After 5 Web Design | February 10, 2007
I found another small security problem in Php Link Directory. It seems that in include/function.php pld relies on the HTTP_X_FORWARDED_FOR server variable. This is an unreliable variable and can be spoofed quite easily. Because of this, spammers are sending prebuilt posts to directories through proxy servers. This causes PLD to report the submitter's IP address incorrectly, so if you attempt to ban the submitter's IP address, they remain unaffected (while some poor schmuck who has had his IP address "borrowed" will be unable to submit links to your directory).
To fix this, open include/functions.php and find the following (around line 114 in pld 2.xx and around line 806 in pld 3.xx):
function get_client_ip() {
if (isset ($_SERVER['HTTP_X_FORWARDED_FOR']))
$ipAddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
else
$ipAddress = $_SERVER['REMOTE_ADDR'];
return $ipAddress;
}
and change it to:
function get_client_ip() {
$ipAddress = $_SERVER['REMOTE_ADDR'];
return $ipAddress;
}
This will cause pld to report the IP of the proxy (which is much tougher to spoof) instead of the fictitious IP address. Banning this IP will mean that proxy server will no longer be useful to the spammer.
Not quite as good as sending a cruise missile to the terrorist's house, but at least it gives you a way of preventing spam submissions.
After 5 Web Design | October 19, 2006
We discovered a pretty serious flaw in the code for PHPLD. It turns out that you can submit HTML in the Description, Title, and Owner's Name fields. After briefly dreaming of how easily we could hack the 10,000+ installs of phpld to gain all the free links we wanted (even in paid directories!), we reported it to the boys at
PHP Link Directory. We not only reported where the vulnerability was, we also sent them the code that could be used to fix it. Unfortunately, they haven't yet patched the code available for download, nor have they posted any information on how to patch the script.
Fortunately, the fix is rather simple. Open your submit.php file in your favorite editor and find these lines (on or around line 125):
$data['LAST_CHECKED'] = gmdate('Y-m-d H:i:s');
$data['DATE_ADDED'] = gmdate('Y-m-d H:i:s');
$data['DATE_MODIFIED'] = gmdate('Y-m-d H:i:s');
Insert these three new lines of code after them:
$data['DESCRIPTION'] = strip_tags($data['DESCRIPTION']);
$data['TITLE'] = strip_tags($data['TITLE']);
$data['OWNER_NAME'] = strip_tags($data['OWNER_NAME']);
This code will strip all the html tags from the Description, Title, and Owner's Name fields (in case it wasn't obvious). As a caveat, it will also prevent your admin panel from being hidden by spammers who are currently submitting malformed html links that say crap like "My dear web designer, it is nice."
Digg this
After 5 Web Design | December 23, 2005
Because of the sheer amount of comment spam we have been receiving (over 200 a day!), we are now limiting comments to the two weeks following the post. After the New Year we will start looking for better blog software. Any recommendations?
After 5 Web Design | December 5, 2005
It may be a bit early to say, but MSN is trouncing Google.
We suspected this the other day when we were searching for all the sites using the Article Dashboard softwre. We used the link: and linkdomain: commands to find all the sites linked to Article Dashboard, because their script includes a link to their site at the bottom of every page. MSN returned 39,131 results. Google? 2,410.
Another indication of MSN's creeping dominance was found in the server logs for my personal blog last night. MSN has spidered my site 23 times in the last month. Google has spidered it 83 times. But look at the results of a Site: command:
MSN: 139
Google: 5
Now, it could be that I've made some kind of G sh*t list due to my one Adsense incident, but I don't think so. I think it's just a matter of Google needing to learn the lesson pinball machine makers learned many years ago. In the old days, hitting a bumper on a pinball machine scored you one point. Then some brilliant guy got the idea to make a bumper worth 10 points. Oddly this made their machine more popular. Soon bumpers were worth 100 points, and those machines were more popular than the ones that only gave 10 points. Now-a-days, bumpers on pinball machines are worth 1,000 - 10,000 points. Even hardware manufacturers know this lesson well. When's the last time you bought a hard drive and actually got the number of gigs (or most likely megs) of storage advertised on the box? When purchasing AMD chips, what number is printed on the box? It's clock speed? Do 56k modems really go 56k?
In all fairness, just because MSN displays more info about sites than Google doesn't mean they have more. All the Google insiders point out that they get to see way more data on a daily basis than all us regular schmoes, and they like to point out that they see daily pagerank updates in their offices. So without knowing the real numbers, it may be unfair to compare Google and MSN results.
Or is it?
Google certainly judges your site by what's on the page, so if what's good for the goose is good for the gander, then judging Google by the results on their page is certainly fair.
Also, just because MSN has more information than Google doesn't mean their search results are more relevent. This could be a sign that Google has successfully weeded out more spam sites than MSN. But consider this, if I'm looking for the best candy in the world, which do you figure I'm going to chose: The candy store with the most popular candies, or the candy store with the widest selection? If MSN can organize their information in a way comparable to Google, I'll likely be cancelling my Adsense account.
After 5 Web Design | November 30, 2005
After 5 Web Design is happy to announce the release of Article Distributor. What is it? It is a semi-autonomous article submission application that can help article authors quickly submiter their articles to over 200 article sites. It only works with sites that use the Article Dashboard software, but with over 200 installations,
Article Dashboard is very popular.
Article Distributor is freely available from our Products -> Software page or can be downloaded from
http://www.after5webdesign.com/software/articledistributor.zip.
Note: During install, you may get a 1935 error. This is a permission denied error. It means you need to disable your virus scanner so the msxml4.dll can be copied to your Windows System folder.
After 5 Web Design | October 31, 2005
After 5 Web design is pleased to annouce our new one way link directory. The cost is currently $3 because unlike other directories, inclusion in the After 5 Web directory will also mean inclusion in all of our directories. All links are SEO friendly, spiderable, and pass PR.
There are currently only two other link directories:
http://www.ndthunder.com and
http://www.dakotatundra.com. Each directory is on a seperate IP address (69.93.45.234 and 216.86.146.12 respectively), and each directory is a functional directory in its own right, so these are not merely duplicated content scraper sites.
We have plans to add new directories as quickly as possible (in fact seven are in the works right now!), and the price will change accordingly. Pricing will be $1 per directory, so when we have 5 directories ready, the price will be increased to $5, and when we have 10 ready, the price will be $10. However, listing your link now will automatically get you included in all our future directories, so buying early is to your advantage.
After 5 Web Design is happy to be of service to the web master community.
After 5 Web Design | September 29, 2005
http://www.internetworldstats.com/am/us.htm
http://www.nielsen-netratings.com/pr/pr_050928.pdf
Nielsen Net Ratings reported that 42% of the US population uses broadband (meaning a connection speed of more than 56k) to access the internet. They also report that 68.5% of the US population accesses the internet. This means that about 59.5% of internet users are using a broadband connection. In 2002, it was estimated that only 13.8% of the US population would be using broadband by 2005.
68% internet penetration is an amazing number considering that the World Wide Web has only been around since 1991, and the first web browser (Mosaic) was developed in 1993. It's a long way to go in 12 years.
Telephone penetration rates have hovered around 95% for the last few decades. Telephone has been around for well over 100 years (128 if I remember my dates correctly).
{Note: The first commercial TV set were manufactured in Germany in 1934, but the US didn't start until 1938. By 1942, only about 8,000 had been produced. WWII kind of interupted things, and TV production was stopped until 1945.}
Comparing television's penetration rates for 1946 of 0.5% to 1962's 90% penetration, it appears that TV only took 16 years to reach 90% penetration, but one cannot doubt that GI's talked about the wonders of TV and used their disposable post-war income to accelerate TV's adoption. So, 90% pentration may have taken between 16 to 24 years if not for the war.
The standards for color TV were set in 1953, but color television did not reach 50% penetration until 1972. Nearly 20 years later.
56% of US households had cable or satellite television service in 2003 according to ZenithOptimedia.
Is there any doubt that the internet will transform (or has already transformed) our culture the same way television or the telephone did? In most cases, a business cannot truly be called a business if it does not have a telephone. Given these facts and figures, can one doubt that the internet will become one of the most integral resources available to businesses? We don't think so.