Threaded Mode | Linear Mode

Oddysey · Apr. 12, 2005, 06:49 AM

Siamesecat;

Could I some how persuade you to post that filter here, please? I don't know where SB found it, and I'm not in the mood to google the whole internet for it, you understand. :o [lol] Cheers

What you describe, and what SB says is happening seems awful far apart in desired actions, I'll bet you'll agree. But still, it'd be nice to have the architect's drawings in front of me, instead of shooting from the hip, as it were. :P Smile!

Thanks,

Oddysey

Oddysey · Apr. 12, 2005, 07:11 AM

SB;

More or less, in some kind of order:

Quote:.... when you referred to using the scope limiter function of the filter, does that mean that I type ^[^/]++myway.com/ (using that exact syntax) in the "URL match" part of the filter......

I see that you've already got some entries in the URL scope field (also known as another way to set bounds, but that's splitting hairs), so let's "stick" MyWay in there right along side your other sites, like this:

(^((*.|)*.hotmail(.*|).com|gmail.google.com|[^/]++myway.com)/)

You were already excluding hotmail and gmail, so we just append MyWay behind another "or" operator, and we're done. Easy, no? [rolleyes]

Quote:Surfing the Internet always comes down to some sort of balance between convenience and security.

Right the first time, me bucko! That's what we're all about, here at the UOPF. B)

Quote:As far as the myway.com homepage is concerned, if I could find another one that gives me what I get from it I would. However, the last time I looked into it I was not able to find a satisfactory replacement.

I might suggest that you get with Shea - he's done some things with his home page that are quite advanced. Perhaps he can give you some pointers on how to "clone" MyWay, and make it work for you. Just a thought, that's all. :P

Quote:The philosophical/moral discussion of whether or not I should have chosen that particular homepage in the first place is, respectfully, a matter for another discussion in another thread.

You're correct, of course, but it doesn't hurt to have context, so don't worry about a short excursion into [offtopic] land! [thumbs]

Quote:I'm a stubborn cuss, but who at least knows better than to come here crying should my system get totally wrecked vis a vis myway.

You're gonna fit right in here, I can just tell that right off the bat! Cheers

Quote:.... sharing awesome blues tunes and chatting.

What is this "blues tunes" of which you speak? (Said the Joker to the Thief.) Big Teeth

Oddysey

skay_baltimore · Apr. 12, 2005, 09:07 AM

Ok, Oddysey - I'll see if I can make this short and sweet. (Unlike the way my ex wife handled our divorce Banging Head

)

1. The filter we've been talking about came WITH Kye-U's Security Pack v 4.31. (It's the 21st filter from the top, right below "Stop Browser Snooping", and it has Siamesecat's credit in brackets next to it.) And the entries that I posted from the URL scope section were already in there; I didn't initially add anything.

2. If Shea's a hankerin, I'd be more than willing to find out what he's done and how he's done it.

3. O.T. excursions - particularly ones that help to establish context - are fine with me. I was just trying to re-focus the attention back to the pedestrian/practical. [smoke]

4. For some totally unknown reason, I tried my own attempt to add myway to the URL scope field, and this is what I came up with.

(^((*.|)*.hotmail(.*|).com|gmail.google.com)/)^[^/]++myway.com/

And it worked.

After I read your post, I re-did the entry exactly the way you typed it, and I got the same result as in the screenshot I posted - the page didn't work any more. I re-did the scope the way I originally had it, and it worked again.

5. "Ya gotta suffer...if ya wanna....sing the blues." (D. Bromberg)

B)

6. Meow!

skay_baltimore · Apr. 14, 2005, 08:27 AM

Well, I'll add this reply (regarding the myway issue) since there hasn't been any further response to my last post. This is part of a line I copied from a MyWay cookie. Obviously, one of the words in it caught my attention immediately. I Googled the line and got a few interesting responses - mainly ad-related, but nothing that I could really comprehend. Here is the line, in case it means anything more to the folks here.

utmccn=(organic)|utmcsr=myway|utmctr=Spyware|utmcmd=organic

regards....

s.

Oddysey · Apr. 15, 2005, 07:32 AM

SB;

Quote:4. For some totally unknown reason, I tried my own attempt to add myway to the URL scope field, and this is what I came up with.

(^((*.|)*.hotmail(.*|).com|gmail.google.com)/)^[^/]++myway.com/

And it worked.

After I read your post, I re-did the entry exactly the way you typed it, and I got the same result as in the screenshot I posted - the page didn't work any more. I re-did the scope the way I originally had it, and it worked again.

Well, this is interesting - I'm not so sure that your scope statement should work at all. [wha] I mean, you merely appended myway to a known good statement, and since you didn't insert an operator (& or |), the theory goes that the & should be implied. If that's the case, then your filter should be reading as:

If not (hotmail OR gmail) AND (not myway), then apply this filter.....

Naturally, my consternation derives from the implication of AND being the normal course of events, but if your scope statement works (and why would I call you a liar?), then it becomes obvious that the OR operator is the "default", when an operator is implied.

That said, we should still be able to condense the three sites down to only one negation operator, and only one trailing backslash. Currently, you have two of each. Let's try this again, building up from the simplest case possible, until we have a complete 'Proxo-ready' statement:

If not (hotmail OR gmail OR myway), then apply this filter.....

In Proxo language, that would read like this: (I'll color the matching parens, just to make them easy to keep track of.)

^(hotmail.com|gmail.google.com|myway.com)/

Next, we add the individual site name qualifiers, like this:

^((*.|)*.hotmail(.*|).com|gmail.google.com|[^/]++myway.com)/

(The original outside set of parens really aren't necessary.)

Note the two OR operators within the red set of parens, and outside of the blue and green ones. All three sites should fall under the opening negator, and all three should be followed by the trailing backslash. If this doesn't work, then I'd certainly like to know why not. :P

Now, there is one place where we can improve this statement, and that is by examining the most likely condition. What site is most likely to meet the conditions under which the filter should be ignored? That's right, your home page. The one you'll hit every time you open your browser. Shouldn't we put that first, so that the statement isn't checked all the way through every time? Yep, sure should. Here's the way I'd do it:

^([^/]++myway.com|(*.|)*.hotmail(.*|).com|gmail.google.com)/

If I was really squirrly, I'd color code it like so:

^([^/]++myway.com|(*.|)*.hotmail(.*|).com|gmail.google.com)/

(You can simply cut and paste this right from here, the colors won't come through to botch up the paste job into the filter.)

Let me know how this works, please. But, I'll be away from my 'puter for the next day or two. Got a big landscape project that came together sooner than expected, and I've gotta ride herd on the hired hands. B) I'll be back, you can count on it. Just when, well, don't lay money on it! :o [lol]

Oddysey

skay_baltimore · Apr. 16, 2005, 01:25 PM

Well by golly - now my homepage is just as pretty as your filter code.
[thumbs]
Thanks for all your help Oddysey. And by any fair standard, your "job" is certainly done as far as helping me exclude my homepage using the filter scope limiter.

[offtopic] (And no...I didn't forget about this thread and all your hard work. I've just been busy trying to get a handle on Proxo's proxy capacity. (I had actually posted a thread years ago at Computer Cops bemoaning the fact that Proxo's internal proxy checker was broken. Now I believe it has been fixed in the 4.5J version, although it tends to indicate that some proxies are giving up the real ISP, while the results of several Proxy testing sites indicate otherwise, so I'm not sure which one is the most accurate.) But even when it works, the internal Proxy checker is a rather slow, cumbersome kind of a deal.

So I set about trying to find an alternative. And I found what I consider to be a pretty nifty freeware proxy finder/tester, called Proxyrama, http://gaamoa.deny.de/ which does a kick *ss job of searching for proxies, then sorting them all out, determining whether or not they work, are truly anonymous, whether they can handle https, whether or not they are gateways, what country they're from, ping rate, etc. It also has a list of fully working anonymous proxies in its database that look really tempting but are dangerous to use (i.e Gov't servers, etc.), and it highlights them in red so that they don't get mixed in with the other proxies. That's a really nice feature and something that taught me how totally unaware I was of that danger before using the program. It also automatically screens out any duplicates, which are inevitable when doing such a broadbrush search for proxies.

And it does it all with basically the push of one button. Once all the proxies are listed, you then have the option of clearing out the non-working ones, gateways, non-anonymous, etc., by clicking the corresponding buttons for each category. Then when that's all done the program can export all the good, clean, brand spanking new filtered ones to a simple text file that is then easily loaded into the Proxo proxy box. It even offers the option to kick into surfing mode, and use it to surf the web. (Since I don't think Proxo is compatible with Proxyrama's surf mode I just use Proxyrama to harvest good, SSL proxies. I currently have a list of about 75, and I just started using the program the other day. And even though that's not a lot, at least I know that they are all HTTPS, and none of them are in the "dangerous" category. In the past, I know I would have been using some of those dangerous servers, because I simply had no idea that some working servers were absolutely to be avoided, and that warning was never posted on any of the proxy server d/l sites I visited.)

Now....
for the rest of the story...

I also traced this same filter to a problem regarding a popup test site.

http://www.popupcheck.com/popup_test.asp

There is at least one test there that works fine with the filter disengaged, but not with the filter engaged. (Under the "Good Popups" section, the very first test. It goes ok until it comes time to close the last window. Then it is unable to close that last window.) I just mention that here (for Siamesecat) since it's my understanding that that's what this thread is for. If that's incorrect, I apologize. But I only offer the info in the spirit of troubleshooting, not criticizing.

Once again, much thanks to Oddysey for all your help, and to Siamesecat for all your efforts in working so hard to provide helpful Proxo filters. Hail

(BTW Oddysey...I trust you were certainly in charge of that landscaping crew.)
Microphone

Heheheh

Oddysey · Apr. 17, 2005, 10:16 PM

SB;

Quote:(BTW Oddysey...I trust you were certainly in charge of that landscaping crew.)

Heheheh

Oh Yeah! More details to come later - middle of the day right now, and gotta go run a few errands. Should be back tonight......

Oddysey

p.s. You're Welcome

!

Oddysey · Apr. 18, 2005, 03:00 AM

OK, I'm back......

SB, I really don't have much more to say. Your proxy searching looks like "fun", but if I need to get around the 'net truly anonymously, I just fire up a TOR session, and I'm in like Flynn. No stems, no seeds, no mess you don't need..... Big Teeth

Other than that, glad you were able to work out what you needed to make the filter work for you. I, Siamesecat, the whole gang here, and most certainly Kye-U hisveryownself, we all want to see Proxo take over the world (of internet users). Or, failing that, then we'll settle for Proximodo doing the job, when kuruden has finished it. [rolleyes]

Keep those cards and letters coming! Big Teeth

Oddysey

skay_baltimore · Apr. 18, 2005, 07:41 AM

Oddysey Wrote:Keep those cards and letters coming!

Oddysey

Will do!

***Kye-U*** · May. 01, 2005, 03:35 AM

Version 4.32 is Released!

Last Updated: April 30th, 2005 - 11:23 PM EST

What's New?

Quote:[-Version 4.32-]
-Added (! : Redir: IDN Exploit - Show real URL I [sd] (In))
http://www.shmoo.com/idn/

-Added (! : Redir: IDN Exploit - Show real URL II [sd] (Out))
http://www.shmoo.com/idn/

-Added (IE: Malformed FILE URL [Kye-U])
http://www.securityfocus.com/bid/12565/info/

-Added (Mozilla: Favicon Exploit [Kye-U])
http://securityfocus.com/bid/13216/discussion/

-Added (Mozilla: Disable Sidebar Add Search Function [Kye-U])
http://securityfocus.com/bid/13211/discussion/

-Added (Mozilla: Memory Access Remover [Kye-U])
http://secunia.com/advisories/14820/

-Modified (Prevent file access [Siamesecat] {Modified by Kye-U})
http://www.securityfocus.com/archive/1/390284

-Modified (Stop Browser Window Tricks [Siamesecat])
--Fixed URL Match False Positive

-Modified (IE: IFRAME Buffer Overflow Exploit [Kye-U])
--Fixed False Positive

-Modified (IE: Status Bar Spoof Exploit [Kye-U])
--Fixed False Positive

-Removed (IDN "xn--" URL Remover [Kye-U])

-Modified certain filters which print "[STRONG]" to display text in RED

http://prxbx.com/forums/index.ph...topic=131&st=0#

Download here!

Siamesecat · May. 02, 2005, 06:25 AM

Kye-U,

In this filter, you had false positives last time because of the bounds:

Code:

Name = "IE: Status Bar Spoof Exploit [Kye-U]"

Active = TRUE

URL = "($TYPE(htm)|$TYPE(js))"

Bounds = "$NEST(<a*>,<(/a|br)>)"

With $NEST, you don't need the wildcard after the tag name. This would work better:

Code:

Bounds = "$NEST(<a,<(/a|br)>)"

Why was the slash added in front of "input" in the bounds?

Code:

Name = "Prevent file access [Siamesecat] {Modified by Kye-U}"

Active = TRUE

Bounds = "<(a|img|/input|(no|)script|applet|object|area)\s*<(/*|br)>"

***Kye-U*** · May. 02, 2005, 08:03 PM

It will still produce a false positive.

This is the link where it occurs:

http://www.neopets.com/faerieland/index.phtml

You posted an update to the "Prevent file access" filter here:

http://prxbx.com/forums/index.ph...pic=131&st=240#

Siamesecat · May. 03, 2005, 06:54 AM

Quote:You posted an update to the "Prevent file access" filter

Oops, sorry. My finger slipped. The slash should not be there.

Exactly where on this page does a false positive occur with the status bar spoof filter?
http://www.neopets.com/faerieland/index.phtml
I tried it with IE and that filter enabled, and had no problems at that site.

***Kye-U*** · May. 03, 2005, 08:58 PM

Code:

<area shape="circle" coords="39,244,4" href="http://www.neopets.com/faerieland/tdmbgpop.phtml" title="A Discarded Grundo Plushie">

</map> 

<p>

<form action='http://www.neopets.com/explore.phtml' method='post'>

<input type='submit' value='Back to Neopia!'>

</form>

</center>

</td></tr><tr><td> </td><td align=center><br>

Thanks, I will update the "Prevent file access" filter in v4.33 Wink

***Kye-U*** · May. 08, 2005, 07:55 PM

Version 4.33 is Released!

Last Updated: May 8th, 2005 - 3:45 PM EST

What's New?

Quote:[-Version 4.33-]
-Modified (Prevent file access [Siamesecat] {Modified by Kye-U})
--Fixed Bounds Match

-Modified (Mozilla: Favicon Exploit [Kye-U])
--Renamed to (Mozilla: 'UniversalXPConnect' Remover [Kye-U])
--Modified to match 'UniversalXPConnect'

http://prxbx.com/forums/index.ph...topic=131&st=0#

Download here!