MoonPoint Support Logo

 

Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
January
Sun Mon Tue Wed Thu Fri Sat
   
   
2008
Months
Jan


Thu, Jan 31, 2008 4:59 pm

Make wget Pretend to Be Internet Explorer

I have a script that I manually run to download a particular webpage based on a parameter that I submit to the script. The script downloads the webpage with wget then parses the webpage for specific information and displays only that information. The script had been running fine until today, but produced an error message when I ran it today. When I checked the information being retrieved by wget, I found that instead of the desired webpage, I was getting "Sorry. This page may not be spidered."

When a browser retrieves a webpage, it sends a set of values to the webserver. Those values, which are called "headers", include a "user-agent" header that identifies the browser to the server. E.g. a particular version of Internet Explorer may identify itself as "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)".

Some websites may use the user-agent header for statistical purposes, e.g. to determine which browsers are most commonly used to access the website. Such information may help a web developer tailor the site to the ones most commonly used to view the site. Or the the website developer can use the information to tailor its output to the browser being used by a particular user. E.g., if a browser doesn't support a particular feature used in the code on the website, the website software can present the viewer with an alternative webpage.

Wget identifies itself as "wget x.y.z", where x.y.z is the version of wget in use, e.g. "wget 1.8.2". So, if you retrieve a webpage with wget, the webserver might see User-Agent: Wget/1.8.2" as one of the headers submitted to it by the browser.

In this case the website, where the page resided I wanted to access, was seeing User-Agent: Wget/1.8.2" and denying access to the page. Fortunately, you can use the --user-agent argument for wget to specify that wget announce itself to a webserver as any browser you might wish to emulate.

-U agent-string
       --user-agent=agent-string
           Identify as agent-string to the HTTP server.

           The HTTP protocol allows the clients to identify themselves using a
           "User-Agent" header field.  This enables distinguishing the WWW
           software, usually for statistical purposes or for tracing of proto-
           col violations.  Wget normally identifies as Wget/version, version
           being the current version number of Wget.

           However, some sites have been known to impose the policy of tailor-
           ing the output according to the "User-Agent"-supplied information.
           While conceptually this is not such a bad idea, it has been abused
           by servers denying information to clients other than "Mozilla" or
           Microsoft "Internet Explorer".  This option allows you to change
           the "User-Agent" line issued by Wget.  Use of this option is dis-
           couraged, unless you really know what you are doing.

I had wget pretend to be Internet Explorer by using the command below:

wget --user-agent="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" --quiet --output-document=$outfile $url

After editing my script to use the --user-agent option, the script was able to download the webpage as before, placing the output in the file designated by the $outfile variable in the script and using the URL I specified as an argument to the script.

References:

  1. Masquerading Your Browser
    By Eric Giguere
    September 19, 2003
    Updated October 28, 2004
    ericgiguère.com resources for software developers

[/network/web/tools/wget] permanent link

Sun, Jan 27, 2008 10:44 pm

Upgrade of Apache From Version 2.0.39 to Version 2.0.59

A scan of a Solaris 7 system found several vulnerabilities for Apache on the system. Most of them appeared to be due to the version of Apache on the system not being up-to-date. I checked the version of Apache running on the system by using telnet to connect to port 80 and then issuing the HEAD / HTTP/1.0 command.
# telnet 127.0.0.1 80
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
HEAD / HTTP/1.0

HTTP/1.1 200 OK
Date: Fri, 25 Jan 2008 03:29:30 GMT
Server: Apache/2.0.39 (Unix)
Last-Modified: Thu, 29 Nov 2007 04:39:44 GMT
ETag: "89124-5df-e729c400"
Accept-Ranges: bytes
Content-Length: 1503
Connection: close
Content-Type: text/html; charset=ISO-8859-1

Connection closed by foreign host.

The version was 2.0.39, so it was out-of-date. You can also check the version with the apachectl command.

# /usr/local/apache2/bin/apachectl -v
Server version: Apache/2.0.39
Server built:   Jun 26 2002 01:03:14

Version 2.0.59 is the current version listed at Sunfreeware.com - SPARC/Solaris 7 Packages.

The dependencies statement for Apache 2.0.59 listed libiconv as a dependency and stated "you may need /usr/local/lib/libgcc_s.so.1 either from the libgcc-3.3 or gcc-3.3.2 or higher packages." When I checked the version of gcc with gcc -v, I saw it was 3.0.4. So I first upgraded libiconv.

I installed libiconv 1.11 on a Sun SPARC Solaris 7 system. I obtained the package from Sunfreeware.com - SPARC/Solaris 7 Packages.

# gunzip libiconv-1.11-sol7-sparc-local.gz
# pkgadd -d libiconv-1.11-sol7-sparc-local

The following packages are available:
  1  SMCliconv     libiconv
                   (sparc) 1.11

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: all

Processing package instance <SMCliconv> from </home/jdoe/libiconv-1.11-sol7-sparc-local>

libiconv
(sparc) 1.11
Bruno Haible
Using </usr/local> as the package base directory.
## Processing package information.
## Processing system information.
   12 package pathnames are already properly installed.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.

The following files are already installed on the system and are being
used by another package:
  /usr/local/bin/iconv
  /usr/local/doc/libiconv/ABOUT-NLS
  /usr/local/doc/libiconv/AUTHORS
  /usr/local/doc/libiconv/COPYING.LIB
  /usr/local/doc/libiconv/ChangeLog
  /usr/local/doc/libiconv/DESIGN
  /usr/local/doc/libiconv/INSTALL.generic
  /usr/local/doc/libiconv/NEWS
  /usr/local/doc/libiconv/NOTES
  /usr/local/doc/libiconv/PORTS
  /usr/local/doc/libiconv/README
  /usr/local/doc/libiconv/README.djgpp
  /usr/local/doc/libiconv/README.os2
  /usr/local/doc/libiconv/README.woe32
  /usr/local/doc/libiconv/THANKS
  /usr/local/include/iconv.h
  /usr/local/include/libcharset.h
  /usr/local/lib/libcharset.a
  /usr/local/lib/libcharset.la
[Hit <RETURN> to continue display]

  /usr/local/lib/libcharset.so.1.0.0
  /usr/local/lib/libiconv.la
  /usr/local/lib/libiconv.so
  /usr/local/lib/libiconv.so.2
  /usr/local/man/man1/iconv.1
  /usr/local/man/man3/iconv.3
  /usr/local/man/man3/iconv_close.3
  /usr/local/man/man3/iconv_open.3

* - conflict with a file which does not belong to any package.

Do you want to install these conflicting files [y,n,?,q] y
## Checking for setuid/setgid programs.

Installing libiconv as <SMCliconv>

## Installing part 1 of 1.
/usr/local/bin/iconv
/usr/local/doc/libiconv/ABOUT-NLS
/usr/local/doc/libiconv/AUTHORS
/usr/local/doc/libiconv/COPYING.LIB
/usr/local/doc/libiconv/ChangeLog
/usr/local/doc/libiconv/DESIGN
/usr/local/doc/libiconv/INSTALL.generic
/usr/local/doc/libiconv/NEWS
/usr/local/doc/libiconv/NOTES
/usr/local/doc/libiconv/PORTS
/usr/local/doc/libiconv/README
/usr/local/doc/libiconv/README.djgpp
/usr/local/doc/libiconv/README.os2
/usr/local/doc/libiconv/README.woe32
/usr/local/doc/libiconv/THANKS
/usr/local/include/iconv.h
/usr/local/include/libcharset.h
/usr/local/include/localcharset.h
/usr/local/lib/libcharset.a
/usr/local/lib/libcharset.la
/usr/local/lib/libcharset.so.1.0.0
/usr/local/lib/libiconv.la
/usr/local/lib/libiconv.so <symbolic link>
/usr/local/lib/libiconv.so.2 <symbolic link>
/usr/local/lib/libiconv.so.2.4.0
/usr/local/lib/preloadable_libiconv.so
/usr/local/man/man1/iconv.1
/usr/local/man/man3/iconv.3
/usr/local/man/man3/iconv_close.3
/usr/local/man/man3/iconv_open.3
/usr/local/man/man3/iconvctl.3
/usr/local/share/doc/iconv.1.html
/usr/local/share/doc/iconv.3.html
/usr/local/share/doc/iconv_close.3.html
/usr/local/share/doc/iconv_open.3.html
/usr/local/share/doc/iconvctl.3.html
[ verifying class <none> ]

Installation of <SMCliconv> was successful.

Since libintl was listed as a dependency for libiconv, I tried to determine if libintl on the system was the latest version. I looked for libiintl files on the system. I found several.

# find / -name libintl\* -print
/usr/lib/sparcv9/libintl.so
/usr/lib/sparcv9/libintl.so.1
/usr/lib/libintl.so
/usr/lib/libintl.so.1
/usr/lib/libintl.a
/usr/include/libintl.h
/usr/share/man/sman4/libintl.4
/usr/local/lib/gcc-lib/sparc-sun-solaris2.7/3.0.4/include/libintl.h

When I looked in /usr/include/libintl.h, I saw it was version 1.12, so I upgraded libintl to the 3.4.0 version from Sunfreeware.com - SPARC/Solaris 7 Packages.

# gunzip libintl-3.4.0-sol7-sparc-local.gz
# pkgadd -d libintl-3.4.0-sol7-sparc-local

The following packages are available:
  1  SMClintl     libintl
                  (sparc) 3.4.0

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:

Processing package instance <SMClintl> from </home/jdoe/libintl-3.4.0-sol7-sparc-local>

libintl
(sparc) 3.4.0
FSF
Using </usr/local> as the package base directory.
## Processing package information.
## Processing system information.
   2 package pathnames are already properly installed.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
## Checking for setuid/setgid programs.

Installing libintl as <SMClintl>

## Installing part 1 of 1.
/usr/local/include/libintl.h
/usr/local/lib/libintl.a
/usr/local/lib/libintl.la
/usr/local/lib/libintl.so <symbolic link>
/usr/local/lib/libintl.so.3 <symbolic link>
/usr/local/lib/libintl.so.3.4.0
/usr/local/lib/libintl.so.8 <symbolic link>
/usr/local/lib/libintl.so.8.0.2
[ verifying class <none> ]

Installation of <SMClintl> was successful.

I then upgraded gcc.

# gunzip gcc-3.4.6-sol7-sparc-local.gz
# pkgadd -d gcc-3.4.6-sol7-sparc-local

The following packages are available:
  1  SMCgcc     gcc
                (sparc) 3.4.6

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:

Processing package instance <SMCgcc> from </tmp/testing/gcc-3.4.6-sol7-sparc-local>

gcc
(sparc) 3.4.6
FSF
Using </usr/local> as the package base directory.
## Processing package information.
## Processing system information.
   10 package pathnames are already properly installed.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.

The following files are already installed on the system and are being
used by another package:
* /usr/local/bin/c++
* /usr/local/bin/cpp
* /usr/local/bin/g++
* /usr/local/bin/g77
* /usr/local/bin/gcc
* /usr/local/bin/gccbug
* /usr/local/bin/gcov
* /usr/local/bin/sparc-sun-solaris2.7-c++
* /usr/local/bin/sparc-sun-solaris2.7-g++
* /usr/local/bin/sparc-sun-solaris2.7-gcc
* /usr/local/info <attribute change only>
* /usr/local/info/cpp.info
* /usr/local/info/cppinternals.info
* /usr/local/info/g77.info
* /usr/local/info/gcc.info
* /usr/local/lib/libgcc_s.so.1
* /usr/local/lib/libiberty.a
* /usr/local/lib/libstdc++.a
* /usr/local/lib/libstdc++.la
[Hit <RETURN> to continue display]

* /usr/local/lib/libsupc++.a
* /usr/local/lib/libsupc++.la
* /usr/local/man/man1/cpp.1
* /usr/local/man/man1/g++.1
* /usr/local/man/man1/g77.1
* /usr/local/man/man1/gcc.1
* /usr/local/man/man1/gcov.1
* /usr/local/man/man7 <attribute change only>
* /usr/local/man/man7/fsf-funding.7
* /usr/local/man/man7/gfdl.7
* /usr/local/man/man7/gpl.7
* /usr/local/share/locale <attribute change only>
* /usr/local/share/locale/be <attribute change only>
* /usr/local/share/locale/be/LC_MESSAGES <attribute change only>
* /usr/local/share/locale/ca <attribute change only>
* /usr/local/share/locale/ca/LC_MESSAGES <attribute change only>
* /usr/local/share/locale/da <attribute change only>
* /usr/local/share/locale/da/LC_MESSAGES <attribute change only>
* /usr/local/share/locale/de <attribute change only>
* /usr/local/share/locale/de/LC_MESSAGES <attribute change only>
[Hit <RETURN< to continue display]

* /usr/local/share/locale/el <attribute change only>
* /usr/local/share/locale/el/LC_MESSAGES <attribute change only>
* /usr/local/share/locale/es <attribute change only>
* /usr/local/share/locale/es/LC_MESSAGES <attribute change only>
* /usr/local/share/locale/fr <attribute change only>
* /usr/local/share/locale/fr/LC_MESSAGES <attribute change only>
* /usr/local/share/locale/ja <attribute change only>
* /usr/local/share/locale/ja/LC_MESSAGES <attribute change only>
* /usr/local/share/locale/nl <attribute change only>
* /usr/local/share/locale/nl/LC_MESSAGES <attribute change only>
* /usr/local/share/locale/sv <attribute change only>
* /usr/local/share/locale/sv/LC_MESSAGES <attribute change only>
* /usr/local/share/locale/tr <attribute change only>
* /usr/local/share/locale/tr/LC_MESSAGES <attribute change only>

* - conflict with a file which does not belong to any package.

Do you want to install these conflicting files [y,n,?,q] y
<text snipped>
/usr/local/share/locale/tr/LC_MESSAGES/gcc.mo
[ verifying class <none> ]

Installation of <SMCgcc> was successful.

I then downloaded the 2.0.59 version of Apache and installed it.

# gunzip apache-2.0.59-sol7-sparc-local.gz
# pkgadd -d apache-2.0.59-sol7-sparc-local

The following packages are available:
  1  SMCap2059     apache
                   (sparc) 2.0.59

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:

Processing package instance <SMCap2059> from </home/jdoe/apache-2.0.59-sol7-sparc-local>

apache
(sparc) 2.0.59
The Apache Group
Using </usr/local/apache2> as the package base directory.
## Processing package information.
## Processing system information.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.

The following files are already installed on the system and are being
used by another package:
* /usr/local/apache2/bin <attribute change only>
* /usr/local/apache2/bin/ab
* /usr/local/apache2/bin/apachectl
* /usr/local/apache2/bin/apr-config
* /usr/local/apache2/bin/apu-config
* /usr/local/apache2/bin/apxs
* /usr/local/apache2/bin/checkgid
* /usr/local/apache2/bin/dbmmanage
* /usr/local/apache2/bin/envvars
* /usr/local/apache2/bin/envvars-std
* /usr/local/apache2/bin/htdbm
* /usr/local/apache2/bin/htdigest
* /usr/local/apache2/bin/htpasswd
* /usr/local/apache2/bin/httpd
* /usr/local/apache2/bin/logresolve
* /usr/local/apache2/bin/rotatelogs
* /usr/local/apache2/build <attribute change only>
* /usr/local/apache2/build/config_vars.mk
* /usr/local/apache2/build/instdso.sh
[Hit <RETURN> to continue display]

<text snipped>

* /usr/local/apache2/manual/vhosts/index.html.en
* /usr/local/apache2/manual/vhosts/ip-based.html
* /usr/local/apache2/manual/vhosts/mass.html
* /usr/local/apache2/manual/vhosts/name-based.html
* /usr/local/apache2/manual/vhosts/name-based.html.en
* /usr/local/apache2/modules <attribute change only>
* /usr/local/apache2/modules/httpd.exp

* - conflict with a file which does not belong to any package.

Do you want to install these conflicting files [y,n,?,q] y

[ verifying class <none> ]

Installation of <SMCap2059> was successful.

When I tried to restart Apache to run the new version, I received the message below:

# ../bin/apachectl restart
Syntax error on line 344 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'Order', perhaps mis-spelled or defined by a module not included in the server configuration

When I checked what was at line 344, I found Order allow,deny.

<Directory "/usr/local/apache2/htdocs">
<text snipped>
#
# Controls who can get stuff from this server.
#
    Order allow,deny
    Allow from all

</Directory>

I commented out the "order" and "allow" lines to see what would happen. I then received an error message concerning the UserDir command in httpd.conf.

I checked the compiled-in modules for Apache with httpd -l and saw the following:

# ../bin/httpd -l
Compiled in modules:
  core.c
  prefork.c
  http_core.c
  mod_so.c

The order command requires the mod_access module to be loaded in Apache. It was apparently compiled into the previous version I had running on the system, but it isn't compiled into the current version, so I added LoadModule access_module /usr/local/apache2/modules/mod_access.so to /usr/local/apache2/conf/httpd.conf.

#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule access_module /usr/local/apache2/modules/mod_access.so

Note: the location of mod_access.so and other modules may be in a different location on other systems, e.g. under Linux it may be at /etc/httpd/modules/mod_access.so. I also discovered later that I should have put LoadModule auth_module /usr/local/apache2/modules/mod_auth.so in as well to address this error as shown at Adding Modules to httpd.conf With Apache 2.

When I added the mod_access.so line and ran apachectl restart, I then received the error message below:

# ../bin/apachectl restart
Syntax error on line 354 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'UserDir', perhaps mis-spelled or defined by a module not 
included in the server configuration

I then added the line LoadModule userdir_module /usr/local/apache2/modules/mod_userdir.so below the LoadModule access_module /usr/local/apache2/modules/mod_access.so line in httpd.conf. That eliminated the error related to the UserDir command, but I then saw another module related error message.

# ../bin/apachectl restart
Syntax error on line 382 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'DirectoryIndex', perhaps mis-spelled or defined by a module not included in the server configuration

I added LoadModule dir_module /usr/local/apache2/modules/mod_dir.so beneath the other LoadModule statements and reran apacectl restart. The error message for DirectoryIndex was eliminated and I got further in the configuration file, but I received another error message when I restarted Apache.

# ../bin/apachectl restart
Syntax error on line 403 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'TypesConfig', perhaps mis-spelled or defined by a module not included in the server configuration

So I then added LoadModule mime_module /usr/local/apache2/modules/mod_mime.so and attempted again to restart Apache. The next error message is shown below.


# ../bin/apachectl restart
Syntax error on line 456 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'LogFormat', perhaps mis-spelled or defined by a module not included in the server configuration

I then added LoadModule log_config_module /usr/local/apache2/modules/mod_log_config.so. When I attempted to restart Apache, I then saw the message below.

# ../bin/apachectl restart
Syntax error on line 506 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'Alias', perhaps mis-spelled or defined by a module not included in the server configuration

I then added LoadModule alias_module /usr/local/apache2/modules/mod_alias.so, which led to the next error message.

# ../bin/apachectl restart
Syntax error on line 576 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'IndexOptions', perhaps mis-spelled or defined by a module not included in the server configuration

I then added LoadModule autoindex_module /usr/local/apache2/modules/mod_audoindex.so and attempted to restart Apache again.

# ../bin/apachectl restart
Syntax error on line 724 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'LanguagePriority', perhaps mis-spelled or defined by a module not included in the server configuration

I added LoadModule negotiation_module /usr/local/apache2/modules/mod_negotiation.so to address that error.

# ../bin/apachectl restart
Syntax error on line 908 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'BrowserMatch', perhaps mis-spelled or defined by a module not included in the server configuration

I then added LoadModule setenvif_module /usr/local/apache2/modules/mod_setevnif.so and attempted to restart again with apachectl restart. At last it restarted without an error message. Yeah! Except when I tried telnet 1270.0.1 80 to connect to the default HTTP port on the local loopback address, it failed.

# telnet 127.0.0.1 80
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

When I looked in /usr/local/apache2/logs/error_log, I saw the following:

[Sun Jan 27 22:09:30 2008] [notice] SIGHUP received.  Attempting to restart
Syntax error on line 219 of /usr/local/apache2/conf/httpd.conf:
module access_module is built-in and can't be loaded

So I removed LoadModule access_module /usr/local/apache2/modules/mod_access.so from httpd.conf.

But then I got the Invalid command 'Order' error message again.

# ../bin/apachectl restart
Syntax error on line 352 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'Order', perhaps mis-spelled or defined by a module not included in the server configuration

I put LoadModule access_module /usr/local/apache2/modules/mod_access.so and added LoadModule auth_module /usr/local/apache2/modules/mod_auth.so below it.

# ../bin/apachectl restart
httpd not running, trying to start

I tried connecting to port 80 on the loopback address again. This time I was successful. I entered the command HEAD / HTTP/1.0 and hit return a couple of times. Apache then responded with information showing me that version 2.0.59 was running at last.

I now have the following module section in httpd.conf

#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule access_module /usr/local/apache2/modules/mod_access.so
LoadModule auth_module /usr/local/apache2/modules/mod_auth.so
LoadModule userdir_module /usr/local/apache2/modules/mod_userdir.so
LoadModule dir_module /usr/local/apache2/modules/mod_dir.so
LoadModule mime_module /usr/local/apache2/modules/mod_mime.so
LoadModule log_config_module /usr/local/apache2/modules/mod_log_config.so
LoadModule alias_module /usr/local/apache2/modules/mod_alias.so
LoadModule autoindex_module /usr/local/apache2/modules/mod_autoindex.so
LoadModule negotiation_module /usr/local/apache2/modules/mod_negotiation.so
LoadModule setenvif_module /usr/local/apache2/modules/mod_setenvif.so

References:

  1. Adding Modules to httpd.conf With Apache 2
    Posted:2005-03-01
    Network Administration Tools: GNU/Linux, Windows 2003, Windows 2000, NT, and more...

[/os/unix/solaris/network] permanent link

Sun, Jan 27, 2008 7:00 pm

Installing RealVNC 4.1.2 under Windows

I installed the free edition of RealVNC 4.1.2 on a Windows XP system. Windows Defender 1.1.1593 was installed on the system and popped up a warning when I started the installation of RealVNC.

Windows Defender 1.1.1593 alert at RealVNC installation

To get Windows Defender to accept RealVNC, select "always allow" for the action and then click on "Apply Actions".

When you are configuring RealVNC during installation, under the Connections tab in RealVNC, you can set the ports or retain the default ports that will be used for listening for connections, if you are installing the server portion of the software so you can connect remotely to the system you are installing it on. The default values are shown below:

Accept connections on port: 5900
Disconnect idle clients after (seconds): 3600

Serve Java viewer via HTTP on port: 5800

Under Access Control in the Connections section, you can check "Only accept connections from the local machine", if you wnat to require access to be through an SSH connection.

If you install the server portion of the software to run as a service on the Windows system, but don't want it to start automatically, click on the Windows Start button, select Run and type services.msc. Find "VNC Server Version 4" within the services list, double-click on it and change the startup type from "automatic" to "manual", then click on OK.

References:

  1. Malicious Software Encyclopedia: RemoteAccess:Win32/RealVNC
    Published: September 12, 2006
    Microsoft Corporation

[/os/windows/software/remote-control/vnc] permanent link

Sun, Jan 27, 2008 6:01 pm

mshta.exe

The file mshta.exe in c:\windwows\system32 is part of the Windows operating system. Known file sizes on Windows XP are 29184 bytes, 30720 bytes, 45568 bytes, 24064 bytes, and 26624 bytes. The description assigned to it by Microsoft is "Microsoft HTML Application Host". The program is needed to execute .HTA (Hypertext Application) files, which allow applications to be run from HTML documents.

On a Windows XP Tablet PC Edition system with Service Pack 2 installed, I see the following information for the file when I right-click on it and select Properties:

Size:44.5 KB (45,568 bytes)
Created:Thursday, August 23, 2001, 7:00:00 AM
Modified:Monday, August 13, 2007, 6:32:30 PM
File version:7.0.5730.13

At Introduction to HTML Applications (HTAs), Microsoft states the the following in regards to why someone would use HTAs:

Historically, programming languages like C++ and Microsoft Visual Basic have provided the object models and access to system resources that developers demand. With HTAs, Dynamic HTML (DHTML) with script can be added to that list. HTAs not only support everything a Web page does - namely HTML, Cascading Style Sheets (CSS), scripting languages, and behaviors - but also HTA-specific functionality. This added functionality provides control over user interface design and access to the client system. Moreover, run as trusted applications, HTAs are not subject to the same security constraints as Web pages. As with any executable file, the user is asked once, before the HTA is downloaded, whether to save or run the application; if saved to the client machine, it simply runs on demand thereafter. The end result is that an HTA runs like any executable (.exe) written in C++ or Visual Basic.

The .HTA file type can become infected by malware. It is important to note that, as fully trusted applications, HTAs can carry out actions that Internet Explorer would never permit in a Web page. Microsoft also states "In HTAs, the restrictions against allowing script to manipulate the client machine are lifted. For example, all command codes are supported without scripting limitations (see command id). And HTAs have read/write access to the files and system registry on the client machine."

Execution of .HTA files by mshta.exe can be debugged with the Microsoft Script Editor, MSE7.exe.

References:

  1. mshta.exe Windows process - What is it?
    file.net
  2. mshta.exe - mshta - Process Information
    Uniblue™ ProcessLibrary™
  3. File Extension .HTA Details
    FILExt - The File Extension Source
  4. .HTA File Extension
    FileInfo.net
  5. Introduction to HTML Applications (HTAs) - Windows Internet Explorer
    Microsoft Developer Network

[/os/windows/processes] permanent link

Mon, Jan 21, 2008 10:47 pm

Generating a New Encryption Key with BlackBerry Desktop Manager

If you get the message "Current Encryption Key is out of date. A new encryption key will have to be generated.", when attempting to synchronize your BlackBerry with the BlackBerry Desktop Manager you must generate a new encryption key.

Messages are encrypted prior to being sent between the BlackBerry Desktop Manager software and your BlackBerry. The encryption key for the BlackBerry Desktop Manager and the BlackBerry's own encryption key must match in order for messages to be decrypted at the receiving end. Encryption keys can be manually or automatically generated.

If you are using the BlackBerry Desktop Manager for synchronization, take the following steps to generate a new encryption key:

  1. Connect the BlackBerry device to the computer.
  2. In BlackBerry Desktop Manager, double-click Redirector Settings.
  3. In the Redirector Settings window, click the Security tab.
  4. Select Generate keys manually, then click Generate. The Generating New Key window will appear.
  5. Move the mouse around until the Generating New Key window closes. The random mouse movements help randomize the encryption key. When the window closes, a new encryption key has been generated.
  6. If you want to be prompted to generate a new encryption key every 31 days, select Generate keys automatically.
  7. Click Apply, then click OK.

References:

  1. Encryption keys
    Doc ID : KB00171
    Last Modified : 2007-03-22
    Research In Motion Limited
  2. Generate a new encryption key
    Doc ID : KB02740
    Last Modified : 2007-06-07
    Research In Motion Limited

[/network/email/blackberry] permanent link

Tue, Jan 15, 2008 8:41 pm

Moving WinAmp Playlists from One Computer to Another

WinAmp 5.51 stores its playlists in its Plugins\ml directory, which will usually be C:\Program Files\Winamp\Plugins\ml. The individual playlists will be in .m3u8 files with names like plfxxxx.m3u8 and plfE454.m3u8 where xxxx is a combination of letters and numbers, e.g. plf7501.m3u8. The mapping between the name you give the list and those names is in a playlists.xml file in the same directory.

Sample Playlists.Xml File

<?xml version="1.0" encoding="UTF-16"?>
<playlists playlists="2">
<playlist filename="plfE454.m3u8" title="Xmas - Hilary Duff - Santa Claus Lane" id="{C0112AC9-0575-422F-B216-9A104962C563}" songs="11" seconds="2200"/>
<playlist filename="plf7501.m3u8" title="Xmas - The Time-Life Treasury Of Christmas" id="{3463FBFD-C77E-44BD-BC13-6044D2E6BEE7}" songs="45" seconds="8327"/>
</playlists>

So, if you want to copy your playlists from one system to another, copy the .m3u8 files and the playlists.xml files from the first system to the second system.

But what if the music files, e.g. your .mp3 files, are not in the same directory on the second system as the first system? Then you will need to edit each .m3u8 file and update the reference to the actual location of the music files. E.g. if the files were on drive C:\MP3s on the first system, but drive D:\MP3s on the second system, you will need to do a global search and replace on C:\MP3s substituting D:\MP3s for it. You can use any text editor, such as Notepad, which comes with Windows, since the .m3u8 files are just text files.

References:

  1. Lost playlist
    Posted on July 30, 2006
    WINAMP.COM | Forums

[/os/windows/software/audio/winamp] permanent link

Thu, Jan 10, 2008 3:45 pm

Changing the Background Color for a Table in Microsoft Word 2000

To change the background color in a table in Microsoft Word 2000, take the following steps:
  1. Right-click somewhere in the table.
  2. Choose Table Properties.
  3. Click on the Borders and Shading button.
  4. Select the color you want for the table's background under Fill.
  5. Click on OK.
  6. Click on OK again.

If you want to change the background color for just one cell in the table, take the same steps as above, but before you click on OK after selecting the fill color, change the value in the Apply to field from "table" to "cell".

If you want to change the background color for an entire row in the table, the steps are basically the same, but you need to highlight all the cells in the row before selecting Table Properties.

  1. Right-click somewhere in the table.
  2. Choose Table Properties.
  3. Click on the Table tab.
  4. Click on the Borders and Shading button.
  5. Select the color you want for the table's background under Fill.
  6. Click on OK.
  7. Click on OK again.

[/os/windows/office/word] permanent link

Wed, Jan 09, 2008 10:10 pm

Unable to Backup HP Laptop with Ghost 2003

When I attempted to backup the hard drive in an HP laptop with Norton Ghost 2003, I received the following error message:
Error
There is no valid Source Drive to choose (11032)

OK
 

I tried another Norton Ghost 2003 boot diskette, but had the same results.

I then tried a PartImage Is Not Ghost (PING) boot CD. During the boot process I saw the following:

ata1: port is slow to respond, please be patient (Status 0x80)
ata1: softreset failed (device not ready)

PING dropped me to a shell prompt, since that was the option I picked for when it completed, without giving me a chance to start the backup. I powered the system off and on and rebooted. I did not see the messages noted above then and I was able to backup the system to an external USB disk drive.

I then tried again with a Norton Ghost 2003. This time Norton Ghost saw the drive, but when I attempted to backup the drive, I received the error below:

Application Error 29089
Write to image failed
If this problem persists, contact Symantec Technical Support
at http://service.symantec.com

OK
 

I tried again with a boot diskette that I had created using the Norton Ghost Boot Wizard just a couple of days ago, since the first time I used a boot CD that I had created a couple of years ago. The results were the same, however.

The next night I backed up the system with PING again and, afterwards, tried a Norton Ghost 2003 boot disc with the USB 1.1 drivers provided by Symantec with Ghost 2003.

PartTypeIDDescription Volume
Label
Size
in MB
Data Size
in MB
1Primary07 NTFSNo name 7631614802
     Free2 

     Total76319 14802

This time I saw the error message "File Name ? (546)". When I clicked on OK, I saw the message below:

Internal Error 36000
An internal inconsistency has been detected
If this problem persists, contact Symantec Technical Support
at http://service.symantec.com

OK
 

When I was dropped to a command prompt, though, I saw the following:

ABORT: 29089, Write to image file failed

ABORT: 36000, A GeneralException occurred

[/os/windows/utilities/backup/ghost] permanent link

Wed, Jan 09, 2008 8:11 pm

Determining Version of a PDF File

If you examine the contents in the first few byes of a PDF file, you will see the PDF format version listed. E.g. you will see something such as the following:

Hex: 25 50 44 46 2D 31 2E
ASCII: %PDF-1.

The bytes shown might be %PDF-1.4 (Hex 25 50 44 46 2D 31 2E 34), if the version is 1.4.

But there are cases where the information in the first few bytes of the file can be overridden by information appearing later in the file. Derek Clegg states at Re: How do you determine PDF version that "The version of a PDF file isn't solely determined by the first few bytes of the PDF; in PDF 1.4 and later, the version specified at the start of the PDF file can be overridden by a / Version entry in the document's catalog. (See section 3.4.1 of the PDF 1.5 specification for more info.) This is why Quartz PDF files always start with %PDF-1.3 but may, in fact, be PDF 1.4 or later."

The PDF version number determines features incorporated into the format. For instance version 1.4 was the first first to support transparency and metadata. Some older PDF viewers may not be able to view PDF files written in a newer PDF format. A listing of versions and features is available at Create better PDFs by understanding the formats.

On a Unix or Linux system, you can use the od command to view the first few bytes of a PDF file.

# od -c -N 10 EBIA_ERISA_3rdQtr2007.pdf
0000000   %   P   D   F   -   1   .   4  \n   %
0000012

The \n that appears after the "1.4" is just a newline character.

Though Windows doesn't come with a hexadecimal editor, there are free hexadecimal editors available for Windows systems as well that will allow you to view those first few bytes in the PDF file.

References:

  1. PDF Developer Center: PDF reference
    Adobe Systems Incorporated
  2. Re: How do you determine PDF version?
    By: Derek Clegg
    Date: February 21, 2006
    Apple Mailing Lists
  3. Create better PDFs by understanding the formats
    By James Dempsey
    December 14, 2006
    Creative Guy

[/software/file_formats/pdf] permanent link

Tue, Jan 08, 2008 4:16 pm

Removing Windows Messenger 4.7

I used the Windows Update function in Internet Explorer on a Windows XP system to check for patches for a laptop. Including optional hardware and software patches, there were 63 available. I chose to download and install them all. Windows Messenger 4.7 was among those available; I hadn't paid attention to the fact it was among those to be installed. It was the first one installed. I saw a Windows Firewall notice pop up asking me whether I wanted to continue to block Windows Messenger. I did, but the system gave me a Blue Screen of Death (BSOD) when I attempted to block it.

When the system rebooted, Windows Messenger 4.7 opened. I didn't want the software on this laptop anyway. So I opened the Control Panel (Click on Start, select Settings, then Control Panel). Under Add or Remove Programs in the Control Panel, I chose Add/Remove Windows Components. Windows Messenger was unchecked and had a size of 0.0 MB listed, so I couldn.t uninstall it that way. I was able to remove it using the steps below, however:

  1. Close Messenger if it is running. If you see an icon for it at the lower-right hand corner of your screen, right-click on it and choose Exit.
  2. Click on the Start button.
  3. Select Run.
  4. In the Open field of the window that appears, copy and paste RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove
  5. When you see the confirmation prompt below, choose "Yes" after closing any of the referenced programs, if they are open.

    To remove Messenger, you must first exit from it: Click the Messenger icon in the taskbar, then Exit. Please also close all other programs that display your contact list (for example, Internet Explorer, Outlook, Outlook Express, MSN Explorer). Make sure to close programs for all users signed in to this computer. Do you want to continue?

You will see a notice appear stating Windows Messenger has been removed when the uninstall process completes.

If you don't want to remove Windows Messenger 4.7, but just want to stop it from running automatically when you login to a system, instead of following the procedure above, open Windows Messenger and take the following steps:

  1. Click on Tools.
  2. Select Options.
  3. Click on the Preferences tab.
  4. Uncheck "Run this program when Windows starts".
  5. Click on OK.

References:

  1. How to remove Windows Messenger 4.7 permanently
    By Darrell Norton
    Posted: March 10, 2004
    Darrell Norton's Blog
  2. How do I get rid of Messenger 4.7?
    By Leo Notenbom
    Posted: May 28, 2004
    Ask Leo! Tech Questions? Get Answers!

[/network/chat] permanent link

Tue, Jan 08, 2008 12:18 pm

AntiVirus Reconnaissance

In analyzing the backend code associated with the Pushdo Trojan downloader, security guru Joe Stewart found that the malware being distributed would log the hard drive serial number on a victim's computer. He speculates that perhaps the malware is checking the hard drive serial number in order to check whether it is running on a Virtual Machine (VM). If the malware logs the same serial number for what would otherwise appear to be separate machines, then it is likely that it is running on a VM. Since antivirus companies use VM's to analyze malware in controlled environments, the knowledge that the malware is running on a VM might be of interest to the malware developer or distributor for that reason.

Some malware attempts to kill or disable antivirus software processes. Pushdo does not. It merely reports back to its controlling server on which antivirus software it has detected on the victim's sysetm. Pushdo compares all of the processes running on the sysetm with its own list of antivirus and personal firewall process names and then provides a report to its controller listing the ones it has found.

In checking the Pushdo controller server, Stewart found malware samples with rootkit characteristics, which allow malware to hide from antivirus and antispyware software, and also evidence of a spam botnet.

References:

  1. Inside a Modern Malware Distribution System
    By Ryan Naraine
    December 21, 2007
    eWeek.com

[/security/malware] permanent link

Tue, Jan 08, 2008 9:50 am

Internet Usage Statistics

If you want to see statistics on Internet usage for various parts of the world, check Internet Usage World Status - Internet and Population Statistics, a "website featuring up to date world Internet Usage, Population Statistics and Internet Market Research Data, for over 233 individual countries and world regions."

[/network/Internet] permanent link

Mon, Jan 07, 2008 11:20 pm

Folders Could Not Be Opened

On a Windows XP system that was in a domain using a Microsoft Exchange server, whenever a user attempted to use Outlook 2003, Outlook would start to open then crash. The error message displayed was "the set of folders could not be opened." I confirmed that the user's Outlook .ost file still existed and that the user had appropriate access permissions. I also ran the scanost utility that Microsoft provides with Office to verify the integrity of the user's OST file. It did not find any problems with the file. I found the problem was on the Exchange server. The mail store was not loaded due to inconsistencies in it after a system crash. When I repaired the mail store and the Exchange server was running properly again, the user was able to open Outlook normally.

I don't know why this problem only occurred on this user's system. Outlook 2003 opened normally on other users' systems. They were not able to access email on the Exchange server and Outlook indicated they were disconnected from the Exchange server, but they were at least able to access email, contacts, etc. that were stored in their OST offline storage files.

References:

  1. Repair an .ost or .pst file in Outlook
    Office Online Home Page
  2. Repairing Outlook PST File Corruption at 2 GB Limit
    MoonPoint Support
  3. Using ScanOST to Repair OST Files
    MoonPoint Support

[/network/email/clients/outlook] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo