All posts in Programming

Protecting your Twitter account from hackers

Categories: Programming
Comments Off on Protecting your Twitter account from hackers

Hacking and Phishing attacks have been a problem on Twitter for a while, and they show no signs of slowing down so I thought I would post some tips to help other Twitter users not become the next target on the hacker’s list.

There are two main methods by which a hacker can compromise your Twitter account:

1) Phishing

The main method to hack your account is to simply trick you into giving the hacker your account details, or trick you into allowing a rogue App access to your Twitter account.

Do not click on DM's like this one!

A usual way for a hacker to do this, is to send a Direct Message to you from an already hacked follower account. This message has taken the form of ‘This person is spreading nasty rumours about you’, or ‘Look what people are saying’, or more recently ‘how is this possible?’, or ‘what?’. The message will also contain a link, typically created through a URL shortening service such as tinyurl.com. If you click on this link then you will be taken to a fake Twitter website where you are asked to confirm your Twitter details and/or allow access to a Twitter App.

After doing this, the hacker can access your account and can re-send the DM on your behalf to the next wave of targets (all your followers…). Tweets will also be posted to your timeline, with links to spam or malware.

2) Password cracking

The less likely way for a hacker to gain access to Twitter accounts, is to simply keep trying variations of passwords until they find the correct one.  This might sound unlikely, why would someone bother hacking your account in preference to anyone else on Twitter. However, most hacking is performed using automated scripts, and so the image of a hacker sitting in front of a computer targeting you personally hasn’t been true for several years.

Their hacking script will build (and add to) a list of target accounts, and then keep trying passwords over a long period of time until the correct password is found. Obviously, if you have a common and/or simple password then within a few days, weeks (or even months) your account is vulnerable to this sort of attack.

Once the hacker has access to your account then they can  use automated scripts to send out spam direct messages to all your followers, or post spam tweets on your behalf.

How to prevent being hacked

  1. Change your password to something which is complicated and over 8 characters long. It should contain a mix of upper-case, lower-case, numbers, and special characters such as ‘@’, ‘!’, and ‘$’. Your password must not be the same as your username, or commonly used phrases such as ‘mickeymouse’ or ‘abc123’. It also should not be a name or common word/phrase as these are vulnerable to ‘dictionary’ attacks.
  2. If you receive a DM from someone you don’t normally have contact from, or if a DM seems out of context, or contains a link, then don’t click on the link. If the DM could be genuine, then send a reply to the sender and ask them to confirm that it is genuinely from them.
  3. If you see an ‘out of context’ tweet on someone’s timeline (similar to the below example), then don’t click on the link.

Dont click on tweets like this!

If you have been hacked

  1. Change your Twitter password immediately. Also change the password for the email address that your Twitter account is registered with, particularly if you used the same password for both.
  2. In Twitter, click on the Settings ‘gears’ icon, and select ‘Settings’. Click on ‘Apps’. Review the list of apps which you have allowed access to your account. Click ‘Revoke access’ for any which you do not recognise.
  3. Review your Twitter timeline, and delete any spam tweets.

Hope this helps, the main points to remember are “secure password” and “don’t click on unsolicited links“!


In recent weeks I have seen repeated hacking attempts on my own and client’s WordPress blogs. The hacking attempts are of the ‘dictionary’ type, where an automated script repeatedly attempts to login to the blog using a new password for each attempt. If the password is weak e.g.’abc’ (or given enough attempts with a stronger password) then eventually the hacker will successfully login to your blog and then can perform whatever actions are allowed for that user role (potentially including redirects to malware sites, or installing other scripts to facilitate hacking/spamming activities).

I’d recommend that anyone responsible for maintaining a WordPress blog should in addition to their usual security processes, follow four steps to protect against this type of attack. Read more


wp-blog-header.php causes UTF encoding problem

Categories: Programming
Comments Off on wp-blog-header.php causes UTF encoding problem

Another confusing issue (see previous one!), this time relating to a strange issue with a UTF-8 encoded web page not displaying as UTF-8.

A set of web pages on a client’s website was not displaying foreign language words and characters correctly eg. “über” and “è”. This was despite the source text being a Unicode document, the CMS admin page being UTF-8 encoded, the database being UTF-8 and so on.  Obviously my first line of enquiry was to double-check all the page and database encodings but all was correct. I then attempt to force PHP headers as the first line in the script:

header('Content-Type: text/html; charset=utf-8');

Again, this did not resolve the problem.

The website does use WordPress for it’s blog section, and the website displays news from the blog on regular website pages using the wp-blog-header.php include. I found that by commenting out the WordPress includes, the problem was solved. Or at least located…

In the end, I didn’t actually find a way to resolve the wp-blog-header.php issue, despite searching the internet widely. My solution was to abandon the WordPress includes, and write my own PHP news function to access the WordPress database directly. Obviously not the best solution as the internal WordPress database fields and structure could change in a future version, but it will do for now.


Had a confusing issue yesterday, I had copied a file download script from a previous project and it refused to work on the new project even though it was essentially identical in the PHP code and it’s functionality.

The script works within a custom CMS (Content Management System) and gets information about uploaded files from a mySQL database before allowing users to download them if they have the correct permissions. Read more


Inline styles in ODS PRINTER output

Categories: Programming
Comments Off on Inline styles in ODS PRINTER output

Controlling formatting of ODS PRINTER (PDF/RTF) outputs has always seemed like a bit of a black art to me, but there are usually ways of getting around potential issues if you know where to look. With SAS V9.2, there are some new and probably unknown features, including the use of ‘inline styles’.
Read more


Querying SAS option status in Base SAS

Categories: Programming
Comments Off on Querying SAS option status in Base SAS

Some SCL functions are available to Base SAS but you cannot use the SCL functions OPTGETN and OPTGETC to find out what the current status of certain SAS Options are.

In this case you can use the OPTSAVE and OPTLOAD Base SAS procedures.

Read more