this is not a blog

I Reckon This Must be the Place, I Reckon

A PHP blog-like application that is small, efficient and fast or something

THIS code should be considered a curiosity. If it was in the state it is in now ten years ago I think it would have caught on. It can do about 90% of what many popular Blog/CMS applications do in 1/10th the size — and with no globals, no classes and no Javascript.

It is near truly customizable with data arrays (sometimes as INI files) controlling most important features. It has true web templates. It has an almost complete separation of code and data: no inline PHP or print statements or SQL strings strewn throughout the code for example.

I think all that has great merit.

But... It's too late. The Internet ain't for small APIs but for massive distributed Javascript that can take months to debug and is fixed by magic.

Sigh

  1. To catch on... I will still work on it. The really interesting thing about this code? It gets smaller with each release even as more features get added. I like that.

Recent Updates


Robots List

The robots list has been HTML-ized: Robots List

List of the raw logs we've been tracking: alittle_client.txt, analytics.txt, dotenv.txt, hello_world.txt, leakix.txt, linux_gnu_cow.txt, masscan.txt, wp_plugins.txt, wp_is_mobile.txt, zgrab.txt, outlook.txt, foobar/

Simple MarkUp

The SMU – Simple MarkUp project/package/archive has been updated. SMU Readme.

Download: smu-1.4.2.zip. Oh, and this might be useful: php-debug.zip.

Rulz

The specification of the Rulz Programming Language has been updated.

Be Careful What You...


Softaculous For... I installed PunBB – PunBulletinBoard.

I just installed it, in a subdomain, and created a link to it's root. Then, just two or three days later, the server logs filled with Megabytes of exploit attempts.

Three months after I deleted that subdomain, the main server log went from about 100KB to over 50MB, of ongoing and constant PunBB Exploit Attempts. And they ain't ever going away...

If I had searched Packet Storm for "punbb" I would have known to not use it. sigh

Help! I need somebody! Just NOT YOU!


Some might ask, "Why would you block White Hat scanners?", after reading the previous post. Because, dear friends, all they do is increase traffic and fill up server log files! If they do "get a hit", what are they gonna do? Email me? My hosting company? WTF?

LeakIX is the first I noticed a few months ago, and they are, plainly, simply, a waste of time.

Okay, so I only got about 1,000 in the last three months. But still, look at this partial log and tell me why they ain't annoying. (Look at your own log files.) And it's not just LeakIX...

And, there are two things (t)here:

1. OS System files like /etc/hosts ain't ME but MY Hosting Company. Duh.
2. All are known exploits for Web Applications (PHP, ASP, etc.) that I ain't got! Get it?

This is really what these self-proclaimed defenders of the Internets should do: Work with the developers who have Known Exploits to fix those exploits.

Kinda simple, don'tcha think? (Just making lists ain't fixin nothin.)

The LeakIX Exploits Log.

See also: Zgrab, masscan.

Denied!


UGH! For about 24 hours every request was denied (403) by a typographical error in the .htaccess file. In order to stem the growing "White Hat Exploit Scanners", I had this in it:

    BrowserMatch "(lkxscan|l9tcpid|l9explore)" DENY=yes

However, when I added another ID, I had left a spurious (extra) "|" in it:

    BrowserMatch "(lkxscan|l9tcpid|l9explore|masscan|)" DENY=yes

Oh the perils of copy 'n paste! (And a violation of the "Rules of programming: No. 3: Always test changes no matter how small.")

sorry

Update:

I have since added:

    |zgrab|Hello|\(cow\)

as "They tu, Brutus". (See zgrab, hello world, linux gnu cow.)

And this is too funny! From the fail2ban.org wiki:

"Since spammers were way too much active on this wiki, user account creation has been disabled."

Wow.

Site "Not Secure"!


Some important things about here:

  1. No Cookies.
  2. No Javascript.
  3. No Data Collected.
  4. No Database is used.

So, there is no need for any "Cookie Acceptance" banner. The site is also "Not Secure" as Chrome and other web-browsers like to tell you. Since there is none of the above there is no need for "Secureness" of that type:

"It can't be reasoned with. It can't be exploited. And it will just spew text. That is all it does. That's all it does!"

Site in Progress


This site is about stuff & things I do and make.

I created a lot of code projects, including the one that runs this site under the silly nom de guerre, THIS.

There is a list, currently out of date, of CODE here.

I have created a Wordpress clone written in Bash: WordBash.

I am developing a new programming language I call Rulz.

Other shit:

GWS
Even Flow Jug
Photos