Computer And Internet, Miscellaneous, Tips & Trick

Good day everyone, In this article we will learn how to catch information from “HTTP_REFERER” function such as, referer info, keyword info, etc. From some search engine using PHP snippet. This script might usefully when you want to analyze your keyword and referer statistic. Last night I was searching in WP plugin for this script but I didn’t found one really good.

So let’s created it our self, First, You need this PHP class save it as searchkeys.class.php

<?php

class search_keywords
{
var $referer;

var $search_engine;

var $keys;

var $sep;

function search_keywords()
{
$this->referer = ”;
$this->sep = ”;

if ($_SERVER[‘HTTP_REFERER’] OR $_ENV[‘HTTP_REFERER’])
{
$this->referer = urldecode(($_SERVER[‘HTTP_REFERER’] ? $_SERVER[‘HTTP_REFERER’] : $_ENV[‘HTTP_REFERER’]));
$this->sep = (eregi(‘(\?q=|\?qt=|\?p=)’, $this->referer)) ? ‘\?’ : ‘\&’;
}
}

function get_keys()
{
if (!empty($this->referer))
{
if (eregi(‘www\.google’, $this->referer))
{
// Google
preg_match(“#{$this->sep}q=(.*?)\&#si”, $this->referer, $this->keys);
$this->search_engine = ‘Google’;
}
else if (eregi(‘(yahoo\.com|search\.yahoo)’, $this->referer))
{
// Yahoo
preg_match(“#{$this->sep}p=(.*?)\&#si”, $this->referer, $this->keys);
$this->search_engine = ‘Yahoo’;
}
else if (eregi(‘search\.msn’, $this->referer))
{
Read More »

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
Computer And Internet, Miscellaneous, Tips & Trick

Hello Everyone, I’m back again ho ho ho πŸ˜›

This time I will write tutorial on “how to make random ads” using php and text as database. This idea comes from gmail interface my lovely free mail account! pfffftt yea .. yea.. we all know gmail are better than ymail *lol* πŸ˜›gmail

gmail

Alright leave them fight alone *not our business* before we start to make random ads we have to understand why we should make random ads? if we can fill those ads space with permanent ads. Most of people are bored about ads and ads on all website. Dilemma! in webmaster side we have to earn some revenue to keep continue, in costumer side sometimes they hate if we push to many ads on web page.

So? why not making random ads on your ads space some paid ads and some free ads you can use to help your costumer for what they looking for Simple as 1-2-3 now open your superb text editor NOTEPAD and copy this code:

<?php
$fcontents = join (“”, file (“random_ads.txt“));
$s_con = split(“~”,$fcontents);
$banner_no = rand(0,(count($s_con)-1));
echo $s_con[$banner_no];
?>

Save it as random.php or whatever you like (remember to give .php extension) Now creating random_ads.txt files (for database) and put a sample code on there:

<center>I’m center!</center>
~
<b>I’m bold!!! for freeeeeeeeeeeee</b>
~
I’m adsense ads
~
I’m short news!
~
I’m paid ads!!! hooray!

You can write html code or php code on database file if you’re creative you can put images/flash on it. Now put this both files on same directory on your hosting and embed it using include command into your website page.

Refresh your page to see ads rotated or you can use auto refresh meta

<meta http-equiv=”refresh” content=”180“>

180 value are in milliseconds you can change it to fit your need.

See what you have now πŸ˜€

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
Computer And Internet, Miscellaneous, Tips & Trick

D**n those f***ing China! *joke* πŸ˜›

This is new variant for Microsoft.vbs virus which I write formula how to clean it around a month ago when it hit my cybercafe until totally broken he he… Now most people know this virus as ARP virus. Why? Because after learning it more deeply this virus categorized as HIGH RISK and should removed as soon as possible before it infected total your network.

First.. To know this virus is active on your computer is you will get most error pages message when browsing, or error when using messenger, PLUS you will find this file Microsoft.vbs Microsoft.bat Microsoft.pif on your hard drive where you install your OS PLUS *again* your computer gonna be slow PLUS *oh not again* Your internet connectivity will going slow than usually PLUS *OMG* It will flooding your network until some billing(via TCP/IP) will stop responding.

It’s hard to know when your computer infected because it’s only showing a little error when you browsing and sometimes it’s not active (like clean computer) until you idle for some minutes/hour.

arp-spoofing-1.jpg

When you browsing you don’t feel something goes wrong… but when you look on the page source the evil is waiting on there πŸ˜€

arp-spoofing-3.jpg

Clean page source from google.com not injected with any code.. but wait when virus active you will look something like this..

arp-spoofing-2.jpg

Holy s**t what is that!!! πŸ˜›

So the answer is virus going active when you’re using internet by browsing or chat on messenger. Basically all internet explorer activity can bring this virus active! Enough let’s remove this virus permanently and stop it from coming back.

You can use Colasoft MAC Scanner (shareware) to scan your network, If you found there is mac address same with your gateway then you have to unplug that computer from network and clean it before you put it back on network. Why? In condition when you clean infected one virus will going to spread on other computer in your network once you clean it, it will calling back file from other infected one in your network so don’t waste your time for this stupid thing UNPLUG IT to stop it spreading in network!

arp-spoofing-4.jpg

Now.. Get Security Task Manager and delete/remove strange process on your computer background (usually with IE icon and dll files) delete/remove Desktopwin.dll/Jview.dll and ThunderAdvise.dll delete/remove AppInit_DLLs.

Done.. Now get hijackthis and restore your hosts file by Open the Misc Tools section, on System tools choose Open hosts file manager and deleted all line after 127.0.0.1 localhost or you can done this using notepad hosts file is on %systemroot%/system32/drivers/etc

Now get ATF Cleaner and deleted all cookies, history and java cache.

Repair your registry to back in normal by using this code:

[Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs,0, “”
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Object

[del]
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, ThunderAdvise
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, DesktopWin

Or download repair.inf

To stop virus coming back from other computer disable default share by using this code:

[Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, SYSTEM\CurrentControlSet\Services\lanmanserver\parameters, AutoShareWks,0x00010001,0
HKLM, SYSTEM\CurrentControlSet\Services\lanmanserver\parameters, AutoShareServer,0x00010001,0

Or download disable-default-share.inf and activate it restart-net-service.bat

Disable autorun to stop virus coming back from USB flashdisk/removable media by using this code:

[Version]
Signature=”$Chicago$”
Provider=Nobody

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoDriveTypeAutoRun,0x000000ff,255
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer, NoDriveTypeAutoRun,0x000000ff,255

Or download disable-autoplay.inf

To stop virus from coming back by replacing old files let’s make dummy files download dummy.bat!

Last scan with your BEST antivirus/antimalware to make sure your system clean! Another trick to stop virus from infected back your computer you can add static entry on ARP by write in command prompt “arpβ€œ *gatewayipaddress* *gatewaymacaddress*” or another trick say we can blocked those d**n virus site by change it in hosts file here is some website list detected as virus update:

972.aksjd11.com
w3og.cn
qazc.fourtw.cn
www.aujoy.cn
www.hao601.cn
www.psp476.cn
222.1212l112.net
444.1212l112.net
555.1212l112.net
111.1212l112.net
root.51113.com
hk.www404.cn
err.www404.cn

(Still there a lot out there.. BLOCKING ALL .cn domain might resolve this problem hahaha :P)

Anyway this method is not really can stop virus updated as long the creator change website again we have to update block it manually.

Done (finally)… now using your computer like usually for 1-2 hours and see if the virus coming back.. πŸ˜€

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
Miscellaneous, Personal, Tips & Trick

Hi everyone, Sorry for not active on this blog for around a weeks I have another project on hostmambo.info (My Hosting and Domain Business) that should have complete first then I can write on this blog again.

This time I will Writing article about how to withdrawn your paypal funds to your local bank account (Indonesian Only) First Login into your paypal Account, Then click profile, Choose “Add or Edit Bank Account

pp-bank.JPG

You will seen form like this:

pp-bank2.JPG

Choose your country, Write your First name and Last name (should same 100% with your local bank account holder name!), Write your Bank Name, Fill Bank code with your bank “Kliring Code” I have write some on HERE If you can’t find your bank then call your bank and asking their kliring code or waiting me for update it. I have big database on it… I can’t write it all in short time so be patient πŸ˜› Last write your Bank account number then click continue.

It’s Done, Now you can test withdraw some little funds to make sure it works if it fails paypal will charge you a little funds.

Have good day Everyone! πŸ˜€

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
Computer And Internet, Miscellaneous, Tips & Trick

Computer virus again.. Today my Laptop and PC got infected by W32/ALMAN. All I can say this virus is smart and not easy to killed It’s cannot stopped by just view in background process, in services, and startup list. This virus will make 2 master source files on %SystemRoot%\System32 first wmdrtc32.dll (40 KB) and wmdrtc32.dl_ (26,5 KB) Once it active it will injected code to any executable files and infected it. If you got message box with message “There is no disk blabla” or you cannot run any executable files you should check on your system files about those 2 d**n files.

To clean infected files use this free W32/ALMAN remover from grisoft. Download this booth files and save in one folder rmalman.exe rmalman.nt run rmalman.exe and follow instruction on there. Anyway I’m not guarantee this remover will make your computer totally clean from this virus.

In my case this remover not clean my computer totally from this virus, it keep generate .dll files again and again I do scan with ANSAV, AVG and rmalman.exe but there is nothing can help me out. I was so frustrated because much of important data in my laptop should be safe. After searching in google I found out we can check and bring back Windows genuine file by using command sfc (Windows System File Checker) so I test it run “sfc /scannow” from command prompt. It’s WORKS this virus stopped infected my computer now! Yay! πŸ˜€

*Tips
You lost your windows CD or you install your windows from your Hard disk? you can run sfc command without CD by following this tricks.. Run regedit and find..

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ServicePackSourcePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SourcePath

Change Value Data and point it into your i386 folder! example: the structure is D:\blabla\i386 then you should change Value Data to D:\blabla

Run “sfc /scannow” It should work if you set right Value Data on registry!

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS
ο»Ώ