Pasture project (php)

[ih8censorship]

A couple hours ago I uploaded the home page. What do you think of the design? http://pasture.sourceforge.net/

[C-Man]

you have much to learn young grass hopper 

[ih8censorship]

Yeah I know. I'm the William Hung of web design (and computer programming in general most of the time hehe) . Any more specific suggestions Master?

[gamer13]

I have a tip for your captcha debacle: Use ReCaptcha.

[Taran Wanderer]

you have much to learn young grass hopper 

It looks much better than what he started with, believe me!

[ih8censorship]

I have a tip for your captcha debacle: Use ReCaptcha.

I actually considered ReCaptcha. I decided against it however because (as far as i know) It requires an internet connection. For a "normal" web based  system this wouldn't be a problem, however a major goal of the project is to create a system which will work say on a machine on the local network that does not have access to outside networks as well as machines which can access the internet.

One feature of Pasture that does require a http connection to another machine (whether its on the internet or just the local network) is the update mechanism (so you can be updated with the latest malware from your friends' collections, Pasture doesn't update itself.). It isn't as vital as the captcha system, and i figure in the future i might make an option to update from an update file as well as over a network connection.

gamer13 - how is my captcha system a debacle? Given with the default font it would be pretty easy to break (i have no fonts installed at that server. I need to get on that. Know of any "open source" fonts offhand? ones that are free to distribute?), but the images i posted earlier in this thread are I believe about as secure as anything out there today.

[C-Man]

don't use huge background or translucensy tricks , it may look neat but browser's hate it , it lags when i try to scroll , not cool

[oulyt]

browser's hate it when you do the transparency right from the CSS, if you photoshop the transparency it's fine.
i didnt seem to have a problem with his page.

[ih8censorship]

I noticed a little lag once the pages stretched to more than twice the height of the browser view. It is somewhat annoying, but I managed to make it much more bearable with same page links. I've been getting some interesting feedback on the home page, someone even submitted a picture they took for me to use!

One interesting page i found this evening was this http://www.malwaredomainlist.com/forums/index.php?topic=1978.0 It seems that they were discussing some of the problems that Pasture was designed to solve! so that's cool. There was some software that existed for organizing virus collections, but nothing like Pasture has been available to the malware collecting communities at least as far as i know. I think that's a big thing that keeps me going on it, just knowing that people besides myself might actually want to use this. That and I'm having fun, which is the main thing hehe.

Here is an interesting paper on a system which is *very* similar to Pasture, however it appears it isn't built for sharing samples between separate collections, and it seems to be behind Pasture in terms of power https://malfease.oarci.net/help/malware_repo_update.pdf

[gamer13]

gamer13 - how is my captcha system a debacle? Given with the default font it would be pretty easy to break (i have no fonts installed at that server. I need to get on that. Know of any "open source" fonts offhand? ones that are free to distribute?), but the images i posted earlier in this thread are I believe about as secure as anything out there today.

Your captcha is very easy to bypass... The "code" is positioned at the same place every time you refresh it. The color of the "code" is easy to distinguish from the background, which makes it even easier to filter the "code" from the rest of the image.

[ih8censorship]

As I said before, that is the default because I have no fonts installed on that server (Licensing issues. I need to find a suitable font I can re distribute freely) .This is what it would look like if I had a font installed, specifically it is "Impact"
random tilt, vertical positioning and noise within the characters. Here is the source code http://pasture.svn.sourceforge.net/viewvc/pasture/src/captcha.php?revision=74&view=markup though I'll warn you for some reason my indents get screwed up somehow, but whatever. haha.

[ih8censorship]

I thought I'd give everyone an update. Lately I've been working on a lot of backend security stuff, I realized Pasture was very open to cross site scripting and cross site request forgery so I fixed that. I also did a bit of work in the frontend, mainly adding functionality to the frontend which has existed in the backend for a long time, as well as adding searches by md5 and sha1 hashes and a few other tidbits here and there.

One idea I've had for a long time was to replace the boring lists on the search results page with icons that depict information about malware type, name, Operating system, and whether or not the file is source code, an archive, or some other sort of binary file. The following are two dynamically created examples-


I haven't got around to coding anything for it in the front end yet, but i think it will be cool regardless of my bad artwork. What do you think? I'm not too worried about it being a bandwidth or processing problem, because it is really just eye candy and could easily be restricted on the front end if need be, with the current list method used in its place.

**edit**
I added the icons to the front end, and i think it looks pretty sweet. what do you think? http://pasture.sourceforge.net/pasturedemo/view.php?clear=true oh, and if you're interested in looking at the source code which generates the icons, here it is http://pasture.svn.sourceforge.net/viewvc/pasture/src/icon.php?revision=115&view=markup

[ih8censorship]

It appears Kanye West has come across the Pasture project! http://kanyelicio.us/http://pasture.sourceforge.net/ Personally I think he's somewhat biased.

Lately I've been working on an admin panel, which is still kind of in its infancy. http://pasture.sourceforge.net/pasturedemo/admin.php

I've also added bbcode capability to the notes (bottom of the page, you can click edit, then save to play with it) page So that's kinda cool. I'm using NBBC for that http://nbbc.sourceforge.net/ as it seems to be the best tool for the job. It even came with smileys!

[ih8censorship]

Thought I'd give a progress report ,since I seem to have been doing them monthly.

I haven't had much time to work on Pasture,but I have fixed some bugs, and added to the criteria that can be used in searches. I also added newsfeeds in both rss and atom formats which show the latest files.

One thing I'm planning on working on is a component that will be written in c++ which will use anti malware scanner logs and/or command line versions of those programs to  identify the type and name of the malware, and then my component would upload the file and the data from the anti-malware software to Pasture. It would be good for large malware collections stored in zip files, or running a quick cleanup on a friends machine while adding to a malware collection

[ih8censorship]

Another update, even though I'm the only one who's been talking in this thread for a couple months

Other than bug fixes and minor enhancements Ive added a packer detector, to detect if UPX or some other packer or possibly what compiler was used on a binary, it seems to work decently but isn't foolproof.

The code for the packer detector is here http://pasture.svn.sourceforge.net/viewvc/pasture/src/packerfinder.php?revision=150&view=markup
and the file I am using for packer signatures is here http://handlers.sans.org/jclausing/userdb.txt

I've been in contact with the author of this http://pvdasm.reverse-engineering.net/PVPHP.php , and he said he would get me the sourcecode of it to use, so that would be really cool, Obviously it wouldnt be as feature rich as a debugger or something, but it would definitely provide some cool functionality, I've even thought on adding a search based on functions that are imported if/when i actually get the source code for that.

The c++ component for parsing log files and uploading is on hold at the moment, I want to do a little re designing so I can create a cross reference of different names that AV software gives to a given piece of malware. I've been collecting log samples by downloading various AV programs and running them and saving logs, this is what I have so far http://pasture.sourceforge.net/index.php?article=logs any other help in the log file department would be greatly appreciated even if i have a log for a given AV program.