ecx is 0'd and 0+17=17, we load the value 17 into eax instead of any kind of actual address. In a normal shellcode we would do something like this, to accomplish the same thing:
xorl %eax,%eaxmovb $0x10,%eax
I can hear you saying, but that shellcode is a byte shorter than the leal one, and you're quite right. However, in a real shellcode you may already have to 0 out a register like ecx(or any other register), so the xorl instruction in the leal shellcode isn't counted. Here's an example:
xorl %eax,%eaxxorl %ebx,%ebxmovb $0x17,%alint $0x80 xorl %ebx,%ebxleal 0x17(%ebx),%alint $0x80
Both of these shellcodes call setuid(0), but one does it in 7 bytes while the other does it in 8. Again, I hear you saying but that's only one byte it doesn't make that much of a difference, and you're right, here it doesn't make much of a difference(except for in shellcode-size pissing contests =p), but when applied to much larger shellcodes, which have many function calls and need to do things like this frequently, it can save quite a bit of space.
I hope you all learned something, and will go out and apply your knowledge to create smaller and better shellcodes. If you know who invented the leal technique, please tell me and I will credit him/her.
How To Built A Website
The term web standards can mean different things to different people. For some, it is 'table-free sites', for others it is 'using valid code'. However, web standards are much broader than that. A site built to web standards should adhere to standards (HTML, XHTML, XML, CSS, XSLT, DOM, MathML, SVG etc) and pursue best practices (valid code, accessible code, semantically correct code, user-friendly URLs etc).
In other words, a site built to web standards should ideally be lean, clean, CSS-based, accessible, usable and search engine friendly.
About the checklist
This is not an uber-checklist. There are probably many items that could be added. More importantly, it should not be seen as a list of items that must be addressed on every site that you develop. It is simply a guide that can be used:
* to show the breadth of web standards* as a handy tool for developers during the production phase of websites* as an aid for developers who are interested in moving towards web standards
The checklist
1.Quality of code1. Does the site use a correct Doctype?2. Does the site use a Character set?3. Does the site use Valid (X)HTML?4. Does the site use Valid CSS?5. Does the site use any CSS hacks?6. Does the site use unnecessary classes or ids?7. Is the code well structured?8. Does the site have any broken links?9. How does the site perform in terms of speed/page size?10. Does the site have JavaScript errors?
2. Degree of separation between content and presentation1. Does the site use CSS for all presentation aspects (fonts, colour, padding, borders etc)?2. Are all decorative images in the CSS, or do they appear in the (X)HTML?
3. Accessibility for users1. Are "alt" attributes used for all descriptive images?2. Does the site use relative units rather than absolute units for text size?3. Do any aspects of the layout break if font size is increased?4. Does the site use visible skip menus?5. Does the site use accessible forms?6. Does the site use accessible tables?7. Is there sufficient colour brightness/contrasts?8. Is colour alone used for critical information?9. Is there delayed responsiveness for dropdown menus (for users with reduced motor skills)?10. Are all links descriptive (for blind users)?
4. Accessibility for devices1. Does the site work acceptably across modern and older browsers?2. Is the content accessible with CSS switched off or not supported?3. Is the content accessible with images switched off or not supported?4. Does the site work in text browsers such as Lynx?5. Does the site work well when printed?6. Does the site work well in Hand Held devices?7. Does the site include detailed metadata?8. Does the site work well in a range of browser window sizes?
5. Basic Usability1. Is there a clear visual hierarchy?2. Are heading levels easy to distinguish?3. Does the site have easy to understand navigation?4. Does the site use consistent navigation?5. Are links underlined?6. Does the site use consistent and appropriate language?7. Do you have a sitemap page and contact page? Are they easy to find?8. For large sites, is there a search tool?9. Is there a link to the home page on every page in the site?10. Are visited links clearly defined with a unique colour?
6. Site management1. Does the site have a meaningful and helpful 404 error page that works from any depth in the site?2. Does the site use friendly URLs?3. Do your URLs work without "www"?4. Does the site have a favicon?
1. Quality of code
1.1 Does the site use a correct Doctype?A doctype (short for 'document type declaration') informs the validator which version of (X)HTML you're using, and must appear at the very top of every web page. Doctypes are a key component of compliant web pages: your markup and CSS won't validate without them.CODEhttp://www.alistapart.com/articles/doctype/
More:CODEhttp://www.w3.org/QA/2002/04/valid-dtd-list.html
CODEhttp://css.maxdesign.com.au/listamatic/about-boxmodel.htm
CODEhttp://gutfeldt.ch/matthias/articles/doctypeswitch.html
1.2 Does the site use a Character set?If a user agent (eg. a browser) is unable to detect the character encoding used in a Web document, the user may be presented with unreadable text. This information is particularly important for those maintaining and extending a multilingual site, but declaring the character encoding of the document is important for anyone producing XHTML/HTML or CSS.CODEhttp://www.w3.org/International/tutorials/tutorial-char-enc/
More:CODEhttp://www.w3.org/International/O-charset.html
1.3 Does the site use Valid (X)HTML?Valid code will render faster than code with errors. Valid code will render better than invalid code. Browsers are becoming more standards compliant, and it is becoming increasingly necessary to write valid and standards compliant HTML.CODEhttp://www.maxdesign.com.au/presentation/sit2003/06.htm
More:CODEhttp://validator.w3.org/
1.4 Does the site use Valid CSS?You need to make sure that there aren't any errors in either your HTML or your CSS, since mistakes in either place can result in botched document appearance.CODEhttp://www.meyerweb.com/eric/articles/webrev/199904.html
More:CODEhttp://jigsaw.w3.org/css-validator/
1.5 Does the site use any CSS hacks?Basically, hacks come down to personal choice, the amount of knowledge you have of workarounds, the specific design you are trying to achieve.CODEhttp://www.mail-archive.com/wsg@webstandardsgroup.org/msg05823.html
More:CODEhttp://css-discuss.incutio.com/?page=CssHack
CODEhttp://css-discuss.incutio.com/?page=ToHackOrNotToHack
CODEhttp://centricle.com/ref/css/filters/
1.6 Does the site use unnecessary classes or ids?I've noticed that developers learning new skills often end up with good CSS but poor XHTML. Specifically, the HTML code tends to be full of unnecessary divs and ids. This results in fairly meaningless HTML and bloated style sheets.CODEhttp://www.clagnut.com/blog/228/
1.7 Is the code well structured?Semantically correct markup uses html elements for their given purpose. Well structured HTML has semantic meaning for a wide range of user agents (browsers without style sheets, text browsers, PDAs, search engines etc.)CODEhttp://www.maxdesign.com.au/presentation/benefits/index04.htm
More:CODEhttp://www.w3.org/2003/12/semantic-extractor.html
1.8 Does the site have any broken links?Broken links can frustrate users and potentially drive customers away. Broken links can also keep search engines from properly indexing your site.
More:CODEhttp://validator.w3.org/checklink
1.9 How does the site perform in terms of speed/page size?Don't make me wait... That's the message users give us in survey after survey. Even broadband users can suffer the slow-loading blues.CODEhttp://www.websiteoptimization.com/speed/
1.10 Does the site have JavaScript errors?Internet Explore for Windows allows you to turn on a debugger that will pop up a new window and let you know there are javascript errors on your site. This is available under 'Internet Options' on the Advanced tab. Uncheck 'Disable script debugging'.
2. Degree of separation between content and presentation
2.1 Does the site use CSS for all presentation aspects (fonts, colour, padding, borders etc)?Use style sheets to control layout and presentation.CODEhttp://www.w3.org/TR/WCAG10/wai-pageauth.html#tech-style-sheets
2.2 Are all decorative images in the CSS, or do they appear in the (X)HTML?The aim for web developers is to remove all presentation from the html code, leaving it clean and semantically correct.CODEhttp://www.maxdesign.com.au/presentation/benefits/index07.htm
3. Accessibility for users
3.1 Are "alt" attributes used for all descriptive images?Provide a text equivalent for every non-text elementCODEhttp://www.w3.org/TR/WCAG10/wai-pageauth.html#tech-text-equivalent
3.2 Does the site use relative units rather than absolute units for text size?Use relative rather than absolute units in markup language attribute values and style sheet property values'.CODEhttp://www.w3.org/TR/WCAG10/wai-pageauth.html#tech-relative-units
More:CODEhttp://www.w3.org/TR/WCAG10/wai-pageauth.html#tech-relative-units
CODEhttp://www.clagnut.com/blog/348/
3.3 Do any aspects of the layout break if font size is increased?Try this simple test. Look at your website in a browser that supports easy incrementation of font size. Now increase your browser's font size. And again. And again... Look at your site. Does the page layout still hold together? It is dangerous for developers to assume that everyone browses using default font sizes.3.4 Does the site use visible skip menus?
A method shall be provided that permits users to skip repetitive navigation links.CODEhttp://www.section508.gov/index.cfm?FuseAction=Content&ID=12
Group related links, identify the group (for user agents), and, until user agents do so, provide a way to bypass the group.CODEhttp://www.w3.org/TR/WCAG10-TECHS/#tech-group-links
...blind visitors are not the only ones inconvenienced by too many links in a navigation area. Recall that a mobility-impaired person with poor adaptive technology might be stuck tabbing through that morass.CODEhttp://joeclark.org/book/sashay/serialization/Chapter08.html#h4-2020
More:CODEhttp://www.niehs.nih.gov/websmith/508/o.htm
3.5 Does the site use accessible forms?Forms aren't the easiest of things to use for people with disabilities. Navigating around a page with written content is one thing, hopping between form fields and inputting information is another.CODEhttp://www.htmldog.com/guides/htmladvanced/forms/
More:CODEhttp://www.webstandards.org/learn/tutorials/accessible-forms/01-accessible-forms.html
CODEhttp://www.accessify.com/tools-and-wizards/accessible-form-builder.asp
CODEhttp://accessify.com/tutorials/better-accessible-forms.asp
3.6 Does the site use accessible tables?For data tables, identify row and column headers... For data tables that have two or more logical levels of row or column headers, use markup to associate data cells and header cells.CODEhttp://www.w3.org/TR/WCAG10/wai-pageauth.html#tech-table-headers
More:CODEhttp://www.bcc.ctc.edu/webpublishing/ada/resources/tables.asp
CODEhttp://www.accessify.com/tools-and-wizards/accessible-table-builder_step1.asp
CODEhttp://www.webaim.org/techniques/tables/
3.7 Is there sufficient colour brightness/contrasts?Ensure that foreground and background colour combinations provide sufficient contrast when viewed by someone having colour deficits.CODEhttp://www.w3.org/TR/WCAG10/wai-pageauth.html#tech-colour-contrast
More:CODEhttp://www.juicystudio.com/services/colourcontrast.asp
3.8 Is colour alone used for critical information?Ensure that all information conveyed with colour is also available without colour, for example from context or markup.CODEhttp://www.w3.org/TR/WCAG10/wai-pageauth.html#tech-colour-convey
There are basically three types of colour deficiency; Deuteranope (a form of red/green colour deficit), Protanope (another form of red/green colour deficit) and Tritanope (a blue/yellow deficit- very rare).
More:CODEhttp://colourfilter.wickline.org/
CODEhttp://www.toledo-bend.com/colourblind/Ishihara.html
CODEhttp://www.vischeck.com/vischeck/vischeckURL.php
3.9 Is there delayed responsiveness for dropdown menus?Users with reduced motor skills may find dropdown menus hard to use if responsiveness is set too fast.
3.10 Are all links descriptive?Link text should be meaningful enough to make sense when read out of context - either on its own or as part of a sequence of links. Link text should also be terse.CODEhttp://www.w3.org/TR/WCAG10/wai-pageauth.html#tech-meaningful-links
4. Accessibility for devices.
4.1 Does the site work acceptably across modern and older browsers?
Before starting to build a CSS-based layout, you should decide which browsers to support and to what level you intend to support them.CODEhttp://www.maxdesign.com.au/presentation/process/index_step01.cfm
4.2 Is the content accessible with CSS switched off or not supported?Some people may visit your site with either a browser that does not support CSS or a browser with CSS switched off. In content is structured well, this will not be an issue.
4.3 Is the content accessible with images switched off or not supported?Some people browse websites with images switched off - especially people on very slow connections. Content should still be accessible for these people.
4.4 Does the site work in text browsers such as Lynx?This is like a combination of images and CSS switched off. A text-based browser will rely on well structured content to provide meaning.
More:CODEhttp://www.delorie.com/web/lynxview
4.5 Does the site work well when printed?You can take any (X)HTML document and simply style it for print, without having to touch the markup.CODEhttp://www.alistapart.com/articles/goingtoprint/
More:CODEhttp://www.d.umn.edu/itss/support/Training/Online/webdesign/css.html#print
4.6 Does the site work well in Hand Held devices?This is a hard one to deal with until hand held devices consistently support their correct media type. However, some layouts work better in current hand-held devices. The importance of supporting hand held devices will depend on target audiences.
4.7 Does the site include detailed metadata?Metadata is machine understandable information for the webCODEhttp://www.w3.org/Metadata/
Metadata is structured information that is created specifically to describe another resource. In other words, metadata is 'data about data'.
4.8 Does the site work well in a range of browser window sizes?It is a common assumption amongst developers that average screen sizes are increasing. Some developers assume that the average screen size is now 1024px wide. But what about users with smaller screens and users with hand held devices? Are they part of your target audience and are they being disadvantaged?
5. Basic Usability5.1 Is there a clear visual hierarchy?Organise and prioritise the contents of a page by using size, prominence and content relationships.CODEhttp://www.great-web-design-tips.com/web-site-design/165.html
5.2 Are heading levels easy to distinguish?Use header elements to convey document structure and use them according to specification.CODEhttp://www.w3.org/TR/WCAG10/wai-pageauth.html#tech-logical-headings
5.3 Is the site's navigation easy to understand?Your navigation system should give your visitor a clue as to what page of the site they are currently on and where they can go next.CODEhttp://www.1stsitefree.com/design_nav.htm
5.4 Is the site's navigation consistent?If each page on your site has a consistent style of presentation, visitors will find it easier to navigate between pages and find informationCODEhttp://www.juicystudio.com/tutorial/accessibility/navigation.asp
5.5 Does the site use consistent and appropriate language?The use of clear and simple language promotes effective communication. Trying to come across as articulate can be as difficult to read as poorly written grammar, especially if the language used isn't the visitor's primary language.CODEhttp://www.juicystudio.com/tutorial/accessibility/clear.asp
5.6 Does the site have a sitemap page and contact page? Are they easy to find?Most site maps fail to convey multiple levels of the site's information architecture. In usability tests, users often overlook site maps or can't find them. Complexity is also a problem: a map should be a map, not a navigational challenge of its own.CODEhttp://www.useit.com/alertbox/20020106.html
5.7 For large sites, is there a search tool?While search tools are not needed on smaller sites, and some people will not ever use them, site-specific search tools allow users a choice of navigation options.
5.8 Is there a link to the home page on every page in the site?Some users like to go back to a site's home page after navigating to content within a site. The home page becomes a base camp for these users, allowing them to regroup before exploring new content.
5.9 Are links underlined?To maximise the perceived affordance of clickability, colour and underline the link text. Users shouldn't have to guess or scrub the page to find out where they can click.CODEhttp://www.useit.com/alertbox/20040510.html
5.10 Are visited links clearly defined?Most important, knowing which pages they've already visited frees users from unintentionally revisiting the same pages over and over again.CODEhttp://www.useit.com/alertbox/20040503.html
6. Site management
6.1 Does the site have a meaningful and helpful 404 error page that works from any depth in the site?You've requested a page - either by typing a URL directly into the address bar or clicking on an out-of-date link and you've found yourself in the middle of cyberspace nowhere. A user-friendly website will give you a helping hand while many others will simply do nothing, relying on the browser's built-in ability to explain what the problem is.CODEhttp://www.alistapart.com/articles/perfect404/
6.2 Does the site use friendly URLs?Most search engines (with a few exceptions - namely Google) will not index any pages that have a question mark or other character (like an ampersand or equals sign) in the URL... what good is a site if no one can find it?CODEhttp://www.sitepoint.com/article/search-engine-friendly-urls
One of the worst elements of the web from a user interface standpoint is the URL. However, if they're short, logical, and self-correcting, URLs can be acceptably usableCODEhttp://www.merges.net/theory/20010305.html
More:CODEhttp://www.sitepoint.com/article/search-engine-friendly-urls
CODEhttp://www.websitegoodies.com/article/32
CODEhttp://www.merges.net/theory/20010305.html
6.3 Does the site's URL work without "www"?While this is not critical, and in some cases is not even possible, it is always good to give people the choice of both options. If a user types your domain name without the www and gets no site, this could disadvantage both the user and you.6.4 Does the site have a favicon?
A Favicon is a multi-resolution image included on nearly all professionally developed sites. The Favicon allows the webmaster to further promote their site, and to create a more customized appearance within a visitor's browser.CODEhttp://www.favicon.com/
Favicons are definitely not critical. However, if they are not present, they can cause 404 errors in your logs (site statistics). Browsers like IE will request them from the server when a site is bookmarked. If a favicon isn't available, a 404 error may be generated. Therefore, having a favicon could cut down on favicon specific 404 errors. The same is true of a 'robots.txt' file.
In other words, a site built to web standards should ideally be lean, clean, CSS-based, accessible, usable and search engine friendly.
About the checklist
This is not an uber-checklist. There are probably many items that could be added. More importantly, it should not be seen as a list of items that must be addressed on every site that you develop. It is simply a guide that can be used:
* to show the breadth of web standards* as a handy tool for developers during the production phase of websites* as an aid for developers who are interested in moving towards web standards
The checklist
1.Quality of code1. Does the site use a correct Doctype?2. Does the site use a Character set?3. Does the site use Valid (X)HTML?4. Does the site use Valid CSS?5. Does the site use any CSS hacks?6. Does the site use unnecessary classes or ids?7. Is the code well structured?8. Does the site have any broken links?9. How does the site perform in terms of speed/page size?10. Does the site have JavaScript errors?
2. Degree of separation between content and presentation1. Does the site use CSS for all presentation aspects (fonts, colour, padding, borders etc)?2. Are all decorative images in the CSS, or do they appear in the (X)HTML?
3. Accessibility for users1. Are "alt" attributes used for all descriptive images?2. Does the site use relative units rather than absolute units for text size?3. Do any aspects of the layout break if font size is increased?4. Does the site use visible skip menus?5. Does the site use accessible forms?6. Does the site use accessible tables?7. Is there sufficient colour brightness/contrasts?8. Is colour alone used for critical information?9. Is there delayed responsiveness for dropdown menus (for users with reduced motor skills)?10. Are all links descriptive (for blind users)?
4. Accessibility for devices1. Does the site work acceptably across modern and older browsers?2. Is the content accessible with CSS switched off or not supported?3. Is the content accessible with images switched off or not supported?4. Does the site work in text browsers such as Lynx?5. Does the site work well when printed?6. Does the site work well in Hand Held devices?7. Does the site include detailed metadata?8. Does the site work well in a range of browser window sizes?
5. Basic Usability1. Is there a clear visual hierarchy?2. Are heading levels easy to distinguish?3. Does the site have easy to understand navigation?4. Does the site use consistent navigation?5. Are links underlined?6. Does the site use consistent and appropriate language?7. Do you have a sitemap page and contact page? Are they easy to find?8. For large sites, is there a search tool?9. Is there a link to the home page on every page in the site?10. Are visited links clearly defined with a unique colour?
6. Site management1. Does the site have a meaningful and helpful 404 error page that works from any depth in the site?2. Does the site use friendly URLs?3. Do your URLs work without "www"?4. Does the site have a favicon?
1. Quality of code
1.1 Does the site use a correct Doctype?A doctype (short for 'document type declaration') informs the validator which version of (X)HTML you're using, and must appear at the very top of every web page. Doctypes are a key component of compliant web pages: your markup and CSS won't validate without them.CODEhttp://www.alistapart.com/articles/doctype/
More:CODEhttp://www.w3.org/QA/2002/04/valid-dtd-list.html
CODEhttp://css.maxdesign.com.au/listamatic/about-boxmodel.htm
CODEhttp://gutfeldt.ch/matthias/articles/doctypeswitch.html
1.2 Does the site use a Character set?If a user agent (eg. a browser) is unable to detect the character encoding used in a Web document, the user may be presented with unreadable text. This information is particularly important for those maintaining and extending a multilingual site, but declaring the character encoding of the document is important for anyone producing XHTML/HTML or CSS.CODEhttp://www.w3.org/International/tutorials/tutorial-char-enc/
More:CODEhttp://www.w3.org/International/O-charset.html
1.3 Does the site use Valid (X)HTML?Valid code will render faster than code with errors. Valid code will render better than invalid code. Browsers are becoming more standards compliant, and it is becoming increasingly necessary to write valid and standards compliant HTML.CODEhttp://www.maxdesign.com.au/presentation/sit2003/06.htm
More:CODEhttp://validator.w3.org/
1.4 Does the site use Valid CSS?You need to make sure that there aren't any errors in either your HTML or your CSS, since mistakes in either place can result in botched document appearance.CODEhttp://www.meyerweb.com/eric/articles/webrev/199904.html
More:CODEhttp://jigsaw.w3.org/css-validator/
1.5 Does the site use any CSS hacks?Basically, hacks come down to personal choice, the amount of knowledge you have of workarounds, the specific design you are trying to achieve.CODEhttp://www.mail-archive.com/wsg@webstandardsgroup.org/msg05823.html
More:CODEhttp://css-discuss.incutio.com/?page=CssHack
CODEhttp://css-discuss.incutio.com/?page=ToHackOrNotToHack
CODEhttp://centricle.com/ref/css/filters/
1.6 Does the site use unnecessary classes or ids?I've noticed that developers learning new skills often end up with good CSS but poor XHTML. Specifically, the HTML code tends to be full of unnecessary divs and ids. This results in fairly meaningless HTML and bloated style sheets.CODEhttp://www.clagnut.com/blog/228/
1.7 Is the code well structured?Semantically correct markup uses html elements for their given purpose. Well structured HTML has semantic meaning for a wide range of user agents (browsers without style sheets, text browsers, PDAs, search engines etc.)CODEhttp://www.maxdesign.com.au/presentation/benefits/index04.htm
More:CODEhttp://www.w3.org/2003/12/semantic-extractor.html
1.8 Does the site have any broken links?Broken links can frustrate users and potentially drive customers away. Broken links can also keep search engines from properly indexing your site.
More:CODEhttp://validator.w3.org/checklink
1.9 How does the site perform in terms of speed/page size?Don't make me wait... That's the message users give us in survey after survey. Even broadband users can suffer the slow-loading blues.CODEhttp://www.websiteoptimization.com/speed/
1.10 Does the site have JavaScript errors?Internet Explore for Windows allows you to turn on a debugger that will pop up a new window and let you know there are javascript errors on your site. This is available under 'Internet Options' on the Advanced tab. Uncheck 'Disable script debugging'.
2. Degree of separation between content and presentation
2.1 Does the site use CSS for all presentation aspects (fonts, colour, padding, borders etc)?Use style sheets to control layout and presentation.CODEhttp://www.w3.org/TR/WCAG10/wai-pageauth.html#tech-style-sheets
2.2 Are all decorative images in the CSS, or do they appear in the (X)HTML?The aim for web developers is to remove all presentation from the html code, leaving it clean and semantically correct.CODEhttp://www.maxdesign.com.au/presentation/benefits/index07.htm
3. Accessibility for users
3.1 Are "alt" attributes used for all descriptive images?Provide a text equivalent for every non-text elementCODEhttp://www.w3.org/TR/WCAG10/wai-pageauth.html#tech-text-equivalent
3.2 Does the site use relative units rather than absolute units for text size?Use relative rather than absolute units in markup language attribute values and style sheet property values'.CODEhttp://www.w3.org/TR/WCAG10/wai-pageauth.html#tech-relative-units
More:CODEhttp://www.w3.org/TR/WCAG10/wai-pageauth.html#tech-relative-units
CODEhttp://www.clagnut.com/blog/348/
3.3 Do any aspects of the layout break if font size is increased?Try this simple test. Look at your website in a browser that supports easy incrementation of font size. Now increase your browser's font size. And again. And again... Look at your site. Does the page layout still hold together? It is dangerous for developers to assume that everyone browses using default font sizes.3.4 Does the site use visible skip menus?
A method shall be provided that permits users to skip repetitive navigation links.CODEhttp://www.section508.gov/index.cfm?FuseAction=Content&ID=12
Group related links, identify the group (for user agents), and, until user agents do so, provide a way to bypass the group.CODEhttp://www.w3.org/TR/WCAG10-TECHS/#tech-group-links
...blind visitors are not the only ones inconvenienced by too many links in a navigation area. Recall that a mobility-impaired person with poor adaptive technology might be stuck tabbing through that morass.CODEhttp://joeclark.org/book/sashay/serialization/Chapter08.html#h4-2020
More:CODEhttp://www.niehs.nih.gov/websmith/508/o.htm
3.5 Does the site use accessible forms?Forms aren't the easiest of things to use for people with disabilities. Navigating around a page with written content is one thing, hopping between form fields and inputting information is another.CODEhttp://www.htmldog.com/guides/htmladvanced/forms/
More:CODEhttp://www.webstandards.org/learn/tutorials/accessible-forms/01-accessible-forms.html
CODEhttp://www.accessify.com/tools-and-wizards/accessible-form-builder.asp
CODEhttp://accessify.com/tutorials/better-accessible-forms.asp
3.6 Does the site use accessible tables?For data tables, identify row and column headers... For data tables that have two or more logical levels of row or column headers, use markup to associate data cells and header cells.CODEhttp://www.w3.org/TR/WCAG10/wai-pageauth.html#tech-table-headers
More:CODEhttp://www.bcc.ctc.edu/webpublishing/ada/resources/tables.asp
CODEhttp://www.accessify.com/tools-and-wizards/accessible-table-builder_step1.asp
CODEhttp://www.webaim.org/techniques/tables/
3.7 Is there sufficient colour brightness/contrasts?Ensure that foreground and background colour combinations provide sufficient contrast when viewed by someone having colour deficits.CODEhttp://www.w3.org/TR/WCAG10/wai-pageauth.html#tech-colour-contrast
More:CODEhttp://www.juicystudio.com/services/colourcontrast.asp
3.8 Is colour alone used for critical information?Ensure that all information conveyed with colour is also available without colour, for example from context or markup.CODEhttp://www.w3.org/TR/WCAG10/wai-pageauth.html#tech-colour-convey
There are basically three types of colour deficiency; Deuteranope (a form of red/green colour deficit), Protanope (another form of red/green colour deficit) and Tritanope (a blue/yellow deficit- very rare).
More:CODEhttp://colourfilter.wickline.org/
CODEhttp://www.toledo-bend.com/colourblind/Ishihara.html
CODEhttp://www.vischeck.com/vischeck/vischeckURL.php
3.9 Is there delayed responsiveness for dropdown menus?Users with reduced motor skills may find dropdown menus hard to use if responsiveness is set too fast.
3.10 Are all links descriptive?Link text should be meaningful enough to make sense when read out of context - either on its own or as part of a sequence of links. Link text should also be terse.CODEhttp://www.w3.org/TR/WCAG10/wai-pageauth.html#tech-meaningful-links
4. Accessibility for devices.
4.1 Does the site work acceptably across modern and older browsers?
Before starting to build a CSS-based layout, you should decide which browsers to support and to what level you intend to support them.CODEhttp://www.maxdesign.com.au/presentation/process/index_step01.cfm
4.2 Is the content accessible with CSS switched off or not supported?Some people may visit your site with either a browser that does not support CSS or a browser with CSS switched off. In content is structured well, this will not be an issue.
4.3 Is the content accessible with images switched off or not supported?Some people browse websites with images switched off - especially people on very slow connections. Content should still be accessible for these people.
4.4 Does the site work in text browsers such as Lynx?This is like a combination of images and CSS switched off. A text-based browser will rely on well structured content to provide meaning.
More:CODEhttp://www.delorie.com/web/lynxview
4.5 Does the site work well when printed?You can take any (X)HTML document and simply style it for print, without having to touch the markup.CODEhttp://www.alistapart.com/articles/goingtoprint/
More:CODEhttp://www.d.umn.edu/itss/support/Training/Online/webdesign/css.html#print
4.6 Does the site work well in Hand Held devices?This is a hard one to deal with until hand held devices consistently support their correct media type. However, some layouts work better in current hand-held devices. The importance of supporting hand held devices will depend on target audiences.
4.7 Does the site include detailed metadata?Metadata is machine understandable information for the webCODEhttp://www.w3.org/Metadata/
Metadata is structured information that is created specifically to describe another resource. In other words, metadata is 'data about data'.
4.8 Does the site work well in a range of browser window sizes?It is a common assumption amongst developers that average screen sizes are increasing. Some developers assume that the average screen size is now 1024px wide. But what about users with smaller screens and users with hand held devices? Are they part of your target audience and are they being disadvantaged?
5. Basic Usability5.1 Is there a clear visual hierarchy?Organise and prioritise the contents of a page by using size, prominence and content relationships.CODEhttp://www.great-web-design-tips.com/web-site-design/165.html
5.2 Are heading levels easy to distinguish?Use header elements to convey document structure and use them according to specification.CODEhttp://www.w3.org/TR/WCAG10/wai-pageauth.html#tech-logical-headings
5.3 Is the site's navigation easy to understand?Your navigation system should give your visitor a clue as to what page of the site they are currently on and where they can go next.CODEhttp://www.1stsitefree.com/design_nav.htm
5.4 Is the site's navigation consistent?If each page on your site has a consistent style of presentation, visitors will find it easier to navigate between pages and find informationCODEhttp://www.juicystudio.com/tutorial/accessibility/navigation.asp
5.5 Does the site use consistent and appropriate language?The use of clear and simple language promotes effective communication. Trying to come across as articulate can be as difficult to read as poorly written grammar, especially if the language used isn't the visitor's primary language.CODEhttp://www.juicystudio.com/tutorial/accessibility/clear.asp
5.6 Does the site have a sitemap page and contact page? Are they easy to find?Most site maps fail to convey multiple levels of the site's information architecture. In usability tests, users often overlook site maps or can't find them. Complexity is also a problem: a map should be a map, not a navigational challenge of its own.CODEhttp://www.useit.com/alertbox/20020106.html
5.7 For large sites, is there a search tool?While search tools are not needed on smaller sites, and some people will not ever use them, site-specific search tools allow users a choice of navigation options.
5.8 Is there a link to the home page on every page in the site?Some users like to go back to a site's home page after navigating to content within a site. The home page becomes a base camp for these users, allowing them to regroup before exploring new content.
5.9 Are links underlined?To maximise the perceived affordance of clickability, colour and underline the link text. Users shouldn't have to guess or scrub the page to find out where they can click.CODEhttp://www.useit.com/alertbox/20040510.html
5.10 Are visited links clearly defined?Most important, knowing which pages they've already visited frees users from unintentionally revisiting the same pages over and over again.CODEhttp://www.useit.com/alertbox/20040503.html
6. Site management
6.1 Does the site have a meaningful and helpful 404 error page that works from any depth in the site?You've requested a page - either by typing a URL directly into the address bar or clicking on an out-of-date link and you've found yourself in the middle of cyberspace nowhere. A user-friendly website will give you a helping hand while many others will simply do nothing, relying on the browser's built-in ability to explain what the problem is.CODEhttp://www.alistapart.com/articles/perfect404/
6.2 Does the site use friendly URLs?Most search engines (with a few exceptions - namely Google) will not index any pages that have a question mark or other character (like an ampersand or equals sign) in the URL... what good is a site if no one can find it?CODEhttp://www.sitepoint.com/article/search-engine-friendly-urls
One of the worst elements of the web from a user interface standpoint is the URL. However, if they're short, logical, and self-correcting, URLs can be acceptably usableCODEhttp://www.merges.net/theory/20010305.html
More:CODEhttp://www.sitepoint.com/article/search-engine-friendly-urls
CODEhttp://www.websitegoodies.com/article/32
CODEhttp://www.merges.net/theory/20010305.html
6.3 Does the site's URL work without "www"?While this is not critical, and in some cases is not even possible, it is always good to give people the choice of both options. If a user types your domain name without the www and gets no site, this could disadvantage both the user and you.6.4 Does the site have a favicon?
A Favicon is a multi-resolution image included on nearly all professionally developed sites. The Favicon allows the webmaster to further promote their site, and to create a more customized appearance within a visitor's browser.CODEhttp://www.favicon.com/
Favicons are definitely not critical. However, if they are not present, they can cause 404 errors in your logs (site statistics). Browsers like IE will request them from the server when a site is bookmarked. If a favicon isn't available, a 404 error may be generated. Therefore, having a favicon could cut down on favicon specific 404 errors. The same is true of a 'robots.txt' file.
Subscribe to:
Posts (Atom)