Utter Randomness

As mentioned in a previous post, I’m being spammed and hard. Phpbb3’s captcha has been broken, and I needed a fix. With phpbb.com down due to unrelated problems, I set off to create my own captcha.

In this post, I will walk you through the steps of modifying the captcha to display a math problem (addition). If you have the brains/guts, you can easily modify this to make it more secure, do subtraction, and make the text harder to read by bots – but the fact is, this is currently a unique system. There’s no need to change the text to anything fancy at the moment.

Where do we start? The most obvious is to decide your target areas.
Backup all files before proceeding.

Changing the captcha in guest chat sections
All of the changes we’ll be doing in this section center around posting.php, which is in the root directory.

Let’s start off by changing the line that displays the captcha image.
Find this line:

1

'CONFIRM_IMAGE'				=> '<img src="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=confirm&amp;id=' . $confirm_id . '&amp;type=' . CONFIRM_POST) . '" alt="" title="" />',

And change it to this:

1

'CONFIRM_IMAGE' => '<img src="'.$phpbb_root_path.'conf.'.$phpEx.'?s1='.$seed.'&s2='.$seed2.'">',

Because we’re not using the default captcha anymore, go ahead and delete the following lines:

1

$seed -= 0x7fffffff * floor($seed / 0x7fffffff);

Alrighty, now we want to generate 2 random numbers between 1 and 5 for the user to add together, so he can easily do it without being annoyed.

Find this line:

1

$seed = hexdec(substr(unique_id(), 4, 10));

and change it to

1

$seed = rand(1,5);

And after that line, add the following two lines:

1
2

$seed2 = rand(1,5);
$seed3=$seed+$seed2;

Now scroll down a bit until you find the $sql variable. Change the code and seed lines to these:

1
2

'code'			=> (string) $seed3,
'seed'			=> (int) $seed3)

Now we have the SUM of $seed and $seed2 stored in the database in the spot previously held by phpbb’s captcha. This is so we don’t have to muck around changing the database. (Note here: If it doesn’t work you may need to go in with phpmyadmin and change the confirm table to be unsigned).

What do we have so far? We have the sum of two values stored in a database, and the captcha image changed to a custom value. The form should also be able to check if the value is correct without further changes.

The captcha generator
Create a new file and name it conf.php. Paste this into the file:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

<?php
	$img = imagecreate(250, 32);
	$background_color = imagecolorallocate($img,222,190,148);
	$black = imagecolorallocate($img, 0, 0, 0);
	$str = "";
	if(!isset($_REQUEST['s1']) || !isset($_REQUEST['s2'])) {
		$str=" Error. Please refresh page.";
	} else {
		$str="What is ".$_REQUEST['s1']." + ".$_REQUEST['s2']."?";
	}
	// 12 is font
	imagestring($img,12,0,0,$str,$black);
	header('Content-type: image/gif');
	imagegif($img);
	imagedestroy($img);
?>

This will take 2 get parameters and simple say “What is X + Y”. Save this file into your root install folder, where posting.php is. Change the $background_color to your own preferences; currently it is a tannish color to fit into the theme of my site.

Now just upload the files to your server (remember: backup if you haven’t already), and hopefully all will be working well.

Live PHP image creation demo: http://kingoflands.com/forum/conf.php?s1=Phpbb&s2=Captcha

If you have any problems, post a comment. I created this captcha system yesterday and I’m hoping I included everything I did in it.

- Adding this to the registration page is yet to be added.

Over the last week, me and many others with phpbb3 forums have been pounded with spam. Same old, trying to sell meds. This is occurring on the registration page and guest chat sections. For registration, they simply put a link to their drug selling site in their profile and never post. In the guest chat section, they write out spam posts.

What’s causing this? A cracked (able to be solved by bots) captcha. Being the geek that I am, I changed the captcha system to something completely different – and the spam dropped dead. I haven’t yet put the new captcha on the registration page, and surprise surprise, I’m still getting spam registrations. This is almost definitely a bot.

Voice your thoughts on this, want a solution? I may give some starting points if I get comments requesting an example. Otherwise, just try out google.

Basically, you have an image with text that is vertically aligned to the right of the image. I never found a solution on the internet, and this is what I came up with in my spare time poking around:

1
2
3
4

<div>
<div style="float: left;"><img src="./apple.png" alt="" /></div>
<div style="text-align: left; line-height: 42px;">right text</div>
</div>

Short and sweet. It does not auto adjust to the image; so you’ll have to change line-height to your liking. This is similar to wordwrapping, but not quite.

Finished example:

Well there’s never really been a  great place on the web for me to find out how, and after a lot of searching and trial and error, I found a way that works. If you have the JDK correctly installed and working in the classpath, go to Start->Run->cmd and hit enter, or vista users Start->type in cmd in the searchbox->enter / click the only thing that shows up. Now type in “cd C:/path/to/your/directory” to get to the current directory of your jar file.

keytool -genkey -alias YOURALIAS -keystore YOURSTORE 
-keypass KEYPASS -dname "cn=YOUR NAME" -storepass STOREPASS

jarsigner -keystore YOURSTORE -storepass STOREPASS -keypass KEYPASS 
-signedjar SIGNEDJAR.jar ORIGJAR.jar YOURALIAS

keytool -export -keystore YOURSTORE -storepass STOREPASS 
-alias YOURALIAS -file YOURCERT.cer

Just replace what’s in capitals for your own values, and it should work happily.

** NOTICE: Wordpress is one big failure at wordwrapping. I had to split each of these into two lines. The second line should still be on the first line in the command prompt, and there should be a space between “YOURSTORE -keypass” like that.

We’ve all seen it (haven’t we?). Go check out wikipedia first if you don’t know what I’m talking about.

The internet. Yet another way for short or bullied kids to get on and attempt to gain power. Emotionally, physically, it doesn’t really  matter. Maybe they’re ignored by everyone else and strive for attention. Maybe their parents divorced, died, or ignore them. Whatever the cause, they are here, today, on the internet.

Their mission: Power and attention mostly. Often mini-modding or backseat-modding forums and messageboards, they want a sense of control. I find that these people will also often beg for moderator positions as well, and I dare not allow anyone like that to get the power on my own sites.

I personally believe that if you ignore these types of people for a long enough amount of time (which you should), they will turn into “griefers”. These are the types of people that go around games and websites puposely attempting to anger others and disrupt order. It’s all about them, after all. They strive for attention and power so much that they resort to such low methods of getting that attention, and in the end, just get banned from the website or game. Another common method is to steal others’ works. Many people are amazed at what that pathetic excuse of a human is capable of doing until someone else comes along and points out that it is not, in fact, their work.

Why the internet? It’s the easiest place to go. I don’t know any exact statistics (and would love one, if any readers happen to find one), for the number of kids who are growing up with 1 or more computers in their house and with some type of internet, DSL seems to be quite popular. Because they already have the tools they  need – internet, a computer with a keyboard, off they go searching for a place they first want to call home. How do they determine which site(s) they want to infest? I don’t know. How do we choose which sites to frequent?

They’re out there. Sensitive, and probably alone in the world. Ignore or comfort, your choice. I’ve never had any success with trying to confront, comfort, or befriend them. They’re unbearable and will spam IMs, e-mails, and PMs on forums/message boards when they finally begin the change to the aforementioned “griefer”. Then you will most likely be forced to leave them. Too unbearable, even for you! They’ll probably get worse, I suppose you and I may  never know. What I think they really need is a good school counselor and a loving home.

Well, this is a short and sweet text guide to create a new administrator account on Vista, if for some reason you have no more. This was created for a friend who for some reason deleted every single administrator account on his PC.

This guide has been UNTESTED, and will only work on Vista – not XP.

Following the steps below will create a *new* administrator account on your PC.
if you get stuck, are unsure, or think errors may be showing, I can’t help. I don’t have Vista. Remember: Follow the steps carefully.
It shouldn’t mess up your computer if you do any of the steps wrong, but you never know.

Download this file:
http://sourceforge.net/project/downloading.php?groupname=infrarecorder&filename=ir0462.exe&use_mirror=internap
—
This is a 100% free and simple CD burning program, you need it to burn the .iso file listed below

Download this file:
ftp://mirror.switch.ch/mirror/backtrack/bt3-final.iso
—
This is the CD image for something that can create a new Vista admin account. This is a BIIIGGGG file.
It can take 5 hours + to download.

Instructions:
1. Download the 2 files listed above
2. Install the .exe file. This is the program Infrarecorder, a CD burner.
3. Insert a blank CDR-RW disc into your CD drive, and click “Do nothing” or “Cancel” if a message pops up
4. Open Infra recorder
5. At the top menu, Go to Actions->Burn Image…
6. Select bt3-final.iso and click ‘Open’
7. A window will pop up. Find the “Write speed” drop down list and select something lower, like 28x.
8. Click the ok button
9. The easiest way to tell when it’s done is when it ejects the CD.
10. Once the CD is burned, put it into your CD drive and immediately reboot the computer.
11. If once it starts booting off of the CD, it stops for a while and an option is to press the spacebar, press the space bar
12. Now.. If all is done right so far, text should be flying across your screen like a rabid squirrel
13. After a few minutes or less of text flying around, eventually a background image will appear, along with a mouse saying “<<< Backtrack 3″.
- If no image appears, and you see red text reading “Welcome to BackTrack 3″, type the following w/out quotes and hitting enter after each.
“root”
“toor”
- Now skip to step 17.
14. Now, in the bottom left corner there will be an icon with a pencil and paper. Right click the icon, go to Panel menu -> Add Application to Panel -> System -> Konsole
15. A new icon will appear in the bottom left corner. It is black, and should be the second item. Click it.
16. A new window will pop up.
17. With the shell window open, type the following without quotes and pressing enter after each one
*** THE FOLLOWING ARE CaSe SeNsItIvE
“cd /mnt”
“ls”
“cd hda1″
- If it says that it can’t find it, you’ll have to figure out what it named your hdd.
“cd Windows”
- If it says it can’t find Windows, try “WINDOWS”
“cd System32″
- If it says it can’t find System32, try “system32″
“mv Utilman.exe Utilman.old”
“cp cmd.exe Utilman.exe”

18. Eject the CD and reboot the computer
19. At the login screen do the following:
20. Press and hold the Windows key (usually between CTRL and ALT) and press U
21. A black window should pop up.
22. Type the following into the window without quotes and pressing enter after each:
“net user backupadmin 3MERGENCY /add”
“net localgroup administrators backupadmin /add
23. Reboot your computer and login with the username “backupadmin” and password “3MERGENCY”

… Now. If you happen to wipe out all admin accounts on your computer again, restart your computer and go to step 20

In this little tutorial I’ll take you step by step through creating a sticky note.

Finished product:

Let’s begin.

First of all, create a new image (Preferably a little larger than the size of your sticky note, just so you have a little working room). I’m creating mine at 128×128.

Then, if you don’t have the layers and paths window open, you will need to. Go to Windows->Layers,Channels,Paths… A new window will pop up.

Now select the paths tool. Here’s the icon:

What we must do next is to create points so we can make a nice, smooth, outline for the stickynote. Dealing with the paths tool can be pretty confusing, especially if you don’t know what you’re doing. Considering many of you readers may be new to GIMP, or just the paths tool, I will go into a bit of detail on how to handle it.

Placing points
Click in one of the corners of your image with the paths tool created. A circle will appear. Click the mouse again somewhere else, and other circle will appear and so on and so forth.

Deleting points
Made a mistake? Well, click the point and press the backspace button to delete it. Oddly enough, the delete key doesn’t work.

Moving points
Of course you’re going to mess up or at least want to tweak the position of the points you place. To move a point, first select the paths tool then move the mouse to a middle of a point (the circle). Then click and drag it. You’ll know it’s ready to move the point when you see the standard arrowed cross in the top right corner of your mouse. ** Don’t forget: If you move points before finishing the design, you may want to change which point is selected. After all, when you left click again it creates a point stemming from the currently selected point.

Curving
This is pretty hard to do unless you create a new point for the sole purpose of being curved. To create a point with an associated curve, click and drag the mouse instead of just clicking. It takes a bit of moving to get the desired curve. Look at the diagram below. The box labeled 1 is what controls the curve. Move that box or the point to alter the curve.

The box labeled 2 will not affect the curve.

Finishing (Connecting beginning and ending points)
Make sure you have the last point selected (the one you want to connect to the other end). Then hover your mouse over the other end point, hold control, and click. Tada!

Now we need to turn that into a selection, because we can’t do much with it as a path. In the Layers, Channels, and Paths window which we may or may not have opened at the beginning of this post, click on the 3rd tab.

Then click on the path that you want to make a selection (Unnamed, usually. May be Unnamed#1, etc, if you had trouble with the thing). Then right click it, and click “Path to selection”.

Alright now if you’ve used any image editing software before, you know how to deal with selections.  Now you can put a gradient/solid color etc inside the selection. I decided to go with a 2 color gradient. The colors are:  ffde6d and ffe58c.

With the selection still active, click the first tab in the Layers,Chan,Paths window to go back to the layers. Then create a new layer. This step is optional, to add some shading. Icon:

Now, change the foreground color to something a bit darker, like efc944. Next, scroll down on your tools window at the bottom to reveal more options. Change the pressure to something low, I used 4.0. Next select a the size 9 fuzzy brush.  Then, with the new layer selected, shade around the edges or wherever you feel like shading. If it’s too dark, simply change the opacity of the layer. Mine came out dark so I changed the opacity to 45 and it looked nice.

Yay! We’re done! Viner hand size 12 font is a good font to use.

Finding a fast, reliable webhost can be quite a challenge – especially if you don’t want to spend any money. If you just want to host a blog or a forum, then search google – there’s plenty of free services out there that allow you to do that easily. However, if you want to build your own site or control every aspect you’ll want to find a webhost.

Here’s some basic tips

• Check the age of the supposed “company”. Nowadays, the hosting market has become very saturated and reselling has become popular.
• Don’t fall for “overselling”. This is when a host will offer you absurd amounts of bandwidth and space at no cost. These high numbers are just there to attract you – and it works.
• Check for forums. Many hosts are starting to create forums for their users to chat on. Check the number of users and activity and use it as a potential guide.
• Look for reviews on the internet. This one is very important – other users will post their experiences, good and bad, about the host. A word of warning though: Quite a few hosts have been caught paying people to write good reviews for them. If the host is truly bad, the number of bad reviews will still clearly outshine the good.
• Try to find their uptime stats. You wouldn’t want to find out that your host that claimed 98% uptime has less than 80%.
• Look at their features. For a free host, mysql/sendmail/fsockopen and a few others can easily lead to abuse and are often not available on free hosts. If you absolutely need these, make sure you check if the host offers it before signing up.
• Read their TOS. This can be a very important one – if you want to host a proxy site, that generally won’t happen on free or paid hosting due to the CPU intensity of these sites. Also it is important because some hosts don’t want to host games or photo galleries, which may be what you want to create. Save your time, effort, and possibly money by at least skimming through the TOS. On top of that, remember when I mentioned overselling earlier? Well, this becomes key in their TOS. Often, it will say that the hundreds of GBs of bandwidth they offer you must not exceed ___% bandwidth for files that aren’t text based like html/php. If you want to host some images/software etc, this can be critical.

Good luck in your searches!

First off, to avoid confusion I’m talking about the candy malted milk balls. Not burgers. So anyway, if you’ve had probably 2-3 boxes of whoppers in your life, you’ll realize that some of the whoppers in a box (3 or less usually), are bad/disgusting/icky. SOoooo I had 2 bad whoppers in this last box I had, and after the first one I set off on a way to avoid eating the bad ones. Now really, it’s quite easy to tell which whoppers you shouldn’t eat!

Here’s a picture of a bad whopper:

Not pleasant! So, what are the signs?

1. A not-so-round shape. Loppy, bulgy, whatever.
2. It looks like a squirrel attacked it. It’s got little scratch-like marks all over it
3. Cut it in half and what do you see? Looks like the inside of some alien egg.

So, a long time ago (probably 2 years), I created 2 functions using the GameMaker engine that did super simple XOR encryption. XOR encryption is often debatable as being true encryption or not; but I call it encryption anyway. It’s easy to crack and should NOT be used for sensitive data, there are stronger methods out there. Now, onto the simple and short source.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

public String xorEnc(int encKey, String toEnc) {
        /*
            Usage: str = xorEnc(integer_key,string_to_encrypt);
            Created by Matthew Shaffer (matt-shaffer.com)
        */
        int t=0;
        String s1="";
        String tog="";
        if(encKey>0) {
            while(t < toEnc.length()) {
                int a=toEnc.charAt(t);
                int c=a ^ encKey;
                char d=(char)c;
                tog=tog+d;
                t++;
            }
 
        }
        return tog;
    }
    public String xorEncStr(String encKey, String toEnc) {
        /*
            Usage: str = xorEnc(string_key,string_to_encrypt);
            Created by Matthew Shaffer (matt-shaffer.com)
        */
        int t=0;
        int encKeyI=0;
 
        while(t < encKey.length()) {
            encKeyI+=encKey.charAt(t);
            t+=1;
        }
        return xorEnc(encKeyI,toEnc);
    }

I’m not going to bother explaing much how these two functions work. Using them is simple and you should read the comments in the functions, and I’m pretty sure all you want to do is rip them anyway. xorEncStr basically converts the string key you provide it into an integer and passes it to xorEnc. Both of the above functions have been tested to work!