Google Blogsearch
May0
I just found out about this from a Google ad on Gmail, it seems the giant is taking the blogging information seriously. Pretty much the same as for regular searches however for faster indexing on results you can automatically send pings to their Blogsearch Pinging service.
More information on Pinging at http://www.google.com/support/faqs/bin/static.py?page=faq_blog_search.html&hl=en.
More information on Blogsearch at http://www.google.com/support/faqs/bin/static.py?page=faq_blog_search.html&hl=en
Gumblar .cn – Infiltrating Hosting Accounts
May0
Hosting accounts being compromised has been a common incident, however a sudden surge of this variant is quite alarming. This trojan does not target any particular software or script and is commonly exploited from a users computer where he usually FTP files to hosting accounts. The trojan scans for FTP usernames and passwords and use them to inject PHP scripts to the FTP server.
So far I have seen two variations, one being a slave for XSS attack and another as proxy or zombie perhaps for a DoS attack.
What to do or how do you know if you are infected? There is no simple prevention measure I can offer aside from asking you to scan and thoroughly clean your computer first. Download all your files from the ftp server, you can do PHP files only, however there is a probability a JS based file may exist as well. After downloading, scan all your files and reupload. Not too neat but it's the only method that works for me.
Cloak PHP Files as Directories and Force Trailing Slash via mod_rewrite
May0
In an effort to turn a client's website to be more SEO friendly, they wanted to have all PHP files appear as directories on URLs i.e. http://dotmanila.com/blog/php-cloak-and-force-traling-slash.php will end up as http://dotmanila.com/blog/php-cloak-and-force-traling-slash/. We've thought of creating a simple controller combined with mod_rewrite to handle this change on their 30+ websites, however it'll be inefficient to use a two-fold process. So we toyed with mod_rewrite and came up below.
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
# These first set of rules makes sure that visitors
# are viewing the WWW domain i.e. www.dotmanila.com
Rewritecond %{HTTP_HOST} !^www\.dotmanila\.com
RewriteRule (.*) http://www.dotmanila.com/$1/ [R=301,L]
# The next set of rules checks that if the URL
# does not have a trailing slash and
# the requested file/directory when appended
# with the .php extension physically exist on the server
# the we will append a traling slash
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteCond %{REQUEST_URI} !(.*)/$
RewriteRule ^(.*)$ http://www.dotmanila.com/$1/ [L,R=301]
# The last set of rules makes sure that if
# the requested URL is in proper format the
# corresponding PHP file is mapped.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.*)/$ /$1.php [NS,L]
Cheers!