Hacker for Hire

Every now and again, I get the chance to help someone out and I just thought I’d share this one for a couple of reasons. First, I like helping people. Second, it shows that there are solutions to common problems on the Internet that don’t require delving into the illegal and unethical side of things.

I received an email from Raili with the following:

Hi Wyatt

My name’s Raili and I’m in Thunder Bay, Ontario.

A new client of ours has a serious website conflict and I’m looking for advice. Several years ago a fly-by-night web guy bought them a domain, built them a terrible site and then, before even finishing it, left the country for parts unknown: no forwarding address. Since then the client’s bought a new domain and we’ve designed a nice site for them, but despite advertising efforts people are still stumbling across the old website which nobody can alter, take down, redirect or ANYTHING until 2010. We’ve got a massive fundraising effort underway for them and an important event about to be launched and I’m really worried that people are going to go to the old site and be baffled or turned off and we’ll miss our chance to collect their donations.

Client’s real site: [withheld]
Client’s unfixable site: [withheld]

Can you offer advice – we haven’t found anyone locally who can help us.

Warm regards,
Raili

My reply:

Raili,

I pulled the whois information on the unfixable domain and I found the
following:

[-- lots of whois information --]

While it seems like a lot of information, it does provide you with some important details. First, you domain registrar is InnerWise Inc. Since your organizational information matches the domain information, you should be able to contact them and tell them you’ve had an administrative change and that Ning Zhang is no longer your administrator and you need to resolve the issue that he has the passwords to this domain. It will take several phone calls and you sending in your information in paper form in more ways that will be pleasent; however, if you are persistent and can provide all the proof that you are your organization, you should be able to regain control of the domain since it has been registered to your organization.

I hope this helps and remember, be persistent. Talk to managers, talk to phone representatives, and re-enforce the fact that you are a non-profit organization and above all, do not give up. This process is painful for your protection (say someone tries to pretend to be you and steal the domain) but it is not impossible.

Good luck,

Wyatt

The success in the response:

Wyatt-
Thanks so much for your help. The WHOIS info got me to the registrar and they were very helpful. (nice tech support folx!) We had things sorted out by the afternoon. If by some weird twist you ever meet [name withheld] please take a few of his teeth out for me and tell him that was from [business name withheld].

I’ve read a couple of the postings on your site and have to tell you how impressed I am by your command and consistent defense of the English language. Hope your business is doing well – you deserve it.

Again – thanks, it was totally unexpected and gratifying to have your help.

Raili

I’m really glad I could help Raili out and actually see it happen for a change. Normally, I never get a response back from the first email. This also points out a few good points to keep in mind from a business / web-perspective.

1. If you’re a business owner, make sure your domain names are registered in your business’s name. Raili was able to get the domain information changed because he could provide business charter information and validate ownership of the business
2. Make sure you buy the all domain names (.org, .net, .com) when you start
3. Persistence pays off

Well, this has been the first disaster / power outage HTG has weathered since we’ve moved to Profitability.net and I have to say I’m stunned. More than 600,000 people are currently without power all over the tri-county area thanks to Hurricane Ike … but HTG has had zero down time.

Kudos Profitability.net, you guys rock.

Update: In retrospect of writing this, I think I’m going to start a new section in the blog called “Tips from a Hack” to hopefully educate people and try to prevent issues like this in the future. If anyone else has suggestion on tips or things they would like to know about, email me.

There are somethings I get asked to do quite frequently, most I won’t do because they are illegal or unethical or some combination of the two. Occasionally, I’ll have people ask me to recover password for them. Most times it’s easy and very doable; however, sometimes there isn’t much I can do due to the nature the request. The other day I got one from a lady that had fallen into a scam.

If you’re ever really bored sometime, find a software product you like and drop it into to Google. For example, Photoshop. You’ll notice one of the “sponsored” links is a site that offers you a download and all you have to do is complete several small, stupid tasks. We’ll after moving around from site to site, they provide you with a file to download, but you’ll need to provide a “password” found by going to another site and searching for some magic term. This is of course all done in an effort to get referrals and advertising and malarkey of that crap.

Most users would hope that after they finshed doing all of this, they would get their software … yea, right. Most times, these site provide corrupted files. Other times, they are password protected with passwords that would never appear on any site. So that’s where I came in. This lady had gone through probably 15 different sites and around $50 to get an update to Photoshop CS3 and just couldn’t seem to get anywhere.

Enter Hacker for Hire.

So I get the file she’s looking at and I can tell right away that things aren’t adding up. First off, I hear the story and I know that it’s just not going to end well. Second, when I get the file, it’s only 6mb. Now I’ve not used Photoshop recently, but I have downloaded other Adobe and it can only be described as bloatware. Don’t get me wrong, Photoshop is great and does and excellent job but it falls into that category where programmers have just given up on how bloated their code gets. Micro-rant asside, there is no way an update from CS2 to CS3 is going to be only 6mb.

So I start to crack the zip file (thank you fcrackzip!) and just let the crack run overnight. The result?

Some would think this is success, but I like to check again just to make sure …

Anyone else see the problem? It’s the right password for the first file in the zip, the directory, but not for the actual content, which is probably another password protected zip file. I thought about taking the time to patch fcrackzip to deal with this, but I already knew the truth. This was a sham, plain and simple.

So a lesson for everyone out there, think twice before you submit any information online. If it sounds to good to be true, it almost certainly is. Try to remember to buy from trusted sources, like Amazon.com or something like that instead of these scam artists.

I’m really, really tired one of our ex-customers. I have allowed to this charade continue on long enough by allowing myself to be over-ruled in decisions on how to handle this situation we have gotten ourselves into. Basically, we have taken the approach that we can be successful in business by being appeasing people. While I’m not opposed to being nice to customers or people, I refuse to yield to threats or attempts to exploit work. That being said, this is the email I considered sending back to Paul, who has been attempting to steal services over the past two years from my team under the guise that he would “sue us for not signing another contract to work with him.”
Continue reading ‘That’s It’ »

Today, I got an email with a file attached asking me to open it to view some “pictures.” Man … I was so excited. I very rarely get viruses or spyware sent to me these days since the email servers clean most of them out … but I got one!!!

The zip file contained one file, film.src. A careful user would have hopefully just deleted this email, being as they didn’t expect it and it came from an unknown person … take that as a security tidbit for free. The observant, yet careless user, would have opened the email looking for picture and saw a screen saver and wondered what the hell was up. This user opened up the file and tossed it into IDA Pro

I’ll update if I find anything cool

OK, so this went painfully … very painfully. Let me reiterate … I flipping HATE H-Sphere and refused to pay $70+ for a service incident that shouldn’t happen because their crew didn’t do their homework with testing and didn’t provide a “here’s what to do if things go wrong” section.

Followed the instructions here.

Did a cpupdate and received this error:

Well, that didn’t work, so lets just try it again:

Unfortunately, searching the Internet and H-Sphere’s site turned up nothing helpful on the issue except this thread … which didn’t match my situation and didn’t have anything in it except telling me to buy a new support request.

So since I refuse to pay for something I’ve already paid for, here’s the solution to fix it for the rest of you:

Then back into the H-Sphere updater:

And the peasants rejoice … until they try to SSH in. The stupid jaild package that’s provided is busted in so may ways. The easiest solution is to just edit /etc/passwd to a real shell location; however, you’ll give up security to make this happen so I’ll leave the choice to you.

Update 07/12/2008:
Fixed the jaild issue. Apparently, when you do the update, if ANY user is logged in and has an actively running process (yes, I tried it multiple ways) … the jail setup fails oddly and doesn’t allow ANY user to log into the system. The solution? Boot all the users off the box:

/etc/init.d/sshd stop
killall sshd

Reconfig the jaild:

/hsphere/local/config/jail/scripts/config_jail

H-sphere’s attempt here

Screw people who talk about work in the damned restroom. When I go in there, I don’t want to hear about how your crap isn’t getting done while I’m trying head natures call. It’s rude, it’s annoying, and I’m fairly certain that if you talk about your work around where people take a shit, it will make your work shittier. And you know what else? Screw you even more for standing the middle of the door way while you talk about whatever is just so damned important it can’t wait 10 secs for some to take a piss.

Screw you. Screw you right in the ear.

I don’t usually like to just copy and paste from other people’s sites; however, I think I’ll make an exception for this one given what I’ve been working on recently. At work, I’ve volunteered to write a process improvement for the design and development of web-based user interfaces and I have to say, this sums it up quite appropriately.

Originally from Tapestry Central

This really isn’t for anyone else other than myself. I’m sick and tired of having to look up all the vim commands to put in my .vimrc file every time I build/logon to a new system. Maybe you’ll get some joy out of the comments. Here it is:

I’ve had my same Windows XP and Office 2003 installation for at least 3 years and I have to say that I cannot understand why I have had to install at least 25 different releases of Microsoft’s Genuine Advantage software. Every time I need to do an update, “We need to make sure you’re version of Windows hasn’t been stolen since the last month you did an update.” It makes me the kind of nuts that only leads to carbines and random notes. I just don’t understand how I’m going to ‘re-steal’ a version of Windows if I haven’t stolen it the first 25 times. And secondly, why in the hell would I steal it? You’re pretty damned optimistic there Microsoft if you think anyone would steal crap.