I was working at about midnight the other night when I heard my little VPN app scream that it'd lost connection.. I noticed that I couldn't get out to my favorite site and checked my DSL modem.... the status light was off. So the next morning I got up and saw it was still off. I called the DSL provider, we went through the standard power off/on stuff and the regular checklist and the guy in India said he'd overnight a new modem (it still hasn't gotten here..). A little while later I remembered something from my CCNA 1 class - check "layer 1" first.
So I swapped out the line between the modem and the wall jack. The lights came back on. I took that phone line and tested it with a phone and it was bad... heh. Always check layer 1 first.
Check Layer 1 first Wednesday, July 09, 2008
Being blacklisted by your own host - because of a mambo template? Tuesday, July 08, 2008
A couple of weeks ago I heard from a client (friend) that has a site hosted on my reseller web server and he said something odd - he said he could access his web site from work but not from home. There's a ton of things that could cause that so I stuck it in the back of my head and went on. Well the other night I went through and updated the mambo installation on that server and was testing it out when suddenly I could no longer get a response from it. I also found I couldn't get a response from any site on that server, couldn't traceroute to it, etc.. I'd been put on their firewall blacklist. Ouch! And for what?
I got in touch with the support folks and they confirmed that their firewall did indeed think I was an evil hacker and sent me the logs to show what caused it:
Fri Jul 4 22:10:37 2008 lfd: mod_security triggered by 192.168.216.232 - 1 failure(s) in the last 75 secs
Fri Jul 4 22:10:37 2008 lfd: mod_security triggered by 192.168.216.232 - 2 failure(s) in the last 75 secs
Fri Jul 4 22:10:56 2008 lfd: mod_security triggered by 192.168.216.232 - 3 failure(s) in the last 100 secs
Fri Jul 4 22:13:05 2008 lfd: mod_security triggered by 192.168.216.232 - 4 failure(s) in the last 230 secs
Fri Jul 4 22:13:46 2008 lfd: mod_security triggered by 192.168.216.232 - 5 failure(s) in the last 275 secs
Fri Jul 4 22:13:47 2008 lfd: 5 (mod_security) login failures from 192.168.216.232 - *Blocked in csf*
Fri Jul 4 22:13:48 2008 lfd: alert email sent for 192.168.216.232
But.. I was just browsing the site! I wasn't trying to log into the site. I was just doing what a regular web surfer would do.
So after some digging around in the web server log files I found this:
- - [06/Jul/2008:20:18:48 -0700] "GET /%3C?php%20echo%20http://www.thedomain.org;?%3E/templates/247clean/images/favicon.ico HTTP/1.1" 406 341 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11"
Ow... I should have caught that long ago when I was looking in the log files, but somehow didn't. My guess is that this was mangled up like this for a long while (I hadn't touched the offending file in at least a year) and the host changed their mod_security rules and started triggering the fun.
So the offending file was in the 247clean template (which is a great template.. they just slipped up on this bit of code..) here:
(in index.php)
<meta http-equiv="Content-Type" content="text/html;><?php echo _ISO; ?>" />
<?php if ( $my->id ) { initEditor(); } ?>
<?php include($GLOBALS['mosConfig_absolute_path']."/templates/247clean/splitmenu.php"); ?>
<?php echo "<link rel=\"stylesheet\" href=\"$GLOBALS[mosConfig_live_site]/templates/$GLOBALS[cur_template]/css/template_css.css\" type=\"text/css\"/>" ; ?><?php echo "<link rel=\"shortcut icon\" href=\"$GLOBALS[mosConfig_live_site]/<?php echo $mosConfig_live_site;?>/templates/247clean/images/favicon.ico\" />" ; ?>
the favicon code could be hardcoded if you only have one site to something like:
<link rel="shortcut icon" href="favicon.ico" type="image/vnd.microsoft.icon">
...or if you have many sites and you want to reuse the template for all of them then:
<link rel="shortcut icon" href="<?php echo $mosConfig_live_site;?>/images/favicon.ico" />
also note the extra greater than character in the content-type tag..
Fixing that issue was easy enough, but... here's the worrisome thing.. anybody (or any web spiders) who visited the sites that I use this template on and clicked through more than 5 or 6 pages in a couple of minutes is now blacklisted by the host - and from what they say it's a long term blacklist.
I got in touch with the support folks and they confirmed that their firewall did indeed think I was an evil hacker and sent me the logs to show what caused it:
Fri Jul 4 22:10:37 2008 lfd: mod_security triggered by 192.168.216.232 - 1 failure(s) in the last 75 secs
Fri Jul 4 22:10:37 2008 lfd: mod_security triggered by 192.168.216.232 - 2 failure(s) in the last 75 secs
Fri Jul 4 22:10:56 2008 lfd: mod_security triggered by 192.168.216.232 - 3 failure(s) in the last 100 secs
Fri Jul 4 22:13:05 2008 lfd: mod_security triggered by 192.168.216.232 - 4 failure(s) in the last 230 secs
Fri Jul 4 22:13:46 2008 lfd: mod_security triggered by 192.168.216.232 - 5 failure(s) in the last 275 secs
Fri Jul 4 22:13:47 2008 lfd: 5 (mod_security) login failures from 192.168.216.232 - *Blocked in csf*
Fri Jul 4 22:13:48 2008 lfd: alert email sent for 192.168.216.232
But.. I was just browsing the site! I wasn't trying to log into the site. I was just doing what a regular web surfer would do.
So after some digging around in the web server log files I found this:
- - [06/Jul/2008:20:18:48 -0700] "GET /%3C?php%20echo%20http://www.thedomain.org;?%3E/templates/247clean/images/favicon.ico HTTP/1.1" 406 341 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11"
Ow... I should have caught that long ago when I was looking in the log files, but somehow didn't. My guess is that this was mangled up like this for a long while (I hadn't touched the offending file in at least a year) and the host changed their mod_security rules and started triggering the fun.
So the offending file was in the 247clean template (which is a great template.. they just slipped up on this bit of code..) here:
(in index.php)
<meta http-equiv="Content-Type" content="text/html;><?php echo _ISO; ?>" />
<?php if ( $my->id ) { initEditor(); } ?>
<?php include($GLOBALS['mosConfig_absolute_path']."/templates/247clean/splitmenu.php"); ?>
<?php echo "<link rel=\"stylesheet\" href=\"$GLOBALS[mosConfig_live_site]/templates/$GLOBALS[cur_template]/css/template_css.css\" type=\"text/css\"/>" ; ?><?php echo "<link rel=\"shortcut icon\" href=\"$GLOBALS[mosConfig_live_site]/<?php echo $mosConfig_live_site;?>/templates/247clean/images/favicon.ico\" />" ; ?>
the favicon code could be hardcoded if you only have one site to something like:
<link rel="shortcut icon" href="favicon.ico" type="image/vnd.microsoft.icon">
...or if you have many sites and you want to reuse the template for all of them then:
<link rel="shortcut icon" href="<?php echo $mosConfig_live_site;?>/images/favicon.ico" />
also note the extra greater than character in the content-type tag..
Fixing that issue was easy enough, but... here's the worrisome thing.. anybody (or any web spiders) who visited the sites that I use this template on and clicked through more than 5 or 6 pages in a couple of minutes is now blacklisted by the host - and from what they say it's a long term blacklist.
USAir flight from cancun diverted to Miami after onboard fight.. man taken off the plane Thursday, June 26, 2008
I just returned from a nice vacation South of Cancun and had a little excitement on the return flight last night. About an hour into the direct flight from Cancun into Charlotte a man got into a fight with another passenger and was subdued after a short struggle. The plane was diverted to Miami where he was taken off of the plane along with a female passenger.
I saw it happen right in front of me, and on top of me actually, as the fighting at one point was happening in the empty seat next to me and I had to push the two off of me.
I've been on many, many flights for business since 9/11 and on each one I was careful to check out all the people around me and try to be alert.. this time was a bit different since I had my family with me coming back from a vacation.. I popped in my ear buds and started watching a movie on my iPod nano. The ear buds silenced everything around me so I didn't hear the two arguing. I was sitting in the first row behind the bulkhead (separating first class from coach) so I didn't have a good view of what was going on in the front of the plane. I just saw one guy in the last row of first class (on the opposite side of the plane from me) and the "attacker" suddenly start wrestling and within a few seconds they were on top of me and a few seconds later a third guy from first class pulled the "attacker" onto the floor. It wasn't clear to me (as they were wrestling beside me) who I should help.. I didn't see what precipitated the altercation. I just kept them off of me and my daughter and tried not to get in the middle of what looked like two old white guys pissed off at each other and they were in the floor before I had a chance to figure out what the heck was going on.
Other passengers told me that the man was seated further back in coach and had been drinking heavily and went into first class and argued with the woman who was also taken off the plane in Miami. So what appears to be a domestic dispute caused a bunch of people to miss connecting flights, etc. My kids saw and heard the whole thing and it was traumatic.. seeing a guy laying in the aisle at our feet getting handcuffed and yelling profanity is normally not what you expect to see when you get on a USAir flight.
Alcohol seems to be a real problem for folks flying to Charlotte this week.. as there was an incident on an American Airlines flight.
---- updated to add.. ---
it's finally been picked up by the media here and here and here
I saw it happen right in front of me, and on top of me actually, as the fighting at one point was happening in the empty seat next to me and I had to push the two off of me.
I've been on many, many flights for business since 9/11 and on each one I was careful to check out all the people around me and try to be alert.. this time was a bit different since I had my family with me coming back from a vacation.. I popped in my ear buds and started watching a movie on my iPod nano. The ear buds silenced everything around me so I didn't hear the two arguing. I was sitting in the first row behind the bulkhead (separating first class from coach) so I didn't have a good view of what was going on in the front of the plane. I just saw one guy in the last row of first class (on the opposite side of the plane from me) and the "attacker" suddenly start wrestling and within a few seconds they were on top of me and a few seconds later a third guy from first class pulled the "attacker" onto the floor. It wasn't clear to me (as they were wrestling beside me) who I should help.. I didn't see what precipitated the altercation. I just kept them off of me and my daughter and tried not to get in the middle of what looked like two old white guys pissed off at each other and they were in the floor before I had a chance to figure out what the heck was going on.
Other passengers told me that the man was seated further back in coach and had been drinking heavily and went into first class and argued with the woman who was also taken off the plane in Miami. So what appears to be a domestic dispute caused a bunch of people to miss connecting flights, etc. My kids saw and heard the whole thing and it was traumatic.. seeing a guy laying in the aisle at our feet getting handcuffed and yelling profanity is normally not what you expect to see when you get on a USAir flight.
Alcohol seems to be a real problem for folks flying to Charlotte this week.. as there was an incident on an American Airlines flight.
---- updated to add.. ---
it's finally been picked up by the media here and here and here
file repository needed Tuesday, May 20, 2008
I'm looking for a "media repository" or "file repository".. some sort of a library or gallery app for a web server that will allow a team of people to look at images, SWF files, Doc files, FLVs, etc in a searchable "gallery" sort of format. Bonus for having the ability to comment on the files, the ability to put a thumbnail or screenshot with non-image or media files (i.e. a custom screenshot to represent the contents of a zip full of junk). Having user groups would be needed to allow only certain people to add files and comment, while other parts should be publicly accessible.
I'm thinking of something along the lines of what Coppermine does for images.. but for all file types.
I'm thinking of something with a better UI than PHP Navigator.
I bet there's something out there close to this (please comment if you know of one), but my real reason for posting is to kind of prod someone who has the time to start planning this in Flex. Now that we know Flash Player 10 is going to have some runtime filesystem access it's time to start thinking of raising the bar for these types of web based utilitarian apps. I've seen loads of demos of Flex apps that use sliders and filters to search through large data sets and this would be a good application for that.
I'm thinking of something along the lines of what Coppermine does for images.. but for all file types.
I'm thinking of something with a better UI than PHP Navigator.
I bet there's something out there close to this (please comment if you know of one), but my real reason for posting is to kind of prod someone who has the time to start planning this in Flex. Now that we know Flash Player 10 is going to have some runtime filesystem access it's time to start thinking of raising the bar for these types of web based utilitarian apps. I've seen loads of demos of Flex apps that use sliders and filters to search through large data sets and this would be a good application for that.
