4 Ways to use an IP Address

Posted on November 16, 2009. Filed under Coding, Scripts, Security. 1 Comment »

1) Tracking – In addition with cookies, IP addresses can be useful for tracking individual computers or networks. Take example one of the worlds greatest tracking analysis websites—Google Analytics (aka Urchin). Using IP Based information, Google can track, look up past visits, know what pages you visited, and what pages you came from (using http refer). IPs can give the anonymous visitor a name and collect data on that name.

2) User Interactivity – Display a user online script or even develop an online chatting program based on IP availability. With Session Handling, you could have people interact with each other by classifying IPs and logged in users that match those IP Addresses. Majority of online games are based using IPs. Though Session Handling could also provide user interactivity alone..

3) Ban Hammer – The three most effective way of banning someone off your website is Email, Username, and IP Address. Email and username are only available if users have the option to register their name. IP Addresses can be recorded without the user knowing. The only backdraw to this is if you ban an IP thats networking 10 computers, all 10 computers will be banned. That is the only downside when using IP as a ban hammer (though used commonly across the web).

4) Exceptions – Want to make a private viewing site specific towards a network? IP Exception (along with Cookies) are excellent. Give people cookies, record their IP Address, show them a sneak peak of what you’re working on. Great for showing a specific client how much work has been completed (if your a web developer) or if your just showing a small crowd of people a video and not want to program a login script.

Tagged with: ip address, php

What shall we $_GET today?

Posted on July 11, 2009. Filed under Coding, Concepts, Security. 1 Comment »

In PHP, $_GET is commonly used to retrieve values passed through the URL. The purpose is simply to pass variables when other means are not the option. For example, some sites use the $_GET method to output specific pages. We’re going to take a look in how Google uses $_GET in it’s search engine.

http://www.google.com/#hl=en&q=example&aq=f&oq=&aqi=g10&fp=Xmf0jJ9P_V0

I’m going to bring down part of this URL since I have no clue (or intention) what the other stuff is. Initially the get method works by having a variable equaling to the value you want it. Starts off with a question mark, then variables equals value, and if there is more than one value to declare an ampersand is put at the end of each value. Now this sample URL from Google.com is telling that the language is in English, the search query is example, and fp=XmF0jJ9P_V0 (what ever that means). I know that en means English because of general knowledge I have in setting language types. This is used so if somebody in U.S. is looking at Google in a Korean language (hl=kr), Google will know that somebody in the U.S. (based on IP address) is viewing the page in Korean. Q means query and it always equals to what the user wants to search. Try it out by going to google.com and typing out different search queries in the URL and notice the results change to what you typed in q.

Now that you know sorta how it’s set up in the URL, lets see how we can use that data in the URL.

$language = $_GET['hl'];
$search_query = $_GET['q'];

Simple as that! If you wanted to have a site where people viewed people’s profile by ID, you could utilize the $_GET method and do…

// if url = example.com/profile.php?id=5
 
// select from MySql Database
$q = mysql_query("SELECT * FROM `profiles`
WHERE `userId` = '".$_GET['id']."' LIMIT 0,1");
 
// check if id exists
if(mysql_num_rows($q) == 1) {
     // profile output
} else {
     // big fail 404
}

STOP

If it didn’t catch your attention, it is very possible to hack the entire site you own with that simple statement (MySql Injection). How? Since we can control the ID variable directly from the URL…

profile.php?id='; DELETE FROM `profiles` WHERE `id` > '

which then goes into…

 $q = mysql_query("SELECT * FROM `profiles`
 WHERE `userId` = '';
 DELETE FROM `profiles`
 WHERE `id` > '0' LIMIT 0,1");

Looks like an intruder just messed up your site. Fail. Ways to make sure stuff like this doesn’t happen is quite simple.

$q = mysql_query("SELECT * FROM `profiles` 
WHERE `userId` = '".clean($_GET['id'])."' LIMIT 0,1");

The clean(); function would return with an altered string going through html_entites, some str_replaces, and other methods to make sure everything is processed correctly (especially no quotes, double or single). You could also declare a variable equaling to the $_GET with the clean parenthesis around it (A future post is going to be on clean();).

Happy Coding!

Tagged with: $_GET, method, url

DDoS: What it is and how to prevent it.

Posted on May 17, 2009. Filed under Security. 5 Comments »

Distributed Denial of Service (DDoS) is a major vulnerability to any website which means anyone can be a victim to it. Even I was a recently shutdown by a DDoS attack which prompt me to research it and write this article. This malicious attack is a very simple task for the attacker which ultimately means the chance of being DDoS are higher when advertising your site on a broad scale. I will be explaining one method of DDoS in which the attacker uses botnet to temporary paralyze a website.

Now the process of this particular DDoS is quite simple, an attacker gathers a handful of compromised computers (hacked computers with software that controls it with/without the user noticing it) and uses those to access a website rapidly and persistently. Say an attacker had a botnet program (controls these compromised computers) and the attacker had about 5 bots available to attack. Now we’ll say the attacker will launch an attack on http://mattloinfo.com. This means that these 5 computer will now be accessing my website numerous times within a short period. My encounter with this was 17 requests per second (I do not know how many bots were used but I assume 1 because there was only one IP logged). My site was shutdown about 30 seconds from when the attacker initiated the command to hit my site. That’s equivalent to 510 people viewing my site all at once. Now if my site really did achieve that goal I would definitely move to a better server (right now I’m on shared) but none the less, that’s a lot of requests.

A zombie computer is a compromised (hacked) computer.

A complex version of a DDoS attack

Now ways to prevent DDoS is actually very difficult due to the many methods that an attack can do. A common way to stop it is using a firewall on the webserver. Another method is to set a limit viewers requesting the website. For example a limit could be 30 requests every 19 seconds with 500 requests per day. This helps prevent DDoS because then it requires the attacker to use more computers to attack. Translation: 1 computer can request a site 30 times within 19 seconds, anything over will result in a temporary ban. That means if 5 computers tried to request my site multiple times by means of using attacking software, the maximum amount of requests would be 150 within 19 seconds. It may slow down the site for about 5 minutes, but it will gradually return to normal (compared to a site being shutdown like mine).

Tagged with: DDoS, prevention, server security

Handling sensitive information in PHP

Posted on May 10, 2009. Filed under Coding, Concepts, Scripts, Security. 2 Comments »

Had a few people ask me on windows live about the steps in preserving data in my PHP and I’d just respond “MySQL”, but I forgot to tell them that sensitive information needs to be handled differently. Storing information like passwords and “private numbers” should be encrypted and/or should have keys for the information.The simplest way to encrypt data is by the crypt functions in PHP.

// this is a general example of post data handling
$password = md5($_POST['pass']);
 
// another example
$password = sha1($_POST['pass']);

These are prime examples because they are not as easily reversible but they aren’t the world’s number one dependable algorithm. How to break md5 and other hash functions is a prime example in ways to break these encryption processes. I’m simply showing you these methods because general public won’t break them and they are secure enough where someone computer programming illiterate will fail and give up (presumably). So these functionality are dependable enough to store simple private data but not strongly recommended to store info like credit card or social security numbers. Also “rainbow tables” have been increasingly dependable for cracking an md5 encryption next to user submitted info like http://md5decryption.com/.

Do not use reversible encryption methods like base64

// encrypt
$var = base64_encode('hello world');
 
// decrypt
echo base64_decode($var); // exposed!

MD5 and Sha1 do not have decrypt functions (in php.net’s function database).

Tagged with: base64, encryption, md5, php, sensitive information, sha1

Interactive Tags

WP Cumulus Flash tag cloud by Roy Tanck and Luke Morton requires Flash Player 9 or better.

Twitter: @Matt_Lo

@mediatemple can't access plesk right now or my a.c. 13 hours ago
Sunday Morning to Tuesday Night 2010/09/05
tried, sleep, work, work, work, sleep, work, tennis, work : 2010/09/05
4 consecutive days of declining hits :\ Also working too many projects this weekend, No worries though because its all due tuesday. 2010/09/05
working for the next few days :\ 2010/09/04

A Calendar…

September 2010
M	T	W	T	F	S	S
« Aug
	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30

About Me

I was born in the year 1990, I currently live in Naperville, IL, USA, and enrolled at College of Dupage. I have a pretty good ability to create sites/web applications using PHP, jQuery, CSS, and HTML. I have multiple skill sets for each language/markup. To download my resume, click here.