Kroko

this text is from: http://blog.akinstech.com/script-to-monitor-your-internet-connection

Have you ever had a situation where your Internet connection drops for a few seconds, then comes back, then drops again, then comes back, and repeats randomly with no rhyme or reason? Getting your ISP to see the problem can be a real hassle as Murphy’s Law dictates that the problem will ALWAYS go away once you finally get them on the phone. You’ll usually get the standard “looks good on our end” with no actual resolution of the problem. Well, this script will allow you to monitor the line for hours, days, even weeks, and provide you with a timestamped activity log of exactly what was happening over that period. Armed with this type of information, you can usually get your ISP to take notice.

I actually wrote this script a few years ago when one of my clients was having these very problems. Using the log it generates, I was able to provide the ISP with meaningful numbers and exact times, and eventually they were able to correct the problem. Since then, I’ve used it many times to check the stability of a connection. Anyway, today on one of the tech forums, somebody asked how to monitor a flakey line. It got me thinking about this script, so I dusted it off and posted it to the forum. I figured while I was at it, I’d post it here as well.

I wrote it in VBScript, and it utilizes the WMI Ping object. Basically it sends a single ping to a host you specify, logs the outcome with a time-stamp, then waits a predetermined delay time and repeats itself indefinitely. If you let this script run for a full day or more, pinging every few seconds, it will give you a really good idea what might be happening with your Internet connection.

The script contains four values that you’ll need to edit:

strHost = “someserver.samplehost.com” - This is the host you want to ping. It can be a web server, a router, a DNS server, etc. You can specify a DNS name or an IP address.
nDelay = 15 - This is how many seconds the script will wait between pings. I find that pinging every 15 seconds is usually sufficient, although you may want to ping as often as every second in some cases.
strLogFile = “C:\Comcastpinglog.txt” - This is the full path to the log you want to create.
nThreshold = 75 - This is the response threshold (in milliseconds). Any ping response which is greater than this will be flagged as “SLOW” and marked as such in the log. This makes it easy to filter these log entries later. 75ms is rather high for most broadband connections at idle. What you’ll want to do is to let the script run for a bit and establish a baseline for what “normal” is. For instance, my Comcast cable connection (3-6Mbit speed) usually pings at about 19-32ms.

What should I ping?
If you’re having trouble with your Internet connection, a good host to ping will be the default gateway provided by your ISP. This would represent the first physical device on the “other side” of your connection. You can get this by checking your router’s “Connection Status” or “WAN Status” screen and noting the IP address for default gateway. Another good one would be one of your ISP’s DNS servers. This is also available in your router. With either of these, you’re pinging something fairly local to your ISP, eliminating additional hops.

If you’re having trouble with your hosted web site or server, you’ll want to ping that server or the IP assigned to you by your provider. Just keep in mind that you will be traversing many hops to get there, so it isn’t uncommon for your provider to pass the blame. If you notice periods of high latency, try to back them up with a tracert output so you can show your provider where slowdown is.

* Note: Please be advised that some ISP’s or network admins may not appreciate you performing continuous pings to their servers. I am not responsible for any nasty emails you might receive. Make sure you know what you’re doing before you go pinging somebody’s else’s servers.

Logfile Output
The script continuously appends to a log file with the following output:

================================================================================
1/26/2008 1:42:16 PM: PINGING HOST: [www.yahoo.com]
================================================================================
1/26/2008 1:42:16 PM: Reply from 209.131.36.158: bytes=32 time=19ms TTL=51
1/26/2008 1:42:21 PM: Reply from 209.131.36.158: bytes=32 time=20ms TTL=52
1/26/2008 1:42:26 PM: Ping Failed
1/26/2008 1:42:31 PM: Ping Failed
1/26/2008 1:42:36 PM: Ping Failed
1/26/2008 1:42:41 PM: Reply from 209.131.36.158: bytes=32 time=39ms TTL=51 SLOW
1/26/2008 1:42:46 PM: Reply from 209.131.36.158: bytes=32 time=23ms TTL=51
1/26/2008 1:42:51 PM: Reply from 209.131.36.158: bytes=32 time=31ms TTL=51 SLOW

The log is appended infinitely, so you’ll eventually want to purge the log or copy it off to avoid it growing to an unmanageable size.

You may later filter specific lines from the log using the following DOS commands:

type logfile.txt | find /I "Failed" > failed.txt
type logfile.txt | find /I "SLOW" > slow.txt

Running the Script
Copy the VBScript code below and paste into a VBS file in your scripts directory. Call it PingTest.vbs. To run the script, launch it with the command “cscript PingTest.vbs”. To kill the script, just press CTRL-C. Note: Do NOT just double-click the script to run it! That will cause it to launch with the wscript engine. Since this script outputs to the console it needs to run with the cscript engine.

To make things easier, and ensure you always launch it with cscript, just write a simple 2-line batch file to launch the script. (Put it in the same directory as the vbs script):

PingTest.bat

@echo off
cscript %~dp0PingTest.vbs

PingTest.vbs

Dim strHost, nDelay, strLogFile, nThreshold

' EDIT THESE VARIABLES TO SUIT YOUR APPLICATION
strHost = "someserver.samplehost.com" ' What do you want to ping
nDelay = 15  ' How many seconds to pause between pings
strLogFile = "C:\Comcastpinglog.txt" ' Full Name and Path of logfile
nThreshold = 75 ' Anything response over this (in ms) will be flagged as "Slow"

Dim txtLogLine, objPing, objRetStatus, rc

rc = LogLine(strLogFile,"================================================================================")
rc = LogLine(strLogFile,FormatDateTime(Now(),0) & ": PINGING HOST: [" & strHost & "]")
rc = LogLine(strLogFile,"================================================================================")

Do While True
   txtLogLine = ""

   txtLogLine = txtLogLine & FormatDateTime(Now(),0) & ": "
   Set objPing = GetObject("winmgmts:{impersonationLevel=impersonate}").ExecQuery _
       ("select * from Win32_PingStatus where address = '" & strHost & "'")

   For each objRetStatus in objPing
       If IsNull(objRetStatus.StatusCode) or objRetStatus.StatusCode<>0 then
          Ping = False
          txtLogLine = txtLogLine & "Ping Failed"
       Else
          Ping = True
	  txtLogLine = txtLogLine & "Reply from " & objRetStatus.ProtocolAddress & ": "
	  txtLogLine = txtLogLine & "bytes=" & objRetStatus.BufferSize & " "
          txtLogLine = txtLogLine & "time=" & objRetStatus.ResponseTime & "ms "
          txtLogLine = txtLogLine & "TTL=" & objRetStatus.ResponseTimeToLive
	  If objRetStatus.ResponseTime >= nThreshold Then
	     txtLogLine = txtLogLine & " SLOW"
	  End If
       End If
   Next
   WScript.Echo txtLogLine
   rc = LogLine(strLogFile, txtLogLine)
   WScript.Sleep nDelay * 1000
Loop

Function LogLine(strFile, strLine)
   Dim objFSO, objFile
   Set objFSO = CreateObject("Scripting.FileSystemObject")
   Set objFile = objFSO.OpenTextFile(strFile,8,True)
   objFile.WriteLine(strLine)
   objFile.Close
End Function

While this isn’t necessarily the most advanced method of detecting a slow connection, it’s surprisingly accurate in exposing periods of high latency or dropped connection. Try it out and let me know what you think.

Download link: http://ice-club.com.ua/antiwpa/Other/TermSrvNoRestrPatch-1-3/

now the story:

If you have tweaked around with Windows XP you probably know that its possible to connect to another system across a network, intranet / internet as a remote user with the same interface as sitting on the system.

The capability is bundled with XP pro and I’m sure that you will find enough and more blogs / tutorial about how it works with screenshots and all. The issue is that its not available in XP Home and in XP Pro it allows only one user to work on the computer.

Based on my searches I believe its also possible to hack XP Home to support RDC, though I haven’t tried it myself the following link does have all the details that you could possibly need to try this out.

http://www.geekport.com/2007/08/15/enabling-remote-desktop-in-xp-home/

http://www.mydigitallife.info/2008/06/14/install-and-enable-remote-desktop-in-windows-xp-home-edition/

Now to the problem in XP pro , as mentioned earlier , the licencing agreement of MS allows only one user to access the computer so if you RDC to a computer the existing user gets logged out (not desirable). There is a way of overcoming this issue with some registry changes and a changed Terminal Service Dynamic Link Library (termserv.dll).

There are detailed article on the procedure available below

http://sig9.com/articles/concurrent-remote-desktop

http://www.mydigitallife.info/2008/06/13/enable-multiple-concurrent-remote-desktop-connections-or-sessions-in-windows-xp/

Additional some good soul has also written a program that neatly makes all these changes and also patches the termserv.dll the link for that is

http://www.kood.org/terminal-server-patch/

For most of the people in the world doing all this worked just fine and if you have tried and are successful good for you …. but then again there are those who are not so fortunate in life such as me who after trying out each and everything on all the links that I have posted including the application got nothing to work. The main user still got logged out each time I tried to RDC to the system.

After more googling I came across this obscure little package called
TermSrvNoRestrPatch-1-3

The location of the file is as following

http://ice-club.com.ua/antiwpa/Other/TermSrvNoRestrPatch-1-3/

which was also a real pain to find a valid link for it. It worked like a charm, it step by step patched all the file which the other application also did but this one got it to work ! It also patched the capability to RDC to a local host, yes there are a few reason why someone would want to do something like this such as running multiple instances of a single program.

A word of caution, since the code edits few of the windows’ files, some antivirus programs through it up as a virus. You may need to run this in safemode if your antivirus prevents its from executing and more importantly if your convinced that it isn’t a virus.

Hope this has helped all the hapless people out there trying to get this to work. As always do drop me a comment if you found this useful, click an ad if your feeling generous !

JW> Hi, I am using Win2000 scheduler to run a .CMD ( batch ) file every
JW> minute. The console window is pop up everytime when the batch file is
JW> launched. Is is possible to tell scheduler hide the console window some
JW> how?

This WSH/VBScript will run your batch file in a hidden window.

‘MyCmd.vbs
Set WshShell = WScript.CreateObject(“WScript.Shell”)
cmd = “C:\bin\scripts\MyCmd.cmd”
Return = WshShell.Run(cmd, 0, True)
set WshShell = Nothing

htaccess este un simplu fisier ASCII care poate fi creat cu orice editor text (ex.Notepad)
.htaccess este este o extensie a unui fisier. Nu exista ‘fisier.htaccess’ sau ‘paginamea.htaccess’ ci simplu .htaccess

Pentru a crea un astfel de fisier, deschidem Notepad si apoi salvam fisierul cu numele ‘.htaccess’.Atentie pe sistemele de tip Windows extensia poate fi ascunsa iar fisierul sa se numeasca de fapt .htaccess.txt, ceea ce este incorect.In Windows puteti accesa Folder Options–>View–>si deselectati ‘Hide extension for knows file types’.Daca nu reusiti sa redenumiti fisierul asa, atunci o puteti face via ftp sau telnet, sau chiar din dos(rename .htaccess.txt .htaccess).
Fisierele de tip htaccess trebuie puse pe ftp in ASCII mode si nu BINARY.Atentie trebuie sa setati chmod 644 pe fisierul htaccess (RW-R–R–).Acest lucru face imposibila citire a fisierului de cate un browser extern.Asemenea greseli duc la compromiterea sistemului, deoarece atunci cand in .htaccess ai introdus cai de access private, calea catre directoare private, un hacker poate profita de acest lucru.Ca o paranteza, daca folositi un panel gen Plesk sau Webmin pentru administrarea paginilor acestea vor seta automat chmod 644.
Majoritatea comenzilor dintr-un htaccess sunt facute sa fie pe o singura linie, astfel ca da folositi un editor text care are activat word-wrap aveti grija pentru ca puteti pasa din greseala serverului Apache niste linii (caractere) fara sens.Totusi serverul Apache este foarte “intelegator” cu astfel de continut din htaccess.

Daca puneti un fisier htaccess in directorul root al serverului web acesta va afecta si “configuratia” subdirectoarelor.Adica, daca in htaccess aveti setate niste reguli pentru directorul corespunzator siteulmeu.ro, atunci vor fi afectate si subdirectoarele corespunzatoare siteulmeu.ro/director siteulmeu.ro/linkuri.Oricum puteti pune cate un htaccess in fiecare director, daca doriti setari diferite.Un subdirector va fi afectat de cel mai aproape htaccess.Daca aveti un htaccess in directorul radacina al serverului web atunci acesta va afecta toate subdirectoarele (toata structura).

Management de erori

Iata una din caracteristicile cele mai utilizate ale htaccess.Inainte de a crea propriile pagini de erori trebuie stiute urmatoarele:
-documente de erori = atunci cand primiti un mesaj gen “Error 404 – Document not found – Server running Apache 2.xx” inseamna ca ati fost redirectionat intr-o pagina care arata mesajul de mai sus specific erorii 404.Probabil ati vazut ca pe alte site-uri arata diferit acest mesaj de eroare, de obicei el tinde sa devina cat mai atraciv cu poze, mesaje haioase, appleturi java.
-coduri de erori = exista mai multe coduri de erori, si le voi prezenta mai jos:
Cereri acceptate cu succes
200 – OK
201 – Created
202 – Accepted
203 – Non-Authorative Information
204 – No Content
205 – Reset Content
206 – Partial Content
Cereri de client redirectate
300 – Multiple choices
301 – Moved Permanently
302 – Moved Temporarly
303 – See Other
304 – Not Modified
305 – Use Proxy
Cereri de client eronate
400 – Bad request
401 – Authorisation Required
402 – Payment Required
403 – Forbidden
404 – Not Found
405 – Method Not Allowed
406 – Not Acceptable (encoding)
407 – Proxy Authentification Required
408 – Request Timed Out
409 – Conflicting Request
410 – Gone
411 – Content Lenght Required
412 – Precondition Failed
413 – Request Entity Too Long
414 – Request URI Too Long
415 – Unsupported Media Type
Erori de server
500 – Internat Server Error
501 – Not Implemented
502 – Bad Gateway
503 – Service Unavailable
504 – Gateway Timeout
505 – HTTP Version Not Supported

Nu esti obligat sa specifici pentru fiecare cod cate un ErrorDocument, de fapt nici nu trebuie.De obicei un webmaster este preocupat de documentele de eroare pentru codurile 404 si 500.De asemenea cele mai inlocuite documente de eroare sunt pentru 401 – Authorization Required (atunci cand cineva incearca sa intre intr-o zona unde nu are destul access), 403 – Forbidden (atunci cand un utilizator nu are acces la un anume fisier) sau 400 – Bad Request (atunci cand cineva incearca sa manipuleze URL-ul sau scripturile paginii web).
Pentru a specifica documente de eroare customizate trebuie sa faceti ca in exemplele urmatoare:

ErrorDocument code /director/numefisier.ext
sau
ErrorDocument 404 /errors/notfound.html
la fel se poate proceda cu:
ErrorDocument 500 /errors/internalerror.html

Poti numi paginile notfound.html sau internalerror.html cu vrei tu, dar este de preferat sa le dai un nume sugestiv si apropiat de eroare pentru a nu crea confuzii.Se pune un slash (/) la inceput pentru ca ne raportam la directorul root al serverului.Recomand introducerea tuturor documentelor de erori intr-un singur folder gen /erori/ sau /error_docs/ pentru a controla mai bine indexarea lor de catre motoarele de cautare prin ROBOTS.TXT.

Daca ar fi sa cream un htaccess cu mai multe documente de eroare in el, am proceda in felul urmator(atentie, fiecare comanda pe o singura linie):

ErrorDocument 400 /erori/badrequest.html
ErrorDocument 401 /erori/auhreqd.html
ErrorDocument 403 /erori/forbid.html
ErrorDocument 404 /erori/notfound.html
ErrorDocument 500 /erori/serverr.html

Poti specifica un URL intreg, in loc de unul virtual (ex. www.siteulmeu.ro/erori/notfound.html), dar nu este recomandat.

Pe langa optiunile expuse mai sus avem si una mai simpla, dar mai rar utilizata.Putem include cod HTML in htaccess:

ErrorDocument 401 “Pentru a accesa aceasta pagina trebuie sa fii membru

Mai sus am folosit HTML, dar atentie continutul codului incepe cu ” dar nu se termina cu ghilimea pentru ca nu trebuie.Tineti minte totul trebuie sa fie pe o singura linie.

Protectia cu parola

Iata un alt “feature” foarte popular printre utilizatorii obisnuiti.Printr-un fisier de tip htaccess putem proteja un director cu parola.Acest aspect este foarte important si ajuta pe webmasteri de multe ori sa isi securizeze mai bine site-ul.
Exista o gramada de metode prin care poti proteja cu parola o anumita portiune a site-ului, de exemplu cu ajutorul limbajelor de programare web gen PHP,Perl,ASP sau client-based JavaScript.Antentie mare, nu este recomandata folosirea scripturilor client-based(client dependant challenge/respose) pentru ca nu sunt la fel de sigure ca cele server-side.
In primul rand, pentru a proteja un director cu parola trebuie sa cream un fisier numit .htpasswd, apoi in fisierul htaccess este introdus username si parola (care este criptata).
Voi explica mai jos procesul prin care puteti crea prin intermediul shell-ului un fisier htpasswd (cum sa creati parola criptata):

[zam@www zam]# cd /var/www/1337.ro/privat/
[zam@www privat]# htpasswd -c .htpasswd username
New password:
Re-type new password:
Adding password for user username
[root@www privat]#

htpasswd -c .htpasswd username = cream un user ‘username’ dupa care vom fi intrebati de parola
Inainte de a crea username si parola, observati*censored*ne-am deplasat catre directorul pe care dorim sa-l protejam (cd /var/www/1337.ro/privat/)

Puteti adauga useri noi care sa aiba acces la acelasi director prin intermediul comenzii ‘htpasswd .htpasswd user2′ de data aceasta insa nu mai folositi optiunea ‘-c’.
Daca vrei sa vezi ce ai facut poti deschide cu un editor fisierul .htpasswd unde vei descoperi ceva de genul:

username:5RXdskge4Syk
user2:tGfZm45olpcda

Daca vrei sa stergi un user, pur si simplu se sterge linia cu username-ul corespunzator.
Dupa ce s-a creat user si parola, trebuie sa creati si fisierul htaccess in felul urmator:

AuthUserFile /usr/local/www/1337.ro/privat/.htpasswd
AuthGroupFile /dev/null
AuthName Director Privat
AuthType Basic

require user username

Prima linie este calea catre fisierul htpasswd care poate fi locat oriunde pe server.Nota: plasati fisierul htaccess in directorul pe care vreti sa-l protejati si nu aiurea.Probabil va intrebati de ce am pus ‘require user username’.Aceasta linie va da acces la folderul protejat userului ‘username’ cu parola care este locata in htpasswd.Totusi de multe ori doriti ca un folder protejat cu parola sa fie accesat de mai multe persoane(useri) atunci inlocuiti ultima linie cu ‘require valid-user’ si atunci toate requesturile vor fi verificate din fisierul htpasswd (care va contine toti userii).
Linia care incepe cu AuthName contine textul care va fi afisat in promterul de login si ‘Director Privat’ poate fi inlocuit cu orice.
A fost folosita linia AuthType Basic pentru ca folosim autentificare clasica de tip HTTP.

Activarea SSI via htaccess

Multa lume doreste sa foloseasca SSI, dar multe servicii de hosting nu permit acest lucru.Totusi aceasta se poate schimba in majoritatea cazurilor cu htaccess.Atentie:acest lucru poate fi luat in considerare de cate administratorii serverului respectiv ca o tentativa de hacking asa ca va sugerez sa cereti permisia lor inainte de a actiona:

AddType text/html .shtml
AddHandler server-parsed .shtml
Options Indexes FollowSymLinks Includes

Prima linie ’spune’ serverului ca paginile cu extensia .shtml sunt valide.A doua linie comunica serverului ca fisierele cu extensia .shtml pot fi executate, adica pot prelua comenzi server side.
In acest moment aveti SSI activat.Totusi putem sa profitam de bunavointa htaccess si sa facem un “trick”, inlocuiti a 2-a linie cu:

AddHandler server-parsed .html

Linia de mai sus permite fisierelor .html sa fie parsate ca si cele de .shtml.Atentie caci daca folositi SSI de foarte putine ori pe site puteti incetini viteza serverului, totusi acest delay este prea mic si nu este perceput de utilizator.De retinut ca se folosesc astfel de “trick”-uri pentru a ascunde faptul ca serverul respectiv foloseste SSI de catre eventualele atacuri ale hackerilor (userul vede pagina.html in loc de pagina.shtml deci nu va banui ca serverul foloseste SSI).
Daca totusi veti ramane cu extensia .shtml si vreti sa folositi SSI peste tot in pagina web, atunci este bine sa adaugati urmatoarea linie in htaccess:

DirectoryIndex index.shtml index.html

Aceasta inseamna ca orice pagina index.shtml poate reprezenta indexul unui director, in caz ca nu exista index.html.Vom discuta mai pe larg in capitolele de mai jos.

Restrictionarea userilor pe baza de IP

Cum se intampla in multe cazuri, utilizatori care practic nu au ce face testeaza site-ul de diferite vulnerabilitati sau efectueaza tot felul de operatiuni daunatoare scriptului, toate acestea pot fi stopate prin htaccess, prin banarea IP-ului:

order allow,deny
deny from 193.224.34.1
deny from 081.18.74.
allow from all

Dupa*censored*puteti observa mai sus se poate bloca un singur IP sau o clasa intreaga.Prin ‘deny from 193.224.34.1′ am blocat un singur IP iar prin ‘deny from 081.18.74.’ am blocat intreaga clasa de IP-uri (081.18.74.1,081.18.74.2,…etc).
Bineinteles puteti folosi in htaccess si comanda ‘deny from all’ care va bloca requesturile de la toate IP-urile posibile.Probabil v-ati pus problema blocarii pe domeniu a requesturilor – ‘deny from .hackerz.ro’ – asta inseamna ca blocam toati userii care intra cu adrese de genul *.hackerz.ro.Ca o paranteza: sa zicem ca blocati toate requesturile cu ‘deny from all’ va puteti lasa o portita pentru dumneavoastra in caz ca lucrati local sau de la un anume IP pe site-ul respectiv cu ‘allow from localhost’ sau ‘allow from 1337.ro’ unde localhost sau 1337.ro pot fi inlocuite cu IP-ul sau hostul de unde intrati.

Shimbari in setarile default ale unui folder

Daca ati fost atenti ati vazut mai sus sintaxa DirectoryIndex si va intrebati ce anume face.Ei bine, daca v-ati saturat ca indexul site-ului dumneavoastra sa fie index.html atunci il puteti schimba in ceva gen http://www.siteulmeu.ro/produse.html procedand in felul urmator:

DirectoryIndex produse.html

Daca sa zicem nu esti sigur care va fi indexul paginii tale poti face ceva de genul:

DirectoryIndex produse.html index.cgi index.pl default.html

Daca ati facut un htaccess cu linia de mai sus atunci cand un user va accesa pagina dumneavoastra http://www.siteulmeu.ro el va fi directionat catre index.cgi sau index.pl sau default.html sau produse.html depinde care dintre ele exista.Daca sa zicem in directorul respectiv se afla numai fisierul produse.html atunci browerul va fi redirectat aici.
Nota:sunt sigur ca v-ati intrebat:”dar daca am toate fisierele in director (produse.html,index.cgi,index.pl,default.html) atunci unde se va duce browserul?”. Raspunsul este simplu: “la primul element din lista, in acest caz ‘produse.html’.”
Pentru webmasteri: este de preferat sa folositi DirectoryIndex pe anumite foldere gen (/images/ sau /include/) unde aveti poze sau informatii pe care utilizatorul nu trebuie sa le acceseze direct.Iata un exemplu productiv: daca un user va incerca sa acceseze directorul /images/, el poate fi redirectionat inapoi catre index cu DirectoryIndex index.html iar index.html sa contina un meta refresh cu redirectie catre ../index.html.Voi explica mai multe in capitolul urmator.

Redirectionari

De multe ori se intampla sa va schimbati directorul la site ori cand faceti update ori cand schimbati providerul, iar atunci caile vechi indexate probabil de motoarele de cautare nu vor mai fi valide.Iata o solutie:

Redirect /director_vechi/produse.html http://www.siteulmeu.ro/directornou/produse.html

In linia de mai sus avem 3 elemente pasate fisierului htaccess.Comanda ‘Redirect’, calea relativa catre directorul vechi si calea reala (URL-ul) catre site-ul nou.Toate sunt despartite de un spatiu si sunt scrise pe o singura linie.De asemenea poti redirecta tot directorul:

Redirect /directorvechi http://www.siteulmeu.ro/directornou/

In acest fel ai redirectat toate linkurile din directorul vechi catre cel nou.

Prevenirea vizualizarii fisierului .htaccess

Iata o problema pe care am intalnit-o foarte des, mai ales pe serverele de windows.Daca sa zicem nu ati setat chmod corect pe .htaccess atunci riscati ca sa expuneti calea catre directorul cu parole.Puteti preveni aceste lucruri in modul urmator:

order allow,deny
deny from all

Prima linie specifica faptul ca fisierului .htaccess i se aplica anumite reguli.Intre “tagurile” se introduc regulile.Daca ati creat un fisier htaccess care contine aceste linii atunci un user care ar incerca sa vada ce se afla in fisier ar obtine o eroare 403.Nu uitati, foarte important este sa setati, daca aveti posibilitatea, CHMOD 644 pe fisierul .htaccess.

Lucrul cu MIME Types

Termenul MIME deriva din “multipurpose internet mail extensions”.Exemplu: fisiere de gen MP3,SWF,etc.De multe ori, multi provideri de hosting spun ca ofera online stream media adica poti asculta melodiile online sau te poti uita la filme online pe masura ce se incarca.Iata ce simplu este:

AddType application/x-shockwave-flash swf

Explicatiile sunt inutile, totusi trebuie precizat ca daca esti webmaster si vrei sa fortezi userul sa downloadeze aceste fisiere in loc sa le vizualizeze(asculte) online poti inlocui tipul MIME cu ‘application/octet-stream’.

Prevenirea link-urilor externe catre imagini si implicit a salvarii bandwith-ului

Titlul de mai sus se rezuma in engleza la urmatoarea expresie: “hot linking” aka “bandwith stealing”.Sunt absolut sigur ca ati observat ca tot mai multi administratori de site-uri romanesti au inceput sa isi ia asemenea masuri de protejare.Se intampla de multe ori sa vedem site-uri cu poze care de fapt apartin altor site-uri cu link direct.
Folosind .htaccess putem preveni toate acestea, fie aratand o eroare standard sau, cel mai haios, o alta poza gen “Nice try!”. Atentie mare pentru ca daca vreti sa va folositi de aceste optiuni pe care vi le ofera htaccess trebuie sa aveti suport pe server de mod_rewrite (http://httpd.apache.org/docs/mod/mod_rewrite.html).Daca sunteti siguri ca totul este in regula atunci iata un cod din htaccess care face toata treaba:

RewriteEngine on
RewriteCond %(HTTP_REFERER) !^$
RewriteCond %(HTPP_REFERER) !^http://(www.)?siteulmeu.ro/.*$ [NC]
RewriteRule .(gif|jpg)$ – [F]

Trebuie bineinteles sa inlocuiti siteulmeu.ro cu domeniul dumneavoastra.Codul de mai sus va afisa un link la o imagine eronata atunci cand cineva incearca sa faca hot linking.Totusi pentru ca facem parte din elita ne place sa afisam ceva mai interesant celui care incearca sa ne fure bandwith-ul:

RewriteEngine on
RewriteCond %(HTTP_REFERER) !^$
RewriteCond %(HTTP_REFERER) !^http://(www.)?siteulmeu.ro/.*$ [NC]
RewriteCond .(gif|jpg)$ http://www.siteulmeu.ro/0wn3d.gif [R,L]

http://www.siteulmeu.ro/0wn3d.gif este url-ul de la imaginea care va fi afisata in loc de cea furata.Pentru a intelege codul de mai sus vizitati pagina corespunzatoare mod_rewrite de pe site-ul proiectului apache.org.

Manipulare de optiuni pentru directoare

Daca ai un director plin de imagini si arhive(zip,rar) si vrei ca lumea sa nu il poata accesa atunci htaccess este de partea ta.De obicei pe majoritatea serverelor nu este activat directory browsing, adica daca nu ai un index la directorul respectiv vei primi un mesaj de eroare gen 403 Forbbiden.

IndexIgnore *

Daca pui aceasta linie in htaccess atunci nimic din acel director nu va fi listat.Caracterul wildcard * ia in calcul toate extensiile posibile.Exista multiple posibilitati, ca de exemplu sa listezi toate fisierele dintr-un director in afara de imagini:

IndexIgnore *.gif *.jpg

Pe de alta parte, daca doriti sa listati fisierele dintr-un anume director (va e greu sa le indexati) atunci puteti face un htaccess cu urmatoarea linie:

Options +Indexes

Aveti grija ca in directorul pe care il listati sa nu se afle fisiere sau date care pot compromite serverul, de asemenea cred ca v-ati da seama ca daca puneti -Indexes atunci nu va mai fi listat continutul directorului.Daca doriti sa adaugati mai multe informatii la directorul listat puteti face urmatoarele: HEADER – plaseaza deasupra fisierelor un text, README – plaseaza la sfarsitul listingului text.Aceste comenzi sunt folositoare atunci cand listati niste surse de la programe sau scripturi si vreti sa dati mai multe explicatii.

Cum sa va distrati folosind htaccess

Ok.Am hotarat ca spre sfarsitul tutorialului sa pun cireasa pe tort si sa va arat cateva tehnici simple prin care va puteti securiza aplicatiile si prin care va puteti distra de minune.Creati un htaccess si adaugati urmatoarea linie:

AddType applications/x-httpd-php .php .l33t

Banuiesc ca va dati seama ce face linia de mai sus, iata si un exemplu real: http://www.1337.ro/~sasa/index.l33t
Extensiile sunt foarte importante, ele va pot salva de la atacuri de-ale hackerilor, de exemplu puteti transforma un site facut complet in PHP in extensia .html.Putini sunt cei care isi dau seama de aceste setari.
Iata alt exemplu pe care nu il recomand sa il folositi, ci numai sa va distrati:

AddType applications/x-httpd-php .php .exe .tar.gz .zip

Atentie unele browsere s-ar putea sa nu se arate prea fericite cu linia de mai sus )

Concluzie:

Exista o groaza de setari pe care le puteti face cu ajutorul unui fisier .htaccess, pentru lista completa de instructiuni vizitati site-ul http://httpd.apache.org/docs/mod/directives.html

The last days I needed to download a bunch of medical videos which have been uploaded to RapidShare by many other people. Although RapidShare (and all the other 1-click file-hosting services) is very convenient, it has some strict rules for free accounts, for example a guest has to wait for 120 seconds per 1 MB of downloaded data and – to make it worse – no download managers are allowed. Since “waiting” is not a game I like and since I intended to use either wget or curl to download the files, I decided to sign up for a RapidShare Premium account and then figure out how to use the aforementioned tools. Fortunately, registered users are permitted to use download managers and, as you will read in the following article, the Linux command line downloaders work flawlessly with a Premier account.

https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi

wget \
    --save-cookies ~/.cookies/rapidshare \
    --post-data "login=USERNAME&password=PASSWORD" \
    -O - \
    https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi \
    > /dev/null

curl \
    --cookie-jar ~/.cookies/rapidshare \
    --data "login=USERNAME&password=PASSWORD" \
    https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi \
    > /dev/null

wget -c --load-cookies ~/.cookies/rapidshare <URL>

curl -L -O --cookie ~/.cookies/rapidshare <URL>

cat <> dlbasket | ( while ... done )

mkfifo -m 0700 /var/lib/downloader/dlbasket

mkdir -p /var/lib/downloader/bin

mkdir -p /var/lib/downloader/downloads

#! /usr/bin/env bash  

#  rsgetd.sh - Download Service

#  Version 0.2

#  Copyright (C) 2007 George Notaras (http://www.g-loaded.eu/)
#
#  This program is free software; you can redistribute it and/or modify
#  it under the terms of the GNU General Public License version 2 as
#  published by the Free Software Foundation.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.

# Special thanks to 'Zart' from the #fedora channel on FreeNode

# CONFIG START
HOMEDIR="/var/lib/downloader"
DLBASKET="$HOMEDIR/dlbasket"
DLDIR="$HOMEDIR/downloads/"
LOGFILE="$HOMEDIR/.downloads_log"
CACHEFILE="$HOMEDIR/.downloads_cache"
LIMIT="25k"
WGETBIN="/usr/bin/wget"
# Rapidshare Login Cookie
RSCOOKIE="$HOMEDIR/cookies/.rapidshare"
# CONFIG END

DATETIME="`date '+%Y-%m-%d %H:%M:%S'`"

cat <> $DLBASKET | (
        while read url ; do
                # First, check the cache if the file has been already downloaded
                if [ -f "$CACHEFILE" -a -n $(grep -i $(basename $url) "$CACHEFILE") ] ; then
                       echo "$DATETIME File exists in cache. Already downloaded - Skipping: $url" >> $LOGFILE
                else
                        echo "$DATETIME Starting with rate $LIMIT/s: $url" >> $LOGFILE
                        if [ $(expr match "$url" '[rapidshare.com]') = 1 ] ; then
                                # If it is a Rapidshare.com link, load the RS cookie
                                echo "RAPIDSHARE LINK"
                                $WGETBIN -c --limit-rate=$LIMIT --directory-prefix=$DLDIR --load-cookies $RSCOOKIE $url
                        else
                                $WGETBIN -c --limit-rate=$LIMIT --directory-prefix=$DLDIR $url
                        fi
                        echo "$DATETIME Finished: $url" >> $LOGFILE
                        echo $url >> $CACHEFILE
                fi
        done )

exit 0

rsgetd.sh &
echo "<URL>" > /var/lib/downloader/dlbasket

screen -S rs_downloads

rsgetd.sh

echo "<URL>" > /var/lib/downloader/dlbasket
cat url_list.txt > /var/lib/downloader/dlbasket

Ctrl-a   d

screen -r

ssh downloader@server.example.org cat \> /var/lib/downloader/dlbasket

Am tras 2 poze afara.. is putin in ceata ca ningea

si

Why has it taken me so long to spot this ? Looks like this draft was written on the 13th May, if I hadn’t have been just about to download FC7 then I’d have missed it !

EPEL – Fedora Project Wiki
EPEL is a volunteer-based community effort from the Fedora project to create a repository of high-quality add-on packages that complement the Fedora-based Red Hat Enterprise Linux (RHEL) and its compatible spinoffs like CentOS or Scientific Linux.

About time, and thank you redhat/fedora, want fedora extra packages in centos, then install this epel-release .rpm frickin’ sweet ! 

Sendmail-SMTP-AUTH-TLS-Howto

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited 03/11/2004

This document describes how to install a mail server based on sendmail that is capable of SMTP-AUTH and TLS. It should work (maybe with slight changes concerning paths etc.) on all *nix operating systems. I tested it on Debian Woody so far.

This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They are treated in a lot of other documents in the web.

This document comes without warranty of any kind!

1 Get the Sources

We need the following software: openssl, cyrus-sasl2, and sendmail. We will install the software from the /tmp directory.

cd /tmp
wget http://www.openssl.org/source/openssl-0.9.7c.tar.gz
wget –passive-ftp ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.17.tar.gz
wget –passive-ftp ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.11.tar.gz

2 Install Openssl

tar xvfz openssl-0.9.7c.tar.gz
cd openssl-0.9.7c
./config
make
make install
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

3 Install Cyrus-sasl2

cd /tmp
tar xvfz cyrus-sasl-2.1.17.tar.gz
cd cyrus-sasl-2.1.17
./configure –enable-anon –enable-plain –enable-login –disable-krb4 –with-saslauthd=/var/run/saslauthd –with-pam –with-openssl=/usr/local/ssl –with-plugindir=/usr/local/lib/sasl2 –enable-cram –enable-digest –enable-otp (1 line!)
make
make install

If /usr/lib/sasl2 exists: 
mv /usr/lib/sasl2 /usr/lib/sasl2_orig

echo “pwcheck_method: saslauthd” > /usr/local/lib/sasl2/Sendmail.conf
echo “mech_list: login plain” >> /usr/local/lib/sasl2/Sendmail.conf

mkdir -p /var/run/saslauthd

4 Create Certificates for TLS

mkdir -p /etc/mail/certs
cd /etc/mail/certs
openssl req -new -x509 -keyout cakey.pem -out cacert.pem -days 365

<- Enter your password for smtpd.key.
<- Enter your Country Name (e.g., “DE”).
<- Enter your State or Province Name.
<- Enter your City.
<- Enter your Organization Name (e.g., the name of your company).
<- Enter your Organizational Unit Name (e.g. “IT Department”).
<- Enter the Fully Qualified Domain Name of the system (e.g. “server1.example.com”).
<- Enter your Email Address.

openssl req -nodes -new -x509 -keyout sendmail.pem -out sendmail.pem -days 365

<- Again, enter your password for smtpd.key.
<- Enter your Country Name (e.g., “DE”).
<- Enter your State or Province Name.
<- Enter your City.
<- Enter your Organization Name (e.g., the name of your company).
<- Enter your Organizational Unit Name (e.g. “IT Department”).
<- Enter the Fully Qualified Domain Name of the system (e.g. “server1.example.com”).
<- Enter your Email Address.

openssl x509 -noout -text -in sendmail.pem
chmod 600 ./sendmail.pem

5 Install Sendmail

cd /tmp
tar xvfz sendmail.8.12.11.tar.gz
cd sendmail-8.12.11/devtools/Site/

Create the file site.config.m4 (in devtools/Site/):

# SASL2 (smtp authentication)
APPENDDEF(`confENVDEF', `-DSASL=2')
APPENDDEF(`conf_sendmail_LIBS', `-lsasl2')
#
# STARTTLS (smtp + tls/ssl)
APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS')
APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_SMTP_SSL')
APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto -L/usr/local/ssl/lib')

 
mkdir -p /usr/man
mkdir -p /usr/man/man1
mkdir -p /usr/man/man8
cp -pfr /usr/local/lib/sasl2 /usr/lib/sasl2
echo /usr/lib/sasl2 >> /etc/ld.so.conf
ldconfig
ln -s /usr/local/ssl/include/openssl /usr/include/openssl

Now we can compile sendmail:

cd /tmp/sendmail-8.12.11/
useradd smmsp
groupadd smmsp
sh Build -c
sh Build install

Let’s create our sendmail.cf:

cd cf/cf/

Create the file sendmail.mc with the following contents:

dnl ### do SMTPAUTH
define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl

dnl ### do STARTTLS
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `/etc/mail/certs/cacert.pem')dnl
define(`confSERVER_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_KEY', `/etc/mail/certs/sendmail.pem')dnl
DAEMON_OPTIONS(`Family=inet, Port=465, Name=MTA-SSL, M=s')dnl

dnl ###
define(`confDEF_CHAR_SET', `iso-8859-1')dnl
define(`confMAX_MESSAGE_SIZE', `15000000')dnl Denial of Service Attacks
define(`confMAX_DAEMON_CHILDREN', `30')dnl Denial of Service Attacks
define(`confCONNECTION_RATE_THROTTLE', `2')dnl Denial of Service Attacks
define(`confMAXRCPTSPERMESSAGE', `50')dnl Denial of service Attacks
define(`confSINGLE_LINE_FROM_HEADER', `True')dnl
define(`confSMTP_LOGIN_MSG', `$j')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`confTO_INITIAL', `6m')dnl
define(`confTO_CONNECT', `20s')dnl
define(`confTO_HELO', `5m')dnl
define(`confTO_HOSTSTATUS', `2m')dnl
define(`confTO_DATAINIT', `6m')dnl
define(`confTO_DATABLOCK', `35m')dnl
define(`confTO_DATAFINAL', `35m')dnl
define(`confDIAL_DELAY', `20s')dnl
define(`confNO_RCPT_ACTION', `add-apparently-to')dnl
define(`confALIAS_WAIT', `0')dnl
define(`confMAX_HOP', `35')dnl
define(`confQUEUE_LA', `5')dnl
define(`confREFUSE_LA', `12')dnl
define(`confSEPARATE_PROC', `False')dnl
define(`confCON_EXPENSIVE', `true')dnl
define(`confWORK_RECIPIENT_FACTOR', `1000')dnl
define(`confWORK_TIME_FACTOR', `3000')dnl
define(`confQUEUE_SORT_ORDER', `Time')dnl
define(`confPRIVACY_FLAGS', `authwarnings,goaway,restrictmailq,restrictqrun,needmailhelo')dnl
OSTYPE(linux)dnl
FEATURE(`delay_checks')dnl
FEATURE(`generics_entire_domain')dnl
FEATURE(`local_procmail')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`nouucp',`reject')dnl
FEATURE(`redirect')dnl
FEATURE(`relay_entire_domain')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`virtuser_entire_domain')dnl

FEATURE(dnsbl,`blackholes.mail-abuse.org',
` Mail from $&{client_addr} rejected; see http://mail-abuse.org/cgi-bin/lookup?$& {client_addr}')dnl
FEATURE(dnsbl,`dialups.mail-abuse.org',
` Mail from dial-up rejected; see http://mail-abuse.org/dul/enduser.htm')dnl

FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable')dnl
FEATURE(access_db)dnl
FEATURE(lookupdotdomain)dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`no_default_msa')dnl
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

In order to create /etc/mail/sendmail.cf run the following commands:

sh Build sendmail.cf
cp sendmail.cf /etc/mail/sendmail.cf

Finally we have to create some files:

cd /etc/mail/
touch /etc/mail/local-host-names
touch /etc/mail/virtusertable
/usr/sbin/makemap hash virtusertable < virtusertable
mkdir -p /var/spool/mqueue
chmod 700 /var/spool/mqueue
chown root:root /var/spool/mqueue
chown root:root /etc/mail/sendmail.cf
chmod 444 /etc/mail/sendmail.cf
chown root:root /etc/mail/submit.cf
chmod 444 /etc/mail/submit.cf
touch /etc/mail/aliases
newaliases
touch /etc/mail/access
/usr/sbin/makemap hash access < access

We need an init script for sendmail (this should be copied to /etc/init.d/sendmail):

#! /bin/sh

case "$1" in
    start)
        echo "Initializing SMTP port. (sendmail)"
        /usr/sbin/sendmail -bd -q1h
        ;;
    stop)
        echo "Shutting down SMTP port:"
        killall /usr/sbin/sendmail
        ;;
    restart|reload)
        $0 stop  &&  $0 start
        ;;
    *)
        echo "Usage: $0 {start|stop|restart|reload}"
        exit 1
esac
exit 0

chmod 755 /etc/init.d/sendmail

In order to start sendmail at boot time do the following:

ln -s /etc/init.d/sendmail /etc/rc2.d/S20sendmail
ln -s /etc/init.d/sendmail /etc/rc3.d/S20sendmail
ln -s /etc/init.d/sendmail /etc/rc4.d/S20sendmail
ln -s /etc/init.d/sendmail /etc/rc5.d/S20sendmail
ln -s /etc/init.d/sendmail /etc/rc0.d/K20sendmail
ln -s /etc/init.d/sendmail /etc/rc1.d/K20sendmail
ln -s /etc/init.d/sendmail /etc/rc6.d/K20sendmail

6 Configure Saslauthd

Create /etc/init.d/saslauthd:

#!/bin/sh -e

NAME=saslauthd
DAEMON="/usr/sbin/${NAME}"
DESC="SASL Authentication Daemon"
DEFAULTS=/etc/default/saslauthd

test -f "${DAEMON}" || exit 0

# Source defaults file; edit that file to configure this script.
if [ -e "${DEFAULTS}" ]; then
    . "${DEFAULTS}"
fi

# If we're not to start the daemon, simply exit
if [ "${START}" != "yes" ]; then
    exit 0
fi

# If we have no mechanisms defined
if [ "x${MECHANISMS}" = "x" ]; then
    echo "You need to configure ${DEFAULTS} with mechanisms to be used"
    exit 0
fi

# Add our mechanimsms with the necessary flag
for i in ${MECHANISMS}; do
    PARAMS="${PARAMS} -a ${i}"
done

# Consider our options
case "${1}" in
  start)
        echo -n "Starting ${DESC}: "
        ln -fs /var/spool/postfix/var/run/${NAME} /var/run/${NAME}
        ${DAEMON} ${PARAMS}
        echo "${NAME}."
        ;;
  stop)
        echo -n "Stopping ${DESC}: "
        PROCS=`ps aux | grep -iw '/usr/sbin/saslauthd' | grep -v 'grep' |awk '{print $2}' | tr '\n' ' '`
        if [ "x${PROCS}" != "x" ]; then
          kill -15 ${PROCS} &> /dev/null
        fi
        echo "${NAME}."
        ;;
  restart|force-reload)
        $0 stop
        sleep 1
        $0 start
        echo "${NAME}."
        ;;
  *)
        echo "Usage: /etc/init.d/${NAME} {start|stop|restart|force-reload}" >&2
        exit 1
        ;;
esac

exit 0

 
chmod 755 /etc/init.d/saslauthd

In order to start saslauthd at boot time do the following:

ln -s /etc/init.d/saslauthd /etc/rc2.d/S20saslauthd
ln -s /etc/init.d/saslauthd /etc/rc3.d/S20saslauthd
ln -s /etc/init.d/saslauthd /etc/rc4.d/S20saslauthd
ln -s /etc/init.d/saslauthd /etc/rc5.d/S20saslauthd
ln -s /etc/init.d/saslauthd /etc/rc0.d/K20saslauthd
ln -s /etc/init.d/saslauthd /etc/rc1.d/K20saslauthd
ln -s /etc/init.d/saslauthd /etc/rc6.d/K20saslauthd

Then create /etc/default/saslauthd:

# This needs to be uncommented before saslauthd will be run automatically
START=yes

# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb"
MECHANISMS=shadow

If you find out that saslauthd is located in /usr/local/sbin instead of /usr/sbin create a symbolic link:

ln -s /usr/local/sbin/saslauthd /usr/sbin/saslauthd

Then start saslauthd and sendmail:

/etc/init.d/saslauthd start

/etc/init.d/sendmail start

7 Test your Configuration

To verify that your sendmail was compiled with the right options type

/usr/sbin/sendmail -d0.1 -bv root

You should see that sendmail was compiled with SASLv2 and STARTTLS:

To see if SMTP-AUTH and TLS work properly now run the following command:

telnet localhost 25

After you have established the connection to your sendmail mail server type

ehlo localhost

If you see the lines

250-STARTTLS

and

250-AUTH

everything is fine.

Type

quit

to return to the system’s shell.

Links

Sendmail MTA: http://www.sendmail.org/

OpenSSL: http://www.openssl.org/

Cyrus-SASL: http://asg.web.cmu.edu/sasl/

Am primit pe mail noul model de chestionar auto care este valabil mai ales pentru bucuresteni si traficul capitalei :

a) sa va verificati de urgenta mail-ul
b) sa trageti pe dreapta la cel mai apropiat “Internet Cafe”
c) sa nu circulati cu o viteza mai mare de 512kb/s

1. Unde va aflati daca intalniti indicatorul de mai jos:

a) in apropierea unui bar sau bordel
b) in apropierea unei maternitati
c) pe un drum alunecos

1. Cum se pedepseste depasirea fara semnalizare:a) cu pedeapsa cu moartea si retinerea permisului de conducere pentru 90 de zile
   b) cu pedeapsa cu moartea dar fara retinerea permisului de conducere
   c) cu pedeapsa cu moartea, amenda si inchisoare. 

    

2. Care este ordinea de trecere in intersectia alaturata:

a) primul va trece autoturismul rosu, pentru ca se grabeste,al doilea autoturismul verde pentru ca se grabeste mai putin, al treilea autocamionul pentru ca nu se grabeste deloc
b) primul va trece camionul, al doilea autoturismul rosu, iar al treilea tot camionul
c) toate cele trei autovehicule vor trece simultan in intersectie

1. Ce faceti daca intalniti simultan in aceeasi intersectie indicatoarele din imagine, situate unul sub altul ca si in imaginea alaturata:

a) opriti, si acordati prioritate, dar in acelasi timp va continuati drumul pentru ca aveti prioritate
b) va continuati drumul pentru ca aveti prioritate, dupa care va intoarceti in intersectie si va opriti ca sa acordati prioritate
c) nu aveti nici o obligatie deoarece sunt indicatoare de informare turistica.

1. Ce obligatii aveti la intalnirea indicatorului alaturat:

a) sa va faceti cruce
b) sa acordati prioritate preotilor care circula din dreapta
c) sa claxonati in exces

1. Circulati iarna pe drumul public acoperit cu zapada, ninge abundent si este ceata, ce trebuie sa faceti:a) va opriti si asteptati pana vine vara, dupa care va continuati drumul
   b) mariti viteza si inchideti ochii
   c) sunteti obligat ca in aceasta situatie va echipati autovehiculul cu CD Player 

    

2. Intalniti intr-o intersectie un politist care are mana dreapta ridicata si va indica semnalul de mai jos, ce semnifica acest semnal pentru dumneavoastra?

a) nimic, deoarece este un semnal adresat conducatorilor de avioane
b) trebuie sa porniti stergatoarele deoarece semnalul va indica faptul ca va incepe ploaia
c) sunteti obligat sa opriti si sa acordati primul ajutor politistului deoarece are degetul fracturat.

1. In urma unui accident auto, una din victime are hemoragii severe, aveti dreptul sa o transportati la spital?a) nu, deoarece va murdareste masina cu sange si poate moare si nu va mai poate despagubi
   b) da, dar numai in portbagajul masinii
   c) da, dar sunteti obligat sa lasati victima sa conduca autovehiculul 

    

2. Circulati regulamentar pe un pod cu circulatie pe un singur sens, iar din contrasens vine un tir circuland cu viteza de 160km/h, ce trebuie sa faceti in aceasta situatie?a) mariti viteza ca sa fiti sigur ca muriti
   b) nu va faceti probleme, deoarece soferul tirului procedeaza neregulamentar si va suporta consecintele legale
   c) ati pus-o!!! 

    

3. Cum se trateaza ranile survenite in urma unui accident rutier?a) se dezinfecteaza rana cu scuipat dupa care se curata cu peria de sarma
   b) se leaga rana cu sarma ghimpata pentru a se opri hemoragia
   c) se pupa in dreptul ranii pentru a ameliora durerea. 

    

4. Circulati regulamentar si observati ca, din spate conducatorul unui autoturism se pregateste sa va depaseasca, cum procedati?a) mariti viteza si va luati la intrecere cu respectivul conducator auto, pana cand renunta sa va depaseasca
   b) il acrosati din lateral cand este in dreptul dvs. astfel incat sa il scoateti de pe partea carosabila
   c) iesiti imediat de pe partea carosabila, chiar in sant daca este posibil, ca sa ii dati de inteles ca sunteti de acord sa fiti depasit 

    

5. Circulati regulamentar si observati ca un biciclist se prinde cu mana de autoturismul dumneavoastra.Cum procedati?a) mariti viteza cat puteti de mult, deoarece este posibil ca biciclistul sa se grabeasca
   b) mariti viteza si incepeti sa circulati in zig zag, pana cand nu il mai vedeti pe biciclist
   c) scoateti capul pe geam si il injurati pe biciclist 

    

6. Sunteti implicat intr-un accident auto soldat cu victime omenesti si pagube materiale.Cand aveti voie sa consumati bauturi alcoolice si sa va drogati?a) inaintea accidentului
   b) in timpul accidentului
   c) imediat dupa accident 

    

7. Aveti voie sa treceti la culoarea rosie a semaforului?a) probabil ca nu
   b) in nici un caz nu
   c) sigur nu 

    

8. Ce va avertizeaza indicatorul de mai jos?

a) ca in localitatea Suceava se circula doar cu camionul
b) ca daca nu circulati cu camionul nu o sa ajungeti in Suceava
c) ca daca mergeti spre Suceava o sa fiti lovit de un camion

1. Cine procedeaza gresit in situatia urmatoare?

a)conducatorul tramvaiului pentru ca nu se apropie de trotuar
b)conducatorii motocicletelor pentru ca vor sa intre in tramvai cu tot cu motociclete
c)pietonii pentru ca nu au motociclete