"Admin": Please don't reply directly to me. If you want to say something
that you don't want to share with the group, don't bother.
I did start replying to this email, but decided it wasn't worth it.
Anyone who uses language like this does not deserve a response, but it
made me chuckle so I thought I'd share it...
admin@xxxxxxxxxxxxxxxxxxx wrote:
Before you open your SMART MOUTH about me again, find out who I am first
smart ass.
I am a level 3 IASO(Information Assurance Security Officer) Certified
software Engineer. I work for the D.O.D. and if I have to spell it out for
you smart one it is, the "Department of Defense".
It is IDIOT's like you who no clue of what that MX record is tied to, and
the past attempts on banking systems tied to that IP address range whom rant
off like they know something, when you're an idiot in all sense of the word.
Yet you spout off like your just a know it all.
It amazes me you have not choked to death on a sandwich (lacking to brain
power to comprehend the chewing process).
Look moron before you pout around like you actually know something, be DAMN
sure you are so not so fucking stupid that your brain does not over load
your ass, like you just did.
This might be hard for someone in your capacity but R E A D B E L O W
Brain child!!!!!
******************Just released Security alert
****************************************************************************
****************************
IT security services provider ****** says from September through October, it
blocked anywhere from 10,000 to 20,000 SQL Injection attacks per day. But as
of November that number jumped from 10,000 to 40,000 to 80,000 per day.
SQL Injection is a type of security exploit in which the attacker adds
structured query language (SQL) code to a Web form input box to gain access
to a form's resources or to make changes to data. Using this technique,
hackers can determine the structure and location of key databases and can
download the database or compromise the database server.
****** says the majority of the attacks are coming from outside the US in
the Taiwan location.
SQL injection attacks include the CardSystems security breach last year,
where hackers stole 263,000 customer credit card numbers and exposed 40
million more.
################### SysWatch *** ####################
Processing Initiated: Sun Nov 17 04:02:01 2007
--------------------- SSHD Begin ------------------------
Failed logins from these:
admin/password from 59.124.45.124: 502 Time(s)
root/password from 59.124.45.124: 234 Time(s)
guest/password from 59.124.45.124: 19 Time(s)
Illegal users from these:
admin/none from 59.124.45.124: 1 Time(s)
root/none from 59.124.45.124: 3 Time(s)
guest/password from 59.124.45.124: 2 Time(s)
---------------------- SSHD End -------------------------
###################### SysWatch End #########################
****************************************************************************
****************************************************************************
-Stut
--
http://stut.net/
-----Original Message-----
From: Stut [mailto:stuttle@xxxxxxxxx]
Sent: Saturday, November 17, 2007 5:15 PM
To: admin@xxxxxxxxxxxxxxxxxxx
Cc: 'Ronald Wiplinger'; 'PHP General list'
Subject: Re: bank query and curl
admin@xxxxxxxxxxxxxxxxxxx wrote:
WHY! Would you even want to pull that data first off?
It would be out dated as of the next transaction anyway.
Secondly if you can curl the data from the server, and get your account
information! I suggest you change banks.
With that attitude you'll end up keeping your money under your bed.
Anything my browser can do curl can do.
Bad decision I think to make this attempt.
Why? If Ronald decides to access *his* account using a method other than
a browser, what is he doing wrong? The only downside to it is if he's
storing his authentication credentials somewhere so it can be an
automated process. Aside from that possibility I don't see the bad here.
You can bet I will be watching your networks for an attempt on
authentication failures.
Because that request does not sound RIGHT to me.
inetnum: 59.124.0.0 - 59.127.255.255
netname: HINET-NET
country: TW
descr: CHTD, Chunghwa Telecom Co.,Ltd.
descr: Data-Bldg.6F, No.21, Sec.21, Hsin-Yi Rd.
descr: Taipei Taiwan 100
Interland, Inc. MAXIM-NETBLK-1 (NET-216-65-0-0-1)
216.65.0.0 - 216.65.127.255
Poke Internet Services MAX-CUSTNET-348 (NET-216-65-86-0-1)
216.65.86.0 - 216.65.86.255
Wow. Look everyone, he knows how to look up the owner of an IP address.
Phear his mad sysadmin skillz!
Seriously, I highly doubt Ronald is going to try anything against your
systems. Just curious about something... what would you do if he did try
something? Call your mother and have a little cry?
-----Original Message-----
From: Ronald Wiplinger [mailto:ronald@xxxxxxxxx]
Sent: Friday, November 16, 2007 11:38 PM
To: PHP General list
Subject: bank query and curl
I have a bank account and would like to query the last transactions.
I can do that now via web and think that I can convert this procedure to
a list of curl requests and finally put the result into a database on my
server.
Fortunately this bank account does not allow transactions, just viewing
the account.
Is there a guide available how to start this project?
I would suggest the curl documentation. In order to duplicate what a
browser does you basically just need to make sure you persist cookies
between requests. Depending on what the site you're accessing does it
may not be particularly trivial to do this. You may end up needing to
parse each page that's returned to get the right URL to use for the next
request, but it shouldn't get any more complicated than that.
As I mentioned above I would strongly recommend that you do not store
your authentication credentials anywhere. If you need this to be an
automated system don't bother - it's not worth the risk.
Oh, and don't underestimate the damage that can be caused by someone
gaining access to this account. Just because you can't carry out
transactions through the site doesn't mean the information it gives you
access to can't be used for evil purposes.
One last thing... you may find yourself getting blocked from the banks
site if you make too many failed requests. You may want to pick another
site while you learn how curl works.
-Stut
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
