Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - BoL

Pages: [1] 2 3 4
Water Cooler / What's wrong with SERPs today
« on: November 30, 2018, 12:49:19 AM »
Part of my remit with Mojeek is to identify how to improve search engine results.

There's an emphasis on being a strong alternative to main search engines just now.

Obviously within this group there's an insane amount of experience in information retrieval and Google's weaknesses.

Free hand, how you you improve search results from your own perspective?

One line of thought I see often is simply offering an alternative to the strong brands that prevail in lots of results, and offering 10 different blue links. Separately, do you think there's a utility for offering  a toolbar/form that provides a way to customise the ranking algorithm? Is it just an interesting toy or real world useful option?

Hardware & Technology / Cloudflare Nameservers
« on: October 25, 2018, 01:21:34 PM »
A C&P from what I've posted on a FB group - if you like hiding domains behind cloudflare but want to vary the nameservers a bit, this is useful.

Something possibly useful for you, a list of Cloudflare nameservers. - 436. Quite likely not all of them but a decent chunk. Something interesting I noticed is that their 'add domain / change nameserver' process gives you two specific nameservers to change to, they do this in case there's multiple people trying to add the same domain at the same time. It seems that after verification, you're free to change to any of the other namesevers. I haven't tested over a longer period of time, but it seems useful if not for simple diversity, and saves you creating multiple accounts. YMMV.

Hardware & Technology / Useful bookmarklets
« on: August 24, 2018, 04:39:07 PM »
I'm just tidying up my bookmarks and thought I'd share these which may be of use, feel free to add others you use

Visual Event - Highlight all events on a page

View Source - Show the source of a page (thanks to th3core)

G Serp Ranks - Prepend organic SERPs with a rank

Traffic / Best way to get into wikipedia?
« on: July 21, 2018, 08:16:59 PM »
Pretty much as per title. I have a topic that IMO totally 'deserves' a page but on a previous attempt the editors deemed it wasn't worthy.

Water Cooler / More Data Leaks - Exactis, 340 million records
« on: June 29, 2018, 11:48:24 AM »

"simply used Shodan to search for all ElasticSearch databases visible on publicly accessible servers with American IP addresses. That returned about 7,000 results. As Troia combed through them, he quickly found the Exactis database, unprotected by any firewall."

"Each record contains entries that go far beyond contact information and public records to include more than 400 variables on a vast range of specific characteristics: whether the person smokes, their religion, whether they have dogs or cats, and interests as varied as scuba diving and plus-size apparel."

Traffic / History of Search Engines Posts
« on: June 05, 2018, 10:00:01 AM »
Plenty of you I'm sure have read those mega long blog posts that cover the general timeline of search engine evolution, I remember reading some but never bothered to bookmark or remember who wrote them, they just seemed cool to read at the time. They tended to be written by SEOs who'd seen the day to day news and gradual changes implemented.

I'm interested in one that covers the general timeline of engines, mainly Google and how the real estate for organic has shrank, and how privacy has been eroded.

It'll be used by someone whose relatively inexperienced that can muster some context and facts from those articles

Do you recall any good ones (in the context of they covered the points you felt were most important)? Might need to check the wayback machine if it's older but relevant.

Web Development / Language Detection / Template Extraction
« on: May 18, 2018, 08:54:59 PM »
I'm in need of two tools or at least some inspiration for best practice

1st is detecting languages used on web page, as some tests show that lang attributes are accurate 80% of the time, so something more robust that actually looks at the content. I'm aware of a technique that looks at two-three character combos which apparently works well, also perhaps popular words from each language. Anyone seen an implementation (with code or explanation) that works well?

2nd is somewhat related, evaluating 1 or more web pages from a domain and being able to detect the main content area of a page. Seen anything that claims to work well (code or explanation would be great)

In an official statement Thursday, the European Commission announced it will cancel all 300,000 domains under the .eu top-level domain that have a UK registrant, following Britain's eventual departure from the European Union

So hopefully there's no UK registrants of .EU domains with a prominent domain...

Best comment:
It's to all that, then?

Water Cooler / Google's shortfalls laid bare
« on: December 20, 2016, 07:31:28 PM »

Google has said it is "thinking deeply" about ways to improve search, after criticism over how some results - including ones discussing the Holocaust - were ranked.

If they'd stuck to showing 10 blue links and ads maybe it wouldn't be so bad...

Water Cooler / Distributed Card Hacking
« on: December 05, 2016, 08:56:25 PM »

Starting with just the first six digits of a card, the system guessed the remaining details and tried the combinations on many sites at the same time.

Sounds pretty clever, basically they are exploiting validation much in the same way messages about "wrong username" or "wrong password" instead of "wrong username or password" messages divulge TMI for login data.

From the paper linked to in the article

Moreover, if  individual merchants we re  trying to improve their security by  adding more payment fields  to  be verified on their site , they  potentia lly  inadvertently weaken the whole  system by creating an opportunity to guess the value  of another  field , as  explained later in the article

vulnerabilities described in this article apply to cards that do not enforce centralised checks across transactions from different sites. Our experiments were conducted using Visa and MasterCard only. Whereas MasterCard’s centralised network detects the guessing attack after fewer than 10 attempts (even when those attempts were distributed across multi ple websites) , Visa ’s payment ecosystem does not prevent the attack ( see Section VI. D ). Because Visa is the most popular payment network in the world, the discovered vulnerabilities greatly affect the entire global online payments system.

Guessing an expiry date takes at most 60 attempts(banks typically issue cards that are valid for up to 60 months), and subsequently,guessing the 3-digit CVV2 takes fewer than 1,000 attempts. Hence, expiry date and CVV2 are guaranteed to be obtained within 60 + 1,000 = 1,060 guesses.



Ivan Kwiatkowski knows plenty about how these shenanigans go down, and unfortunately for the would-be scammer on the other end of the remote connection he also knows a fair bit about social malware. Kwiatkowski played along, allowing a scammer named Dileep to connect to his virtual machine — which he’d intentionally left vulnerable —  and played dumb while various DOS commands were run to make him think his machine was riddled with malware.

Web Development / WebHostingTalk Hacked
« on: July 09, 2016, 11:33:48 AM »
Their database for sale, I don't think they've announced this anywhere yet.

Since we're all experienced here I'm sure we'd have used different passwords there if signed up already ;)

From the offer:
On TheRealDeal website, a vendor with a solid reputation is offering the Mac-Forums database for ~$775.00, which includes 291,214 accounts.

The Hot Scripts database, with more than a million users, is currently going for ~$1,900.00.

The Web Hosting Talk database, with 498,321 users, is also available for ~$1,900.00.

Hardware & Technology / Update your webmin/virtualmin
« on: May 26, 2016, 11:18:55 AM »
There's a security bug in Authentic Theme shipped with Webmin devel versions 1.794 and 1.795; if you use any other theme, you're not vulnerable; and if you're running a non-devel version (1.790) you're not vulnerable. We'd audited Authentic for security issues before adding it to the default Webmin package a few months ago, but a new feature got added to the theme recently without proper code review.

Since it's the kind of bug that could end up getting your entire server owned, best patch it if it applies to you.

Apparently it's being used in the wild and the devs have just been brought up to speed on it.

Pages: [1] 2 3 4