How to Clean & Secure Your Website from Iframe virus

This page is a starting-point resource – one we expect to evolve and grow over time – to provide webmasters with tips for ways to remove badware and other badware behaviors from your website and to help keep it free of badware in the future. Please note that this resource is by no means comprehensive or exhaustive and is intended only as a first step for webmasters concerned about badware. We encourage webmasters and hosting providers to research website security independently, beyond the suggestions offered here. It is the responsibility of individual webmasters and hosting providers to stay informed of news relating to website security issues.

There are three basic steps to maintaining a clean site:

1. Identifying badware behavior on your site
2. Removing badware behavior from your site
3. Preventing badware behaviors in the future

Identifying badware on your site

The first step to keeping your website badware-free is to check for any badware or badware behaviors that may already be on your site. Badware is software that fundamentally disregards a user’s choice over how his or her computer will be used. Many sites with badware problems are not actually hosting badware themselves, but instead exhibit other “badware behaviors” such as automatic redirects or prominent links to badware on other sites. Often these badware behaviors are the result of hacking attacks or compromised third-party content, such as ads, rather than any deliberate actions by the website’s owner. You can learn more about badware and badware behaviors in our Guidelines.

When looking for badware on your site, especially badware due to hacking attacks, please remember to check the source code of your site as it is currently hosted on your web servers. Many site owners mistakenly look just at the website files they have on their own computers, and so miss seeing the evidence of attacks to the site itself.

If your site has been flagged with a malware warning by Google, check the Google Diagnostics page for your site for more information about the problems Google found.

Here are some common types of badware to look for:

1. Badware available for download on your site

Evaluate the software that you are offering for download – including any third-party applications that are bundled with your software – based on StopBadware’s Software Guidelines. If the software that you are offering for download violates our guidelines, then it constitutes badware.

If your software is bundled with third-party applications, you may also want to check whether the bundled applications install any dangerous or deceptive code. One method for detecting this is to download the entire software bundle onto a virtual machine and scan it using anti-virus or anti-spyware programs.

Read More here+++++

PHP – Prevent SQL Injection

SQL injection vulnerabilities have been described as one of the most serious threats for Web applications. Web applications that are vulnerable to SQL injection may allow an attacker to gain complete access to their underlying databases.

Because these databases often contain sensitive consumer or user information, the resulting security violations can include identity theft, loss of confidential information, and fraud. In some cases, attackers can even use an SQL injection vulnerability to take control of and corrupt the system that hosts the Web application.

SQL injection refers to a class of code-injection attacks in which data provided by the user is included in an SQL query in such a way that part of the user’s input is treated as SQL code.By lever-aging these vulnerabilities, an attacker can submit SQL commands directly to the database. These attacks are a serious threat to any Web application that receives input from users and incorporates it into SQL queries to an underlying database.

The cause of SQL injection vulnerabilities is relatively simple and well understood: insufficient validation of user input.

ypes of SQL injection attacks:
__________________________

____

Union Query:
In union-query attacks, an attacker exploits a vulnerable parameter to change the data set returned for a given query. With this technique, an attacker can trick the application into returning data from a table different from the one that was intended by the developer.

Attackers do this by injecting a statement of the form: UNION SELECT <rest of injected query>.

Because the attackers completely control the second/injected query, they can use that query to retrieve information from a specified table. The result of this attack is that the database returns a dataset that is the union of the results of the original first query and the results of the injected second query.

1: 2: 3:

SELECT accounts FROM users WHERE login='' UNION SELECT cardNo from CreditCards where acctNo=10032 -- AND pass='' AND pin=

Assuming that there is no login equal to , the original first query returns the null set, whereas the second uery returns data from the CreditCards table. In this case, the database would return column cardNo for account 10032. The database takes the results of these two queries, unions them, and returns them to the application.
In many applications, the effect of this operation is that the value for cardNo is displayed along with the account information.

Read more about this article

10 Needful Steps to Help Cut Costs in the Slow Economy

There’s no escaping the slowing economy. Layoffs are being announced and companies are in cost cutting mode. Whether you are a tech at a big company or a small one man operation it’s time to cut the fat before you get cut out of work. Unnecessary expenses have to go and inefficient ways of working need to be analyzed and improved.

If done right, the use of some technologies can greatly reduce costs and make us more efficient.

Here are ten technologies every techie should consider to help cut costs in this slow economy:

1) Open Source
Dump the high cost proprietary systems for equivalent open source systems where you can. There are many operating systems, databases, content management systems, communications tools, networking and administration tools that are open source and free to use. Choose mature products with a strong community following and plenty of available support options either via developers or third party support offerings.

2) Software as a Service
Instead of spending money on time on developing complex in-house solutions to CRM, support and project management use SaaS providers such as Sales Force, Google, 37Signals and Right Now . Not only do you save money by using these third party tools by cutting development costs, but you also reduce costs on specialized hardware to run similar in-house solutions. Many SaaS solutions can also be integrated via the providers API’s.

3) Virtualization
Do you have multiple servers and workstations handling different tasks? Combine them into one machine. With virtualization suites such as ones offered by VMware you can take one machine and turn into multiple virtual machines. One machine can act as your web server, your network share and your exchange server. Each virtual machine will work independent of the other and optimize utilization of hardware resources.

4) Thin Clients
Employees no longer need to use expensive machines for light computing work such as emailing and using basic office work. Low powered thin-clients connected to a single multi-core system with x64 architecture and virtualization can power the work of multiple employees. Besides better utilization of hardware and energy, you also introduce efficiency for IT managers by reducing the # of systems they have to manage.

5) Enterprise 2.0
Get your organization connected and sharing information. Use intranet systems with built in messaging, voice messages, wikis, profiles and contact information. Keeping your employees connected and sharing information about your business can keep the organization from making costly decisions.

6) Digital Documents
Move as much of your company’s paper usage to digital as you can. Not only do you save money with printing you also save money on office space to store all that paperwork. Other ways to save more on printed costs is move to email for memos and letters. Also consider e-fax services as an alternative to fax machines.

7) Fast Efficient Networks
Using all these cost savings technologies will require a fast internal network and fast bandwidth coming in. These days companies and individuals can subscribe to fiber-optic bandwidth providers. With higher bandwidth network such as fiber lines, you can also server voice and video through the same connection. Internally make sure you’ve upgraded as much of your hardware to gigabit speeds. Newer networking gear tends to be more energy efficient and capable of handling faster network speeds. A fast network means less waiting for employees and more working.

8 ) Data Storage
Storing as much of your company’s data and information on the network keeps it accessible for employees and staff to use at any time from any location. This saves employees from physically having to search for the required data or information. The time savings will make your staff more efficient. Saving data on cheap mass storage hard drives saves you office space for storing documents and paper work.

9) Wireless
With wireless connectivity employees can work from anywhere. They are no longer stuck to their desk and their mobile systems such as laptops can move with them from meetings to conference areas. An added benefit of wireless systems are the savings in running wire for hard networking.

10) Virtual Office
Cut the overhead costs of keeping employees on site by allowing them to work from home. Virtual offices reduce the amount of resources required for equipment and office space. Many companies have already instituted virtual office policies and have realized great results from doing so. With virtual offices upfront investments in secure networking will be required. Setting up VPNs and access to other network resources for employees will be a must.

Copied from bytes.com

Some PHP AJAX Frameworks..for your development

Sajax:

Sajax is an open source tool to make programming websites using the Ajax framework — also known as XMLHTTPRequest or remote scripting — as easy as possible. Sajax makes it easy to call PHP, Perl or Python functions from your webpages via JavaScript without performing a browser refresh. The toolkit does 99% of the work for you so you have no excuse to not use it.

Official Site: Sajax

Xajax:

xajax is an open source PHP class library that allows you to easily create powerful, web-based, Ajax applications using HTML, CSS, JavaScript, and PHP. Applications developed with xajax can asynchronously call server-side PHP functions and update content without reloading the page.

Official Site: xajax

Cake PHP:

Cake is a rapid development framework for PHP which uses commonly known design patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC. Our primary goal is to provide a structured framework that enables PHP users at all levels to rapidly develop robust web applications, without any loss to flexibility.

Official Site:Cake PHP

Saja:

Saja is a lightweight, open-source AJAX scripting engine for PHP4/5, with optional secured data transfer. It is designed for the speedy creation of simple, secure, and maintainable AJAX applications, without the need to write any JavaScript.

Official Site:Saja

Ajason:

PHP 5 library and JavaScript client for AJAX. Fetch data asynchronously and develop interactive GUI-like Web applications. Call PHP functions and object methods from JavaScript and exchange even complex data types between client and server.

Official Site:ajason

Open-source PHP applications that rules the world !!!

From managing databases to shopping, writing blogs to sending emails. Ten years of passion, great software architectures, team work and revolutionary ideas. Here are the most influential open-source PHP applications to date:

1998

phpMyAdmin

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges, export data into various formats and is available in 50 languages. Development is backed up by the phpMyAdmin team.

1999

SquirrelMail

SquirrelMail is a standards-based Webmail package. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages are rendered in pure HTML 4.0 for maximum compatibility across browsers. It has very few requirements, and is very easy to configure and install. It has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation.

PHP-Nuke

PHP-Nuke is a Web portal and online community system that includes Web-based administration, surveys, access statistics, user customizable boxes, a themes manager for registered users, friendly administration GUI with graphic topic manager, the ability to edit or delete stories, an option to delete comments, a moderation system, referer tracking, integrated banner ad system, search engine, backend/headlines generation (RSS/RDF format), Web directory like Yahoo, events manager, and support for 33 languages and 9 database servers.

2000

eZ Publish

eZ Publish is an Enterprise Content Management platform with an easy to use out of the box Web Content Management System. It is available as a free Open Source distribution and serves as the foundation for the rest of the eZ Publish Product Family. As a CMS it’s most notable feature is its revolutionary, fully customisable and extendable content model. It is also a platform for general web development, allowing you to develop professional PHP applications. Standard eZ Publish functionality: easy to create and edit content, workflow system, content versioning, multilanguage possibilities, collaboration, e-commerce functionality, revolutionary content class system, role based access control are implemented and ready for you to use. High quality software and total product responsibility from eZ systems make eZ publish the leading Open Source Enterprise Content Management System. Enterprises, governmental offices, organizations and educational institutions trust eZ Publish.

osCommerce

osCommerce is an open source e-commerce solution under on going development by the open source community. Its feature packed out-of-the- box installation allows store owners to setup, run, and maintain their online stores with minimum effort and with no costs involved. osCommerce combines open source solutions to provide a free and open development platform, which includes the powerful PHP web scripting language, the stable Apache web server, and the fast MySQL database server.

phpAdsNew

OpenX began as phpAdsNew, a fork from a similar project called phpAds, created by Tobias Ratschiller in 1998. OpenX is a hugely popular, free ad server designed by web publishers for web publishers. It provides everything you need to manage your on-line advertising. It allows paid banners to be easily rotated along with your own in-house advertisements, and can even integrate banners from third party advertising companies.

phpBB

phpBB is a fast, efficient discussion board program built in PHP with a muti-database backend. Features include: posting, replying, private messages, polls, username/ip banning, strong encryption for storing passwords, user rankings, very advanced access control for private forums, full templating, simple yet robust translation system and much more.

2001

Gallery

Gallery is a slick Web-based photo album written using PHP. It is easy to install, includes a config wizard, and provides users with the ability to create and maintain their own albums in the album collection via an intuitive Web interface. Photo management includes automatic thumbnail creation, image resizing, rotation, ordering, captioning and more. Albums can have read, write, and caption permissions per individual authenticated user for an additional level of privacy.

Drupal

Drupal is a modular content management system, forum, blogging and community engine. It is database driven and can be used with MySQL, MySQLi and PostgreSQL. Its features include (but are not limited to) discussion forums, Web-based administration, theme support, a submission queue, content rating, content versioning, taxonomy support, user management with a fine-grained permission system based on user roles (groups), error logging, support for content syndication, locale support, and much more. It is considered to be an excellent platform for developers due to its clean code and extensibility, and it can also be used as a Web application framework.

2002

MediaWiki

MediaWiki is a web-based wiki software application used by all projects of the Wikimedia Foundation, all wikis hosted by Wikia, and many other wikis, including some of the largest and most popular ones. Originally developed to serve the needs of the free content Wikipedia encyclopedia, today it has also been deployed by companies for internal knowledge management, and as a content management system. Notably, Novell uses it to operate several of its high traffic websites.

2003

WordPress

WordPress is a state-of-the-art, semantic, personal publishing platform with a focus on aesthetics, Web standards, and usability. It was born out of a desire for an elegant, well-architected personal publishing system. While primarily geared towards functioning as a Weblog, WordPress is also a flexible CMS capable of managing many types of Web sites. In addition to the basic blog functions, it also has an integrated link manager (e.g. for blogrolls), file attachments, XFN support, support for stand-alone pages, Atom and RSS feeds for both content and comments, blogging API support (Atom Publishing Protocol, Blogger, MetaWeblog, and Movable Type APIs), spam blocking features, advanced cruft-free URL generation, a flexible theme system, and an advanced plugin API.

Zencart

Zen Cart™ truly is the art of e-commerce; free, user-friendly, open source shopping cart software. The ecommerce web site design program is being developed by group of like-minded shop owners, programmers, designers, and consultants that think ecommerce web design could be and should be done differently.Some shopping cart solutions seem to be complicated programming exercises instead of responding to users’ needs, Zen Cart™ puts the merchants and shoppers requirements first. Similarly, other shopping cart software programs are nearly impossible to install and use without an IT degree, Zen Cart™ can be installed and set-up by anyone with the most basic web site building and computer skills.

2004

SugarCRM

SugarCRM is a complete CRM system for businesses of all sizes. Core CRM functionality includes sales force automation, marketing campaigns, support cases, project mgmt, calendaring and more. Built in PHP, supports MySQL and SQL Server.

2005

Joomla!

Joomla! is an award-winning Web-based content management system. It provides for split front end content access and backend administrator access. Group-based access control allows for different levels of system control for both the site and the administrator. The Joomla! framework allows for extension by installable components (applications), modules (template blocks), languages, templates, and mambots (plugins that enhance system functions).

Symfony

Symfony is a full-stack framework, a library of cohesive classes written in PHP5. It provides an architecture, components and tools for developers to build complex web applications faster. Choosing symfony allows you to release your applications earlier, host and scale them without problem, and maintain them over time with no surprise. Symfony is based on experience. It does not reinvent the wheel: it uses most of the best practices of web development and integrates some great third-party libraries.

OrangeHRM

OrangeHRM aims to be the world’s leading open source HRM solution for small and medium sized enterprises (SMEs) by providing a flexible and easy to use HRM system affordable for any company worldwide.The project was started during fall 2005 and the first beta release was made in January 2006. Today OrangeHRM has users worldwide enjoying a free, stable and highly usable HRM solution. The system is backed by professional support and services as well as a fast growing, receptive and knowledgeable worldwide open source community. By building and leveraging this community of users, developers and partners, the usability, scope and international adoption of OrangeHRM is continuously being improved.

2006

Zend Framework

Extending the art & spirit of PHP, Zend Framework is based on simplicity, object-oriented best practices, corporate friendly licensing, and a rigorously tested agile codebase. Zend Framework is focused on building more secure, reliable, and modern Web 2.0 applications & web services, and consuming widely available APIs from leading vendors like Google, Amazon, Yahoo!, Flickr, as well as API providers and cataloguers like StrikeIron and ProgrammableWeb.

2007

Magento eCommerce

Magento is a new professional open-source eCommerce solution offering unprecedented flexibility and control. It was designed with the notion that each eCommerce implementation has to be unique since no two businesses are alike. Magento’s modular architecture puts the control back in the hands of the online merchant and places no constraints on business processes and flow.

Cake PHP

CakePHP is a rapid development framework for PHP that provides an extensible architecture for developing, maintaining, and deploying applications. Using commonly known design patterns like MVC and ORM within the convention over configuration paradigm, CakePHP reduces development costs and helps developers write less code.

My best 66 Web2.0 sites on the Web !!!

I’ve put together a list of 66 Web2.0 sites. As far as I can tell, they pretty much the best the web have to offer. If you have any suggestions on new, up and coming sites, please drop it in the comments below.

feedburner.com/fb/a/home

FeedBurner helps online publishers – anyone producing content on the web – to manage, promote and monetize their distributed media.

attensa.com

Use Attensa in conjunction with Outlook in order to keep yourself and your team up-to-date.

wetpaint.com

Wetpaint’s wikis come fully equipped with smart navigation, tag clouds, awesome editing interfaces and neat customization features that allow users to make their wikis as beautiful as possible.

twitter.com

Find out what other people are doing in real time. Become part of a world-wide community that keeps in touch by answering the question, “what are you doing?”

last.fm

Let Last.fm take note of what you like to listen to and let is present you with music it thinks you’ll also enjoy. Take a look at what other people are listening to and what’s hot in the community.

statsaholic.com

Keep track of sites’ popularity, as reported by Alexa. Compare sites’ stats and download widgets for your blog.

maps.google.com

The web’s most popular and concise collection of maps and satellite images. Get directions, view amazingly detailed images of landmarks or zoom in on your favorite locations!

plugim.com

A social news site, this is the place to find what people are currently talking about in the world of internet marketing.

furl.net

Store your favorite corners of the internet and let others discover the cool stuff you’ve found. Comment on the content you find and read what other users are saying about your bookmarks.

clipmarks.com

Save the web content that makes you sit up and take notice, not just the webpage you found that content on. Share that content with others in the hope that it will make them think, “wow!” as well!

lulu.com

Avoid the hassles of publishers and agents – publish your own manuscripts with Lulu. Browse the content that others have published via the site and vie to be featured on Lulu’s front page!

biblio.com

Search for out-of-print books from independent booksellers and buy them through Biblio’s user-friendly site.

librarything.com

Connect with people who read similar books to you, and get suggestions as to what you should read next.

squidoo.com

Create a Squidoo “lens” to market yourself, your products or just something that you’re passionate about. View and rate other people’s lenses and hope your content is rated well by others!

Continue reading →

9 open source script for commercial use.

I like opensource. It was the best free stuff for us.

1. Post Affiliate FREE

Post Affiliate is freeware affiliate system written in PHP. It allows you to easy set up and maintain your own affiliate program.

Development Status: Production/Stable

License: GNU General Public License (GPL)

Operating System: Unix

More Detail
Free Affiliate Software

Download Link
http://www.qualityunit.com/members/d….php?product=2

2. affmarket

“Affiliate Market” from Indonesia by Arif Hidayat. A web store with affiliate system in PHP side-server language and MySql database, it’s originally from simple open source (post affiliate) that re-concept and many additional feature (also from other open source and my freaky idea). Millist affmarket : PHP opensource – Affiliate Market

Development Status: Beta

License: GNU General Public License (GPL)

Operating System: All

Download Link
http://www.affilit.co.uk/32456/affilit3.zip

3. Sonic Affiliate

Sonic Affiliate is a open source, web based, affiliate marketing program that we developed. It is loosely based on PHP Affiliate 1.2 and POST Affiliate 1.3, but it is much more powerful.

Development Status: Beta

License: GNU General Public License (GPL)

Operating System: POSIX

More Detail
Sonic Affiliate | SonicFog Web Development | Affiliate, Database, Program, License, Strategies, Lang

Download Link
http://sonicfog.com/sonic_affiliate/sonic_affiliate.zip

4. WorkHub

A web based, downloadable project management system that organises web and software development teams and automates some of the more repetitive tasks.

Development Status: Production/Stable

License: Free for non-commercial use

Operating System: WinXP

More Detail
Welcome to SoftwareMonkeys.net

Download
Register – SoftwareMonkeys.net

5. Affilit

Affilit : Is a Affiliates Network Program and is now fully developed. The script promotes webmasters web sites. It is a Great script for webmasters with multiple website’s, no need to buy a licence for each website just set it up and advertise all your website’s on one program.

Development Status: Production/Stable

License: GNU General Public License (GPL)

Operating System: Not Available

More detail
Affilit’s Affiliate Network Program

Download
Download Affilit

6. AffiliStore
AffiliStore 2 creates a multi-page affiliate marketing price comparison website from multiple merchant csv product feeds. This version of AffiliStore has some excellent features which will allow you to build and maintain a successful affiliate website.

Development Status: Production/Stable

License: GNU General Public License (GPL)

Operating System: Win 2000, XP, Mac

More Detail
Affiliate Marketing Price Comparison Websites | AffiliStore

Download Link
http://www.affilistore.com/include/a…2-download.php

7. OpenAds
OpenX is a hugely popular, free ad server designed by web publishers for web publishers. It provides everything you need to manage your online advertising.
Make more money from online advertising today.

More Info
OpenX: Take control of your advertising | OpenX

Download Link
Download | OpenX

8. elgg
Create your own social network, quickly and easily. Elgg allows you to take full advantage of the power of social technology with elegant, flexible solutions for organisations, groups and individuals. Elgg wins best open source social networking platform 2008.

More Info
Elgg.org

Download Link
Elgg.org – downloads

9. PHPizabi
PHPizabi is one of the most powerful social networking platforms on the planet. With literally thousands of websites powered by PHPizabi including everything from simple friends sites to the most complex networking super sites out there. Easy to install, use, and raising the bar on what it is to provide a reliable, fast, social networking package to raise your business to the next level.
More Info
PHPizabi – Create Worlds

Download Info
PHPizabi – Create Worlds