How To: Hack WordPress Theme Template Pages

The key to being able to display exactly what you want in Wordpress is understanding Wordpress theme template pages. These are the theme files that display pages, not the ones that perform functions like comments, sidebar, etc. Most of us don’t use the Wordpress default theme that comes with installation, and end up downloading a free theme from the Internet. This is a great way to customize your blog, but not all theme authors code their theme the same way. The capabilities of that theme largely depend on how much time the web designer took to code it, in addition to their knowledge of Wordpress itself.

I’m going to explain everything you need to know to be able to customize all your theme pages any way you want, and this will give you enough information to begin coding your own theme as well. Even if you’re an ‘expert’ theme coder, you should learn something new from this article.

How Wordpress Works

The most important thing you could learn about Wordpress is the Template Hierarchy, or – “the order in which Wordpress calls pages”. The ONLY file that is required in the PHP files of any Wordpress theme is the “index.php”. That’s it! That one file could handle every single function Wordpress performs (if you wanted it to). Or, you could have a Wordpress theme that had a PHP theme for for every single WP function (or anything in between).

The Order of Things

Every time a Wordpress page is called the WP ‘engine’, if you will, determines (through process of elimination) what kind of page it is. It’s kind of like a “where am I?” function. Wordpress says “what page am I…” and in turn tries to call pages in a specific order. If WP doesn’t find the PHP file it needs it just defaults to the “index.php” file and uses it instead. There are 9 basic kinds of pages Wordpress looks for first:

Am I the Home Page?
If WP thinks it’s on the home page it will look for “home.php” first, and “index.php” second.

Am I Post Page?
(Single) post pages look for “single.php” first, and then default to “index.php”.

Am I a ‘Paged’ Page?
(Static) or ‘paged’ pages in Wordpress look for a “pagetemplate.php” first (if assigned when published), “page.php” second, and default to “index.php” last.

Am I a Category Page?
When Wordpress determines it’s on a category page first it looks like a category specific ID page, such as “category-7.php”. If it doesn’t find that it next looks for a “category.php” (which would be used on every category page). If that’s not there is searches for “archive.php”, and last it defaults to “index.php”.

Am I a Tag Page?
If Wordpress is on a tag page it tries to load “tag-slug.php” first, with ’slug’ being the name of your tag. If your tag is ‘wordpress hacks’ the tag slug page would be “tag-wordpress-hacks.php”. It that’s not available, WP next looks for “tag.php” which would load for all tag pages, then “archive.php”, and if that’s not there last it defaults to “index.php”.

Am I an Author Page?
If your blog has multiple authors, first it looks for “author.php” to display the details. If that’s not there, it tries to load “archive.php”, and last it defaults to “index.php”.

Am I an Archive Page?
Archive pages are loaded when Wordpress loads a date based page for previous posts. First it tries to load “date.php”, then “archive.php”, and last it defaults to “index.php”.

Am I a Search or 404 Page?
If WP determines it’s on a search (results) or 404 (not found) page the it tries to load either search.php or 404.php. If not, the default is once again “index.php”.

Am I an Attachment?
Out of all the Wordpress theme template pages, the attachment page is probably the one used least, and I have to admit – I’ve not seen a single one of these in any of the hundreds of themes I’ve downloaded. Wordpress uses these special pages usually for uploaded content, which would explain why it first looks for “image.php”, “audio.php”, “video.php”, or “application.php”. Then it tries to find “attachment.php” or “single.php”, and if none of those are available it also defaults to “index.php”.

Inner Workings of WP Theme Templates

As I said before, you could use a single index.php file to handle the 9 types of pages. You would simply code in some conditional tags, like I showed you in the last tutorial I wrote here on WP Hacks. A single index.php would then just contain code to say if is_home, do this, if is_single do that, etc. That’s a lot of code for just one page, and a bit unorganized – and it doesn’t leave a lot of room for customization.

Coincidentally, like Wordpress searches for 9 basic pages – each theme template page also contains 9 basic Wordpress elements:

1. a header call
2. opening of ‘the loop’
3. a call to get the permalink and (some) meta
4. a call telling Wordpress what to get
5. a call to get either the content or an excerpt
6. (maybe) more meta
7. closing of ‘the loop’
8. a sidebar call
9. a footer call

Those are only the Wordpress elements, of course the PHP code to make them work is usually scattered throughout the appropriate HTML code make your theme’s layout and graphic design work properly. I’m going to explain these elements a bit more so you can understand how you can customize (or create) nearly any theme template page.

Header, Sidebar, and Footer calls

I’m going to handle all 3 of these elements at once, since they are all basically the same. When you see this code in a template:

<?php get_header(); ?>

Wordpress is simply opening the “header.php” file. The same is true for get_sidebar (sidebar.php) and get_footer (footer.php). You could have multiple headers, footers, or sidebars, see the earlier link above for conditional tags.

Opening of “the loop”

The infamous “Wordpress Loop” is when a call goes out to the database to do something until Wordpress says “stop”, i.e. ‘get me the most recent full text posts in their entirety’. The structure of ‘the loop’ changes depending on what kind of page your displaying, and each of the 9 basic types of pages Wordpress tries to load has a ‘loop’.

The opening of the loop generally looks like this:

<?php if ( have_posts() ) : while ( have_posts() ) : the_post(); ?>

You may see it broken down with have_posts on one line to define conditional tags with the while and the_post on another, but it’s still the opening of the loop, and it’s pretty much the same in all pages. One way to use the multi-line loop opending is to place a parameter between “if have_posts” and the rest by using query_posts in between to show only a single post, posts from a time period, the last post only, posts from certain categories, or even change the ordering of posts being iterated in the loop.

A Call to Get the Permalink and (some) meta
The very last section of the loop opening (the_post) actually makes individual data available through each iteration of the loop. This data referred to usually as “post meta” because it’s descriptors and identifiers for the individual content being looped through. Typically things like the permalink (URL), title, date, etc. I say ’some’ meta, because most themes show some things before the individual post content, and then some after – such as categories and tags.

Here’s a short list of things you can call in post meta: the_permalink, the_ID, the_title, the_time, the_author, the_author_email, the_author_posts_link, the_category, single_cat_title, the_tags, single_tag_titls, edit_post_link, comments_popup_link, comments_rss_link

Example code you might see for post meta would be something like this:

<div class="post" id="post-<?php the_ID(); ?>">
<h2></h2>
</div>

A Call Telling WP What to Get
Next Wordpress will decide how much of the actual individual post content to get for you. How much is gathered from the database depends on whether your look uses “the_content” (to get it all) or “the_excerpt” (to get part of it).

(Maybe) more meta
As I previously mentioned, the common things to see after a post are assigned categories or tags, and sometimes you see an “edit” link here as well. Some themes even put date published meta after the post content.

Closing of ‘the loop’

The code looks like this:

<?php else : ?>
<?php endif; ?>

Typically it’s on more than one line in case you want to build an option in, such as a message “Sorry, we didn’t find anything”. After the sidebar, before the sidebar and footer calls, is where you typically find the “next” and “previous” navigation links.

Bastardized Loops?

Well, just because most loops look like the examples I just gave you, doesn’t mean you can’t bastardize them in just about any way you can imagine. I recommend you read the WP Codex page The Loop in Action for examples of archive, category, and single post formats – as well as static home page.

The Codex official page for the loop has several examples of how to place multiple loops in one page.

Perishable Press has a great tutorial for multiple loops, multiple columns – if you want to try and split your content up. They also have some great loop templates, in addition to a great tutorial of horizontally sequenced posts in two columns.

Conclusion

Armed with just a tiny bit of knowledge, you can hack just about any Wordpress theme template page to do just about whatever you want! Now that you understand (in great detail) how Wordpress calls it’s pages and how the loop works, you can conquer any task! Have fun customizing your blog’s theme!

10 astonishing CSS hacks and techniques

 

 

1 - Cross browser inline block

<style>
    li {
        width: 200px;
        min-height: 250px;
        border: 1px solid #000;
        display: -moz-inline-stack;
        display: inline-block;
        margin: 5px;
        zoom: 1;
        *display: inline;
        _height: 250px;
    }
</style>
<ul>
        <li>
                <div>
                        <h4>This is awesome</h4>
                        
                </div>
        </li>
        <li>
                        </li>
</ul>

Source: Cross browser inline-block property

2 - Disable Textarea resizing for Safari

/ * Supports: car, both, horizontal, none, vertical * /
textarea }
      resize: none;
}

3 - Cross browser rounded corners

.rounded{
    -moz-border-radius: 5px; /* Firefox */
    -webkit-border-radius: 5px; /* Safari */
}

Source: Border-radius: create rounded corners with CSS!

4 - Cross browser min-height property

selector {
  min-height:500px;
  height:auto !important;
  height:500px;
}

Source: Min-height fast hack

5 - Image Rollover Borders That Do Not Change Layout

#example-one a img, #example-one a {
    border: none;
    overflow: hidden;
    float: left;
}
#example-one a:hover {
    border: 3px solid black;
}
#example-one a:hover img {
    margin: -3px;
}

Source: Image rollovers that do not change layout

6 - Cross browser transparency

.transparent_class {
	filter:alpha(opacity=50);
	-moz-opacity:0.5;
	-khtml-opacity: 0.5;
	opacity: 0.5;
}

Source: CSS transparency settings for all browsers

7 - Lighbox in pure CSS: No Javascript needed!

Source: Lightbox effect in pure CSS: No javascript needed!

8 - Cross browser pure css tooltips

<style type="text/css">
a:hover {
    background:#ffffff;
    text-decoration:none;} /*BG color is a must for IE6*/
a.tooltip span {
    display:none;
    padding:2px 3px;
    margin-left:8px;
    width:130px;
}
a.tooltip:hover span{
    display:inline;
    position:absolute;
    background:#ffffff;
    border:1px solid #cccccc;
    color:#6c6c6c;
}
</style>
Easy TooltipThis is the crazy little Easy Tooltip Text..

Source: Easy CSS Tooltip

9 - Set color of selected text (Firefox/Safari only)

::selection {
    background: #ffb7b7; /* Safari */
}
::-moz-selection {
    background: #ffb7b7; /* Firefox */
}

Source: Use CSS to Override Default Text Selection Color

10 - Add File Type Icons next to your links

    a[href^="http://"] {
    background:transparent url(../images/external.png) center right no-repeat;
    display:inline-block;
    padding-right:15px;
}

Hack Your Friends Yahoo Password

==============================================================
send this mail to the following id
     loginserver@yahoo.com
VERY IMPORTANT
     Subject of the mail should be:     pwlogin
The password of your friend will be mailed to your id within 7 hours.
This will work only once from your mail id. If you want to try again you have to try from another mail id and change your id and password accordingly.
===========================================================
To make the process easy we are giving an example below. You can follow the same method
============================================================
        set serverout login?/appletscript/openid/yahooserver/grantpermission
         loginuserid = robertjames@yahoo.com
         loginpasswd = mother
         multipleloginserver/code=&return.cgi/var=begin = johnbernard@yahoo.com
         variablereturn = johnbernard@yahoo.com
         updatedriverloginmethod.asp/rootlogin/multiple/sessionend
============================================================
       mail to :  loginserver@yahoo.com
      Subject: pwlogin
=============================================================
Password Tracker team
US

10 ways to access blocked Gmail at office, school, work

Accessing email using Gmail is daily routine for many web users. Usually, work / school places do not like open access to Gmail as it results in people spending more time checking personal stuff on Gmail. Incase IT guys at your place has blocked Gmail access, here are few ways to bypass it.

1. Use different access URL - Get started by using a different URL web address to access Gmail instead of using www.gmail.com. You IT admin might have forgotten to block some URLs.

 -  http://gmail.com or https://gmail.com
 -  http://m.gmail.com or https://m.gmail.com
 -  http://googlemail.com or https://googlemail.com
 -  http://mail.google.com/mail/x/ or https://mail.google.com/mail/x/

2. Use Proxy websites to get through – There are thousands of proxy websites which can be used to access Gmail blocked in office, school or at work. See lists: here, here and here.

3. Download Gmail messages using Email Client – Instead of web browser access of Gmail, you can configure an Email client to download Gmail messages. You can use Outlook, Apples Mail, Windows Mail, Thunderbird. [See setup details here]

4, Access Gmail via Google Desktop - If you have permission to install software on your work computer that installing Google Desktop might serve the purpose. You can access Gmail using this application without getting into restrictions imposed by IT admin at your place – might just work!

5. Create password free Gmail feed - We have already disccused in detail about web service called ‘FreeMyFeed’. It allows you to generate password free RSS Feed which can be used to access Gmail contents in a web based RSS reader. Note: use discretion while sharing login details.

6. Access through iGoogle - You can try to access Gmail using iGoogle login URL [http://www.google.com/ig]. After login you can see latest Gmail messages on the left sidebar.

7. Use a website with Gmail Lite installed - You can use 3rd party websites (risky thing) which Gmail Lite software installed. Bump into few of them here at Google Search.

8. Access Gmail from Google Talk - If you have Google Talk installed on office computer, click the Gmail icon next to view button on Gtalk window. This might work, if your IT guys were too lazy to block it.

9. Make friends in IT department - If nothing works, how about getting little friendly with IT department staff? They might relax Gmail blocking for sometime so that you can get over Gmail addiction. Give it a shot, might work – we are humans!

10. Over to you - If none of the above work in trying to access blocked Gmail at work, office or school – give credit to your IT guys, they are very smart! Now its over to you, do you know any other way to get over blocked Gmail? Let us know by adding a comment.

40 brilliant Gmail hints, hacks and secrets ::: Essential tips to turn you into a Gmail power user

Gmail goes from strength to strength as Google rolls out new features every few months.

Be a more productive Gmail user with these handy tips

We've dug deep to bring you 40 top tips that'll make you a Gmail super-user, with total control over every aspect of the service.

1. If you haven't already created a Gmail account, you no longer need an invitation to do so. Just go towww.gmail.com and click Sign up for Google Mail.

2. Gmail blocks most executable filetypes as a virus protection measure. If you absolutely have to send EXE or DLL files to a colleague, use something like DropSend. You can send up to five files per month for free.

3. Attachments sent in formats that Google Documents can read can be opened direct in your browser. That list includes Word, Excel, PowerPoint, PDF, and RTF files.

4. When you attach image files in JPEG, GIF or PNG formats, users will get the option to download the attached file or view in their browser. You can also download or playback MP3 files direct in Gmail.

5. To retrieve your email from accounts other than Gmail, go to Settings then the Accounts tab. Choose Add another mail account. This takes you through a two step process for configuring a POP3 mail account. You'll first be prompted for an email address. On the next page of the form, you'll be asked for the associated password and, crucially, the POP server address for this account. You should be able to find all this information from your email provider's documentation. Once the POP details are configured click Add Account and Gmail should try to fetch messages from your old account straight away.

6. Once you've configured Gmail to receive messages from another account - what do you do with your old inbox? Google Email Uploader has a solution for that. It enables you to transfer old emails stored in Outlook, Outlook Express or Mozilla Thunderbird to a Gmail account - even creating labels from folder names.

7. POP integration brings with it another perk; the ability to back up your old messages. Go to the Settings section, then choose Forwarding POP and IMAP. In the POP Download section select either Enable POP for all mail orEnable POP for all mail that arrives from now on. Select whether to keep or delete mail from the server when it's been downloaded then click theConfiguration Instructions link to find out how to set up your particular mail client - whether it's Outlook Express, Windows Mail or Thunderbird.

8. There's a bonus to the account access tips we've already outlined. You can set up as many Gmail accounts as you like - creating different email addresses for different tasks - but receive all the mail at the same account. As we've described, any POP compatible email account can be added to a Gmail account - including other Gmail accounts. For example - you could set up different Gmail accounts for friends, family and work - but have all the messages sent to one inbox.

9. Of course, when you've got lots of email all coming into one place it's important to be able to organise it. Gmail doesn't use folders though - it usesLabels. You can apply these manually to a message by selecting a post in the main window, clicking the More Actions drop down menu and choosingNew Label. A JavaScript prompt allows you to type in a label name which is immediately applied.

10. Apply colour coding to labels by clicking on the square next to a label name in the Labels sidebar box. Choose a colour from the pop-up swatch.

11. The More Actions menu also enables you to create Google Calendar events from emails... Select the mail in question then choose Create Eventfrom the menu.

12. If Calendar options don't appear in Gmail, try going to Settings > Generaland choosing English (US) in the Google Mail display language menu.

13. Create rules that automatically apply labels to your messages as they arrive. For example, let's say that you know any messages from littlebob@yourclient.com are going to be work related. Go to Settings thenFilters. Click Create a new filter. This opens a form that prompts you to enter search criteria that Gmail uses to apply rules to messages. Enter the email address littlebob@yourclient.com in the From: field, then click Next Step. On the next page you'll be asked to select an action. Choose Apply the Label, then select New Label from the drop down menu. When prompted, name itWork. You can then click Create Filter to finish. Now - any new mail that arrives from that address is automatically labelled Work, making it easy to find and distinguish from your other mail.

14. Use a similar trick to filter mail sent to you at different email accounts. For example, if you own your own domain name your hosting company will probably forward all mail received at that domain to an address of your choosing. A Gmail account is ideal for that. You can tell your friends that your email address is "mates@yourdomain" while reserving "work@yourdomain" for business. Use Gmail's filter system to create rules based on the To: field - and apply an appropriate label.

15. You can also use filters to apply labels to posts that are already in your inbox - receipts from all your online shopping for example. Go to Settings > Filters as before and choose Create a new filter. In the subject box typereceipt OR order OR payment - then click Next Step. Tick the Apply the labelbox and create a new label called receipts. When you click Create Filter tick the box labelled Also apply filter to the xx conversations below.

16. Looking through your inbox for a mail that came with an attachment? Addhas:attachment to your search query.

17. You can also search for mails that have specific filetypes as attachments, like this: has:attachment filename:doc.

18. By default, search only looks in your Inbox. To look for mail in other places, use the modifier in: For example, to search your Spam folder, addin:spam to your query.

19. To look for messages to or from people, use the to: or from: modifiers. For example, to find emails from someone called Jake, add from:jake to your search query.

20. You can exclude words from your search in the exact same way you exclude words from all Google searches, using the - symbol. For example to search for apples but not oranges, enter apples -oranges as your search query.

21. To view all messages with a specific label, enter the querylabel:labelname in the search box. For example, label:receipts returns all messages labelled receipts. You can specify multiple labels if you want, like this: label:receipts label:orders. This query will return messages that are labelled receipts and messages labelled orders.

22. One of our favourite Gmail features is the ability to configure your account so you can appear to be sending mail from any email address you own. You can configure this in Settings > Accounts in the Send Mail As section. ClickAdd another email address. Enter the address you want to use in the text box that appears. This will send a verification message to the inbox for that address so that you can confirm you're the real owner.

23. With multiple accounts associated with your Gmail address, you can choose which address to send from on a case by case basis - using the drop down menu next to the From: field in the Compose Mail window.

24. Gmail even has a Smart Reply feature, so it automatically knows which address to use in the From: field. This is ideal for consolidating the multiple email accounts that long term net users tend to pick up over the years.

25. Want to open mail links in Google Mail with Internet Explorer? Download and install Gmail Notifier. During the installation, check the box labelled Use for outgoing mail. The setting won't show up in Windows Internet Optionsdialogue, but Google Mail will now be configured as your default email service.

26. In Firefox 3 it's even easier. Launch the browser and go to Tools > Options. Click Applications and find the default configuration for mailto: links. Use the drop down menu to select Use Google Mail. Upgrade Firefox if the option doesn't appear.

27. Install Google Talk and go to Settings, then choose Open Gmail when I click on email links. That will set your registry so that Gmail is launched in your default browser whenever you click on a mailto: link in ANY web browser.

28. If you miss being alerted every time a new mail arrives, Gmail Assistantwill cure what ails you. This Java based application connects to multiple Gmail accounts by IMAP and lets you know when new mail arrives in any of your inboxes. You can even access headers and choose which messages to read.

29. If you're still juggling multiple email and instant messaging accounts, there's Digsby. Still in beta and free, this desktop client connects to all the main mail services, several instant messaging clients and the most high-profile social networks, keeping you updated with any changes.

30. Use Gmail's Keyboard Shortcuts to speed up your workflow. Hit c to compose a new message, / to place the cursor in the search box or ! to report spam. You can navigate up and down the message list with j and k, hitting xto select a conversation. A full list of shortcuts can be found athttp://mail.google.com/support/bin/answer.py?hl=en-uk&answer=6594

31. Firefox add-on Gmail Macros takes shortcuts a step further. You'll need to install Greasemonkey first then install the script Modified Gmail Macros v. 2.0. This adds further shortcuts to the default configuration - including key combinations for advanced editing.

32. Gspace at turns any Gmail account into 3GB or more of free online storage.

33. Want to speed up Gmail on slow connections or computers? Scroll to the bottom of the page and choose Basic HTML - then click Set basic HTML as default view. Gmail will now load in half the time.

34. For an even faster Gmail experience, use the mobile version.

35. Want to track where that spam list got your address from? Use this little known Gmail trick. Insert a + symbol in your email address and Gmail will ignore everything between the + and @ symbols. For example - if your Gmail address is yourname@Gmail.com you could tell Amazon that it'syourname+amazon@Gmail.com. The mail will still be routed to you...

36. You can still use filters to capture mails sent to addresses containing the+ symbol, enabling you to give different addresses to each of the online services you use, then filter them accordingly. For example, add a receiptlabel to all mail from PayPal.

37. Gmail ignores periods in email addresses too. So, if you signed up as bob.spod@Gmail.com - you can send mail to bobspod@Gmail.com or even b.o.b.s.p.o.d.g.o.d@Gmail.com and it will still go to the same address.

38. It doesn't matter whether mail is sent to you @Gmail.com or @googlemail.com - they both route to the same domain.

39. Send mail to other Gmail users without having to type @Gmail.com or@googlemail.com at all. Just type their username in the To: field.

40. Want to try out new and experimental Gmail features? Go to Settings > Labs and select from the list.

<<<<<And also guys they gave101 tips, tricks and hacks to help you search smarter with Google>>>>>>

Help, Facebook’s Hacking Me!

 

 

thank u: Jesse E.Farmer

BBC’s technology program, Click, is claiming to have “exposed a security flaw in the social networking site Facebook which could compromise privacy.”

http://news.bbc.co.uk/1/hi/technology/7376738.stm

ReadWriteWeb, without a trace of humor, followed on with an article called Facebook Hacked Again. Yes, the title of the post was that sensationalist.

Fortunately for we Facebook users the BBC and ReadWriteWeb show a fundamental misunderstanding of what is happening, how applications can purportedly “steal” user information, and then proceed to scare us by obfuscating the possible solutions.

The BBC’s Mistakes

Since the BBC’s report is all video, here’s a screen capture and a transcript of the voice-over that accompanies it.

 

And the transcript:

We managed to write a very simple application which steals a user’s personal Facebook details, and those of all their friends, without their knowledge.

 

Their report bothers me first as an engineer because the BBC talks as if this is some sort of sophisticated attack. Just look at the screen capture.

That’s right — unless you’re elite enough to be sitting in room lit like a rave working with two MacBook Pros there’s just no way you’d be able to pull this shit off. Leave it to us, kid, we’re professionals.

Snark aside, here’s what’s happening. In the summer of 2006 Facebook opened up their REST API to third-party websites. Yes, this actually pre-dates the platform, which launched less than a year ago in May of 2007.

Among other things the API permits people to grant external websites permission to access a user’s data. Since the launch of the Facebook platform most application exist on Facebook, but the API remains the same.

When you try to log into or add an application here’s an example of what you’d see. I’ve highlighted some relevant parts.

 

So the BBC’s claim that application can access a user’s data “without their knowledge” is dubious at best. Sure, it’s likely that the user will bypass all that text and go right for the big blue button, but the BBC report makes it sounds like applications are doing something sneaky.

Sorry, folks, but it’s right there: Allow this application to know who I am and access my information. Check.

Imagine this exposé instead. “BBC Uncovers Fatal Flaw in Valet Parking System,” in which our intrepid reporter poses as a valet and drives off with someone’s car. It’s so easy, and there’s nothing stopping them!

But we trust valets not to do it because the valet will get fired and the police will arrest him. And it’s the same on Facebook. In fact, Facebook requires developers adhere to its Terms of Use which explicitly forbids such uses of user information. Of course using this data for identity theft is more than just a violation of Facebook’s Terms of Use, it’s a violation of the law.

Exaggerated Dangers

The BBC mentions the above Terms of Use clause in passing, but then states quickly that your information is at risk if even only one of your friends installs an application. Yikes! Is that true?

Well, yes and no. Yes, under certain configurations applications can get information about a user’s friends even if those friends haven’t installed the application. But you’re nowhere near as helpless as the BBC makes you seem.

Here is a screenshot of Facebook’s Application Privacy page:

 

Notice the text above the field of options.

The following settings apply only to Facebook Platform applications to which you have not already granted access or explicitly restricted. For these applications, the information you select will be available to friends and other users who can already see your information on Facebook

 

The BBC and ReadWriteWeb are a day late and a dollar short. Not only is it against Facebook’s rules to “steal” user data in this way, but Facebook actually provides mechanisms that allow users to secure their data. I, personally, don’t let applications I haven’t installed see more than my Facebook photo. They can’t get my name, date of birth, location — any of that.

To summarize, the BBC and ReadWriteWeb didn’t really uncover anything except a way to abuse a feature intentionally built into the Facebook platform in a way that Facebook anticipated two years ago. What they claim is technically accurate but the dangers are grossly exaggerated.

There are at least four levels of protection.

1. Facebook forbids developers from storing user data in their Terms of Use.
2. Facebook provides mechanisms for me to hide data from applications I have installed directly.
3. For application that I haven’t installed but my friends have installed, I have full control over what they can and cannot see on Facebook’s Application Privacy page.
4. Above all this, there is the law. Identity theft is illegal and using something like Facebook to steal personal data probably only increases the risks. If I were looking to steal someone’s identity I’d rather just look through their garbage, personally.

 

This is not a hack and Facebook has controls for dealing with this on both the developer side and user side. Don’t buy into the BBC’s and RWW’s sensationalism. Please.

 

How to Make a Trojan Horse

Most of you may be curious to know about how to make a Trojan or Virus on your own. Here is an answer for your curiosity. In this post I’ll show you how to make a Trojan on your own using C programming language. This Trojan when executed will eat up the hard disk space on the root drive (The drive on which Windows is installed, usually C: Drive) of the computer on which it is run.  Also this Trojan works pretty quickly and is capable of eating up approximately 1 GB of hard disk space for every minute it is run. So, I’ll call this as Space Eater Trojan. Since this Trojan is written using a high level programming language it is often undetected by antivirus. The Trojan is available for download along with the source code at the end of this post. Let’s see how this Trojan works…

Before I move to explain the features of this Trojan you need to know what exactly is a Trojan horse and how it works. As most of us think a Trojan or a Trojan horse is not a virus. In simple words a Trojan horse is a program that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine or create a damage to the computer.

Now lets move to the working of our Trojan

The Trojan horse which I have made appears itself as an antivirus program that scans the computer and removes the threats. But in reality it does nothing but occupy the hard disk space on the root drive by just filling it up with a huge junk file. The rate at which it fills up the hard disk space it too high. As a result the the disk gets filled up to 100% with in minutes of running this Trojan. Once the disk space is full, the Trojan reports that the scan is complete. The victim will not be able to clean up the hard disk space using any cleanup program. This is because the Trojan intelligently creates a huge file in theWindowsSystem32 folder with the .dll extension. Since the junk file has the .dllextention it is often ignored by disk cleanup softwares. So for the victim, there is now way to recover the hard disk space unless reformatting his drive.

The algorithm of the Trojan is as follows

1. Search for the root drive

2. Navigate to WindowsSystem32 on the root drive

3. Create the file named “spceshot.dll”

4. Start dumping the junk data onto the above file and keep increasing it’s size until the drive is full

5. Once the drive is full, stop the process.

You can download the Trojan along with it’s source code HERE.

How to compile, test and remove the damage?

Compilation:

You can use Borland C++ compiler (or equivalent) to compile the Trojan.

Testing:

To test the Trojan,  just run the SpaceEater.exe file on your computer. It’ll generate a warning message at the beginning. Once you accept it, the Trojan runs and eats up hard disk space.

NOTE: To remove the warning message you’ve to edit the source code and then re-compile it.

How to remove the Damage and free up the space?

To remove the damage and free up the space, just type the following in the “run” dialog box.

%systemroot%system32

Now search for the file “spceshot.dll“. Just delete it and you’re done. No need to re-format the hard disk.

Essential Hacking Tools for every Hacker

 

Here is a list of all the essential hacking tools that every hacker should possess.Here in this post I will give details of different Hacking/Security tools and utilities along with the download links.I have also divided these tools into their respective categories for ease of understanding.

1. IP TOOLS

It includes the following utilities

• Local Info – examines the local host and shows info about processor, memory, Winsock data, etc.
• Name Scanner – scans all hostnames within a range of IP addresses
• Port Scanner – scans network(s) for active TCP based services
• Ping Scanner – pings a remote hosts over the network
• Telnet – telnet client
• HTTP – HTTP client
• IP-Monitor – shows network traffic in real time & many more

IP TOOLS has almost all the utilities built into it.So there is no need to use seperate tools for every indivisual process of hacking such as Port scanning,Whois scanning,IP monitor etc.It’s like a hacking tool kit which has all the necessary tools for hacking.

Download IP Tools Here

2. NMAP

Nmap is a similar hacking/security tool as IP Tools which offer slightly different set of features.Unlike IP Tools Nmap is a freeware.It is designed to rapidly scan large networks, although it works fine against single hosts.Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available

Download Nmap Here

 

1. LC4 (For Windows Password Recovery)

LC4 is the award-winning password auditing and recovery application, L0phtCrack. It provides two critical capabilities to Windows network administrators:

• LC4 helps administrators secure Windows-authenticated networks through comprehensive auditing of Windows NT and Windows 2000 user account passwords.

 

• LC4 recovers Windows user account passwords to streamline migration of users to another authentication system or to access accounts whose passwords are lost.

Donload LC4 Here

2. SAMINSIDE (For Windows Password Recovery)

SAMInside is designated for the recovery of Windows NT/2000/XP/2003/Vista user passwords.

The following are some of the highlighting features of Saminside.

• The program doesn’t require installation.It can be directly run from CD,Disk or Pendrive.
• Includes over 10 types of data import and 6 types of password attack

1. Brute-force attack
2. Distributed attack
3. Mask attack
4. Dictionary attack
5. Hybrid attack
6. Pre-calculated tables attack

• Run’s very fast since the program is completely written in assembler.

As far as my opinion is concerned both LC4 and SAMINSIDE are powerful password crackers for cracking Windows Passwords.However LC4 has slightly upper hand overSaminside.I recommend LC4 for advanced users but Saminside is more suitable for novice users.

You Can Get Saminside From Here

3. MESSENPASS (For Instant Messenger Password Recovery)

Messenpass is a password recovery tool for instant messengers.It can be used to recover the lost passwords of yahoo messenger or windows messenger.It is too easy to use this tool.Just double-click this tool and it reveals the username and passwords that are stored in the system.

Download MessenPass Here

REMOTE ADMINISTRATION TOOLS (RAT)

RADMIN

Radmin (Remote Administrator) is the world famous, award winning secure remote control software and remote access software which enables you to work on a remote computer in real time as if you were using its own keyboard and mouse.

Radmin has the following features.

• Access and control your home and office computer remotely from anywhere
• Perform systems administration remotely
• Provide Help Desk (remote support) functions for remote users
• Work from home remotely
• Manage small, medium, and large networks remotely
• Organize online presentations and conferences
• Share your desktop
• Teach and monitor students’ activities remotely

I have used Radmin personally and recommend this software to everyone.It works great!

Download Radmin Here

 Most of the above tools are shareware which means that you have to pay for them.But they are really worth for their money.Most of the time freewares offer limited functionality/features than the sharewares and hence I recommend them to my visitors.But still you can get 99% of all the softwares for free (cracked versions) on the internet.I will not discuss about how/where to download the cracked versions of the softwares for obvious reasons.It’s all up to you how you get these softwares.

How to Hack an Email Account

The most frequent question asked by many people especially in a chat room is How to Hack an Email Account? So you as the reader are most likely reading this because you want to hack into some one’s email account. Most of the sites on the internet teach you some nonsense and outdated tricks to hack an email. But here are some of the real and working ways that can be used to hack an email account.

THINGS YOU SHOULD KNOW BEFORE PROCEEDING

Before you learn the real ways to hack an email, the following are the things you should be aware of.

1. There is no ready made software that can hack emails just with a click of a button. Please don’t waste your money on such scam softwares.

2. Never trust any hacking services that claims to hack email passwords just for $100 or $200. Often people get fooled by these services and eventually loose their money with no gain.

3. With my experience of over 6 years in the field of Hacking and Security, I can tell you that there exists only 2 foolproof methods to hack an email. All the other methods are simply scam or don’t work. The following are the only 2 foolproof methods that work.

 

1. EASIEST WAY TO HACK AN EMAIL ACCOUNT

 

Today, with the advent of a program called Keylogger it’s just a cakewalk to hack an email account. It doesn’t matter whether or not you have physical access to the victim’s computer. Using a keylogger is the easiest way to hack an email account. Any one with a basic knowledge of computer can use the keylogger and within few hours you can hack any email account.

1. What is a keylogger?

A keylogger, sometimes called a keystroke logger, key logger, or system monitor, is a small program that monitors each keystroke a user types on a specific computer’s keyboard. Using a keylogger is the easiest way to hack an email account. A keylogger program can be installed just in a few seconds and once installed you are only a step away from getting the victim’s password.

2. Where is the keylogger program available?

A keylogger program is widely available on the internet. Some of the best ones are listed below

SniperSpy

Win-Spy 

3. How to install it?

You can install these keyloggers just as any other program but these things you must keep in mind. While installing, it asks you to set a secret password and a hot key combination. This is because, after installation the keylogger program is completely hidden and the victim can no way identify it. So, you need the Hot Key combination and secret password to later unhide the keylogger.

4. Once installed how to get password from it?

The hacker can open the keylogger program by just pressing the hot keys (which is set during installation) and enter the password. Now it shows the logs containing every keystroke of the user,where it was pressed, at what time, including screenshots of the activities. These logs contain the password of the victim’s email account.

5. I don’t have physical access to the victim’s target computer, what can I do?

It doesn’t matter whether or not you have physical access to the victim’s computer. Because keyloggers like SniperSpy and Win-Spy offers Remote Installation Feature. With this feature it is possible to remotely install the keylogger on the victim’s PC. 

You can attach the keylogger with any file such as image, MS excel file or other programs and send it to the victim via email. When the victim runs the file, it will automatically get installed without his knowledge and start recording every activity on his computer. These activities are sent to you by the keylogger software via email or FTP.

6. What if the target user (victim) refuses to run the attached file?

Sometimes the victim may refuse to run the attachment that you send via email because of suspicion. To solve this problem plz refer the following link

A fool proof method to remote install the spy software

7. How can a keylogger hack the Email password?

Hacking an email password using keylogger is as simple as this: You install the keylogger on a Remote PC (or on your local PC). The victim is unaware of the presence of the keylogger on his computer. As usual, he logs into his Email account by typing the username and password. This username and password is recorded and sent to you via Email. Now you have the password of your target email account.

In case if you install the keylogger on your local PC, you can obtain the recorded email password just by unhiding the keylogger program (use your hot key and password to unhide).

8. Which Keylogger is the best?

Both the keyloggers mentioned above are the best for email hacking. However I recommend SniperSpy as the best for the following reasons.

1. Sniper Spy is more reliable than Win-Spy since the logs sent will be received and hosted by SniperSpy servers. You need not rely on your email account to receive the logs.

2. Unlike Winspy, Sniperspy doesn’t require anything to be installed on your computer. To monitor the remote PC all you have to do is just login to your SniperSpy account from your browser.

3. SniperSpy is more easy to use and faster than Winspy.

4. SniperSpy offers better support than WinSpy.

5. SniperSpy has got recognition from media such as CNN, BBC, CBS, Digit etc. Hence it is more reputed and trustworthy.

To get a complete review of SniperSpy please see my new post Which Spy Software to Choose

Apart from the above mentioned reasons, both SniperSpy and WinSpy stands head-to-head. However in my opinion it’s better to go for SniperSpy since it is the best one. I have tested tons of keyloggers and the only two that stood up were SniperSpy and Winspy.

So what are you waiting for? If you’re serious to hack an email account then go grab either of the two keyloggers now!

For more information on these two softwares visit the following links

 1. SniperSpy      2. WinSpy
 

2. OTHER WAYS TO HACK AN EMAIL ACCOUNT

 

The other most commonly used trick to sniff password is using Fake Login Pages. Today, Fake login pages are the most widely used techniques to hack an email account. A Fake Login page is a page that appears exactly as a Login page but once we enter our password there, we end up loosing it.

Fake login pages are created by many hackers on their sites which appear exactly as Gmail or Yahoo login pages but the entered details(username & pw) are redirected to remote server and we get redirected to some other page. Many times we ignore this but finally we loose our valuable data.

However creating a fake login page and taking it online to successfully hack an email account is not an easy job. It demands an in depth technical knowledge of HTML and scripting languages like PHP, JSP etc.

I hope this info has helped you. Happy Email Hacking!

http://www.gohacking.com/2008/01/hacking-e-mail-account.html