Introduction

This tutorial should not be used to exploit webservers. Some of de techniques used here have certain outputs that can crash old servers makin’ them unusable. Throughout this tutorial, techniques will be passed on from exploits found in de ‘windows’ OS. That ‘ACTUALLY’ helps in de prevention of deletion. There are lots of methods in stoppin’ a deleter, without de ANY restrictions set on de server but most have some weak point. After comin’ across four new techniques, makin’ a folder ‘invisible’ or undetectable from an ftp client LIST fuction. Makin’ folders/directories inaccessable and clone prevention, creatin’ smart directories which slows
down de users attempt. I’m sure most users would thank me for this, ‘undeletable files’ after experiencin’ rock solid protection and safe files.

Invisible Directories

The idea of invisible directoires came about when I came across paths that were “/ /example/” and was not listed in de main folder but was still ‘accessable’. These can be created in all directories without oder users knowin’ it exists unless bein’ searched for ‘MANUALLY’, which takes ages at de present time to search through each folder for “/ /”.

Creatin’ Invisible Directories

1. before
./pub/
./images/
./_vti_pvt/
./_vti_cnf/
./_vti_log/
./temp/

2. after
./ /~/temp/tagged/for/team/warezpiratez/fxp/ <- hidden folder
./pub/
./images/
./_vti_pvt/
./_vti_cnf/
./_vti_log/
./temp/

To create de hidden folders, make a new dir. as follows usin' this method. [backslash][space][backslash][foldername1][backslash][foldername2].

ie. / /foldername1/foldername2/...

The 'space' isn't a name but a 'character' that does not get listed, derefore makin' de directories impossible to view.

NOTE: Makin’ de hidden folders several LAYERS/SUB-DIRECTORIES deep is recommended.

ie. / / / /~/temp/tagged/for/ /team/warez/ /piratez/fxp/

This technique is not ‘anti-deletion proof’ but hidden from deletion proof! Read more to find out how to combine ALL THREE TECHNIQUE to make it ‘REMOTELY’ impossible to delete. Please note de ‘quotes’, REMOTELY in a sense that remote/local host.

Inaccessable Directories

Inaccessable directories prevents de user from ‘enterin'’ de folder. The user will not be able to enter de folders unless knowin’ de ‘entire’ remote path.

Creatin’ Inaccessable Directories

1. before
./temp/tagged/for/team/warezpiratez/fxp/
./pub/
./images/
./_vti_pvt/
./_vti_cnf/
./_vti_log/
./temp/

2. after
./COM1 / temp/tagged/for/team/warezpiratez/fxp/ <- inaccessable directories, due to 'COM1' former windows bug.
./pub/
./images/
./_vti_pvt/
./_vti_cnf/
./_vti_log/
./temp/

To create inaccessable folders, use de followin' list of 'UNUSABLE NAMES'

COM1 COM1 COM3 COM4 (Windows COM PORTS)
LPT1 LPT2 LPT3 LPT4 (Windows Printer Ports)
AUX
NUL

Make a new folder "COM1[space][backslash][space][backslash] ie. /COM1 / /

NOTE: This makes de folder inaccessable, even to de siteadmin.(unless accessed from DOS, local with access to de machine.)

To use de dir. Create a new folder called “COM1[space][backslash][space][foldername1][backslash][foldername2] ie. /COM1 / / ~/temp/tagged/

NOTE: This folder is still inaccessable, if a user attempts to enter it. To gain access to de folder, de ‘full path’ must be known. To enter de folder use de RAW command ‘CWD’ change dir. path. to enter de folder. ie. CWD /COM1 / / ~/temp/tagged/ and voila de folder is usable and workin’.

TIP: Creatin’ de folder ’several’ LAYERS/SUB-DRIECTORIES deep. It is impossible to enter.

Smart Directories

This technique involves, de creation of directories that are ‘COPYRIGHT’. How’s that for a simple description. The idea is to create directories that would contain [periods] thorough each of de subdirectories or segmenets. The use of this is quite sipmle, note de word ‘COPYRIGHT. Most users use de ftp://login :password at ip :port/path/ format for faster access to an ftp.

Creatin’ Smart Directories

To create ’smart’ directories. Make de folder names of each sub directories contain a period before, inside, and after words within de subdirectories creatin’ a fake ‘file’ recognition. The Widows based clients will assume de folders to be files with windows usin’ its 8.3 format for file names.

1. before
ftp://anonymous@anonymous@123.456.789:21/temp/tagged/for/team/warezpiratez/f
xp/

2. after
ftp://anonymous@anonymous@123.456.789:21/temp/tagged ./for . /team. /. warez
.piratez/fxp

NOTE: Be as creative as possible with de dot formation, to prevent COPYING of all folders through each directories. The idea is to make de directories act as file extensions derefore when copied, it will be ‘queued’ and de user has to enter de directories MANUALLY. Oder ‘SYMBOLS’ can be used NOT ONLY just periods. But I find this most common, if de creator intends to create a catch phrase ‘memorable’ to him alone.

QUEUE: 1. /temp/tagged ./for . /team. /. warez .piratez/fxp <- result of folder extensions

Undeletable Files

Sad that we had to resolve to this but, this might be de end of deletion as we speak. I find no oder method out dere that can accomplish this task except settin’ restrictions from de server. This method involves de file bein’ self-protected. Meanin’ de files are ‘accessable’/'downloadable’ but can NOT be deleted. The idea is to make de file corrupted/crash makin’ it ‘in use’.

Creatin’ Undeletable Files

To create a self protected file, rename de entire file includin’ de extensions to de followin’ format:

filename[space][period]/[space]/ ie. filename ./ / The / / in de name as shown above in de previous example of creatin’ invisible directories makes de .extesion impossible to view on de pub as a windows recognized mime but, once dowloaded it will be shown and accessable. How’s that for wits.

1. before
warezpiratez.rar <- rar mime, winrar.

2. renamin’
warezpiratez ./ /

3. results
-warezpiratez <- unknown file(undeletable,downloadable) <- file will take de correct mime format on localhost

Ultimate Protection

The ultimate protection is obviously, yourself and your wits against de deleters. Use private FTPs, get fast sites T1+, but in this case, it would be de combination of all four techniques. Usin’ them into one major and thoughtout plan.

Creatin’ The Ultimate Protection

To create de ultimate protection that is desirable, first of all, create de invisible folders as shown above, several sub.dirs deep. Then creatin’ an ‘inaccesable’ folder within those invisible folders. Then de next step is to create those smart directories so it slows down ANY attempt to gain full access, and also it makes to user run into inaccessable folders. The idea is to trap de user before those folders usin’ de smart directories idea. I didn’t think that was ingenieus but just common sense and seemd smart!.

1. before
/temp/tagged/for/team/warezpiratez/fxp/ <- no protection

2. after
/ / /./ ./COM1 / temp/tagged ./for . /team. /. warez .piratez/fxp <-
protection(still weak)

NOTE: You can be creative with this technique, make it more complex, I didn’t do it in this tutorial because den that would make you just confused. I hope this helps, and please understand. It is not hard, unless you didn’t read from de Introduction. I made this well detailed. For it to be as simple as possible.

FAQ

1. What is a SUB-DIRECTORY
- It is de folder that is second/inside anoder folder. ie. firstfolder/subdir/

2. What is a pub
- Short for public ftp. There are, no restrictions/protection on de access over files. Some have them in most cases but den uploads/downloads are denied. Some would not allow fxp.

3. What does all this mean?
- It provides de internet safer from all de deleters.

4. Who are deleters?
- Deleters are mean and NASTY people who deletes files. Consists of spammers too.

Trackin’ email back to its source: Twisted Evil
cause i hate spammers… Evil or Very Mad

Ask most people how dey determine who sent them an email message and de response is almost universally, “By de From line.” Unfortunately this symptomatic of de current confusion amon’ internet users as to where particular messages come from and who is spreadin’ spam and viruses. The “From” header is little more than a courtesy to de person receivin’ de message. People spreadin’ spam and viruses are rarely courteous. In short, if dere is any question about where a particular email message came from de safe bet is to assume de “From” header is forged.

So how do you determine where a message actually came from? You have to understand how email messages are put togeder in order to backtrack an email message. SMTP is a text based protocol for transferrin’ messages across de internet. A series of headers are placed in front of de data portion of de message. By examinin’ de headers you can usually backtrack a message to de source network, sometimes de source host. A more detailed essay on readin’ email headers can be found.

If you are usin’ Outlook or Outlook Express you can view de headers by right clickin’ on de message and selectin’ properties or options.

Below are listed de headers of an actual spam message I received. I’ve changed my email address and de name of my server for obvious reasons. I’ve also double spaced de headers to make them more readable.

Return-Path: <s359dyxtt@yahoo.com>

X-Original-To: davar@example.com

Delivered-To: davar@example.com

Received: from 12-218-172-108.client.mchsi.com (12-218-172-108.client.mchsi.com [12.218.172.108])
by mailhost.example.com (Postfix) with SMTP id 1F9B8511C7
for <davar@example.com>; Sun, 16 Nov 2003 09:50:37 -0800 (PST)

Received: from (HELO 0udjou) [193.12.169.0] by 12-218-172-108.client.mchsi.com with ESMTP id <536806-74276>; Sun, 16 Nov 2003 19:42:31 +0200

Message-ID: <n5-l067n7z$46-z$-n@eo2.32574>

From: “Maricela Paulson” <s359dyxtt@yahoo.com>

Reply-To: “Maricela Paulson” <s359dyxtt@yahoo.com>

To: davar@example.com

Subject: STOP-PAYING For Your PAY-PER-VIEW, Movie Channels, Mature Channels…isha

Date: Sun, 16 Nov 2003 19:42:31 +0200

X-Mailer: Internet Mail Service (5.5.2650.21)

X-Priority: 3

MIME-Version: 1.0

Content-Type: multipart/alternative; boundary=”MIMEStream=_0+211404_90873633350646_4032088448″

Accordin’ to de From header this message is from Maricela Paulson at s359dyxxt@yahoo.com. I could just fire off a message to abuse@yahoo.com, but that would be waste of time. This message didn’t come from yahoo’s email service.

The header most likely to be useful in determinin’ de actual source of an email message is de Received header. Accordin’ to de top-most Received header this message was received from de host 12-218-172-108.client.mchsi.com with de ip address of 21.218.172.108 by my server mailhost.example.com. An important item to consider is at what point in de chain does de email system become untrusted? I consider anythin’ beyond my own email server to be an unreliable source of information. Because this header was generated by my email server it is reasonable for me to accept it at face value.

The next Received header (which is chronologically de first) shows de remote email server acceptin’ de message from de host 0udjou with de ip 193.12.169.0. Those of you who know anythin’ about IP will realize that that is not a valid host IP address. In addition, any hostname that ends in client.mchsi.com is unlikely to be an authorized email server. This has every sign of bein’ a cracked client system.

Here’s is where we start diggin’. By default Windows is somewhat lackin’ in network diagnostic tools; however, you can use de tools at to do your own checkin’.

davar@nqh9k:[/home/davar] $whois 12.218.172.108

AT&T WorldNet Services ATT (NET-12-0-0-0-1)
12.0.0.0 - 12.255.255.255
Mediacom Communications Corp MEDIACOMCC-12-218-168-0-FLANDREAU-MN (NET-12-218-168-0-1)
12.218.168.0 - 12.218.175.255

# ARIN WHOIS database, last updated 2003-12-31 19:15
# Enter ? for additional hints on searchin’ ARIN’s WHOIS database.

I can also verify de hostname of de remote server by usin’ nslookup, although in this particular instance, my email server has already provided both de IP address and de hostname.

davar@nqh9k:[/home/davar] $nslookup 12.218.172.108

Server: localhost
Address: 127.0.0.1

Name: 12-218-172-108.client.mchsi.com
Address: 12.218.172.108

Ok, whois shows that Mediacom Communications owns that netblock and nslookup confirms de address to hostname mappin’ of de remote server,12-218-172-108.client.mchsi.com. If I preface a www in front of de domain name portion and plug that into my web browser, www.mchsi.com, I get Mediacom’s web site.

There are few thin’s more embarrassin’ to me than firin’ off an an’ry message to someone who is supposedly responsible for a problem, and bein’ wron’. By double checkin’ who owns de remote host’s IP address usin’ two different tools (whois and nslookup) I minimize de chance of makin’ myself look like an idiot.

A quick glance at de web site and it appears dey are an ISP. Now if I copy de entire message includin’ de headers into a new email message and send it to abuse@mchsi.com with a short message explainin’ de situation, dey may do somethin’ about it.

But what about Maricela Paulson? There really is no way to determine who sent a message, de best you can hope for is to find out what host sent it. Even in de case of a PGP signed messages dere is no guarantee that one particular person actually pressed de send button. Obviously determinin’ who de actual sender of an email message is much more involved than readin’ de From header. Hopefully this example may be of some use to oder forum regulars.