[00:01:54] *** Quits: vishwin60 (~psu-clc@wikimedia/O) (Quit: Later.)
[01:14:29] <wolfcore> Is this place still active
[01:20:53] <gsingh93> yessir
[01:52:37] <vishwin> lol
[01:57:38] <wolfcore> heh
[03:19:55] *** Quits: wolfcore (~wolfcore@unaffiliated/wolfcore) (Ping timeout: 250 seconds)
[03:38:36] *** Joins: wolfcore (~wolfcore@unaffiliated/wolfcore)
[04:53:25] *** Quits: wolfcore (~wolfcore@unaffiliated/wolfcore) (Ping timeout: 265 seconds)
[05:19:02] *** Joins: wolfcore (~wolfcore@unaffiliated/wolfcore)
[09:43:35] *** Quits: vishwin_ (~alliek@wikimedia/O) (Ping timeout: 240 seconds)
[09:50:50] *** Joins: vishwin_ (~alliek@wikimedia/O)
[11:26:07] <yossarian> no
[12:06:07] <cold_sauce> damn google. After one day of scraping, they banned my ip
[12:06:16] <cold_sauce> or at least made it so that I have to type a captcha
[12:14:37] <iangcarroll> lol
[12:14:42] <iangcarroll> are you trying to scrape google?
[12:44:56] <m0shbear> why not just google google; after breaking the internet, everything should become trivial
[12:46:18] <iangcarroll> indeed
[13:08:32] <yossarian> what are you trying to scrape from google?
[13:10:13] <m0shbear> the internet, duh
[13:29:46] *** Quits: vishwin_ (~alliek@wikimedia/O) (Ping timeout: 240 seconds)
[13:36:09] *** Joins: vishwin_ (~alliek@wikimedia/O)
[13:40:08] <yossarian> naturally
[15:16:06] *** Quits: vishwin_ (~alliek@wikimedia/O) (Ping timeout: 240 seconds)
[15:22:50] *** Joins: vishwin_ (~alliek@wikimedia/O)
[15:43:27] <m0shbear> hm, http://www-01.ibm.com/support/docview.wss?uid=swg21084174 should be in the sidebar for HH C
[15:43:27] <yossarian-bot> Title: IBM Test Case Reduction Techniques - United States
[15:44:01] <m0shbear> because nobody wants to sift through six hundred damn lines for something that can be easily reduced to 50 and perhaps 20
[15:56:35] *** Quits: vishwin_ (~alliek@wikimedia/O) (Ping timeout: 264 seconds)
[16:01:34] *** Joins: vishwin_ (~alliek@wikimedia/O)
[16:56:54] <cold_sauce> I've decided 500 is enough since Google banned 7 of my ips
[17:01:08] <wolfcore> cold_sauce: run it through tor and rotate IP addresses?
[17:04:59] <yossarian> !admin quit
[17:04:59] <yossarian-bot> yossarian: You do not have permission to do that.
[17:05:03] <yossarian> uh....
[17:05:19] <yossarian> okay, we'll do this the hard way
[17:05:27] *** Quits: yossarian-bot (~yossarian@104.131.177.124) (Remote host closed the connection)
[17:05:39] *** Joins: yossarian-bot (~yossarian@104.131.177.124)
[17:05:42] *** ChanServ sets mode: +v yossarian-bot
[17:11:12] *** Quits: yossarian-bot (~yossarian@104.131.177.124) (Remote host closed the connection)
[17:11:24] *** Joins: yossarian-bot (~yossarian@104.131.177.124)
[17:11:27] *** ChanServ sets mode: +v yossarian-bot
[17:36:03] <cold_sauce> yeah I guess I can do that but then I need to figure out how to use TOR on a remote server
[17:36:25] *** Quits: yossarian-bot (~yossarian@104.131.177.124) (Remote host closed the connection)
[17:36:36] *** Joins: yossarian-bot (~yossarian@104.131.177.124)
[17:36:39] *** ChanServ sets mode: +v yossarian-bot
[18:12:00] *** Quits: yossarian (~yossarian@user-12hdv2g.cable.mindspring.com) (Quit: And then he took off.)
[18:20:36] *** Joins: woodruffw (~yossarian@unaffiliated/cpt-yossarian/x-8375832)
[18:20:36] *** Quits: woodruffw (~yossarian@unaffiliated/cpt-yossarian/x-8375832) (Excess Flood)
[18:21:36] *** Joins: woodruffw (~yossarian@unaffiliated/cpt-yossarian/x-8375832)
[19:01:51] <cold_sauce> at your schools, do you guys do any sort of community events with your hacker clubs?
[19:02:01] <cold_sauce> like going to local high schools and talking about CS
[19:02:05] <cold_sauce> or going to a homeless shelter
[19:02:08] <cold_sauce> etc
[19:07:03] <m0shbear> I think I one-upped myself in readings done out of boredom at work
[19:07:16] <m0shbear> NHTSA book on rubber tire engineering
[19:15:30] <vishwin> we don't even have one hacker community here yet :-\
[19:32:15] <wolfcore> I tried to start a hacker group but time flew and now I'm graduating
[19:32:38] <wolfcore> In one more semester, that is.
[20:24:59] <gsingh93> has anyone here used logstash, ossec, or splunk?
[20:25:02] <gsingh93> cc: iangcarroll
[20:25:25] <iangcarroll> no, no, and no
[20:25:42] <iangcarroll> loggly and papertrail are the log storage services I use
[20:26:19] <iangcarroll> i used to use trend micro's IDS but I don't think it ever did anything
[20:26:23] <iangcarroll> that's good and bad, I suppose
[20:27:00] <gsingh93> i'm looking through the apache logs of a comprimised host
[20:27:11] <iangcarroll> is it your wordpress blog? lmao
[20:27:11] <gsingh93> and just grepping around isn't very efficient
[20:27:18] <gsingh93> i don't have a wordpress blog
[20:27:24] <iangcarroll> what kept getting pwned?
[20:27:25] <gsingh93> my blog is octopress
[20:27:36] <gsingh93> someone else's site that I setup
[20:27:40] <iangcarroll> ah
[20:27:46] <gsingh93> like
[20:27:54] <gsingh93> wordpress is great for setting up sites for other people
[20:28:17] <gsingh93> but i set it up when i was in high school
[20:28:26] <gsingh93> and i didn't know much about wordpress security at that point
[20:28:34] <gsingh93> so "let's install all the plugins!"
[20:28:49] <iangcarroll> assuming you were in high school >4 years ago, I don't think anyone did :p
[20:28:53] <gsingh93> it's also on a shared php host
[20:29:03] <gsingh93> because back then DO didn't exist
[20:29:16] <gsingh93> so someone might have gotten in through someone else
[20:29:31] <iangcarroll> is this apache server high-traffic?
[20:30:06] <gsingh93> lol, no, but the logs are still a mess because of all the bots, and wordpress logs are generally a mess because of all the GET requests they make in a single GET request
[20:32:06] <iangcarroll> hm, I'm not too sure how to go about it
[20:32:24] <gsingh93> some coworkers recommended those tools i mentioned above
[20:32:34] <iangcarroll> ah
[20:32:46] <gsingh93> one nice thing about working at facebook is i can shut the attackers other sites down
[20:32:56] <gsingh93> i found a useful domain in a referrer
[20:33:02] <gsingh93> definitely related to the attack
[20:33:07] <gsingh93> this guy has 20 other domains
[20:33:09] <gsingh93> no whois guard
[20:33:17] <gsingh93> and i have all the resources to take them down :P
[20:33:24] <iangcarroll> lol, are you flagging domains by WHOIS data?
[20:33:33] <iangcarroll> flagging his domains
[20:33:47] <gsingh93> well, i found where he registered this one domain
[20:33:55] <gsingh93> and then he had 20 others on the same account
[20:34:04] <gsingh93> i'm going to put them in threatexchange
[20:34:10] <gsingh93> and then send takedown requests
[20:34:10] <iangcarroll> ah i c
[20:34:58] <iangcarroll> are any AVs using threatexchange data for URL flagging?
[20:35:08] <iangcarroll> i guess I could look myself...
[20:35:34] <iangcarroll> on topic though, splunk looks too heavy duty for that
[20:36:05] <iangcarroll> if you have filesystem access to the web root you could look for the most recent changes and narrow the log down based on those times
[20:36:24] <iangcarroll> presuming files were written
[20:36:42] <gsingh93> yup, i've fixed most of the backdoors
[20:36:43] <iangcarroll> s/presuming/assuming
[20:36:43] <yossarian-bot> iangcarroll probably meant: assuming files were written
[20:36:57] <gsingh93> but there's some other strange stuff going on
[20:37:11] <gsingh93> let's say foo.com is a wordpress site
[20:37:32] <gsingh93> when you access foo.com/bar/ it goes through index.php to rewrite.php to do the routing
[20:37:48] <iangcarroll> doesn't seem normal
[20:37:48] <gsingh93> everything should go through foo.com/index.php
[20:37:56] <gsingh93> that's how it works
[20:38:07] <iangcarroll> ...wordpress does that?
[20:38:10] <gsingh93> yea
[20:38:18] <iangcarroll> it's all query strings on index.php, no?
[20:38:25] <iangcarroll> are you sure rewrite.php is a legit file?
[20:38:32] <gsingh93> yes, this is called pretty urls i think
[20:38:46] <gsingh93> index.php is an alternative
[20:38:59] <gsingh93> lol, we haven't gotten to the strange stuff yet
[20:39:12] <gsingh93> the strange stuff is that there are webpages on the site like foo.com/spam
[20:39:21] <iangcarroll> that still uses index.php tho
[20:39:21] <iangcarroll> https://codex.wordpress.org/Using_Permalinks#Using_.22Pretty.22_permalinks
[20:39:22] <yossarian-bot> Title: Using Permalinks « WordPress Codex
[20:39:35] <gsingh93> there's htaccess magic going on
[20:39:38] <gsingh93> 99% of the time
[20:39:44] <iangcarroll> right, htaccess is supposed to use index.php :p
[20:40:07] <iangcarroll> unless there is a plugin installed for this, though I don't see why there would be
[20:40:55] <iangcarroll> anyway, if you wanna find bad scripts clamav usually fares pretty well
[20:41:48] <gsingh93> wait, what are we disagreeing about?
[20:42:08] <iangcarroll> if things are going through rewrite.php, that doesn't seem like vanilla wordpress
[20:42:19] <gsingh93> no, i'm saying that rewrite.php does the routing
[20:42:20] <iangcarroll> wordpress routes things via index.php
[20:42:32] <gsingh93> index.php is literally two lines long
[20:42:40] <gsingh93> index.php includes rewrite.php
[20:42:48] <gsingh93> after like 5 includes
[20:42:50] <gsingh93> deep
[20:43:31] <gsingh93> it's like index.php -> wp-load -> wp-config -> wp-settings -> wp-rewrite
[20:43:35] <iangcarroll> ah
[20:43:42] <gsingh93> anyways
[20:43:46] <gsingh93> the issue is
[20:43:46] <iangcarroll> that makes more sense, I think
[20:43:52] <gsingh93> there exist pages like foo.com/spam
[20:44:05] <gsingh93> if i put logging in index.php
[20:44:15] <gsingh93> it's clear that these pages do not go through index.php
[20:44:22] <iangcarroll> apache config?
[20:44:36] <gsingh93> all the config i can do is through cpanel and .htaccess
[20:44:49] <gsingh93> and i've verified the .htaccess files
[20:45:11] <iangcarroll> most shitty webhosts install clamav with cpanel
[20:45:17] <iangcarroll> see if that's in there and try running it
[20:45:30] <gsingh93> i'll check it
[20:45:31] <gsingh93> out
[20:45:45] <gsingh93> i mean, i know clamav, we use it at facebook
[20:45:49] <gsingh93> i just don't think the host has it
[20:46:24] <iangcarroll> ah, kk
[20:46:35] <iangcarroll> hm
[20:46:54] <iangcarroll> two ideas come to mind, then
[20:47:03] <iangcarroll> zip up the web root and run clamav locally from that
[20:47:14] <gsingh93> yea, i'll probably do that
[20:47:17] <iangcarroll> or diff the files and file hashes from a clean wordpress install
[20:47:32] <gsingh93> so, i've already verified the wordpress install
[20:47:38] <gsingh93> sucuri scanner is a great wordpress plugin
[20:47:42] <gsingh93> that verifies this
[20:47:48] <gsingh93> it's the plugins and themes that are the issue
[20:48:16] <iangcarroll> hm
[20:48:57] <iangcarroll> well, if the wordpress install is clean, the worst this can do is inject itself into other plugins and themes
[20:49:11] <gsingh93> which is pretty bad
[20:49:22] <gsingh93> the first backdoor i found was in a theme
[20:49:33] <gsingh93> the second was in the wordpress folder itself
[20:49:40] <iangcarroll> did you save the backdoor you found in the theme?
[20:50:01] <gsingh93> it was the standard execute this GET param if it exists
[20:50:30] <iangcarroll> if you remember the code/file paths roughly, you might be able to find a writeup online
[20:50:40] <gsingh93> i searched for it
[20:50:56] <gsingh93> like if you have a hacked site and you just search for the URLs
[20:51:04] <gsingh93> you find thousands and thousands of similarly hacked sites
[20:51:06] <iangcarroll> lol
[20:51:09] <iangcarroll> did you grep for the same lines elsewhere?
[20:51:19] <gsingh93> those same lines didn't exist anywhere else
[20:51:28] <gsingh93> but my grep could have missed it
[20:51:31] <iangcarroll> sigh, you're killing all my ideas here
[20:51:36] <gsingh93> i'll copy everything locally tonight
[20:51:38] <gsingh93> lol
[20:51:45] <gsingh93> i'm asking you after having spent a few hours on this myself
[20:52:00] <iangcarroll> lol, I see
[20:52:07] <iangcarroll> maybe just grep for exec/file_get_contents/file_put_contents
[20:52:13] <gsingh93> will do
[20:58:38] <iangcarroll> lmk when you list the domains on TX btw
[21:06:44] <gsingh93> (y)
[22:09:02] *** Joins: vishwin60 (~chatzilla@wikimedia/O)
[22:16:44] <cold_sauce> do you guys know of any way to change the sampling rate of a file such that it would play the same on a player that is playing at like 16K as when playing on 44.1K?
[22:18:39] <vishwin60> use an audio file converter?
[22:19:36] <vishwin60> right now what you're hearing is slow-mo because the 44.1K file is playing at 16K?
[22:20:06] <cold_sauce> hmm I'm not sure, actually. I'm using a speech to text library that listens at 16K and it's shitty speech to text
[22:20:08] <cold_sauce> haha
[22:20:12] <woodruffw> you could use ffmpeg/avconv to change the sample rate probably
[22:20:15] <cold_sauce> let me try it out with 16K and see what I hear
[22:20:35] <cold_sauce> WOAH
[22:20:37] <cold_sauce> IT'S SLOW MO
[22:20:40] <cold_sauce> OMG THIS IS THE COOLEST THING EVER
[22:20:43] <vishwin60> I was gonna say audacity but you're dealing with a stream haha
[22:21:35] <cold_sauce> ok now it makes sense why the speech to text was so bad
[22:21:50] <cold_sauce> ffmpeg command line arguments too OP
[22:22:44] <gsingh93> ffmpeg is pretty amazing
[22:22:58] <gsingh93> it's like the imagemagik of audio
[22:23:04] <gsingh93> you can convert anything to anything
[22:28:39] <vishwin60> and it's mostly what makes VLC tick
[22:30:02] <Nat> ffmpeg is baller
[22:30:11] <Nat> although i think VLC uses a fork, avconv
[22:33:28] <vishwin60> VLC using libav may only be for certain linux distros that package a "virtual" ffmpeg that uses libav instead
[22:51:31] <cold_sauce> hmm, it seems as though ffmpeg doesn't actually "anti-alias" the audio when it changes sample rates
[22:51:39] <cold_sauce> guess i'll have to do it myself
[22:54:14] <cold_sauce> Whoever made CMUSphinx is a sadist
[22:54:16] <cold_sauce> my god
[22:54:57] <vishwin60> does it sound like microsoft sam?
[22:56:48] <cold_sauce> hmm i haven't done text to speech w/ it, not sure if you can.
[22:56:53] <cold_sauce> i'm doing speech to text
[22:57:14] <vishwin60> oh right
[22:59:55] <cold_sauce> lmao
[22:59:58] <cold_sauce> I just got a segfault
[23:00:02] <cold_sauce> IN PYTHON
[23:00:13] <cold_sauce> :o cython :(
[23:16:03] <m0shbear> lol nice
[23:16:11] <m0shbear> got a backtrace?
[23:16:18] <m0shbear> s/back/stack/
[23:16:19] <yossarian-bot> m0shbear probably meant: got a stacktrace?
[23:17:32] <Nat> cold_sauce: haha i know what you mean
[23:23:25] <Nat> CMUSphinx
[23:23:28] <Nat> is awful
[23:56:21] * vishwin60 has gotten segfaults in python before…