This is a test release:

1. No more Recaptcha test when server is idle.

92URL recently detected and received several incidents of hate and/or disrespectful language being posted on our WordPad targeting some identifiable groups.

Although we are committed to create a free and open service, hate has no home here. We don’t and we won’t allow content that promotes or condones violence against individuals or groups based on race or ethnic origin, religion, disability, gender, age, nationality, veteran status, or sexual orientation/gender identity.

Keep in mind that hate speech is also illegal in many places and can have serious real-life consequences for both the poster and the victim.

Links or WordPad contents that fit in the criteria mentioned above will be removed/blocked without notice.

If you see such post, please email to [email protected] or click “Report Fraud and internet crime”.

Version 2.8.5:

1. Faster & non-blocking Ajax for loading website information using jQuery.

Version 2.8.3:

1. Pre-Select Alias Domain if attempted a short link that doesn’t exist ;
2. Replaced MD5 with SHA386 to avoid collisions;
3. Reorganized layouts;
4. Reduce attack vectors (DoS to Databases).

Enjoy!

Overview:

It’s been a long time since last release. I will try to finish Custom Domain during Spring Break, but no promises.  This update mainly focuses on the underlying structure, especially database interactions. PDO is replacing the legacy MYSQL APIs in order to prevent SQL injections. As I mentioned below, Regex could be less annoying, but won’t disappear, this is because XSS still needs to be stopped.

 Abuses:

Abuse of the system did not stop, actions will be taken. Including session tokens, IP frequency limit, CloudFlare Challenge and hostname evaluation.

Session token is generated for every form, and each token can be used only once.

IP Frequency Limit limits IP requests that exceed certain limit.

Hostname evaluation includes:

a) Is the hostname already in the database ? Yes -> Step b, N -> Allow

b) Check hostname (Alexa Report, Domain Age etc..)? Good -> Allow, otherwise -> Define a evaluation score and go to step c

c) Is (are) the old record(s) ever been accessed? Yes -> Score = Score + x, No -> Score = Score + x1

d) Is (are) the old record(s) considered dangerous or been reported? Yes -> Score = Score + y, No -> Score = Score + y1

e) Number of the records?  Score = Score + z

f) Number of the records generated in the past N hours?  Score = Score + z1

g) Check full URL and Title of the URL for Category of the website? Score = Score + CataScore

If Score > Danger_Limit -> Drop Request Else: Allow

1. As some of you may have noticed, I have added two more short domain names. And even more to come 🙂

2. This website is based on Phurl, which was created ages ago. I am working to rewrite most of the code that works under the hood.

a. Most of the MYSQL queries have been replaced by PDO (The rest are controllable, meaning values can only be numbers, no impact to security. With this being said, I am still going to replace them :))

b. Because of this update, Regex could be less annoying in the near future.

3. I am still working on the migration to PHP 7.x.

4. Local (Browser based) encryption & decryption is still being evaluated.

5. No more reCAPTCHA if the website has already been analyzed within last N hours/days.

6. Other improvements.

For security reasons, N varies from different short URLs.