Petition to protect the internet against hackers

[tanus5]

I would like your support in an urgent matter regarding internet security. As you know, hackers present a problem for both developers and users. This causes a game of cat and mouse between honest web developers and the hackers, with the users caught in the middle. Can I count on you to review our petition and technology? We are looking for experts and students to sign our petition which could help better protect, not only our current 3,000 users, and their over 1 million web pages, but also everyone on the internet, who are all potential targets for hackers.

Our technology:

http://www.vnetpublishing.com/websecuritytools/

Our fight:

http://ralphndiaritoch.info/2012/02/making-a-stand-against-anonymous-hackers-and-wordpress/

Our petition:

http://ralphndiaritoch.info/petition/

 

[DavidSnider]

I read the blog post.

I don't understand why you don't just encrypt the virus definitions and decode them later for use in the script?

 

[tanus5]

DavidSnider,

I have considered doing that but it presents a few problems. First of all, depending on the encryption technique it may become impossible for users to create their own Virus definitions. Second of all explaining to average users how to create a virus definition file can be somewhat difficult, encrypting the files would only make it more difficult for them to understand. I am considering having a second "encrypted" repository, while maintaining support for raw static files and only including a fake static virus while keeping the distributed definitions encrypted. The real problem is getting them to restore the plugin to the repository so our users can get automatic update notifications. Currently if we make any changes to the plugin our existing users will have no way to know there is an improved version available. Encrypting definitions is on our TODO list though if we can find a way of implementing it which will not confuse the users.

 

[DavidSnider]

OK.

How you are doing the matching of the virus definitions? Could you possibly just store the SHA-1 hash of the file and use that for comparison?

 

[tanus5]

I am using the PHP explode function which splits a string by a delimiter, and I am using the virus as the delimiter. If the resulting array has a length > 1 than the file is infected. To repair the file the plugin then implodes the array with an empty string instead of re-implanting the virus. You can't do that with hashes. One additional note, there is one random file created by the plugin which has a known hash value. That is how the plugin identifies unknown Virus strains and will disable the website if the hash does not match since the plugin doesn't yet know how to get rid of the virus. The virus will most likely be "trapped" in that random PHP file making it fairly easy to identify the Virus and make a virus definition file.

Now that you know the facts, will you sign the petition? As you can see we are working for the best interest of our users. I know that no security system is 100% secure, but this algorithm is very successful at protecting and reclaiming web sites from hackers.

 

[tanus5]

DavidSnider,

I took your advice and the latest version encrypts the virus definition files using a slightly modified XOR encryption system. The only deviation is that one bit in every byte is replaced with a checksum bit and every 8 bytes and at the end of the stream the stripped bits are inserted.

I also added a few new features such as protection against executable uploads, and protection against invalid multi-byte characters in the GET and POST fields. When I can find some free time I plan on releasing the plugin for more platforms.