Welcome to...
MGCJerry's Personal Page
A small repository of things I've collected over the years including some of my own stuff. 3D graphics, RPGs, science, code, electronics, tweaks, & references (Est 2012)

Navigation Home
 - Login
 - Register
Contact Me
Site Map
3D Graphics
null- Poser 6
null- Carrara 6
Reference Material
null- MX12 Lumamod
null- Video Conversion
null- ISO8859-1 Table
Fun Stuff
null- Kerbal Names
Public Ban List

The Home page has been viewed 45,344 times.
We received a total of
page views since
December 27, 2015

hotweblux.su, Russian brides & improving my brand...
Posted by: MGCJerry on Aug 13, 2017 @ 07:09 EDT
Last Edited: Aug 13, 2017 @ 07:11 EDT

Spam Alert


For the last 4 weeks or so, the contact form has been inundated with automated spam. Time for a little education.

Below is an excerpt from Rogue Admin, my filtering engine for one of many hotweblux spam postings.

    [RA_Info] => Array
            [Method] => POST
            [Page] => /index.php
            [Score] => 2055
            [Exploit] => Array
                    [Spamming] => 4
                    [Link Spam] => 1
                    [Spamming History] => 1
            [Action] => Array
                    [1] => 1
                    [0] => 3
                    [3] => 2
            [Matches] => Array
                    [.ru] => 1
                    [http:] => 1
                    [Viagra] => 6
                    [Cialis] => 4
                    [hotweblux] => 2
                    [Pharmacy] => 2
    [post] => Array
            [0] => Array
                    [c_name] => Pharmacy Express Shop: www.hotweblux.su
                    [c_email] => 000@------.ru
                    [c_title] => 890572760
                    [Send] => 890572760
                    [c_text] => {{REDACTED}}

For the record, Rogue Admin is intercepting these messages before the contact form handler even sees it. Even if this message did make it to the contact form handler, it would still reject it. At least this particular spamming script (whichever one is being used) knows to look at the page for input type fields including hidden ones and fill them anyway. I *may* add a hidden field just to automatically trap this spam system. Normal visitors don't usually modify hidden html form elements. Also, the contact me form does *NOT* email me, I simply get a notification when logged in as administrator (per my account preferences setting). I occasionally see someone trying to inject an email field "c_email" hoping to get it to send a test message to someone else. Nope, not gonna work pal.

Rogue Admin runs using a scoring system and depending what the resulting scores are, determines if it ignores, alerts, or bans the offender. Currently the ban takes effect at 50.

Comments are disabled for this story

Current Election Cycle
Posted by: MGCJerry on Nov 6, 2016 @ 06:49 EST
Last Edited: Never

For those of you mulling over the election remember this brouhaha is over the president. You are only voting in the face of America, and the person that will blindly sign whatever to make bills become laws. Your vote is only *half* of the necessary work. Many idiots in Congre$$ are due to be replaced as well. Vote out those career politicians, and lets bring in some fresh idiot blood. Changing the face of the Presidency, but keeping the same source for bills and expecting a different outcome is insanity.

Comments are disabled for this story

Re: the large internet outage
Posted by: MGCJerry on Oct 22, 2016 @ 21:32 EDT
Last Edited: Never
Keep creating useless devices with internet access with little to no security and do not need to be on the internet and this will continue.

The internet is NOT a public utility that everyone can "just enjoy". Its a somewhat decentralized, highly technical system with severe flaws that cant cause major damage when a technical individual decides to do something malicious. It is a system that a non technical person should be using willy nilly without some technical experience or education.

Do you have an internet connected device AND an enforced device security policy AND an enforced network use policy? No? You are part of the problem.

• Restrict what can run on your device.
• Restrict what can communicate on the internet.
• Restrict devices that don't *need* to be on the internet. A refrigerator runs fine without an internet connection.
• Employ a self-enforced policy of thinking before doing.
• Educate yourself about the internet. The landscape changes daily, adapt as needed.
• Do not depend on the system to operate your life. the internet is not "always on". There are always pockets of it that are down.

And people thought I was "extreme" on how I handle my computers and what applications and sites I use.
Comments are disabled for this story

My main site
Posted by: MGCJerry on Aug 28, 2016 @ 11:43 EDT
Last Edited: Sep 18, 2016 @ 11:52 EDT

For those coming over to "follow me" from Facebook... I will be hanging out here so I don't have to deal with Facebook. why? Oh let me count the ways.

1. Less of a mangled mess.
2. Facebook's scripting makes it very heavy and cumbersome to use, especially on a mobile device.
3. Got more control over my own information.
4. No nagging. I hate few things worse than a program or place that feels its need to nag me.
5. I can pretty much say what I want here, if you don't like it, then go pound sand. Complaining to an admin will not solve anything. I AM the admin.
6. Spam is not tolerated here. I gave up reporting blatant violations to Facebook only to get told "nothing is wrong".
7. Porn is not tolerated here. See #6.
8. No sudden random changes here that breaks things.
9. I can actually upload stuff here. 100% of the time, compared to some of the time on Facebook.

Do I plan on replacing Facebook? For my use, yes. For you, its not planned. This current site does not have any registration system at this time. However, I am still working on a huge update to the system that will allow you all to register so you can like/dislike & comment on my posts as well as other people's posts. That update will come soon enough I hope. Other than that, Welcome to my place. Its been here awhile.

Comments are disabled for this story

Current Events - Behind the scenes of index.php
Posted by: MGCJerry on Apr 23, 2016 @ 19:58 EDT
Last Edited: Never
downvote story upvote story Score: Not Available
0 people like this story! 0 people hate this story.

I had originally posted this on my other site, but now this one is getting it bad now too.

Lately I've been seeing a lot of people trying to load /etc/passwd using this CMS. Sorry my friends, the $_GET[page] request URI doesn't work like this. index.php?page=../../../../../../../../../../../../../../../../../etc/passwd

This CMS code does NOT work like this:

Here is how this CMS loads pages in a step by step...
First off, $_GET & $_POST are NOT used directly.
1. Bans are checked against the list. If your IP is found in the block list, all you get is a banned page and the script exits.
2. Rogue Admin rules (which are set by admins) are checked. I have "../" as a rule that triggers a ban. As well as "http://" or even "ftp://". If Rogue Admin finds these - anywhere, it carries out the action that is configured for that rule and ALL site variables are set to false. Since remote requests are not utilized, I have bans setup for them. This CMS cannot load remote resources anyhow- By design.
3. "api.sanitation" Removes all non-text characters for $_GET['page'] (quotes, slashes, dots, punctuation, etc) Note: "api.sanitation" is the only place where $_GET and $_POST are used. All variables get a first sanitation pass and creates a new global. This global is used exclusively in the CMS. If nothing is left after sanitation, the variables are unset entirely. The result is this will show you the home page.
4. After sanitation, "header.php" fetches the current list of all pages (The menus stem from this output). If you are requesting a specific page and the page exists in the list AND is enabled, AND you have permission to see it, the "header.php" will tell "index.php" what page to load from the database. If the page doesnt exist in the page list, you will get a 404 error page. If you are not allowed to see the page you get a 403 error.

Your URI actually NEVER sees the database, or is ever used in a database query. It is compared to a current list of pages, and the script will build its query from its own results, never yours. Even if I deleted the http & ftp rules, there is an include restriction built into modules system where it will once again only load a local file if it is present in its own list AND in a specific location. Else all you get is a 404, and I get am includes error report.

Hope you enjoyed this look behind the scenes. Remember, reading is your friend. You don't want to look like a dingus because you didn't read the documents its bad for your image.

Oh, this is also NOT Joomla, PHPNuke (or any clone), or Wordpress so those administration or rpc pages do NOT exist. Period

Comments are disabled for this story

23 Total (5 Pages, 5 per page)

1 2 3 4 5 ... Next Last

[ Home | Account | MX12 Lumamod | Kerbal Names | Contact Me | Poser 6 | Carrara 6 | Video Conversion ]
[ Site Map | ISO8859-1 Table | Public Ban List ]

This page was generated in 0.02716 seconds using 18 queries.
This page consumed 1.77 MiB of memory during its creation.

MGCMS Programming by MGCJerry
Copyright © 1992-2006, 2008-2012, 2015-2017 Jerry Meszaros (MGCJerry)
Best Viewed with any modern standards compliant browser.