BOTS on ORKUT

Yeah, it is true. The BOTS haven’t spared Orkut. If you are a frequent user of this Social Networking Site, the fact that Orkut has recently enhanced its security measures might not have escaped your notice. It now asks you for Captcha when you enter any URL in our status message or as part of a scrap. At the same time, if you send an alarming number of Friend Requests in a short span of time, you are asked again for Captcha, for each subsequent Request you send. For those unaware of the terminology, CAPTCHA is the technical term to describe the test where in you are shown an image, consisting of alphabets and numbers (often distorted so as to not look like the ones typed in the usual fonts) and asked to type the same in a text box. Well, Captcha was introduced so as to make sure that the user was actually a real person and not some software program; it was argued that a software program could not identify the characters from an image. As secure as it might sound, it is a fact that programmers/hackers around the world have outsmarted the captcha developers; and the sad truth is, the hackers have been aided by the developers themselves.

Well, I had suspected long ago that there was something fishy about Orkut’s sudden interest in its security. However, it was only recently that I found traces of BOT activity in my Network, and began to delve into the subject further. To begin with I received friend requests from people who were already in my friend list. Evidently, their account was being cloned. Then again, I have received a lot of Friend Requests recently from unknown people, all of them with the same message.

Take a minute to notice the short message with the request.
Besides, you get those advertising scraps all the time; it is more often than not BOT activity.

What are BOTS?
Internet bots, are software applications that run automated tasks over the Internet. Typically, bots perform tasks that are both simple and structurally repetitive, at a much higher rate than would be possible for a human alone. If you have chatted on Yahoo, you are sure to have encountered a BOT sometime. Chatting bots can chat. Needless to say these BOTS have a limited vocabulary; they have a fixed set of responses that they send other users. It is pretty easy to tell apart a BOT from a human user merely by interacting with it for 2 minutes; it is bound to make irrelevant comments at some point.

What can BOTS do?
BOTS can be used for commercial purposes, advertising.
BOTS can be for spamming.
BOTS can be used to coordinate and execute an automated attack on networked computers, such as a denial of service attack.
BOTS can be used to bring down a Website’s responsiveness by sucking bandwidth by downloading entire web sites and sending automated requests.

There are other capabilities of BOTS but I’d appreciate if you look those up on wiki.

Why Orkut?
Orkut.com is a social networking website owned by the industry giant GOOGLE.This means orkut is very big and anyone can take advantage of its millions of users to sell his products and services.

But it is not as harmless as it sounds. Needless to say, your privacy can be invaded by BOTS if they have access to your profile page, your scraps and your images. I’ve heard of instances where hackers with malicious intentions have grabbed such information about a user and opened bank accounts/ applied for duplicate social security cards with the victims’ identites and done similar stuff, cheating them of their resources and often commiting crimes pretending to be the vicim. It can get bad!

BOTS can also be use to install virus or other spyware on your system which can in turn be used to eavesdrop on you and do stuff that you wouldn’t want.

How do BOTS get past CAPTCHA?
I’ve hinted at the answer to this question above. I found this statement on http://jetbots.com, a software company which specializes in programming BOTS and selling them:

*CAPTCHA Bypasser
We have just teamed up with a third-party CAPTCHA service and integrated their service in all of our bots (optional). You need to buy credits from a 3rd Party website, imagetotext.com and just type your user/pass in our software (if you want the software to bypass the CAPTCHAs) and everything is automatic from there – Just like you type the CAPTCHAs manually, the software will bypass the CAPTCHAs. We have added this service in our bots because we know that CAPTCHAs’ sucks And on request of lots of our loyal customers, just like YOU Thank you.

It comes as no surprise. The Great Wall of China was so designed that it could not be breached. But it was breached only because the guard was bribed.

What can you do?
BOTS will be there; there’s nothing we users can do about it. Only the website developers can do anything in this regard. We can only exercise caution when we accept friend requests from people we don’t know. We must not put confidential content about ourselves that can be used to clone us. We must not click on links we don’t trust. What else?

Accessing Operating System Environment Variables in Apache (Fedora)

I was facing the problem of accessing the Operating System Environment Variables in Apache. After searching a lot, I got to know that there are environment variables in apache too. Although these variables are referred to as environment variables, they are not the same as the environment variables controlled by the underlying operating system. Instead, these variables are stored and manipulated in an internal Apache structure.

For setting the operating system environment variables to be used by apache, we will export these variables to the apache server when it starts. The procedure is as follows :

0. Switch to root.

1. Open /etc/init.d/httpd in vim

vim /etc/init.d/httpd

2. You will find following lines

# Source function library.
. /etc/rc.d/init.d/functions

Open /etc/rc.d/init.d/functions in vim

vim /etc/rc.d/init.d/functions

3. You will find following lines

# Set up a default search path.
PATH="/sbin:/usr/sbin:/bin:/usr/bin"
export PATH

Now append whatever environment variables you want to set and accessed by apache.

VAR="/path/to/var"
export VAR

For example,

LD_LIBRARY_PATH=/usr/local/lib:/usr/local/cuda/lib
export LD_LIBRARY_PATH


You could have added these lines anywhere in the file.

4. Save the file and restart the apache server.

/etc/init.d/httpd restart

Hope it helps. I will add the fix for Ubuntu soon.

SVN Proxy Settings

Subversion (SVN) is a version control system used to maintain current and historical versions of files such as source code, web pages, and documentation.

If you are behind a proxy you will have to set the proxy before using svn.

The procedure for the same goes as follows :

1. Open “servers” file located in “.subversion” directory in your home directory.

vi ~/.subversion/servers

2. You will find following lines of code located in the file

[global]
# http-proxy-exceptions = *.exception.com, www.internal-site.org
# http-proxy-host = defaultproxy.whatever.com
# http-proxy-port = 7000
# http-proxy-username = defaultusername
# http-proxy-password = defaultpassword

Set the appropriate values and remove the ‘#’ from the beginning. Make sure you don’t leave any whitespaces at the front of the lines being edited.

After editing the code will look like

[global]
http-proxy-exceptions = *.exception.com, www.internal-site.org
http-proxy-host = defaultproxy.whatever.com
http-proxy-port = 7000
http-proxy-username = username
http-proxy-password = password

3. Save the file and exit.

You are now ready to use svn.

Setting NumLock on automatically in Fedora

The NumLock is not activated by default at start-up (in FC-9/10). I am not sure of the fact in other distros. Everytime when the computer starts, you have to manually activate the NumLock key.

The following solution works :

Execute the following commands as root in a terminal.

1. Install numlockx

yum install numlockx

or

Install using numlocx rpm.

rpm -ivh numlockx*.rpm

2. gedit /etc/gdm/Init/Default

3. At the end of the file you will find a line like

exit 0

Above this line add the following code

if [ -x /usr/bin/numlockx ];
then /usr/bin/numlockx on
fi

4. Save the file and restart the computer.

You will find the NumLock activated by default at startup.

Wireless Problem on fedora 8/9/10

This post is for those people who are not able to use wireless on Fedora 8/9/10. The problem arises in computers with Broadcom wireless cards as the drivers are not packaged with the Operating System. I first encountered this problem on Fedora 9. That time I had to use NDISwrapper to wrap the wireless driver. That was quite a tedious task.

After moving to Fedora 10, I had to again set up the wireless drivers. But what I found was that RPM’s are available for Broadcom 802.11 STA Wireless Driver from rpmfusion.org for Fedora 8, 9 and 10. It means that you now have an easy way to set your wireless working.

To install the drivers using yum, follow the following steps :

1. Enable the rpmfusion non-free repository and rpmfusion non-free repository.

su -c 'rpm -Uvh http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpm'

2. Update & Install the driver.

su -
yum update
yum install broadcom-wl

3. The installation is done. Reboot your computer. Enable Network Manager and you will see your wireless device working.

P.S. The above procedure is applicable to Broadcom’s BCM4311-, BCM4312-,BCM4321-, and BCM4322-based wireless card.You can check your wireless card type by typing ‘lspci’ command.
If the last line of the output matches the following line, then you are
having a Broadcom based wireless card.
0b:00.0 Network controller: Broadcom Corporation BCM43** 802.11b/g (rev 01)