the times of kryptoniteglows

So I’ve had to take down my coppermine gallery because someone was able to exploit it via a built in upload script which allowed them to upload some pages that redirected to a PayPal Phising site. In addition, it allowed them to upload a script that could have basically erased the entire contents of my site. Guess maybe I should of updated it since I put it up and probably not a good idea to have used “coppermine” as the directory name as one could easily search for it and record the version I was running then use the known vulnerabilities to be all l33t and pwn me :(. The name of kryptoniteglows.com has been tarnished by the incident, I’ve been contacted numerous times in the past few days in regards to the whole PayPal phising thing. I guess I should of noticed when someone randomly sent a message saying I was scammer, but of course no other helpful information. Then someone registered on the Coppermine gallery as FBI is coming after me for the information, again nothing specifically pointing out what the hell they were talking about. Then I guess one of these people reported the site to PayPal who eventually contacted the hosting provider or where I work! Couldn’t be more embarrassed when one of my co-workers asked me if it was my site… I took it down immediately of course. Upon further investigation, I found more little scripts the bandit had left on my site, decided it was best to take down the entire gallery until I find something more secure… In the meantime I’ve left a page telling the people stupid enough to click on the link that their email was clearly not from PayPal and they ought to do some reading on spoofing and phising. Left a link to the actual site that captures the data as well, looks like that is still up, has a .it TLD, guess the Italians aren’t as diligent in stopping scammers. Since then I’ve received a number of more emails ranging from threatening to sympathetic, sometimes all in the same message.

What gets me is why would you for such an obvious scam? Despite the URL not listing the real PayPal site. There are so many other clues. The site that is linked, it does look like the official PayPal site, but all the links at the bottom of the page don’t work because it’s actually an image, probably intended to display the Verisign logo. Then once you do login, which it will let you even if you put in a bunch of junk and even replicates the loading in 5 seconds like on the real site, you are immediately confronted with a form asking for more detail than that would be necessary. Why in the world would a refund request not be genuine? Seriously, who the fuck goes around making fake refund request under fake identities? Then the next dead giveaway is this little trinket of words on the site.

Enter Your Card Information - PayPal recommends using a debit card instead of a credit card, due to the higher security level of these. It’s always safe to use the debit card linked to your checking account that is currently attached to your PayPal account.

Now, who in their right mind believes that? How could it be more safe to use a medium that immediately pulls your money right out of your account? It’s almost as using cash to buy something from that shady guy on the street… Then it even has the guts to ask for your pin number. How are you going to use my pin number over the internet? The next part is a bit of a toss up between being obvious scam or almost smart tactic. The form asks you to provide the last 4 digits of your social security number, with x’s in place of the beginning digits which the form says is not displayed for security. The average user really wouldn’t have their SSN on file with PayPal, unless they have an additional credit or investment product. They do have mine because I have the money market with them, but for the regular buy and sell transactions it’s not on file…

Gotta say I’m a bit surprised by the number of people that contacted me personally about, means they had to click on the damn email then look up all my shit. So it’s been the email from my WHOIS info to the contact form on this blog and then some other form that I have somewhere.. (yes I have no clue where it actually is…)

Now in other news, school is done! Until Monday, in which I begin summer session. Damn it! Why in the world did I choose to try and do four classes over the summer? I’ll probably barely pass them if at all, but I suppose part of me isn’t caring so much because I want so desperately for the classes to be over though I know it’s going to be two years at least. I’m still awaiting a grade for Finite Math, the class I hated so much and am likely to fail : /. Other than that, my grades were mediocre, a little pissed about the B- in World History, I must have done terribly on my final or something, but I though I did good… The only final I left feeling not sick to my stomach.

Got 2 new credit cards, yay for another $7k in credit. Crappy rewards, I’m still likely to just use my citicards, though I just took a $5k balance transfer offer on them, so I wanted to be prepared with enough available credit elsewhere. For some odd reason, the 0% apr is only good for 10 months instead of some other more even amount like a year, but I’ll take what I can get. I could transfer on the other cards, but they want to charge a fee of 3%, so I’ll pass. Did get my credit score, just about 700, below average :(, need to get into that 800 range…

Well work for the next two days then a party then school again with work : /.

Sometimes customers suck, sometimes other techs suck, but their suckiness is why I have a job so I must thank them for sucking, ironic isn’t it?

No one believes I’m a completely sober non alcoholic drinking person, maybe I should go self fulfill the alcoholic everyone thinks I am.

My mind is mess lately, stupid unimportant things on my mind all the time. I’ve come to realize I’m to afraid to quit, I need the regiment of some authority. If I didn’t I probably would be a drunk.. The non existent availability of free time keeps me out of trouble and when I do have free time I’m to tired to cause any trouble. That’s why I work so much and take as many classes as I do. I could so much less and be ok, but then what would I do with myself then :0?

And I maybe have been haxored? Broke my blog somehow… THe DB was apparently fine, but something with the wordpress files were broken….So I couldn’t publish this. Odd…

The occasion of this entry is my apparent successful upgrade to Wordpress 2.0. I was highly skeptical of the change being so simple, but it appears to have work nearly without a hitch. I’m sure I’ll find some disaster down the road, but for the most part everything is working as it should. The front end of the blog looks no different because of my custom theme, but the backend has changed a bit in appearance anyhow. There are some functional changes that I have yet to engage in reading about, but I will soon…

I got a decent pillow top bed for my place, so yay! I bought some sheets off Amazon, my mom claims I paid to much, but I like my flannel sheets. I have to hide all sorts of spending from her, if she knew how much my credit card bills were, she would flip… Hell I flip when I see how much my innocently low purchases add up, like 95% of my transaction are under a hundred bucks, but I end up spending over a grand and a half because I have like 50 of these “tiny” transaction. I wonder what I would do if I didn’t have credit…

I also owe UD about $3k on Friday, fucking bitches…

I finally took a look at this site inside an IE browser and it’s a mess! I’ve got broken links to images that I didn’t notice at all while using FireFox. Those I can fix quickly, but IE doesn’t seem to automatically (or the new fancy word “automagically”) resize the pictures inside the columns so the site looks like crap for a lack of a better word… Well, screw it, use FireFox or deal with my crappy page.
Or maybe I’ll figure out something later….

Thought it might be a good idea to give credit where it is due for certain elements of my site that I have used from the open source community. Also helps other people trying to customize their Word Press blogs.

First, the theme is similar to the default installation theme (it’s called the Kubrick), but more “dynamic”. Basically the headers will change each time you refresh. This is courtesy of Mike Cohen and his Random Image 1.1theme. It comes with a nice set of default pictures that I used for about a month before I made my own ;).

The Random Quote is a plugin by Michiel ‘McMike’ Auerbach.

The Live Calendar is another plugin, this one was created by Jon Abad.

The one added today is called Cricket Moods and the author is Keith “kccricket” Constable.