Google hacks

Google hacks..
Now I would like to share something I have to gain more πŸ™‚ hhee..

Since Google have come into the internet, it seems have change the whole internet. Its really wonderful actually, from the comprehensive search engine, Google AdSense, Google Earth, Google Talk, and more to come I hope.

Now I will concentrate on Google Search hacks. I will show how you can search for a particular file on the internet, and search your own website, even you dont have a search engine. Really cool for a fully static HTML website right? πŸ˜‰

At first, try to go to this link:
http://www.google.com.my/search?hl=en&q=mysql+ext%3Apdf&btnG=Search&meta=
You can see the search string in link provided. You can see, it can search for a particular topic and with what extension. You can also for a specific file using inurl. Try to search inurl:passwd.txt, you can see many search hits that found filename passwd.txt
This actually a vulnerablity to the owner of the system, where Google will reveal your confidential file. But, there is a solutions for system owner, using GHH – The “Google Hack” Honeypot. It will simulate the unsecure page, as if it is the vulnerable page, avoiding attackers from the actual possible vulnerable file.

Another tricks with Google is to search a particular file in your own site or domain. The example if in the link below:
http://www.google.com.my/search?hl=en&q=farhan+site%3Asbudi.net&btnG=Search&meta=
The search string used to search a keyword farhan in site sbudi.net.

I hope this article will be a guideline on how to find valuable information in the internet. Believe me, you’ll thank Google alot πŸ™‚

A funny conversation

>WOMAN: What would you do if I died?
> Would you get married again?
>MAN: Definitely not!
>WOMAN: Why not – don’t you like being married?
>MAN: Of course I do.
>WOMAN: Then why wouldn’t you remarry?
>MAN: Okay, I’d get married again.
>WOMAN: You would? (with a hurtful look on her face)
>MAN: (makes audible groan)
>WOMAN: Would you sleep with her in our bed?
>MAN: Where else would we sleep?
>WOMAN: Would you put away my pictures, and replace
>them with Pictures of her?
>MAN: That would seem like the proper thing to do.
>WOMAN: And would you let her use my golf clubs?
>MAN: She can’t use them; she’s left-handed.
>WOMAN: – – – silence – – –
>MAN: Shit.

ALIF – Antara Libur Insan Fikir

www.alif.com.my, have just being uploaded, and now visible for all user. But it still under construction, already open for registration, but not full with content yet.

The website is for all nasyid fans in Malaysia, concentrating on Malaysian nasyid artist. The website hope to serve users with latest information about nasyid concert, and any album release of any nasyid group. This website hope to be the nasyid portal, where it will be supported by all nasyid group in Malaysia such as Raihan, Rabbani, Hijjaz, InTeam, NowSeeHeart, Mestika, Brothers, UNIC, Mirwana, Far East, One Faith and many more.

ALIF need a dedicated team to cooperate and work together, to develope, to enhance the feature, and add news and events to be shared with all its members. Anyone interested please contact us, using our contact page.

Please have a visit, and do support us! Thanks for your support, we really appreciate it πŸ™‚

http://www.alif.com.my

How to dump your mysql database through command line

Mysql Database
I have a problem with my snort database. I have run snort for a few month, and the data logged have reach of to 400MB of alert. So, now, I want to download it back to my own pc, so that I can navigate through it faster, instead of using the slow internet connection, navigating using ACID interface..
I deal with mysql using command line interface, to backup and restore mysql database.

At first I issue this command in shell:
su-2.05b# mysqldump -a -u db_username -p db_name > snort_report.sql

It will then ask you the password of database user, enter it, and it will dump the database into the file, snort_report.sql
I actually cannot the run the command immediately, it tells the command was not found. I issue a command,

su-2.05b# which mysqldump

and it will then show you the true path of mysqldump.

Then I can download the file using Internet Download Manager, for faster download using direct link.

To restore back the file into the database, use this command:

su-2.05b# mysql -u USERNAME -p DATABASE < FILENAME.mysql

Hope this help you to do backup and restore for your database.

With free web hosting, going about marketing is much easier, particularly when there are only a few online jobs left as all are availing adsl.

Water disruption – IIUM is affected

These few days IIUM and the surrounding area still have water disruption, and many students have leave the campus to go back to their home town. IIUM cancel all classes from Monday and the class will continue on Thursday.
It is due to water plant been contaminated by of oil from an accident at KM 25 Karak Highway. The plant have to be cleaned and it now have been at last phase perhaps. Some rumours said the plant have already being cleaned now, just waiting for the water to filled up and supplied to the affected area.

All my friends also went outside, stay with friends around Kuala Lumpur. Me? stay and and survive πŸ™ Even my close friend from Kedah, also went to aa friend’s house in KL. Hope she’s happy to take shower everyday without any hassle πŸ™‚ Remember to come back here huh, we have class in Thursday. hehe..

Picture from TheStar
http://thestar.com.my/news/story.asp?file=/2005/9/13/nation/12025779&sec=nation
http://www.thestar.com.my/news/story.asp?file=/2005/9/13/nation/12023092&sec=nation

How to secure your page using .htaccess

htaccess

Want to have a secure page and prompt your user with this login window? πŸ™‚

I have setup ntop previously and I have to secure the page using .htaccess and .htpasswd file.

The process is quite simple atually, you can just have FTP access to set this things up. At first you have to create your .htaccess file. The format of your file is like below:

AuthName "Restricted Area"
AuthType Basic
AuthUserFile /var/local/html/.htpasswd
AuthGroupFile /dev/null
require valid-user

The file above will find the .htpasswd file, where it will contain your encrypted password. Below is the sample of .htaccess file with password mypassword:

farhan:VQv2aMigXGMkU

Upload them to your folder. You should put your .htpasswd out from the apache accessable file. Your user might just view your encrypted password easily, and make sure the path of .htpasswd in .htaccess file is correct. Upload them using ASCII instead of Binary.

You can use this website to create your .htaccess and .htpasswd files. It can generate the encrypted password for you.
http://www.tools.dynamicdrive.com/password/

Monitoring your server traffic with ntop – Cool! :)

ntop_all_proto
The is a tool, ntop, a tool that will give you statistic of your server. I keep wondering myself how much data have been transfered so far, and how much throughput rate d I get with this current provider. Now, ntop come and I get to install it in my server.

My main reference was this book, Linux Server Hacks, by Oreilly written by Andrew Lockhart, hacks #63 as well and written by Rob Flickenger in Network Security Hacks by Oreilly, hacks #64. Rob Flickenger also discuss about the same thing. The article look indentical, just the ilustration look different. Mr Lockhart refering to Flickenger’s writing actually.

I downloaded Ntop into /usr/port/distfiles/ and extract it to /usr/port/distfiles/ntop-3.2rc1/. Before installing ntop, I just added a user ntop with group ntop.

su-2.05b# ./configure
su-2.05b# make
su-2.05b# gmake clean

Ntop need to use gmake instead of make. I have tried using make install command, and it will show an error.

“You might run it using make, please use gmake instead”
*Somthing like that la…

After installing, it have automatically created /usr/local/etc/ntop/ and all the default ssl sertificate file have been there. These are default certificate, and you can also create a new certificate, sign it your own. Now I just have to initialize ntop database and set an adaministrative password. Ntop use round robin database, which is a good database for storing traffic report and logging. The main advantage of this database is it will not grow and fill up your harddisk. New entry will remove the old entry out.

su-2.05b# ntop -A -u ntop -P /usr/local/etc/ntop
10/Sep/2005 20:30:23 Initializing GDBM...
10/Sep/2005 20:30:23 Started thread (1026) for network packet analyser.
10/Sep/2005 20:30:23 Started thread (2051) for idle hosts detection.
10/Sep/2005 20:30:23 Started thread (3076) for DNS address resolution.
10/Sep/2005 20:30:23 Started thread (4101) for address purge.

Please enter the password for the admin user:
Please enter the password again:
10/Sep/2005 20:30:29 Admin user password has been set.

Then we initialize ntop, with https at port 1234(example) and run it as a daemon:

su-2.05b# ntop -u ntop -P /usr/local/etc/ntop -W1234 -d

The tools just works fine in my FreeBSD 4.11 server. By now it already run for 3 days and 6 hours. At first when my ntop aged around 2 days, the page will load very slow, it take up to 1 hour to load. I dont know what happen. Now, it works just fine, and it can display all the graph nicely.

By the way, you might want to secure your page avoiding other people from viewing your server statistic. The best and simple solutions is using .htaccess and .htpasswd file. Please refer to my next blog entry, on securing folder using .htaccess and .htpasswd file.

Ntop.org
Linux Server Hacks [O’Reilly] – Download here
Network Security Hacks [O’Reilly] – Download here

Google earth – Review

google-earth

I found another Google poroduct, Google Earth. You can have a visit to http://earth.google.com, the beta version software also can be downloaded from there..

The software is really cool. You can view I think almost any place in the world. I have downloaded Google Earth the free version. When I searched for “Kuala Lumpur”, the system will automatically search for it, and zoom into Kuala Lumpur. The map was not really precise, you cannot view up to the roads, but you can still view the main roads, roughly. You can estimate where’s your location on earth.

It also can tell you the details of your coordinate. The software also can integrate with your GPS device, but its not supported by the free version. It also have the functionality to view for lodging, dining, Bank/ATMs, Coffe house, shopping mall, Groceries, gas station, fire/hospital, pharmacy, golf, stadium, and many other places of interest.

Google Earth Plus just cost you USD 20. It can have more precise image for you, not like Google Plus. It also can import address points from a .cvs file. For a corporate use, you might need Google Earth Pro. Wow!

Anyway, Google might change how we define our locatin, by cordinates! πŸ™‚

http://earth.google.com
Google Earth Pro – Download(7 day trial)

Half terabyte harddisk?!

Hitachi's Deskstar 7K500Hitachi's Deskstar 7K500

Hitachi now have already launched 500GB harddisk Hitachi’s Deskstar 7K500.

There’s alot changes within these few years. I have experience myself using 4GB harddisk a few years ago, when I first using computer.

Internet and IT in malaysia in particular have change so fast, faster internet connection, and larger media storage, have push the demand for more harddisk space. I would say 500 GB harddisk is a need for personal computing as well. Even for myself, I have 40GB harddisk for my notebook, and 60GB for portable harddisk, still not enough!!

Looking forward to have more harddisk space, for personal, and for my server πŸ™‚

Wassalam..

http://techreport.com/reviews/2005q3/deskstar-7k500/index.x?pg=1