Jump to content


  • Posts

  • Joined

  • Last visited

Contact Methods

  • Website URL

Profile Information

  • Gender
  • Location
    Hollister, CA

Pony99CA's Achievements


Enthusiast (6/14)

  • First Post
  • Collaborator
  • Conversation Starter
  • Week One Done
  • One Month Later

Recent Badges



  1. That notice (posted 5/31/2012 -- yesterday) that you linked to says the following: "Identified during the course of normal QA"? "No reason to believe that these vulnerabilities are known to the public"? Really? Is having client sites get hacked "normal Quality Assurance testing"? Are they just lying? If they really did identify these as part of QA, shouldn't the patch have been available earlier? They also mentioned automatic updates. Does TCH have cPanel and WHM automatically update? Steve
  2. I can log into my cPanel on various sites, but I can't access phpMyAdmin or WHM. Steve
  3. Is that post going to be here, or was it made somewhere else? I'm very curious what happened. A client of mine also reported being hacked (my reseller account is on jandoon), and her password isn't obvious. Based on the extent of the damage, I'd guess they got access to the server as a whole, not individual accounts. I suppose that this loser could have guessed a lot of client passwords (I've seen a hack on a discussion board that I used to help on where they accessed accounts whose passwords were the same as their user names), but I don't think that happened in this case given that my client's password isn't that poor. By the way, you can use a service like my-ip-neighbors.com to find out who else is on your server. Steve
  4. A spammer's post triggered an update notification about this. Was the problem's cause ever described here? I'm still curious what it was. Thanks, Steve
  5. OK, I opened a ticket. The response was to upgrade me to PHP 5.3. Upgrading to PHP 5.3 did fix the problem, but that doesn't explain why PHP 5.2 doesn't display errors. It appears that the transition isn't as seamless as expected. Steve
  6. Since this update was done, something seems to have gone wrong with PHP error handling. I was updating a script that was working a few weeks ago. When I ran it, I got no output, so I added ECHO statements, which did appear. That lead me to believe that there might be an error in my script, so I intentionally added a syntax error and ran the script again. No error message was output! To prove that it wasn't my updates, I took another script of mine, uploaded it, ran it and it worked fine. I then injected a syntax error, ran it and got no output at all. Previously, when I had a PHP error, I'd get output in my browser about the error (type of error, line number, etc.), but I'm not getting that now. Did anything change with regard to PHP errors? Thanks, Steve
  7. I'm trying to block any E-mail containing URLs to Russian, Chinese and Indian sites. I thought that the following regexp would catch most of them: http://('>http://([a-z0-9_+-]+\.)*[a-z0-9_+-]+\.(ru|in|cn) However, for some reason, it also blocks http://www.billrussel.com which I don't want. i've tried various permutations, like: http://([a-z0-9_+-]+\.)*[a-z0-9_+-]+\.(ru|in|cn)\b which also generated false positives. What's a good regexp to use that works both within text and at the end of text? Thanks for any help, Steve
  8. That's good. Can we have any information on what component (high-level -- PHP, Apache, a forum, etc.) was compromised? It will help us determine whether or not we have anything to worry about. Thanks, Steve
  9. If this exploit was unknown to the public, did you forward it to the appropriate software developers and/or reputable security agencies? I'd be curious in knowing what component was exploited (obviously you can't release the details of how the exploit was done). Steve
  10. I just noticed this now. I guess there needs to be a way to auto-subscribe people to their own birthday topic here.... Thanks, Steve
  11. Sorry, maybe I wasn't clear. I meant that IE and ISPs providing their own search pages was like VeriSign's Site Finder, not that it was similar to what Network Solutions is doing by holding the domains themselves. Regarding Network Solutions, do registrars make available data on what domains were searched for? I can understand making data available on what is actually registered, but why would they show what was being searched for? (Well, maybe to get more money, I suppose. ) Steve
  12. Wild West Domains is GoDaddy's subsidiary that allows affiliate domain sales. Compare Wild West Domain.com's WHOIS information: Wild West Domains, Inc. 14455 N Hayden Rd #219 Scottsdale, Arizona 85260 United States with GoDaddy.com's: GoDaddy.com, Inc. 14455 N Hayden Rd #226 Scottsdale, Arizona 85260 United States Look familiar? But see if you can find GoDaddy mentioned on Wild West's site.... However, if you visit GoDaddy's Reseller page, you'll see the link. So it's quite likely that TCH gets a cut of the sales -- not that that's necessarily a bad thing. And it doesn't mean that TCH is registering searched domains, of course. Steve
  13. Network Solutions isn't the only registrar that has been accused of shady business practices. Remember VeriSign's "Site Finder", which basically did default routing (routing unregistered domains to their own page), similar to what Ken Ham did with the .cm domain mentioned in TCH-Dick's post. It seems like Microsoft's Internet Explorer and various ISPs (including Charter, which I use) do the same thing now. Steve
  14. REMOTE_ADDR worked and showed my IP address, but REMOTE_HOST didn't show my host name. IP Chicken does show my host name. It's not a big deal, though. Thanks for the information, Steve
  15. Yes, I can think of a few reasons why somebody might want to do it, but that's just speculation. I want to know why the OP wanted to do it -- there may be better ways to handle the task. One thing a good designer should do is get the real reason for a requirement. For example, if somebody says "I want this text bold on my site", it's easy to tell them about the B HTML tag (or, better, the SPAN tag with appropriate CSS). However, it's better to understand why they want the text bold -- is it just for looks, or is it part of something bigger that may be better handled by creating a new CSS class. Steve
  • Create New...