I had a very strange thing happen to me today. One of my old friends called me to see how I was doing and he asked if I knew any db workers looking for a job. I had to kind of stop for a moment and pinch myself. Many of you probably know where I’m coming from when I say that I know a LOT of good IT folks who have lost their jobs over the last year and are still unemployed. I heard earlier today that many states are seeing unemployment over 11%, so hearing that a good paying job wasn’t bringing in loads of applications seemed odd. It turns out that the job just hasn’t been advertised much, and my friend needs someone good to work with so I’ll do my part and try to get a few more applicants headed to HR so he has a better shot of getting someone with some decent skills.
It was a day I hoped would never happen, but I sat down this weekend and updated my little US national debt clock to display over $10,000,000,000,000. I say it's a sad day because despite what some people say (that the further in debt our country is the more prosperous we are) I find it hard to believe we're better off because of the debt we've just taken on. The whole concept of "money as debt" just seems corrupt. Then again, I'm not an expert on economics. Maybe having our national debt increasing at the rate of $36 per millisecond is a good thing.
The debt clock started when a friend e-mailed me a years ago and asked how to do a counter like a clock that starts at a specific point. He needed it in Flash so I whipped one together and sent it to him and then realized I could maybe do something worthwhile by putting it out there for people to use. I did.. and it hit myspace and facebook.. and I'm currently seeing about 65,000 views of it each month. I encouraged people to download it and install it on their own servers (it's not sucking too much bandwidth, but they shouldn't have to wait on my server for their page to finish loading..) so I'm not sure how many views it's getting that way.. I know it's being used on quite a few political web sites (both Republicans and Democrats running for Congress for example), in articles, and on some personal web sites.
I don't fuss with the accuracy of it since I figure if they can pull a number like $700,000,000,000 out of thin air just because it's "a really large number" then there's no point in trying to be too accurate on anything based on numbers provided by the same folks. I like to think that over the last few years I've helped a tiny bit to raise awareness of our out of control spending.. I can hope it's not too late to sort things out and maybe someday I'll be able to reverse the clock.
I was working at about midnight the other night when I heard my little VPN app scream that it'd lost connection.. I noticed that I couldn't get out to my favorite site and checked my DSL modem.... the status light was off. So the next morning I got up and saw it was still off. I called the DSL provider, we went through the standard power off/on stuff and the regular checklist and the guy in India said he'd overnight a new modem (it still hasn't gotten here..). A little while later I remembered something from my CCNA 1 class - check "layer 1" first.
So I swapped out the line between the modem and the wall jack. The lights came back on. I took that phone line and tested it with a phone and it was bad... heh. Always check layer 1 first.
A couple of weeks ago I heard from a client (friend) that has a site hosted on my reseller web server and he said something odd - he said he could access his web site from work but not from home. There's a ton of things that could cause that so I stuck it in the back of my head and went on. Well the other night I went through and updated the mambo installation on that server and was testing it out when suddenly I could no longer get a response from it. I also found I couldn't get a response from any site on that server, couldn't traceroute to it, etc.. I'd been put on their firewall blacklist. Ouch! And for what?
I got in touch with the support folks and they confirmed that their firewall did indeed think I was an evil hacker and sent me the logs to show what caused it:
Fri Jul 4 22:10:37 2008 lfd: mod_security triggered by 192.168.216.232 - 1 failure(s) in the last 75 secs
Fri Jul 4 22:10:37 2008 lfd: mod_security triggered by 192.168.216.232 - 2 failure(s) in the last 75 secs
Fri Jul 4 22:10:56 2008 lfd: mod_security triggered by 192.168.216.232 - 3 failure(s) in the last 100 secs
Fri Jul 4 22:13:05 2008 lfd: mod_security triggered by 192.168.216.232 - 4 failure(s) in the last 230 secs
Fri Jul 4 22:13:46 2008 lfd: mod_security triggered by 192.168.216.232 - 5 failure(s) in the last 275 secs
Fri Jul 4 22:13:47 2008 lfd: 5 (mod_security) login failures from 192.168.216.232 - *Blocked in csf*
Fri Jul 4 22:13:48 2008 lfd: alert email sent for 192.168.216.232
But.. I was just browsing the site! I wasn't trying to log into the site. I was just doing what a regular web surfer would do.
So after some digging around in the web server log files I found this:
- - [06/Jul/2008:20:18:48 -0700] "GET /%3C?php%20echo%20http://www.thedomain.org;?%3E/templates/247clean/images/favicon.ico HTTP/1.1" 406 341 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11"
Ow... I should have caught that long ago when I was looking in the log files, but somehow didn't. My guess is that this was mangled up like this for a long while (I hadn't touched the offending file in at least a year) and the host changed their mod_security rules and started triggering the fun.
So the offending file was in the 247clean template (which is a great template.. they just slipped up on this bit of code..) here:
(in index.php)
the favicon code could be hardcoded if you only have one site to something like:
<link rel="shortcut icon" href="favicon.ico" type="image/vnd.microsoft.icon">
...or if you have many sites and you want to reuse the template for all of them then:
<link rel="shortcut icon" href="<?php echo $mosConfig_live_site;?>/images/favicon.ico" />
also note the extra greater than character in the content-type tag..
Fixing that issue was easy enough, but... here's the worrisome thing.. anybody (or any web spiders) who visited the sites that I use this template on and clicked through more than 5 or 6 pages in a couple of minutes is now blacklisted by the host - and from what they say it's a long term blacklist.
