Re: [PHP] bank query and curl
On Nov 19, 2007 3:46 AM, Stut <[EMAIL PROTECTED]> wrote: > "Admin": Please don't reply directly to me. If you want to say something > that you don't want to share with the group, don't bother. > > I did start replying to this email, but decided it wasn't worth it. > Anyone who uses language like this does not deserve a response, but it > made me chuckle so I thought I'd share it... > > [EMAIL PROTECTED] wrote: > > Before you open your SMART MOUTH about me again, find out who I am first > > smart ass. > > I am a level 3 IASO(Information Assurance Security Officer) Certified > > software Engineer. I work for the D.O.D. and if I have to spell it out > for > > you smart one it is, the "Department of Defense". > > > > It is IDIOT's like you who no clue of what that MX record is tied to, > and > > the past attempts on banking systems tied to that IP address range whom > rant > > off like they know something, when you're an idiot in all sense of the > word. > > Yet you spout off like your just a know it all. > > > > It amazes me you have not choked to death on a sandwich (lacking to > brain > > power to comprehend the chewing process). I love this line. Is it copyrighted? ~Philip
Re: [PHP] bank query and curl --- not important, skip it
Stut wrote: > "Admin": Please don't reply directly to me. If you want to say > something that you don't want to share with the group, don't bother. > > I did start replying to this email, but decided it wasn't worth it. > Anyone who uses language like this does not deserve a response, but it > made me chuckle so I thought I'd share it... > > [EMAIL PROTECTED] wrote: > I deleted the words but would replace it with: Often it is not so important the contents of the message, but how to pack it. With the (deleted) words I believe future employers do not care which certificate he has, but if you can work with him or not. or short: Try to keep your job, maybe there is no other left for you. bye Ronald -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] bank query and curl
"Admin": Please don't reply directly to me. If you want to say something that you don't want to share with the group, don't bother. I did start replying to this email, but decided it wasn't worth it. Anyone who uses language like this does not deserve a response, but it made me chuckle so I thought I'd share it... [EMAIL PROTECTED] wrote: Before you open your SMART MOUTH about me again, find out who I am first smart ass. I am a level 3 IASO(Information Assurance Security Officer) Certified software Engineer. I work for the D.O.D. and if I have to spell it out for you smart one it is, the "Department of Defense". It is IDIOT's like you who no clue of what that MX record is tied to, and the past attempts on banking systems tied to that IP address range whom rant off like they know something, when you're an idiot in all sense of the word. Yet you spout off like your just a know it all. It amazes me you have not choked to death on a sandwich (lacking to brain power to comprehend the chewing process). Look moron before you pout around like you actually know something, be DAMN sure you are so not so fucking stupid that your brain does not over load your ass, like you just did. This might be hard for someone in your capacity but R E A D B E L O W Brain child! **Just released Security alert IT security services provider ** says from September through October, it blocked anywhere from 10,000 to 20,000 SQL Injection attacks per day. But as of November that number jumped from 10,000 to 40,000 to 80,000 per day. SQL Injection is a type of security exploit in which the attacker adds structured query language (SQL) code to a Web form input box to gain access to a form's resources or to make changes to data. Using this technique, hackers can determine the structure and location of key databases and can download the database or compromise the database server. ** says the majority of the attacks are coming from outside the US in the Taiwan location. SQL injection attacks include the CardSystems security breach last year, where hackers stole 263,000 customer credit card numbers and exposed 40 million more. ### SysWatch *** Processing Initiated: Sun Nov 17 04:02:01 2007 - SSHD Begin Failed logins from these: admin/password from 59.124.45.124: 502 Time(s) root/password from 59.124.45.124: 234 Time(s) guest/password from 59.124.45.124: 19 Time(s) Illegal users from these: admin/none from 59.124.45.124: 1 Time(s) root/none from 59.124.45.124: 3 Time(s) guest/password from 59.124.45.124: 2 Time(s) -- SSHD End - ## SysWatch End # -Stut -- http://stut.net/ -Original Message- From: Stut [mailto:[EMAIL PROTECTED] Sent: Saturday, November 17, 2007 5:15 PM To: [EMAIL PROTECTED] Cc: 'Ronald Wiplinger'; 'PHP General list' Subject: Re: [PHP] bank query and curl [EMAIL PROTECTED] wrote: WHY! Would you even want to pull that data first off? It would be out dated as of the next transaction anyway. Secondly if you can curl the data from the server, and get your account information! I suggest you change banks. With that attitude you'll end up keeping your money under your bed. Anything my browser can do curl can do. Bad decision I think to make this attempt. Why? If Ronald decides to access *his* account using a method other than a browser, what is he doing wrong? The only downside to it is if he's storing his authentication credentials somewhere so it can be an automated process. Aside from that possibility I don't see the bad here. You can bet I will be watching your networks for an attempt on authentication failures. Because that request does not sound RIGHT to me. inetnum: 59.124.0.0 - 59.127.255.255 netname: HINET-NET country: TW descr: CHTD, Chunghwa Telecom Co.,Ltd. descr: Data-Bldg.6F, No.21, Sec.21, Hsin-Yi Rd. descr: Taipei Taiwan 100 Interland, Inc. MAXIM-NETBLK-1 (NET-216-65-0-0-1) 216.65.0.0 - 216.65.127.255 Poke Internet Services MAX-CUSTNET-348 (NET-216-65-86-0-1) 216.65.86.0 - 216.65.86.255 Wow. Look everyone, he knows how to look up the owner of an IP address. Phear his mad sysadmin skillz! Seriously, I highly doubt Ronald is going to try anything against your systems. Just curious about something... what would you do if he did try something? Call your mother and have a little cry? -Original Message- From: Ronald Wiplinger [mailto:[EMAIL PROTECTED] Sent: Friday, November 16, 20
Re: [PHP] bank query and curl
Zoltán Németh wrote: 2007. 11. 17, szombat keltezéssel 23.15-kor Stut ezt írta: [EMAIL PROTECTED] wrote: WHY! Would you even want to pull that data first off? It would be out dated as of the next transaction anyway. Secondly if you can curl the data from the server, and get your account information! I suggest you change banks. With that attitude you'll end up keeping your money under your bed. Anything my browser can do curl can do. hmm, my bank won't let me access my account with only a browser. it uses some additional authentication, either by sms or by card reader. Maybe so, but that doesn't alter the fact that anything my browser can do curl can do. An external source like a card reader or code by SMS would prevent completely automating the process, but it doesn't stop it being done with curl. -Stut -- http://stut.net/ Bad decision I think to make this attempt. Why? If Ronald decides to access *his* account using a method other than a browser, what is he doing wrong? The only downside to it is if he's storing his authentication credentials somewhere so it can be an automated process. Aside from that possibility I don't see the bad here. You can bet I will be watching your networks for an attempt on authentication failures. Because that request does not sound RIGHT to me. inetnum: 59.124.0.0 - 59.127.255.255 netname: HINET-NET country: TW descr: CHTD, Chunghwa Telecom Co.,Ltd. descr: Data-Bldg.6F, No.21, Sec.21, Hsin-Yi Rd. descr: Taipei Taiwan 100 Interland, Inc. MAXIM-NETBLK-1 (NET-216-65-0-0-1) 216.65.0.0 - 216.65.127.255 Poke Internet Services MAX-CUSTNET-348 (NET-216-65-86-0-1) 216.65.86.0 - 216.65.86.255 Wow. Look everyone, he knows how to look up the owner of an IP address. Phear his mad sysadmin skillz! Seriously, I highly doubt Ronald is going to try anything against your systems. Just curious about something... what would you do if he did try something? Call your mother and have a little cry? -Original Message- From: Ronald Wiplinger [mailto:[EMAIL PROTECTED] Sent: Friday, November 16, 2007 11:38 PM To: PHP General list Subject: [PHP] bank query and curl I have a bank account and would like to query the last transactions. I can do that now via web and think that I can convert this procedure to a list of curl requests and finally put the result into a database on my server. Fortunately this bank account does not allow transactions, just viewing the account. Is there a guide available how to start this project? I would suggest the curl documentation. In order to duplicate what a browser does you basically just need to make sure you persist cookies between requests. Depending on what the site you're accessing does it may not be particularly trivial to do this. You may end up needing to parse each page that's returned to get the right URL to use for the next request, but it shouldn't get any more complicated than that. As I mentioned above I would strongly recommend that you do not store your authentication credentials anywhere. If you need this to be an automated system don't bother - it's not worth the risk. Oh, and don't underestimate the damage that can be caused by someone gaining access to this account. Just because you can't carry out transactions through the site doesn't mean the information it gives you access to can't be used for evil purposes. One last thing... you may find yourself getting blocked from the banks site if you make too many failed requests. You may want to pick another site while you learn how curl works. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] bank query and curl
2007. 11. 17, szombat keltezéssel 23.15-kor Stut ezt írta: > [EMAIL PROTECTED] wrote: > > WHY! Would you even want to pull that data first off? > > It would be out dated as of the next transaction anyway. > > Secondly if you can curl the data from the server, and get your account > > information! I suggest you change banks. > > With that attitude you'll end up keeping your money under your bed. > Anything my browser can do curl can do. hmm, my bank won't let me access my account with only a browser. it uses some additional authentication, either by sms or by card reader. greets Zoltán Németh > > > Bad decision I think to make this attempt. > > Why? If Ronald decides to access *his* account using a method other than > a browser, what is he doing wrong? The only downside to it is if he's > storing his authentication credentials somewhere so it can be an > automated process. Aside from that possibility I don't see the bad here. > > > You can bet I will be watching your networks for an attempt on > > authentication failures. > > Because that request does not sound RIGHT to me. > > > > inetnum: 59.124.0.0 - 59.127.255.255 > > netname: HINET-NET > > country: TW > > descr: CHTD, Chunghwa Telecom Co.,Ltd. > > descr: Data-Bldg.6F, No.21, Sec.21, Hsin-Yi Rd. > > descr: Taipei Taiwan 100 > > > > > > Interland, Inc. MAXIM-NETBLK-1 (NET-216-65-0-0-1) > > 216.65.0.0 - 216.65.127.255 > > Poke Internet Services MAX-CUSTNET-348 (NET-216-65-86-0-1) > > 216.65.86.0 - 216.65.86.255 > > Wow. Look everyone, he knows how to look up the owner of an IP address. > Phear his mad sysadmin skillz! > > Seriously, I highly doubt Ronald is going to try anything against your > systems. Just curious about something... what would you do if he did try > something? Call your mother and have a little cry? > > > -Original Message- > > From: Ronald Wiplinger [mailto:[EMAIL PROTECTED] > > Sent: Friday, November 16, 2007 11:38 PM > > To: PHP General list > > Subject: [PHP] bank query and curl > > > > I have a bank account and would like to query the last transactions. > > > > I can do that now via web and think that I can convert this procedure to > > a list of curl requests and finally put the result into a database on my > > server. > > Fortunately this bank account does not allow transactions, just viewing > > the account. > > > > Is there a guide available how to start this project? > > I would suggest the curl documentation. In order to duplicate what a > browser does you basically just need to make sure you persist cookies > between requests. Depending on what the site you're accessing does it > may not be particularly trivial to do this. You may end up needing to > parse each page that's returned to get the right URL to use for the next > request, but it shouldn't get any more complicated than that. > > As I mentioned above I would strongly recommend that you do not store > your authentication credentials anywhere. If you need this to be an > automated system don't bother - it's not worth the risk. > > Oh, and don't underestimate the damage that can be caused by someone > gaining access to this account. Just because you can't carry out > transactions through the site doesn't mean the information it gives you > access to can't be used for evil purposes. > > One last thing... you may find yourself getting blocked from the banks > site if you make too many failed requests. You may want to pick another > site while you learn how curl works. > > -Stut > > -- > http://stut.net/ > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] bank query and curl
Ronald Wiplinger wrote: > Stut wrote: >> [EMAIL PROTECTED] wrote: >>> WHY! Would you even want to pull that data first off? It would be >>> out dated as of the next transaction anyway. >>> Secondly if you can curl the data from the server, and get your >>> account information! I suggest you change banks. > > Could it be that I try to use if a customer has paid? > WHY would that be wrong? That would be perfectly alright - in fact, my bank offers a transaction list for download for just that purpose. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] bank query and curl
Stut wrote: > [EMAIL PROTECTED] wrote: >> WHY! Would you even want to pull that data first off? It would be out >> dated as of the next transaction anyway. >> Secondly if you can curl the data from the server, and get your account >> information! I suggest you change banks. Could it be that I try to use if a customer has paid? WHY would that be wrong? > > With that attitude you'll end up keeping your money under your bed. > Anything my browser can do curl can do. > >> Bad decision I think to make this attempt. > > Why? If Ronald decides to access *his* account using a method other > than a browser, what is he doing wrong? The only downside to it is if > he's storing his authentication credentials somewhere so it can be an > automated process. Aside from that possibility I don't see the bad here. > >> You can bet I will be watching your networks for an attempt on >> authentication failures. >> Because that request does not sound RIGHT to me. >> >> inetnum: 59.124.0.0 - 59.127.255.255 >> netname: HINET-NET >> country: TW >> descr: CHTD, Chunghwa Telecom Co.,Ltd. >> descr: Data-Bldg.6F, No.21, Sec.21, Hsin-Yi Rd. >> descr: Taipei Taiwan 100 >> >> >> Interland, Inc. MAXIM-NETBLK-1 (NET-216-65-0-0-1) 216.65.0.0 - >> 216.65.127.255 >> Poke Internet Services MAX-CUSTNET-348 (NET-216-65-86-0-1) >> 216.65.86.0 - 216.65.86.255 > NOW THAT is a strong word. Are you really a sysadmin? or are you just a worker in an IT firm? Have you signed a contract? or are you anyway just the cleaner there? I am not sure what are you trying to do here. Is this a list about php? It seems to me that you are from the http://veryevil.org site? How many systems have you already hacked? How many systems have you already damaged? Are you proud of that? Go to my website (easy to find it out which one, right?) There you will find the bank account number and the bank name. Good Luck! I wish you a happy jail term!!! NO answer please. PLEASE no answer! Please go back to your room and think at least ten times what you actually told us now about yourself! > Wow. Look everyone, he knows how to look up the owner of an IP > address. Phear his mad sysadmin skillz! > > Seriously, I highly doubt Ronald is going to try anything against your > systems. Just curious about something... what would you do if he did > try something? Call your mother and have a little cry? > >> -Original Message- >> From: Ronald Wiplinger [mailto:[EMAIL PROTECTED] Sent: Friday, >> November 16, 2007 11:38 PM >> To: PHP General list >> Subject: [PHP] bank query and curl >> >> I have a bank account and would like to query the last transactions. >> >> I can do that now via web and think that I can convert this procedure to >> a list of curl requests and finally put the result into a database on my >> server. >> Fortunately this bank account does not allow transactions, just viewing >> the account. >> >> Is there a guide available how to start this project? > > I would suggest the curl documentation. In order to duplicate what a > browser does you basically just need to make sure you persist cookies > between requests. Depending on what the site you're accessing does it > may not be particularly trivial to do this. You may end up needing to > parse each page that's returned to get the right URL to use for the > next request, but it shouldn't get any more complicated than that. > I found in the meantime some code to play with. I also found a tutorial I followed, but it was only to pull some web sites. The challenge is to select so many things on the following pages. > As I mentioned above I would strongly recommend that you do not store > your authentication credentials anywhere. If you need this to be an > automated system don't bother - it's not worth the risk. That is the point I do not understand. Where is the risk? The bank information is stored on the customers web site anyway, in order that their user can pay. The only thing what is not there is the login information. I believe if we can use the out of the path credentials like we access the sql server it should be same secure. The bank does not allow transactions, it is only for viewing the last 100 days transactions. > > Oh, and don't underestimate the damage that can be caused by someone > gaining access to this account. Just because you can't carry out > transactions through the site doesn't mean the information it gives > you access to can't be used for evil purposes. > > One last thing... you may find yourself getting blocked from the banks > site if you make too many failed requests. You may want to pick > another site while you learn how curl works. > Well, I will not try more than 3 times in a row with curl and than with the browser. Thanks for the hint though. bye Ronald -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] bank query and curl
[EMAIL PROTECTED] wrote: WHY! Would you even want to pull that data first off? It would be out dated as of the next transaction anyway. Secondly if you can curl the data from the server, and get your account information! I suggest you change banks. With that attitude you'll end up keeping your money under your bed. Anything my browser can do curl can do. Bad decision I think to make this attempt. Why? If Ronald decides to access *his* account using a method other than a browser, what is he doing wrong? The only downside to it is if he's storing his authentication credentials somewhere so it can be an automated process. Aside from that possibility I don't see the bad here. You can bet I will be watching your networks for an attempt on authentication failures. Because that request does not sound RIGHT to me. inetnum: 59.124.0.0 - 59.127.255.255 netname: HINET-NET country: TW descr: CHTD, Chunghwa Telecom Co.,Ltd. descr: Data-Bldg.6F, No.21, Sec.21, Hsin-Yi Rd. descr: Taipei Taiwan 100 Interland, Inc. MAXIM-NETBLK-1 (NET-216-65-0-0-1) 216.65.0.0 - 216.65.127.255 Poke Internet Services MAX-CUSTNET-348 (NET-216-65-86-0-1) 216.65.86.0 - 216.65.86.255 Wow. Look everyone, he knows how to look up the owner of an IP address. Phear his mad sysadmin skillz! Seriously, I highly doubt Ronald is going to try anything against your systems. Just curious about something... what would you do if he did try something? Call your mother and have a little cry? -Original Message- From: Ronald Wiplinger [mailto:[EMAIL PROTECTED] Sent: Friday, November 16, 2007 11:38 PM To: PHP General list Subject: [PHP] bank query and curl I have a bank account and would like to query the last transactions. I can do that now via web and think that I can convert this procedure to a list of curl requests and finally put the result into a database on my server. Fortunately this bank account does not allow transactions, just viewing the account. Is there a guide available how to start this project? I would suggest the curl documentation. In order to duplicate what a browser does you basically just need to make sure you persist cookies between requests. Depending on what the site you're accessing does it may not be particularly trivial to do this. You may end up needing to parse each page that's returned to get the right URL to use for the next request, but it shouldn't get any more complicated than that. As I mentioned above I would strongly recommend that you do not store your authentication credentials anywhere. If you need this to be an automated system don't bother - it's not worth the risk. Oh, and don't underestimate the damage that can be caused by someone gaining access to this account. Just because you can't carry out transactions through the site doesn't mean the information it gives you access to can't be used for evil purposes. One last thing... you may find yourself getting blocked from the banks site if you make too many failed requests. You may want to pick another site while you learn how curl works. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] bank query and curl
WHY! Would you even want to pull that data first off? It would be out dated as of the next transaction anyway. Secondly if you can curl the data from the server, and get your account information! I suggest you change banks. Bad decision I think to make this attempt. You can bet I will be watching your networks for an attempt on authentication failures. Because that request does not sound RIGHT to me. inetnum: 59.124.0.0 - 59.127.255.255 netname: HINET-NET country: TW descr: CHTD, Chunghwa Telecom Co.,Ltd. descr: Data-Bldg.6F, No.21, Sec.21, Hsin-Yi Rd. descr: Taipei Taiwan 100 Interland, Inc. MAXIM-NETBLK-1 (NET-216-65-0-0-1) 216.65.0.0 - 216.65.127.255 Poke Internet Services MAX-CUSTNET-348 (NET-216-65-86-0-1) 216.65.86.0 - 216.65.86.255 -Original Message- From: Ronald Wiplinger [mailto:[EMAIL PROTECTED] Sent: Friday, November 16, 2007 11:38 PM To: PHP General list Subject: [PHP] bank query and curl I have a bank account and would like to query the last transactions. I can do that now via web and think that I can convert this procedure to a list of curl requests and finally put the result into a database on my server. Fortunately this bank account does not allow transactions, just viewing the account. Is there a guide available how to start this project? bye Ronald -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
