I was working at about midnight the other night when I heard my little VPN app scream that it'd lost connection.. I noticed that I couldn't get out to my favorite site and checked my DSL modem.... the status light was off. So the next morning I got up and saw it was still off. I called the DSL provider, we went through the standard power off/on stuff and the regular checklist and the guy in India said he'd overnight a new modem (it still hasn't gotten here..). A little while later I remembered something from my CCNA 1 class - check "layer 1" first.
So I swapped out the line between the modem and the wall jack. The lights came back on. I took that phone line and tested it with a phone and it was bad... heh. Always check layer 1 first.
Off Topic
Check Layer 1 first Wednesday, July 09, 2008
Being blacklisted by your own host - because of a mambo template? Tuesday, July 08, 2008
A couple of weeks ago I heard from a client (friend) that has a site hosted on my reseller web server and he said something odd - he said he could access his web site from work but not from home. There's a ton of things that could cause that so I stuck it in the back of my head and went on. Well the other night I went through and updated the mambo installation on that server and was testing it out when suddenly I could no longer get a response from it. I also found I couldn't get a response from any site on that server, couldn't traceroute to it, etc.. I'd been put on their firewall blacklist. Ouch! And for what?
I got in touch with the support folks and they confirmed that their firewall did indeed think I was an evil hacker and sent me the logs to show what caused it:
Fri Jul 4 22:10:37 2008 lfd: mod_security triggered by 192.168.216.232 - 1 failure(s) in the last 75 secs
Fri Jul 4 22:10:37 2008 lfd: mod_security triggered by 192.168.216.232 - 2 failure(s) in the last 75 secs
Fri Jul 4 22:10:56 2008 lfd: mod_security triggered by 192.168.216.232 - 3 failure(s) in the last 100 secs
Fri Jul 4 22:13:05 2008 lfd: mod_security triggered by 192.168.216.232 - 4 failure(s) in the last 230 secs
Fri Jul 4 22:13:46 2008 lfd: mod_security triggered by 192.168.216.232 - 5 failure(s) in the last 275 secs
Fri Jul 4 22:13:47 2008 lfd: 5 (mod_security) login failures from 192.168.216.232 - *Blocked in csf*
Fri Jul 4 22:13:48 2008 lfd: alert email sent for 192.168.216.232
But.. I was just browsing the site! I wasn't trying to log into the site. I was just doing what a regular web surfer would do.
So after some digging around in the web server log files I found this:
- - [06/Jul/2008:20:18:48 -0700] "GET /%3C?php%20echo%20http://www.thedomain.org;?%3E/templates/247clean/images/favicon.ico HTTP/1.1" 406 341 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11"
Ow... I should have caught that long ago when I was looking in the log files, but somehow didn't. My guess is that this was mangled up like this for a long while (I hadn't touched the offending file in at least a year) and the host changed their mod_security rules and started triggering the fun.
So the offending file was in the 247clean template (which is a great template.. they just slipped up on this bit of code..) here:
(in index.php)
<meta http-equiv="Content-Type" content="text/html;><?php echo _ISO; ?>" />
<?php if ( $my->id ) { initEditor(); } ?>
<?php include($GLOBALS['mosConfig_absolute_path']."/templates/247clean/splitmenu.php"); ?>
<?php echo "<link rel=\"stylesheet\" href=\"$GLOBALS[mosConfig_live_site]/templates/$GLOBALS[cur_template]/css/template_css.css\" type=\"text/css\"/>" ; ?><?php echo "<link rel=\"shortcut icon\" href=\"$GLOBALS[mosConfig_live_site]/<?php echo $mosConfig_live_site;?>/templates/247clean/images/favicon.ico\" />" ; ?>
the favicon code could be hardcoded if you only have one site to something like:
<link rel="shortcut icon" href="favicon.ico" type="image/vnd.microsoft.icon">
...or if you have many sites and you want to reuse the template for all of them then:
<link rel="shortcut icon" href="<?php echo $mosConfig_live_site;?>/images/favicon.ico" />
also note the extra greater than character in the content-type tag..
Fixing that issue was easy enough, but... here's the worrisome thing.. anybody (or any web spiders) who visited the sites that I use this template on and clicked through more than 5 or 6 pages in a couple of minutes is now blacklisted by the host - and from what they say it's a long term blacklist.
I got in touch with the support folks and they confirmed that their firewall did indeed think I was an evil hacker and sent me the logs to show what caused it:
Fri Jul 4 22:10:37 2008 lfd: mod_security triggered by 192.168.216.232 - 1 failure(s) in the last 75 secs
Fri Jul 4 22:10:37 2008 lfd: mod_security triggered by 192.168.216.232 - 2 failure(s) in the last 75 secs
Fri Jul 4 22:10:56 2008 lfd: mod_security triggered by 192.168.216.232 - 3 failure(s) in the last 100 secs
Fri Jul 4 22:13:05 2008 lfd: mod_security triggered by 192.168.216.232 - 4 failure(s) in the last 230 secs
Fri Jul 4 22:13:46 2008 lfd: mod_security triggered by 192.168.216.232 - 5 failure(s) in the last 275 secs
Fri Jul 4 22:13:47 2008 lfd: 5 (mod_security) login failures from 192.168.216.232 - *Blocked in csf*
Fri Jul 4 22:13:48 2008 lfd: alert email sent for 192.168.216.232
But.. I was just browsing the site! I wasn't trying to log into the site. I was just doing what a regular web surfer would do.
So after some digging around in the web server log files I found this:
- - [06/Jul/2008:20:18:48 -0700] "GET /%3C?php%20echo%20http://www.thedomain.org;?%3E/templates/247clean/images/favicon.ico HTTP/1.1" 406 341 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11"
Ow... I should have caught that long ago when I was looking in the log files, but somehow didn't. My guess is that this was mangled up like this for a long while (I hadn't touched the offending file in at least a year) and the host changed their mod_security rules and started triggering the fun.
So the offending file was in the 247clean template (which is a great template.. they just slipped up on this bit of code..) here:
(in index.php)
<meta http-equiv="Content-Type" content="text/html;><?php echo _ISO; ?>" />
<?php if ( $my->id ) { initEditor(); } ?>
<?php include($GLOBALS['mosConfig_absolute_path']."/templates/247clean/splitmenu.php"); ?>
<?php echo "<link rel=\"stylesheet\" href=\"$GLOBALS[mosConfig_live_site]/templates/$GLOBALS[cur_template]/css/template_css.css\" type=\"text/css\"/>" ; ?><?php echo "<link rel=\"shortcut icon\" href=\"$GLOBALS[mosConfig_live_site]/<?php echo $mosConfig_live_site;?>/templates/247clean/images/favicon.ico\" />" ; ?>
the favicon code could be hardcoded if you only have one site to something like:
<link rel="shortcut icon" href="favicon.ico" type="image/vnd.microsoft.icon">
...or if you have many sites and you want to reuse the template for all of them then:
<link rel="shortcut icon" href="<?php echo $mosConfig_live_site;?>/images/favicon.ico" />
also note the extra greater than character in the content-type tag..
Fixing that issue was easy enough, but... here's the worrisome thing.. anybody (or any web spiders) who visited the sites that I use this template on and clicked through more than 5 or 6 pages in a couple of minutes is now blacklisted by the host - and from what they say it's a long term blacklist.
Rambling on about mambo and joomla Tuesday, August 28, 2007
I've got a decent number of sites that I've set up over the years using either Mambo or Joomla. I also use ExpressionEngine and some others that I'd rather not name.. heheh.. um.. anyway, I run Mambo and Joomla so I can keep an eye on the differences with the intention of eventually migrating one way or the other. Things can move slowly when there's not a lot of motivation involved. That's key here. I haven't seen much on either side to motivate me to spend the time to switch sites one way or the other.
I've had a Mambo site cracked because of a crappy, outdated, unsupported 3rd party extension. I've had a Joomla site (with no 3rd party extensions) cracked because of a security issue in the Joomla code that became known while I was too busy to stop and upgrade. In both cases I was able to reload or rebuild without too much hassle. I try to keep things updated and secure but this is the web and there's a lot of people out there who don't know about karma. It'll suck to be them when they have to pay up for all the pain they caused web developers. Anyway, with both systems there are features that I don't like or wish were better. With both there are promises that the next release will be a major break from the old code and things will be better.
I didn't like the spirit in which the Joomla team split off from Mambo. I like even less how they are now treating the 3rd party developers. I'm glad to see that the 3rd party developers have banded together, but I'll still wait and see the outcome. Eyez has several great posts on how the actions of the Joomla core team has caused him to take a wait and see approach to Joomla. Maybe I'm missing something, but what it boils down to is some of the Joomla core team decided that Joomla was supposed to be GPL (I think that's why they split off from Mambo in the first place??) and therefore all derivative work including 3rd party extensions had to be GPL as well. The 3rd party developers were the ones who followed the Joomla core team away from Mambo and helped them build things up. Now the Joomla core team is throwing them under the bus. Nice.. and a repeat.
The trend of interest in Joomla
currently shows Mambo interest trailing off drastically since Joomla was created. Joomla on the other hand has seen a steady increase in interest. What's interesting is despite the upheaval in the Joomla camp there hasn't been a rise in interest in Mambo. At least not according to that Google trend.
The end result for me is I'm still holding off on making any drastic changes. I'll wait and see what Mambo cooks up from cake in version 5, and I'll see how many developers mutiny from Joomla.
I've had a Mambo site cracked because of a crappy, outdated, unsupported 3rd party extension. I've had a Joomla site (with no 3rd party extensions) cracked because of a security issue in the Joomla code that became known while I was too busy to stop and upgrade. In both cases I was able to reload or rebuild without too much hassle. I try to keep things updated and secure but this is the web and there's a lot of people out there who don't know about karma. It'll suck to be them when they have to pay up for all the pain they caused web developers. Anyway, with both systems there are features that I don't like or wish were better. With both there are promises that the next release will be a major break from the old code and things will be better.
I didn't like the spirit in which the Joomla team split off from Mambo. I like even less how they are now treating the 3rd party developers. I'm glad to see that the 3rd party developers have banded together, but I'll still wait and see the outcome. Eyez has several great posts on how the actions of the Joomla core team has caused him to take a wait and see approach to Joomla. Maybe I'm missing something, but what it boils down to is some of the Joomla core team decided that Joomla was supposed to be GPL (I think that's why they split off from Mambo in the first place??) and therefore all derivative work including 3rd party extensions had to be GPL as well. The 3rd party developers were the ones who followed the Joomla core team away from Mambo and helped them build things up. Now the Joomla core team is throwing them under the bus. Nice.. and a repeat.
The trend of interest in Joomla
currently shows Mambo interest trailing off drastically since Joomla was created. Joomla on the other hand has seen a steady increase in interest. What's interesting is despite the upheaval in the Joomla camp there hasn't been a rise in interest in Mambo. At least not according to that Google trend.
The end result for me is I'm still holding off on making any drastic changes. I'll wait and see what Mambo cooks up from cake in version 5, and I'll see how many developers mutiny from Joomla.
I switched back (to mac) Sunday, May 06, 2007
I've been putting off getting a mac for a year or more.. mostly waiting on Macrodobe to come out with Flash for the Intel macs. They finally did that and I went yesterday and picked up a nice new Mac Pro (dual 2.66Ghz) at the local Apple store.
Switching back isn't easy since I've spent roughly 6 years using pcs, so I'll be on the lookout for info on shortcut keys, must have apps, etc for the mac. The last FlashForward I attended had loads of people using macs and the recent release of universal binary Flash will encourage others to get off of Windows.
One of the first things I did after firing it up was download the latest Flash Player and then run a few of my old moldy ActionScript Performance tests on it. I only ran a few tests (geez I need to update those things..), but they were consistently about twice as fast on the mac pro as on my old AMD Athlon 2Ghz pc. That's pretty cool. I'm pretty certain the Flash Player is only using a single processor so getting double performance is good. I opted for for the quad processor model (rather than getting an imac or a laptop) because I don't like to switch computers very often since it's really disruptive. I like to buy good hardware, get it all sorted out, and then use it for years. I also like to edit home movies, so the quad processors will get used and it should be enough power to last a few years. The eight processor model was just way too expensive. I could justify ~$4000 for an "octo mac" if I were doing video editing for a living... but for Flash development it seemed like major overkill.
I should also say something about the buying experience.. and it was an experience.
- I thought that I'd get some good treatment going in and dropping ~$2500 in their store. Nope.. the place was packed with people buying systems. I walked out thinking I'd maybe bought an iPod.
- None of that special kool-aid was offered to me. No specially tinted glasses given to me. I wonder where people get that stuff?
- I overheard a sales person telling another guy that he got a 10% discount on hardware... wonder who he works for? I got a nice discount, but not that much.
Switching back isn't easy since I've spent roughly 6 years using pcs, so I'll be on the lookout for info on shortcut keys, must have apps, etc for the mac. The last FlashForward I attended had loads of people using macs and the recent release of universal binary Flash will encourage others to get off of Windows.
One of the first things I did after firing it up was download the latest Flash Player and then run a few of my old moldy ActionScript Performance tests on it. I only ran a few tests (geez I need to update those things..), but they were consistently about twice as fast on the mac pro as on my old AMD Athlon 2Ghz pc. That's pretty cool. I'm pretty certain the Flash Player is only using a single processor so getting double performance is good. I opted for for the quad processor model (rather than getting an imac or a laptop) because I don't like to switch computers very often since it's really disruptive. I like to buy good hardware, get it all sorted out, and then use it for years. I also like to edit home movies, so the quad processors will get used and it should be enough power to last a few years. The eight processor model was just way too expensive. I could justify ~$4000 for an "octo mac" if I were doing video editing for a living... but for Flash development it seemed like major overkill.
I should also say something about the buying experience.. and it was an experience.
- I thought that I'd get some good treatment going in and dropping ~$2500 in their store. Nope.. the place was packed with people buying systems. I walked out thinking I'd maybe bought an iPod.
- None of that special kool-aid was offered to me. No specially tinted glasses given to me. I wonder where people get that stuff?
- I overheard a sales person telling another guy that he got a 10% discount on hardware... wonder who he works for? I got a nice discount, but not that much.
