How to detect operating system using user agent

In computing, a user agent is software (a software agent) that is acting on behalf of a user. For example, an email reader is a mail user agent, and in the Session Initiation Protocol (SIP), the term user agent refers to both end points of a communications session.<br /> <br /> In many cases, a user agent acts as a client in a network protocol used in communications within a client–server distributed computing system. In particular, the Hypertext Transfer Protocol (HTTP) identifies the client software originating the request, using a "User-Agent" header, even when the client is not operated by a user.<br /> <br /> <h1> Standard User Agent browser</h1> Most Web browsers use a User-Agent value as follows: <i>Mozilla/[version] ([system and browser information]) [platform] ([platform details]) [extensions]</i>. For example, Safari on the iPad has used the following:<br /> <br /> <pre>Mozilla/5.0 (iPad; U; CPU OS 3_2_1 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko)Mobile/7B405</pre> The components of this string are as follows:<br /> <ul> <li><i>Mozilla/5.0</i>: Previously used to indicate compatibility with the Mozilla rendering engine</li> <li><i>(iPad; U; CPU OS 3_2_1 like Mac OS X; en-us)</i>: Details of the system in which the browser is running</li> <li><i>AppleWebKit/531.21.10</i>: The platform the browser uses</li> <li><i>(KHTML, like Gecko)</i>: Browser platform details</li> <li><i>Mobile/7B405</i>: This is used by the browser to indicate specific enhancements that are available directly in the browser or through third parties. An example of this is Microsoft Live Meeting which registers an extension so that the Live Meeting service knows if the software is already installed, which means it can provide a streamlined experience to joining meetings.</li> </ul> Notable exceptions include Opera, which is a web browser, but does not include Mozilla in its User-Agent string.<br /> <br /> <h1> Window User Agent</h1> <pre>Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0</pre> <ul> <li><i>Windows NT 5.1; </i>: Window XP operating system as platform</li> <li><i>Firefox/5.0</i>: Mozilla Firefox version 5.0 as a browser</li> </ul> <br /> <pre>Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.120 Safari/535.2</pre> <ul> <li><i>Windows NT 6.0</i>: Window Vista operating system as platform</li> <li><i>Chrome/15.0.874.120</i>: Google chrome version 15.0.874.120 as a browser</li> </ul> <br /> <pre>Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)</pre> <ul> <li><i>Windows NT 6.1</i>: Window 7 operating system as platform</li> <li><i>MSIE 10.0</i>: Internet explorer version 10 as a browser</li> <li><i>WOW64;</i>: A 32-bit window application is running on a 64-bit processor</li> </ul> <br /> <pre>Mozilla/5.0 (Windows; U; Windows NT 6.2; en-US) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27</pre> <ul> <li><i>Windows NT 6.2</i>: Window 8 operating system as platform</li> <li><i>Version/5.0.4 Safari/533.20.27</i>: Safari version 5.0.4 as a browser</li> <li><i>U;</i>: Security value (N for no security, U for strong security, I for weak security)</li> </ul>

How to detect operating system using user agent

In computing, a user agent is software (a software agent) that is acting on behalf of a user. For example, an email reader is a mail user agent, and in the Session Initiation Protocol (SIP), the term …

Read more »

Simple step to use php.ini using htaccess

If you use linux hosting such as cpanel, you really are not able to update your php.ini settings. This is the best way to use your own php.ini in your hosting. But make sure it not read by public and over the internet.<br> Edit the .htaccess file and use this code.<br> <br> <br><pre style="font-family:arial;font-size:12px;border:1px dashed #CCCCCC;width:99%;height:auto;overflow:auto;background:#f0f0f0;;background-image:URL(https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioGLmb-hQK_k3NcEuv4M23qo1WEp4FA9B4ou74WhFZAEWlK1bStKo3-M7hK3PeqxKIwAWrmgJb4fkpIQPSok8c64L0jLBtgCu9h9xzw9-40YQhAlVZa0hqyoLNS-nVSPOhkg0lRN9TRLhC/s320/codebg.gif);padding:0px;color:#000000;text-align:left;line-height:20px;"><code style="color:#000000;word-wrap:normal;"> SetEnv PHPRC /home/username/dir/to/php.ini </code></pre>

Simple step to use php.ini using htaccess

If you use linux hosting such as cpanel, you really are not able to update your php.ini settings. This is the best way to use your own php.ini in your hosting. But make sure it not read by public and …

Read more »

SQL Injection-how about your site ?

<br> Many web developers are unaware of how SQL queries can be tampered with, and assume that an SQL query is a trusted command. It means that SQL queries are able to circumvent access controls, thereby bypassing standard authentication and authorization checks, and sometimes SQL queries even may allow access to host operating system level commands.<br> <br> Direct SQL Command Injection is a technique where an attacker creates or alters existing SQL commands to expose hidden data, or to override valuable ones, or even to execute dangerous system level commands on the database host. This is accomplished by the application taking user input and combining it with static parameters to build an SQL query. The following logs examples are based on true stories, unfortunately.<br>

SQL Injection-how about your site ?

Many web developers are unaware of how SQL queries can be tampered with, and assume that an SQL query is a trusted command. It means that SQL queries are able to circumvent access controls, thereby b…

Read more »

Hotlink Protection

<p>Hotlink protection prevents other websites from directly linking to files on your website. Other sites will still be able to link to any file type that you don't specify (i.e., HTML files). An example of hotlinking would be using an <img> tag to display an image from your site somewhere else on the Web. The end result is that the other site is stealing your bandwidth.</p> <div id="codeSnippetWrapper" class="csharpcode-wrapper"> <div id="codeSnippet" class="csharpcode"><pre class="alt"><span id="lnum1" class="lnum"></span></pre></div><br><div id="codeSnippet" class="csharpcode"><pre style="overflow: auto; border-top: #cecece 1px solid; border-right: #cecece 1px solid; border-bottom: #cecece 1px solid; padding-bottom: 5px; padding-top: 5px; padding-left: 5px; min-height: 40px; border-left: #cecece 1px solid; padding-right: 5px; width: 650px; background-color: #fbfbfb"><pre style="font-size: 12px; font-family: consolas,'Courier New',courier,monospace; margin: 0em; width: 100%; background-color: #d6d6d6"> 1: RewriteCond %{HTTP_REFERER} !^$<br></pre><pre style="font-size: 12px; font-family: consolas,'Courier New',courier,monospace; margin: 0em; width: 100%; background-color: #ffffff"> 2: RewriteCond %{HTTP_REFERER} !^http:<span style="color: #008000">//yoursite.com/.*$ [NC]</span><br></pre><pre style="font-size: 12px; font-family: consolas,'Courier New',courier,monospace; margin: 0em; width: 100%; background-color: #d6d6d6"> 3: RewriteCond %{HTTP_REFERER} !^http:<span style="color: #008000">//yoursite.com$ [NC]</span><br></pre><pre style="font-size: 12px; font-family: consolas,'Courier New',courier,monospace; margin: 0em; width: 100%; background-color: #ffffff"> 4: RewriteCond %{HTTP_REFERER} !^http:<span style="color: #008000">//www.yoursite.com/.*$ [NC]</span><br></pre><pre style="font-size: 12px; font-family: consolas,'Courier New',courier,monospace; margin: 0em; width: 100%; background-color: #d6d6d6"> 5: RewriteCond %{HTTP_REFERER} !^http:<span style="color: #008000">//www.yoursite.com$ [NC]</span><br></pre><pre style="font-size: 12px; font-family: consolas,'Courier New',courier,monospace; margin: 0em; width: 100%; background-color: #ffffff"> 6: RewriteCond %{HTTP_REFERER} !^https:<span style="color: #008000">//yoursite.com/.*$ [NC]</span><br></pre><pre style="font-size: 12px; font-family: consolas,'Courier New',courier,monospace; margin: 0em; width: 100%; background-color: #d6d6d6"> 7: RewriteCond %{HTTP_REFERER} !^https:<span style="color: #008000">//yoursite.com$ [NC]</span><br></pre><pre style="font-size: 12px; font-family: consolas,'Courier New',courier,monospace; margin: 0em; width: 100%; background-color: #ffffff"> 8: RewriteCond %{HTTP_REFERER} !^https:<span style="color: #008000">//www.yoursite.com/.*$ [NC]</span><br></pre><pre style="font-size: 12px; font-family: consolas,'Courier New',courier,monospace; margin: 0em; width: 100%; background-color: #d6d6d6"> 9: RewriteCond %{HTTP_REFERER} !^https:<span style="color: #008000">//www.yoursite.com$ [NC]</span><br></pre><pre style="font-size: 12px; font-family: consolas,'Courier New',courier,monospace; margin: 0em; width: 100%; background-color: #ffffff"> 10: RewriteRule .*\.(jpg|jpeg|gif|png|ico|bmp|swf|wav|mp3|pdf|xls|xlsx|xps|psd|dxf|eps|ps|ai|tiff|svg|ttf|doc|docx|css|js|jsp|cfm|htm|shtml|shtm|xhtml|xhtm|jsp|phtml|phtm|php3|php4|php5|pl|pm|plx|xsml|log|json|otf|woff)$ http:<span style="color: #008000">//www.yoursite.com/ [R,NC]</span></pre></pre></div></div><br><div> </div><br>

Hotlink Protection

Hotlink protection prevents other websites from directly linking to files on your website. Other sites will still be able to link to any file type that you don't specify (i.e., HTML files). An example…

Read more »

About XSS

After all the XSS i found, i finally decided to write all that i know about it.<br> <br> Table Of Contents:<br> 1. <a href="/2013/04/about-xss.html#1">What is Cross Site Scripting</a>?<br> 2. <a href="/2013/04/about-xss.html#2">Who does it hurt</a>?<br> 3. <a href="/2013/04/about-xss.html#3">What can be done with Cross Site Scripting</a>?<br> 4. <a href="/2013/04/about-xss.html#4">How to find it</a>?<br> 5. <a href="/2013/04/about-xss.html#5">How to avoid i</a>t?<br> <br> <br id="1"> 1. What is Cross Site Scripting?<br> --------------------------------------------

About XSS

After all the XSS i found, i finally decided to write all that i know about it. Table Of Contents: 1. What is Cross Site Scripting? 2. Who does it hurt? 3. What can be done with Cross Site Scripting?…

Read more »

Remove bad word from your site

Sometime when we need to block bad word or filthy words we need to install plugin, module and etc. Or sometime we spent money to block all bad word.<br> from what I know most of the bad word comes from bad bot. Sometime from google, bing or yahoo search query (HTTP_REFERER). to prevent bad bot come to your site you <a href="/2013/01/spammers-bad-bots-and-some-proxies.html" target="_blank">can refer my article here</a> and check bad user agent on <a href="http://www.projecthoneypot.org/harvester_useragents.php" target="_blank">project honey pot</a> or like this.<br> <br> <br> <pre style="font-family:arial;font-size:12px;border:1px dashed #CCCCCC;width:99%;height:auto;overflow:auto;background:#f0f0f0;;background-image:URL(https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioGLmb-hQK_k3NcEuv4M23qo1WEp4FA9B4ou74WhFZAEWlK1bStKo3-M7hK3PeqxKIwAWrmgJb4fkpIQPSok8c64L0jLBtgCu9h9xzw9-40YQhAlVZa0hqyoLNS-nVSPOhkg0lRN9TRLhC/s320/codebg.gif);padding:0px;color:#000000;text-align:left;line-height:20px;"><code style="color:#000000;word-wrap:normal;"> RewriteCond %{HTTP_USER_AGENT} ^$ [OR] RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner|Ezooms|Load_Impact) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (libwww-perl|curl|wget|python|nikto|scan|webOS|Exabot|InAGist|UnwindFetchor|NING) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (<|>|’|%0A|%0D|%27|%3C|%3E|%00) [NC] RewriteRule ^(.*)$ - [F] </code></pre> <br>

Remove bad word from your site

Sometime when we need to block bad word or filthy words we need to install plugin, module and etc. Or sometime we spent money to block all bad word. from what I know most of the bad word comes from ba…

Read more »

List of HTTP status codes

<h2> 1xx Informational</h2> <hr noshade size="5" width="100%"> <br> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7EQj9wDhIbCr3WFf-kquQ9OujEsdxqxkNSVxiDdCny__9_FynAhlzuVbjx_Fp1asgr3NG_Ie87TEySeb1BNp2HuqKwcEn24hrt86uYAU4qOXCELpgW5AMGPWuXklAdGf4KZ8J9NPEU6s/s1600/4oh4.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="177" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7EQj9wDhIbCr3WFf-kquQ9OujEsdxqxkNSVxiDdCny__9_FynAhlzuVbjx_Fp1asgr3NG_Ie87TEySeb1BNp2HuqKwcEn24hrt86uYAU4qOXCELpgW5AMGPWuXklAdGf4KZ8J9NPEU6s/s320/4oh4.png" width="320"></a></div> Request received, continuing process. This class of status code indicates a provisional response, consisting only of the Status-Line and optional headers, and is terminated by an empty line. Since HTTP/1.0 did not define any 1xx status codes, servers <i>must not</i> send a 1xx response to an HTTP/1.0 client except under experimental conditions.<br> <dl> <dt><b>100 Continue</b></dt> <dd>This means that the server has received the request headers, and that the client should proceed to send the request body (in the case of a request for which a body needs to be sent; for example, a POST request). If the request body is large, sending it to a server when a request has already been rejected based upon inappropriate headers is inefficient. To have a server check if the request could be accepted based on the request's headers alone, a client must send <code>Expect: 100-continue</code> as a header in its initial request and check if a <code>100 Continue</code> status code is received in response before continuing (or receive <code>417 Expectation Failed</code> and not continue).</dd> <dt><b>101 Switching Protocols</b></dt> <dd>This means the requester has asked the server to switch protocols and the server is acknowledging that it will do so.</dd> <dt><b>102 Processing (<a href="http://en.wikipedia.org/wiki/WebDAV" target="_blank" title="WebDAV">WebDAV</a>; RFC 2518)</b></dt> <dd>As a WebDAV request may contain many sub-requests involving file operations, it may take a long time to complete the request. This code indicates that the server has received and is processing the request, but no response is available yet. This prevents the client from timing out and assuming the request was lost. </dd></dl>

List of HTTP status codes

1xx Informational Request received, continuing process. This class of status code indicates a provisional response, consisting only of the Status-Line and optional headers, and is terminated by an …

Read more »

Uploading an image/pdf document

<pre style="font-family:arial;font-size:12px;border:1px dashed #CCCCCC;width:99%;height:auto;overflow:auto;background:#f0f0f0;;background-image:URL(https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioGLmb-hQK_k3NcEuv4M23qo1WEp4FA9B4ou74WhFZAEWlK1bStKo3-M7hK3PeqxKIwAWrmgJb4fkpIQPSok8c64L0jLBtgCu9h9xzw9-40YQhAlVZa0hqyoLNS-nVSPOhkg0lRN9TRLhC/s320/codebg.gif);padding:0px;color:#000000;text-align:left;line-height:20px;"><code style="color:#000000;word-wrap:normal;"> <?php error_reporting(~E_NOTICE); $allowedExts = array("jpg", "jpeg", "png","pdf") if (true==true) { if ($_FILES["file"]["error"] > 0) { echo "Return Code: " . $_FILES["file"]["error"] . "<br>"; } else { echo "Upload: " . $_FILES["file"]["name"] . "<br>"; echo "Type: " . $_FILES["file"]["type"] . "<br>"; echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>"; echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>"; ?></code></pre>

Uploading an image/pdf document

0) { echo "Return Code: " . $_FILES["file"]["error"] . …

Read more »

Single error PHP file

<div class="tr_bq"> <br></div> <br> Very useful if you point all your error pages to the same file. Save more space and easy to handle it.. rite ?<br> This is a sample 'REDIRECT_STATUS' to your error page. First you need to use .htaccess file to point your 'REDIRECT_STATUS' to one file. Use this code<br> <br> <br> <pre style="font-family:arial;font-size:12px;border:1px dashed #CCCCCC;width:99%;height:auto;overflow:auto;background:#f0f0f0;;background-image:URL(https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioGLmb-hQK_k3NcEuv4M23qo1WEp4FA9B4ou74WhFZAEWlK1bStKo3-M7hK3PeqxKIwAWrmgJb4fkpIQPSok8c64L0jLBtgCu9h9xzw9-40YQhAlVZa0hqyoLNS-nVSPOhkg0lRN9TRLhC/s320/codebg.gif);padding:0px;color:#000000;text-align:left;line-height:20px;"><code style="color:#000000;word-wrap:normal;"> # .htaccess file. ErrorDocument 404 /error-msg.php ErrorDocument 500 /error-msg.php ErrorDocument 400 /error-msg.php ErrorDocument 401 /error-msg.php ErrorDocument 403 /error-msg.php # End of file. </code></pre>

Single error PHP file

Very useful if you point all your error pages to the same file. Save more space and easy to handle it.. rite ? This is a sample 'REDIRECT_STATUS' to your error page. First you need to use .htaccess f…

Read more »

PHP SERVER

<br> <br> Host address<br> <?php echo $_SERVER['HTTP_HOST'];?><br> <br> Server Name <br> <?php echo $_SERVER['SERVER_NAME'];?><br> <br> PHP Directory<br> <?php echo $_SERVER['PHP_PEAR_SYSCONF_DIR'];?>   or<br> <?php echo $_SERVER['PHPRC'];?><br> <br> Mysql Directory<br> <?php echo $_SERVER['MYSQL_HOME'];?><br> <br> OS Path <br> <?php echo $_SERVER['PATH'];?><br> <br>

PHP SERVER

Host address Server Name PHP Directory    or Mysql Directory OS Path …

Read more »

PHP DOS attack

<br> <br> DOS is Denial of Services<br> DOS menghantar packet ke sesebuah server sampai server itu tidak boleh menampungnya.<br> <br> Biasanya semua orang menggunakan software dr linux os atau windows os untuk melakukan DOS attack. Tetapi tidak saya. saya lebih suka menggunakan hasil dari tangan saya sendiri. Kerana mungkin satu software itu mengakses hak-hak privasi kita sndiri tanpa pengetahuan kita.<br> <br> Jadi percayalah diri anda sendiri. Ini contoh apabila saya gunakan hasil kerja saya ini. Not a empty talk okay..<br>

PHP DOS attack

DOS is Denial of Services DOS menghantar packet ke sesebuah server sampai server itu tidak boleh menampungnya. Biasanya semua orang menggunakan software dr linux os atau windows os untuk melakukan DO…

Read more »