Author Archives: Pirate Bonny

How to display Hologram Texture Above a Prim

Posted on by

How creating a hologram image above a prim is a very easy thing to do and doesn’t require a timer event….

  1. Rez a prim
  2. Create an LSL script inside the prim
  3. Edit the script and past the following code
  4. Compile / Save the script
  5. Place a texture into the prim

The script will use the texture and display it above the prim as a hologram. Why use a hologram? A hologram texture above a prim will allow it to be seen by other avatars from any angle.

LSL is the Linden Labs SecondLife scripting language and can be used on Opensim grids, Osgrid and Kitely grids.

// OFFSET is distance above / below object generating Hologram
// Adjust this to suit
float OFFSET = 1;

// The width of the hologram :)
// If a square image you will have to set Width and Height same value
// because there is no method in LSL to get dimensions of an image
// to do automatically at this time

float Width = .55;
// The Height of the Hologram
float Height = 1.85;
/*
There are 2 ways to display the texture for the Hologram
1) Place the texture inside of the object
2) Obtain the UUID of the texture from you inventory
If choosing UUID method it can be seen only within your grid.
*/

// If you know the UUID and for this grid only
// string Texture = "69064cf6-155d-4a46-9c3a-c01f58639238";

// Replace TEXTURE NAME with the name of texture inside the prim
string Texture = "TEXTURE NAME";

DISPLAY_HOLOGRAM(){
    integer Count;
    
// Will auto get name of 1st texture if in the object
// IF you didn't set the texture name from default
if (Texture == "TEXTURE NAME" ){
    llSetText("",<1,1,1>,0);
       Count = llGetInventoryNumber(INVENTORY_TEXTURE);
        if(Count > 0) Texture = llGetInventoryName(INVENTORY_TEXTURE,0); else {
        llSetText("No Texture inside me",<1,1,1>,1);
        }
    }
         llParticleSystem([
            PSYS_PART_FLAGS,PSYS_PART_INTERP_COLOR_MASK,
            PSYS_SRC_PATTERN, 4,
            PSYS_PART_START_ALPHA, 0.50,
            PSYS_PART_END_ALPHA, 0.50,
            PSYS_PART_START_COLOR, <1.0,1.0,1.0>,
            PSYS_PART_END_COLOR, <1.0,1.0,1.0>,
            PSYS_PART_START_SCALE, <Width ,Height,0.00>,
            PSYS_PART_END_SCALE, <Width,Height,0.00>,
            PSYS_PART_MAX_AGE, 1.20,
            PSYS_SRC_MAX_AGE, 0.00,
            PSYS_SRC_ACCEL, <0.0,0.0,0.0>,
            PSYS_SRC_ANGLE_BEGIN, 0.00,
            PSYS_SRC_ANGLE_END, 0.00,
            PSYS_SRC_BURST_PART_COUNT, 4,
            PSYS_SRC_BURST_RADIUS, OFFSET,
            PSYS_SRC_BURST_RATE, 0.10,
            PSYS_SRC_BURST_SPEED_MIN, 0.00,
            PSYS_SRC_BURST_SPEED_MAX, 0.00,
            PSYS_SRC_OMEGA, <0.00,0.00,0.00>,
            PSYS_SRC_TEXTURE, Texture]);   
}

default
{
    changed(integer change){
        // This will update hologram image when you
        // add or remove an image
     if(change & CHANGED_INVENTORY) DISPLAY_HOLOGRAM();   
    }
    on_rez(integer i){
    // When object rezzed it will display it
     DISPLAY_HOLOGRAM();
    }
    
    state_entry()
    {

    // when you compile the script will display it
     DISPLAY_HOLOGRAM();
    }
}

Linux UFW Firewall Questionable

Posted on by
Reply

Why, If your VPS host has a configurable firewall you should uninstall the ubuntu UFW and iptables and use the external firewall provided by your VPS. Your server will have greater security than UFW and iptables can provide you with. Your server will be safer and more secure using your VPS hosts included external configurable firewall. Thumbs down for UFW (Universal firewall) it is rubbish, fools gold, false sense of security!

First configure your VPS firewall with your deny and allow rules than:

apt remove ufw
apt remove iptables

Done, your server will have greater security and if a hacker breaches you they will look to disable or modify ufw firewall rules and ufw and iptables will not exist on your server because, your firewall is external and you will also put less server drain on your server by not having those firewalls. No ufw and no iptables means a hacker has lost the edge!

When I was using UFW with iptables I block IP with UFW and iftop shows they are still coming which is expected from iftop but, the problem I get is UFW (universal firewall) does not record in the logs that they were blocked and iftop does show they keep on coming! Even with a setting of “ufw logging high” which I understand logs everything. iftop shows they are still coming, but, shouldn’t UFW record in the logs BLOCKED? I think so and come to the conclusion UFW is like a toy camera…. The UFW logs should give you a sense of security when it shows it is blocking what you instructed to block. But, UFW does not, begs the question, did UFW BLOCk what you instructed? I think not! The idea behind setting ufw logging to high is so you can monitor and see if ufw is doing the job you expect. If so great, switch ufw logging low again…

With my email server, dovecot, postfix etc. I set for high debug mode to monitor what is happening, it shows you what passwords are given etc. This is what you expect in high log mode, This way you can resolve issues fast and see if there really is a threat and once you see no threat and the mail server is working fine you revert back to normal logging mode. Not the case with UFW, ufw either isn’t working correctly or, the logging is fatally flawed and you’re unable to determine if you’ve been hacked or not. But, your bandwidth and server resource usage will give you an idea. Topic for another day.

My server has a front end firewall and I use to use UFW as secondary for convenience, easier to setup a block. (but my trust in UFW was low) with good reason not to for frontline defence). But, is easier to use and block better? Time and time again I find UFW, didn’t always block or is it blocking and not logging? Questionable! Hence, the reason I “apt remove ufw”.If you’re not going to log it for me F off!

When I had seen and believed UFW isn’t blocking, as easily seen in the logs I use the frontline firewall to block the friends of UFW. Annoying because I prefer the frontline firewall to be frontline defence only and it requires logging into the server porthole to configure and do what UFW can’t seem to do. But. it does what UFW isn’t competent at, but it seems, UFW is not as good as the claims are made about it. UFW, if you have a log, and you blocked someone, shouldn’t that be recorded in the log. Especially during monitoring I set UFW logging high and ufw allow log 80,443/tcp and nothing recorded about a BLOCK, just ALLOW, ALLOW and o yeah, ALLOW even though iftop shows them knocking at the door with data transfers.

Hence, since I have to use the frontline firewall as defence for peace of mind because ufw is not logging that it’s doing the job, I ask myself, “What is the point of UFW with no peace of mind?” Answer, apt remove ufw.

When I block an IP I issued, ufw insert 1 deny from xxx.xxx.xxx.xxxx or if pesty Amazon or Brazilian servers go for xxx.xxx.xxx.0/24 and blocked a larger range of the pesty inbreeds.

For peace of mind and your VPS provider has a configurable firewall do as I have done and apt remove ufw….. It’s fools gold!

effethemes.com DOS attack

Posted on by
Reply

Trojan Alert: effethemes.com (Brazilian Server) WordPress themes contain a trojan. Definition of a trojan is a piece of code that does something malicious. The theme links your site to thousands of BR hacker scanner sites that scan/probe your server thousands of times an hour. Form of mentally challenged Brazilian DOS attack, low grade attack.

Partnership

Posted on by
Reply

We will have partnerships enabled on the grid later this weekend. The web developer had a serious fall on Friday resulting injuries requiring laid back rest for a few days. Expect on Monday, work will continue to include the addition of adding a partner to your avatar.

It will be an easy process where you add a partner, the request will be sent to the other avatar and once they confirm the other party accepts your proposal to be their virtual world partner it will be connected to your profile. Congratulations, on your virtual marriage.

Don’t forget to visit other worlds such as Osgrid and Kitely grid where you are able to obtain items for your inventory, your avatar and your land. Opensimworld is a great place for tips and tricks and opensim setting up.

Change Avatar Name

Posted on by
Reply

Account management fully operational. You’re now able to change password, email and avatar name. No longer are you committed to an avatar name. At Jacobs Bonny Grid Premium members are able to change the name of their avatar anytime they choose.

Australian Politicians Little Foresight

Posted on by
Reply

The possibility of owning your own home in Australia has become just a dream. Todays politicians lack foresight, and need the balls to stand up to the UN. The Labor party, once the working glass party, no more. leaving many homeless, record numbers unable to buy a home, many more unable to even find a place to rent.

The UN should be held jointly accountable for the homelessness’ of Australian children, and the physical and emotional abuse they suffer as a consequence of family pressure to pay for a home, let alone get one. The security council is also partly responsible for the rising juvenile crime, the consequence of family pressures of housing struggles. Today, the UN are nothing more than dictators, do as we demand or suffer our wrath of economical disruption (abuse against children), have laid the foundations, to housing shortages in Australia. In my opinion, the security council think of themselves and their own country before considering the consequences of their actions against children of other countries.

Australia must stop taking in refugees until we have enough housing for our own people, our own children, our future generations. I’m sick in the stomach when I see a refugee driving a nice car, living in a lovely home financed by Australian tax payers, and an an Australian family of 5 with 2 toddlers living in a rust bucket car because they can’t get a home. Because the selfish United Nations security council, don’t care about Australian children!

The United Nations pressures us to fill our sinking ship with buckets of water. We don’t need the UN. They need us! They are a cancer to our country. Our government must start saying no whenever the UN pressures us to do do things that have a negative impact on our people, our children. Charity starts at home Australia! Grow a pair of balls!

You can, own your own virtual reality land and home here, at Jacobs grid. Join today, select your land and move in. No Australian politician can say that! Join today When the population of this grid grows to a point land availability is beginning to get low we sill stop taking in new members. Thank goodness the UN cannot put economical pressure on us for doing that! (tongue in cheek). This is an Australian only grid. Nothing you can do about that UN so suck my…… United Nations!

Sitemaps assist hackers

Posted on by
Reply

It didn’t take long to identify whom gets the most benefit from web site sitemaps. It’s not you, it’s not us. The sitemap.xml and sitemap.html are a primary target for the queens, slave hacker that scouts around the world 24/7 looking for sitemaps.

It became evident, Google had very little interest in the sitemap file. We set up 2 sites, one with sitemap and the other just a robots.txt. Both sites had identical content and each located on separate servers, in separate states. By identical content it means, one had WordPress with sitemap and the other had identical content but not created using WordPress, however, it did contain a fake WordPress login page which I discussed later how it was used to spy on what the hackers were up to.

We found within 12 hours, the web site having the sitemap.xml was aggressively attacked by hackers from all over the globe targeting dummy web pages we knew would interest hackers. One Example, we created a fake wp-login.php that intercepted the data being sent by the hackers. Data I collected, the details the amateur hackers posted into the fake wp-login.php page . Unknown to the hackers, the fake page collected useful data from the amateur hacking attempts. The only response our page gave was….. No response at all. Meanwhile we gathered data, their location, the user names they posted, passwords given and so on.

The web site without the sitemap.xml and sitemap.htm sat for a few days before the hackers came in for the kill.

Both sites listed equally in the Google search system.

Our conclusion: We found that, Google took very little interest in the sitemap. We also found that a sitemap made no difference in your search ranking. We found, a sitemap, serves no purpose other than providing a fantastic road map for hackers to quickly identify whether your web site would make a good target for aggressive attacks and if so, what to target.

During our monitoring of hackers, sitemap.xml and WordPress we noticed additional, unexpected things happening. Hackers would troll the WordPress images downloading all our content. It seems, WordPress makes it very easy for hackers to scan through your content and, clone, and steal it.

On our other site, the one without WordPress or a sitemap, the hackers didn’t troll and download the images. In-fact, our content seemed very uninteresting to them, or maybe, because the hackers aren’t professionals, it was just too dam hard for them to scan the content and opting out for targeting the WordPress site that puts everything out on a silver lining for them. That would require more research and will do that after xmas.

The PHP code used to intercept hackers login attemps and log the details they post.

This is a working sample PHP that uses json to extract country, city, state and organisation information from a persons (hackers) IP address and log that data into a file. Very useful for finding out what user name and password combinations hackers are using on your WordPress web site. Of course, this can be adapted to work on any platform.

After using the code I was surprised how close they were to knowing my user name. Close, is not good enough and shows hackers aren’t that smart. but, unknown to the hackers my password length is 120 characters in length consisting of random characters. So, even if they got my username correct, the Earth would no longer exist and, they still with brute force never get the password.

<?php
/*
 This is the code I placed into a fake wp-login.php page.
 You can place it at the beginning of a real wp-login page
 and record the posted login attempts made by hackers.

 It can be used to see if they know your user name
 and, are they getting close to your password.
 If your smart and have password consisting of random
 characters and 20 or more long don't worry, the
 school girl hackers will after  trillions of years
 never guess it! I refer to them as school girl hackers simply because they only know how to exploit and don't know how be a real hacker. Take no offence school girls, you're certainly smarter than most of them.
*/

 $IP=trim($_SERVER['REMOTE_ADDR']);
  date_default_timezone_set('Australia/Brisbane');
   $PATH="/var/log/";

  $login = date("d M Y h:i A");

        $token = "-SECRET-";
        $ipinfo = file_get_contents("https://ipinfo.io/" . $IP . "?token=" . $token);
        $json = json_decode($ipinfo);
        $country =  $json->country;
        $state =  $json->region;
        $city = $json->city;
        $org = $json->org;
        $amazon = strpos($org,"Amazon");
        $location = $country.":".$state.":".$city." : ".$org;

        // write the data posted by hackers  to a file
if ($_SERVER["REQUEST_METHOD"] == "POST") {
        $outfile = fopen($PATH."hacker.log", "a") or die("Unable to open file!");
        fwrite($outfile, ""."\r\n");
        fwrite($outfile, "====== ".$IP." ===== ".$login."\r\n");
        fwrite($outfile, $location."\r\n");
        foreach ($_POST as $key => $value) {
    $out="Field ".htmlspecialchars($key)." is ".htmlspecialchars($value)."\r\n";
        fwrite($outfile, $out);
        }
        fclose($outfile);
}

/*
 Rule 1: Never respond to a hacker "Silence is golden"
 Just quietly exit the page OR if adding to start of
 a real wp-login page let the login continue.

I'll write tips on how to silently and cleanly exit pages you don't want Google indexing and hackers to view later on. 

 remove the exit(); and ?> below if you're placing at the start of a real wp-login page
 to monitor hacker activity.
*/
exit();
 ?>

 * WordPress User Page
 *
 * Handles authentication, registering, resetting passwords, forgot password,
 * and other user handling.

Log output generated by the above code

====== 203.124.33.211 ===== 22 Nov 2024 01:24 PM
Hacker location: Country: PK City: Rawalpindi State: Punjab
Organisation: AS7590 Commission on Science and Technology for
Field log is bonny
Field pwd is covert-gadgets123
Field wp-submit is Log In
Field redirect_to is https://covert-gadgets.com/wp-admin/
Field testcookie is 1

====== 134.209.249.86 ===== 22 Nov 2024 01:46 PM
Hacker location: Country: DE City: Frankfurt am Main State: Hesse
Organisation: AS14061 DigitalOcean, LLC
Field log is bonny
Field pwd is covert-gadgets1234
Field wp-submit is Log In
Field redirect_to is https://covert-gadgets.com/wp-admin/
Field testcookie is 1

====== 157.245.131.229 ===== 22 Nov 2024 02:29 PM
Hacker location: Country: US City: North Bergen State: New Jersey
Organisation: AS14061 DigitalOcean, LLC
Field log is bonny
Field pwd is 1234covert-gadgets
Field wp-submit is Log In
Field redirect_to is https://covert-gadgets.com/wp-admin/
Field testcookie is 1

====== 135.125.183.119 ===== 22 Nov 2024 02:51 PM
Hackers location: DE City: Frankfurt am Main State: Hesse
Organisation: AS16276 OVH SAS
Field log is bonny
Field pwd is bonny!!!!!!
Field wp-submit is Log In
Field redirect_to is https://covert-gadgets.com/wp-admin/
Field testcookie is 1

As you can see the passwords they use are pathetic. You can clearly see the hacker is an amateur trying to exploit those using silly passwords.

Seeing that in the logs, my mind is at rest knowing they are not professionals and pose no threat.