I was working at about midnight the other night when I heard my little VPN app scream that it'd lost connection.. I noticed that I couldn't get out to my favorite site and checked my DSL modem.... the status light was off. So the next morning I got up and saw it was still off. I called the DSL provider, we went through the standard power off/on stuff and the regular checklist and the guy in India said he'd overnight a new modem (it still hasn't gotten here..). A little while later I remembered something from my CCNA 1 class - check "layer 1" first.
So I swapped out the line between the modem and the wall jack. The lights came back on. I took that phone line and tested it with a phone and it was bad... heh. Always check layer 1 first.
Off Topic
Check Layer 1 first Wednesday, July 09, 2008
Being blacklisted by your own host - because of a mambo template? Tuesday, July 08, 2008
A couple of weeks ago I heard from a client (friend) that has a site hosted on my reseller web server and he said something odd - he said he could access his web site from work but not from home. There's a ton of things that could cause that so I stuck it in the back of my head and went on. Well the other night I went through and updated the mambo installation on that server and was testing it out when suddenly I could no longer get a response from it. I also found I couldn't get a response from any site on that server, couldn't traceroute to it, etc.. I'd been put on their firewall blacklist. Ouch! And for what?
I got in touch with the support folks and they confirmed that their firewall did indeed think I was an evil hacker and sent me the logs to show what caused it:
Fri Jul 4 22:10:37 2008 lfd: mod_security triggered by 192.168.216.232 - 1 failure(s) in the last 75 secs
Fri Jul 4 22:10:37 2008 lfd: mod_security triggered by 192.168.216.232 - 2 failure(s) in the last 75 secs
Fri Jul 4 22:10:56 2008 lfd: mod_security triggered by 192.168.216.232 - 3 failure(s) in the last 100 secs
Fri Jul 4 22:13:05 2008 lfd: mod_security triggered by 192.168.216.232 - 4 failure(s) in the last 230 secs
Fri Jul 4 22:13:46 2008 lfd: mod_security triggered by 192.168.216.232 - 5 failure(s) in the last 275 secs
Fri Jul 4 22:13:47 2008 lfd: 5 (mod_security) login failures from 192.168.216.232 - *Blocked in csf*
Fri Jul 4 22:13:48 2008 lfd: alert email sent for 192.168.216.232
But.. I was just browsing the site! I wasn't trying to log into the site. I was just doing what a regular web surfer would do.
So after some digging around in the web server log files I found this:
- - [06/Jul/2008:20:18:48 -0700] "GET /%3C?php%20echo%20http://www.thedomain.org;?%3E/templates/247clean/images/favicon.ico HTTP/1.1" 406 341 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11"
Ow... I should have caught that long ago when I was looking in the log files, but somehow didn't. My guess is that this was mangled up like this for a long while (I hadn't touched the offending file in at least a year) and the host changed their mod_security rules and started triggering the fun.
So the offending file was in the 247clean template (which is a great template.. they just slipped up on this bit of code..) here:
(in index.php)
<meta http-equiv="Content-Type" content="text/html;><?php echo _ISO; ?>" />
<?php if ( $my->id ) { initEditor(); } ?>
<?php include($GLOBALS['mosConfig_absolute_path']."/templates/247clean/splitmenu.php"); ?>
<?php echo "<link rel=\"stylesheet\" href=\"$GLOBALS[mosConfig_live_site]/templates/$GLOBALS[cur_template]/css/template_css.css\" type=\"text/css\"/>" ; ?><?php echo "<link rel=\"shortcut icon\" href=\"$GLOBALS[mosConfig_live_site]/<?php echo $mosConfig_live_site;?>/templates/247clean/images/favicon.ico\" />" ; ?>
the favicon code could be hardcoded if you only have one site to something like:
<link rel="shortcut icon" href="favicon.ico" type="image/vnd.microsoft.icon">
...or if you have many sites and you want to reuse the template for all of them then:
<link rel="shortcut icon" href="<?php echo $mosConfig_live_site;?>/images/favicon.ico" />
also note the extra greater than character in the content-type tag..
Fixing that issue was easy enough, but... here's the worrisome thing.. anybody (or any web spiders) who visited the sites that I use this template on and clicked through more than 5 or 6 pages in a couple of minutes is now blacklisted by the host - and from what they say it's a long term blacklist.
I got in touch with the support folks and they confirmed that their firewall did indeed think I was an evil hacker and sent me the logs to show what caused it:
Fri Jul 4 22:10:37 2008 lfd: mod_security triggered by 192.168.216.232 - 1 failure(s) in the last 75 secs
Fri Jul 4 22:10:37 2008 lfd: mod_security triggered by 192.168.216.232 - 2 failure(s) in the last 75 secs
Fri Jul 4 22:10:56 2008 lfd: mod_security triggered by 192.168.216.232 - 3 failure(s) in the last 100 secs
Fri Jul 4 22:13:05 2008 lfd: mod_security triggered by 192.168.216.232 - 4 failure(s) in the last 230 secs
Fri Jul 4 22:13:46 2008 lfd: mod_security triggered by 192.168.216.232 - 5 failure(s) in the last 275 secs
Fri Jul 4 22:13:47 2008 lfd: 5 (mod_security) login failures from 192.168.216.232 - *Blocked in csf*
Fri Jul 4 22:13:48 2008 lfd: alert email sent for 192.168.216.232
But.. I was just browsing the site! I wasn't trying to log into the site. I was just doing what a regular web surfer would do.
So after some digging around in the web server log files I found this:
- - [06/Jul/2008:20:18:48 -0700] "GET /%3C?php%20echo%20http://www.thedomain.org;?%3E/templates/247clean/images/favicon.ico HTTP/1.1" 406 341 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11"
Ow... I should have caught that long ago when I was looking in the log files, but somehow didn't. My guess is that this was mangled up like this for a long while (I hadn't touched the offending file in at least a year) and the host changed their mod_security rules and started triggering the fun.
So the offending file was in the 247clean template (which is a great template.. they just slipped up on this bit of code..) here:
(in index.php)
<meta http-equiv="Content-Type" content="text/html;><?php echo _ISO; ?>" />
<?php if ( $my->id ) { initEditor(); } ?>
<?php include($GLOBALS['mosConfig_absolute_path']."/templates/247clean/splitmenu.php"); ?>
<?php echo "<link rel=\"stylesheet\" href=\"$GLOBALS[mosConfig_live_site]/templates/$GLOBALS[cur_template]/css/template_css.css\" type=\"text/css\"/>" ; ?><?php echo "<link rel=\"shortcut icon\" href=\"$GLOBALS[mosConfig_live_site]/<?php echo $mosConfig_live_site;?>/templates/247clean/images/favicon.ico\" />" ; ?>
the favicon code could be hardcoded if you only have one site to something like:
<link rel="shortcut icon" href="favicon.ico" type="image/vnd.microsoft.icon">
...or if you have many sites and you want to reuse the template for all of them then:
<link rel="shortcut icon" href="<?php echo $mosConfig_live_site;?>/images/favicon.ico" />
also note the extra greater than character in the content-type tag..
Fixing that issue was easy enough, but... here's the worrisome thing.. anybody (or any web spiders) who visited the sites that I use this template on and clicked through more than 5 or 6 pages in a couple of minutes is now blacklisted by the host - and from what they say it's a long term blacklist.
Turmoil in domain registration land Wednesday, April 26, 2006
If you've ever wondered why it's so hard to get that special domain name that you think of at 3AM (you know, the one that's going to make you instantly rich?), or just how all of those $@#!@! people can afford to register all those domain names about lasik, gambling, viagra, mortgages, etc. and only put ONE page on the domain with just a few google ads... Well, so there's a bit of recent news from the domain registrar folks that might shed some light on this. Bob Parsons (you know.. godaddy founder..) spoke out recently on the proliferation of what he calls the "add/drop scheme".
Basically what folks are doing is registering a ton of domains, pumping junk pages on them with text that is somewhat related to the domain name and (most importantly) some ads. If the ads get clicked during the initial 5 days then they might just keep that domain name. Otherwise they dump the domain name for a full refund. Yuck.
To see the extent of this problem I had to look at a pretty graph (nothing against the clear words of Mr. Parsons, but I like pictures) and so I found a write up on it at Ipwalk. Go take a look at that graph and notice that the "dropped" line is almost the same as the "added" line. bah!
.. it's just crazy. Imagine if 90% of the purchases at a major retailer like Home Depot or Wal-Mart were being returned each week. And think of all the missed opportunities that folks like you missed out on when you went to register a domain only to find that it was taken (but not really taken..). It's nuts..
Basically what folks are doing is registering a ton of domains, pumping junk pages on them with text that is somewhat related to the domain name and (most importantly) some ads. If the ads get clicked during the initial 5 days then they might just keep that domain name. Otherwise they dump the domain name for a full refund. Yuck.
To see the extent of this problem I had to look at a pretty graph (nothing against the clear words of Mr. Parsons, but I like pictures) and so I found a write up on it at Ipwalk. Go take a look at that graph and notice that the "dropped" line is almost the same as the "added" line. bah!
.. it's just crazy. Imagine if 90% of the purchases at a major retailer like Home Depot or Wal-Mart were being returned each week. And think of all the missed opportunities that folks like you missed out on when you went to register a domain only to find that it was taken (but not really taken..). It's nuts..
Friday link dump Friday, April 07, 2006
ok, so I've been busy this week and haven't had much time to post to my blog.. but I've been saving stuff and am just going to dump it all in one big post. Here goes..
This post led me to look at edipix. W00t! I have a feeling we're just seeing the beginning of what the real "web 2.0" is about. Forget mamby-pamby little calendar apps and wussy e-mail apps. Let's see editing images and doing stuff with them without having to buy fancy photo editing software. Oops.. I shouldn't say that. Adobe is listening. Heheh.. actually, I think these kind of simplified tools serve a real purpose. Most people don't need PhotoShop, they just need to crop a photo and send it to somebody. jumpcut is another killer new site like this, but it let's you edit video and even gooify it. yeeow! I want to see AJAX that will edit and gooify a video. uh huh.
I can't remember how I got here.. wtf? Some of these people are asking for total ripoffs of Flash projects. Actually.. a LOT of them are asking people to do total rip offs of other peoples Flash work. And what really irked me is there's some decent looking gigs in there (remember.. I'm busy and have a killer job already.. I'm not looking..) and there's like 40 bids from folks who say theyll clone a whole site and customize it for $80. Granted there are some bids in the $3,000 - $6,000 range that look appropriate for the project, but I feel sorry for the folks who are trying to find Flash developers to do contract work through this type of site who have to figure out who is worth dealing with and who isn't.
Flash content on my Verizon phone soon? Oh yeah.. that'd be nice. What would be even nicer is if they didn't cripple my V710. I need to go whack that Verizon dude on the back of the head and tell him I don't want to hack my phone in order to copy MP3 files from my PC onto it. But.. this Adobe and Verizon deal is very cool news for Flash developers..
MLB.com dropped support for Real audio and video. Good! Real was/is the pits. But.. hmm.. they didn't opt for Flash video? hmmmmm.. and Speedtv has suddenly cleaned all the Flash video from their site.. read that MLB article and see if you think Microsoft just sat back and let this happen, or if they played a part in MLB.com switching.
Mitsubishi uses colored lasers for HDTV system. Yum. Bill Buxton.. .. I'm ready for my $10/sq ft. 100dpi monitor..
Speech accent archive.. omg.. why didn't somebody help them do this with the Flash Media Server? People could record their entries, etc..
oh.. there needs to be a professional there with a microphone to make sure it's all official and sounds good. But..... some of the recordings they have don't sound very good at all. ?
This post led me to look at edipix. W00t! I have a feeling we're just seeing the beginning of what the real "web 2.0" is about. Forget mamby-pamby little calendar apps and wussy e-mail apps. Let's see editing images and doing stuff with them without having to buy fancy photo editing software. Oops.. I shouldn't say that. Adobe is listening. Heheh.. actually, I think these kind of simplified tools serve a real purpose. Most people don't need PhotoShop, they just need to crop a photo and send it to somebody. jumpcut is another killer new site like this, but it let's you edit video and even gooify it. yeeow! I want to see AJAX that will edit and gooify a video. uh huh.
I can't remember how I got here.. wtf? Some of these people are asking for total ripoffs of Flash projects. Actually.. a LOT of them are asking people to do total rip offs of other peoples Flash work. And what really irked me is there's some decent looking gigs in there (remember.. I'm busy and have a killer job already.. I'm not looking..) and there's like 40 bids from folks who say theyll clone a whole site and customize it for $80. Granted there are some bids in the $3,000 - $6,000 range that look appropriate for the project, but I feel sorry for the folks who are trying to find Flash developers to do contract work through this type of site who have to figure out who is worth dealing with and who isn't.
Flash content on my Verizon phone soon? Oh yeah.. that'd be nice. What would be even nicer is if they didn't cripple my V710. I need to go whack that Verizon dude on the back of the head and tell him I don't want to hack my phone in order to copy MP3 files from my PC onto it. But.. this Adobe and Verizon deal is very cool news for Flash developers..
MLB.com dropped support for Real audio and video. Good! Real was/is the pits. But.. hmm.. they didn't opt for Flash video? hmmmmm.. and Speedtv has suddenly cleaned all the Flash video from their site.. read that MLB article and see if you think Microsoft just sat back and let this happen, or if they played a part in MLB.com switching.
Mitsubishi uses colored lasers for HDTV system. Yum. Bill Buxton.. .. I'm ready for my $10/sq ft. 100dpi monitor..
Speech accent archive.. omg.. why didn't somebody help them do this with the Flash Media Server? People could record their entries, etc..
oh.. there needs to be a professional there with a microphone to make sure it's all official and sounds good. But..... some of the recordings they have don't sound very good at all. ?
