I was working at about midnight the other night when I heard my little VPN app scream that it'd lost connection.. I noticed that I couldn't get out to my favorite site and checked my DSL modem.... the status light was off. So the next morning I got up and saw it was still off. I called the DSL provider, we went through the standard power off/on stuff and the regular checklist and the guy in India said he'd overnight a new modem (it still hasn't gotten here..). A little while later I remembered something from my CCNA 1 class - check "layer 1" first.
So I swapped out the line between the modem and the wall jack. The lights came back on. I took that phone line and tested it with a phone and it was bad... heh. Always check layer 1 first.
Off Topic
Check Layer 1 first Wednesday, July 09, 2008
Being blacklisted by your own host - because of a mambo template? Tuesday, July 08, 2008
A couple of weeks ago I heard from a client (friend) that has a site hosted on my reseller web server and he said something odd - he said he could access his web site from work but not from home. There's a ton of things that could cause that so I stuck it in the back of my head and went on. Well the other night I went through and updated the mambo installation on that server and was testing it out when suddenly I could no longer get a response from it. I also found I couldn't get a response from any site on that server, couldn't traceroute to it, etc.. I'd been put on their firewall blacklist. Ouch! And for what?
I got in touch with the support folks and they confirmed that their firewall did indeed think I was an evil hacker and sent me the logs to show what caused it:
Fri Jul 4 22:10:37 2008 lfd: mod_security triggered by 192.168.216.232 - 1 failure(s) in the last 75 secs
Fri Jul 4 22:10:37 2008 lfd: mod_security triggered by 192.168.216.232 - 2 failure(s) in the last 75 secs
Fri Jul 4 22:10:56 2008 lfd: mod_security triggered by 192.168.216.232 - 3 failure(s) in the last 100 secs
Fri Jul 4 22:13:05 2008 lfd: mod_security triggered by 192.168.216.232 - 4 failure(s) in the last 230 secs
Fri Jul 4 22:13:46 2008 lfd: mod_security triggered by 192.168.216.232 - 5 failure(s) in the last 275 secs
Fri Jul 4 22:13:47 2008 lfd: 5 (mod_security) login failures from 192.168.216.232 - *Blocked in csf*
Fri Jul 4 22:13:48 2008 lfd: alert email sent for 192.168.216.232
But.. I was just browsing the site! I wasn't trying to log into the site. I was just doing what a regular web surfer would do.
So after some digging around in the web server log files I found this:
- - [06/Jul/2008:20:18:48 -0700] "GET /%3C?php%20echo%20http://www.thedomain.org;?%3E/templates/247clean/images/favicon.ico HTTP/1.1" 406 341 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11"
Ow... I should have caught that long ago when I was looking in the log files, but somehow didn't. My guess is that this was mangled up like this for a long while (I hadn't touched the offending file in at least a year) and the host changed their mod_security rules and started triggering the fun.
So the offending file was in the 247clean template (which is a great template.. they just slipped up on this bit of code..) here:
(in index.php)
<meta http-equiv="Content-Type" content="text/html;><?php echo _ISO; ?>" />
<?php if ( $my->id ) { initEditor(); } ?>
<?php include($GLOBALS['mosConfig_absolute_path']."/templates/247clean/splitmenu.php"); ?>
<?php echo "<link rel=\"stylesheet\" href=\"$GLOBALS[mosConfig_live_site]/templates/$GLOBALS[cur_template]/css/template_css.css\" type=\"text/css\"/>" ; ?><?php echo "<link rel=\"shortcut icon\" href=\"$GLOBALS[mosConfig_live_site]/<?php echo $mosConfig_live_site;?>/templates/247clean/images/favicon.ico\" />" ; ?>
the favicon code could be hardcoded if you only have one site to something like:
<link rel="shortcut icon" href="favicon.ico" type="image/vnd.microsoft.icon">
...or if you have many sites and you want to reuse the template for all of them then:
<link rel="shortcut icon" href="<?php echo $mosConfig_live_site;?>/images/favicon.ico" />
also note the extra greater than character in the content-type tag..
Fixing that issue was easy enough, but... here's the worrisome thing.. anybody (or any web spiders) who visited the sites that I use this template on and clicked through more than 5 or 6 pages in a couple of minutes is now blacklisted by the host - and from what they say it's a long term blacklist.
I got in touch with the support folks and they confirmed that their firewall did indeed think I was an evil hacker and sent me the logs to show what caused it:
Fri Jul 4 22:10:37 2008 lfd: mod_security triggered by 192.168.216.232 - 1 failure(s) in the last 75 secs
Fri Jul 4 22:10:37 2008 lfd: mod_security triggered by 192.168.216.232 - 2 failure(s) in the last 75 secs
Fri Jul 4 22:10:56 2008 lfd: mod_security triggered by 192.168.216.232 - 3 failure(s) in the last 100 secs
Fri Jul 4 22:13:05 2008 lfd: mod_security triggered by 192.168.216.232 - 4 failure(s) in the last 230 secs
Fri Jul 4 22:13:46 2008 lfd: mod_security triggered by 192.168.216.232 - 5 failure(s) in the last 275 secs
Fri Jul 4 22:13:47 2008 lfd: 5 (mod_security) login failures from 192.168.216.232 - *Blocked in csf*
Fri Jul 4 22:13:48 2008 lfd: alert email sent for 192.168.216.232
But.. I was just browsing the site! I wasn't trying to log into the site. I was just doing what a regular web surfer would do.
So after some digging around in the web server log files I found this:
- - [06/Jul/2008:20:18:48 -0700] "GET /%3C?php%20echo%20http://www.thedomain.org;?%3E/templates/247clean/images/favicon.ico HTTP/1.1" 406 341 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11"
Ow... I should have caught that long ago when I was looking in the log files, but somehow didn't. My guess is that this was mangled up like this for a long while (I hadn't touched the offending file in at least a year) and the host changed their mod_security rules and started triggering the fun.
So the offending file was in the 247clean template (which is a great template.. they just slipped up on this bit of code..) here:
(in index.php)
<meta http-equiv="Content-Type" content="text/html;><?php echo _ISO; ?>" />
<?php if ( $my->id ) { initEditor(); } ?>
<?php include($GLOBALS['mosConfig_absolute_path']."/templates/247clean/splitmenu.php"); ?>
<?php echo "<link rel=\"stylesheet\" href=\"$GLOBALS[mosConfig_live_site]/templates/$GLOBALS[cur_template]/css/template_css.css\" type=\"text/css\"/>" ; ?><?php echo "<link rel=\"shortcut icon\" href=\"$GLOBALS[mosConfig_live_site]/<?php echo $mosConfig_live_site;?>/templates/247clean/images/favicon.ico\" />" ; ?>
the favicon code could be hardcoded if you only have one site to something like:
<link rel="shortcut icon" href="favicon.ico" type="image/vnd.microsoft.icon">
...or if you have many sites and you want to reuse the template for all of them then:
<link rel="shortcut icon" href="<?php echo $mosConfig_live_site;?>/images/favicon.ico" />
also note the extra greater than character in the content-type tag..
Fixing that issue was easy enough, but... here's the worrisome thing.. anybody (or any web spiders) who visited the sites that I use this template on and clicked through more than 5 or 6 pages in a couple of minutes is now blacklisted by the host - and from what they say it's a long term blacklist.
California testing broadband over power lines.. Friday, April 28, 2006
BPL, or broadband over power lines just won't seem to die, with California now joining in on testing it. The hopes are of course to use existing power lines to transmit large amounts of data and compete with traditional data carriers.
The thing I'm not getting though is that there was loads of "dark fiber" around that was installed back during the boom and never lit, and other power companies like Duke Energy (fka Duke Power) have been stringing fiber up on electric lines for years. DukeNet started in 1994 and has over 3,000 miles of fiber in NC, SC, and GA.
Could this push to get BPL working be due to GOOG buying up dark fiber? hmm..
The thing I'm not getting though is that there was loads of "dark fiber" around that was installed back during the boom and never lit, and other power companies like Duke Energy (fka Duke Power) have been stringing fiber up on electric lines for years. DukeNet started in 1994 and has over 3,000 miles of fiber in NC, SC, and GA.
Could this push to get BPL working be due to GOOG buying up dark fiber? hmm..
Want extra site traffic? Or how about helping with a Flex project? Wednesday, April 26, 2006
So you're site traffic is a little light? Need that boost in traffic so you can brag to your friends that your site gets tons of hits?
Well.. I just discovered a way kind of by accident and it cracked me up.
It all started with me getting ready to put a new site on a server hosted with godaddy. I've never used their services before, so after the server was set up I pointed an uptime monitor at the domain to see what my $6.29/month bought. I found an uptime monitor in GIGRIB and it looked interesting, so I set it up and it started checking the server every 10mins. I got busy for a few days and forgot about that and installed Mambo on the site and then got busy again and left the site sit for a couple of days with a default mambo install.
When I checked back on the site I noticed on the home page that Mambo was indicating 20+ guests were on the site. Wtf? So I went into the admin panel and toggled the site "off". After some checking in the database (real sessions were there, real user stats, etc) and in the stats tool on godaddy (geez.. cpanel on training wheels there) I find that the site has gotten over 20,000 visitors in just a couple of days. The visitors were all hitting the root of the domain via port 80 (i.e. requesting the home page) and so Mambo was faithfully seeing them as a guest hitting the site. Ack... yikes..
The GIGRIB client is an interesting idea. Using P2P to check server status from multiple locations and report it to a server where you can go and look at stats for free is a handy thing. Having it make tons of requests to the home page on my server isn't too cool though, and installing a P2P client that I can't compile (what's in that thing anyway?) doesn't give me the warm fuzzy feeling. So, is anyone out there interested in an open sourced Flex/Apollo based app that would do something like this? I could see an application that uses a slightly different architecture (saving the data to MY server rather than someone elses, has a nice UI, and allows the user to set where the ping/requests are made (maybe to a specific file that's only a few bytes).
Well.. I just discovered a way kind of by accident and it cracked me up.
It all started with me getting ready to put a new site on a server hosted with godaddy. I've never used their services before, so after the server was set up I pointed an uptime monitor at the domain to see what my $6.29/month bought. I found an uptime monitor in GIGRIB and it looked interesting, so I set it up and it started checking the server every 10mins. I got busy for a few days and forgot about that and installed Mambo on the site and then got busy again and left the site sit for a couple of days with a default mambo install.
When I checked back on the site I noticed on the home page that Mambo was indicating 20+ guests were on the site. Wtf? So I went into the admin panel and toggled the site "off". After some checking in the database (real sessions were there, real user stats, etc) and in the stats tool on godaddy (geez.. cpanel on training wheels there) I find that the site has gotten over 20,000 visitors in just a couple of days. The visitors were all hitting the root of the domain via port 80 (i.e. requesting the home page) and so Mambo was faithfully seeing them as a guest hitting the site. Ack... yikes..
The GIGRIB client is an interesting idea. Using P2P to check server status from multiple locations and report it to a server where you can go and look at stats for free is a handy thing. Having it make tons of requests to the home page on my server isn't too cool though, and installing a P2P client that I can't compile (what's in that thing anyway?) doesn't give me the warm fuzzy feeling. So, is anyone out there interested in an open sourced Flex/Apollo based app that would do something like this? I could see an application that uses a slightly different architecture (saving the data to MY server rather than someone elses, has a nice UI, and allows the user to set where the ping/requests are made (maybe to a specific file that's only a few bytes).
