|
 |
 |
|
 |
|
|
|
|
Author: |
TWhidden |
Created: |
7/11/2007 9:41 PM |
 |
|
Blogs from American Internet. |
By TWhidden on
4/14/2008 3:04 AM
When you have 775 days of uptime, you really don't even want to touch the server. This Linux server shows how long they can stay stable. I sure hope it boots back up ;) 
|
By TWhidden on
10/24/2007 4:34 PM
Ryan, our Technical Director here at AMHosting.com showed me a video of a forklift driving off the receiving dock. It was posted on digg.com. I remembered that I had a video that our video software recorded at the surveillance company I used to work for. I had never posted it on Digg, but though this is a good addon now that we are talking about fork lifts. From what I remember, the guy tried to run away as if he did not do it. Those are lemons that you see.
|
By TWhidden on
10/11/2007 10:16 AM
Recently, we had a customer who kept saying that his site was hacked and his server was not secure. We looked at his clams very seriously and researched as hard as we could. We could not find any possible way that the server was exploited and there really was nothing wrong.
The customer insisted that we had an issue. Somehow, his whole database was hacked.
After a long extensive search, we found out how people were getting into his website. They were using a very old tactic of "SQL injection". SQL injection is actually very clever, and its totally what programmers and hackers both know. A typical person would not know what SQL injection is because its not a typical input you put into a web form. He recognized that it was not our fault, but instead his programmers fault .
A PERFECT example of this is located on Wikipedia.com. I actually have used their example to prove if a site is exploitable. Usually you just put in code like this:
a' or 't'='t
into a username and password field and click login. If the site is vulnerable, you may just login to the account.
Anyhow, there is a quick and simple fix for this. When you take data from the end user, you just need to escape the values. The single quote is the culprit for most SQL injections.
My solution in the past has just been to do a replace on all ' to '' (that is two single quotes). SQL will take that input and make it a single quote in the database.
ASP example: Replace(userInput, "'", "''") or in .Net strInput.Replace("'", "''");
I decided to write about this today because of a funny picture found on xkcd.com (http://xkcd.com/327/). Here is the picture:
When I put this up as my signature on one of the message boards I run, people commented that the picture was very funny, even the non-techies thought it was. I then realized that some of the code I wrote 7 years ago was vulnerable. I even had another website of mine hacked due to this. Old unmaintained code sucks to go back and fix.
I hope the helps understand SQL injection a little more. It is still very common and MANY MANY websites on the internet are still vulnerable. Dont let your website get hacked because of this.
|
By TWhidden on
9/20/2007 10:01 AM
I recently moved from cable modem to DSL. The move was because of poor customer service provided by Charter the local cable company. When I made the move, I ran into some unexpected problems. These problems had me stumped and confused. This doesn’t happen much when it comes to computers.
I spent hours on hours trying to figure out why I could not have an IPSec tunnel to my office via the network topology that I had configured. All I have is a LAN -> Cisco -> DSL modem.
After 6 hours and 5 Cisco configs later, someone responded to my post on dslreports.com about the issues I was having. Everyone said “sounds like an MTU problem”.
For those that don’t know what MTU is, it stands for Maximum Transmission Unit and it refers to the size of the largest packet that a given layer can pass onwards.
Anyhow, the problem with a DSL modem is that you actually are NATING it even though you may have a public IP address. The modem actually has the IP address bound to it and it forwards it to your machine (or router in this example). Well, if you have a router before your computers, you have to again, NAT it (Nating is where the router re-writes the source/destination address as a packat passes through a router).
As it does this, the packet overhead changes. This is when you need to adjust your MTU on your machine.
I had read an article about it on dslreports.com and people recommended to me that I adjust my MTU to 1458. I did this, restarted my adapter, and everything worked like a charm.
I never though it would be handy in the hosting field, but I recently just helped with a customer with the same Cisco -> Modem configuration. None of the machines in his network could send any emails so I exhausted all my resources trying to figure out why. Once I heard about his network configuration, I felt it was the last chance to fix this guys network.
I told him to download DrTCP (http://www.dslreports.com/drtcp) and run it. When he opened it, I had him select his network adapter in the network settings and type in 1458 and click “save”. I next had him go to his control panel -> network settings and disable and enable his network adapter ( a restart would have done the same thing ). He went into outlook and clicked send / receive and all 14 messages that were waiting to go out went out successfully.
I never though the MTU would ever be back in my life again.. but now I know that this is an important thing to know about if you have a more advanced network then a typical home would.
I hope this article helps you as much as it has helped me.
|
By TWhidden on
7/26/2007 2:33 PM
I have been going through a fiasco recently. It’s not the normal one I would expect, but it is somewhat humorous. A few weeks ago, I had bought some software from a company called Stellar Information Systems, ltd. The reason I bought this software was because I tested their demo version, and it appeared that it would pull some data off a disk with a bad partition table.
After the demo worked, I paid $99 bucks to a company called Element5, an intermediate party for selling software for vendors. I spent the next 6 hours extracting data from the disk while my server was down. Everything looked like it was fine and dandy.
Around 2am, I my systems installed and all my files are moved over. I start to mess around with getting all my websites on it back up and running. This was my personal server so it had only a handful of high-priority websites / databases on it. I was relieved that some software was able to pull everything down.
Once I started to QA my work when the system was online, it was about 4:00 am. I noticed some very strange things going on. A couple of my source code and HTML files that were less then 2kb was corrupted. I was very curious of this because it was very random. I though maybe it was just one or two files. When I saw corrupt, I am not talking about total loss, but just strange things like this:
HJTCommerce.HJTMenu" Co+ behind="HJTMenu.ascx.cs"
The text should be “Codebehind=” not “Co+ behind”
So, that really got me nervous. I started looking around, and I saw this happening on thousands of other files, including small gif images and jpgs.
Now, I am totally freaked. I left the office at 4:00am, and got back in around 10:00am. I went to my system admin and said. “Ryan, I beg you to help me”. So, Ryan pulls out his linux toolset and starts go to work on the drive at his workstation. He uses a utility to rebuild the partition table. We stick it back into my computer and it boots up just as it normally would, just been offline for 24+ hours.
Ok, so now that you have the background, here is where the fun comes in.
I said, well, I just wasted my time with Stellar broken software, so I want my money back. I would not have asked if it did not screw up thousands of small files on my disk, but it did and on top of that wasted hours of valuable time while I was trying to restore my server.
First attempt:
I call Stellar on their toll-free phone number the Day after to get the refund process going. They tell me that the process to get a refund, I must first submit a tech support ticket explaining my problem. My response is more like “I need to open a tech support ticket to get a refund? Oookkk.. “
So, I send in my first support ticket. Let the games begin!
-----------------------------------------------
--- July 15th, 2007 – To Stellar Tech support ticket system
-----------------------------------------------
I attempted to use your software this week. It looks like it was working great, and we were recovering about 200 gigs of data off our disk. Once we spent 6 hours doing it while our server was offline, we realized that almost every file that was
-------------------------------------------------------
---- July 16, 2007 06:39 PM- To me -----
--------------------------------------------------------
Hi!
We apologize for all the inconveniences caused!
Regarding your concern, we would request you to please fill this Technical Form –
http://www.stellarinfo.com/support/please_answer.php
Please submit as many details as possible. This would help us collate all the data related to your issue and expedite our analysis of it.
Once we have all your details, we will try our level best to resolve your issue as soon as possible.
Please also remember to fill the ticket# while submitting the technical form.
Thanks for having patience and your kind cooperation!
Warm Regards,
Neeraj Neyol
Stellar Technical Executive
--------------------------------------------
-- note: So I fill out the technical support form from them. I also call them and talk to them on the phone again and they tell me they don’t have any bugs in their software.
-------------------------------------------
-------------------------------------------------------
---- Mon 7/16/2007 11:13 AM - To me
-----------------------------------------------------
Hi,
Thank you for filling the technical form!
We have forwarded your case to the second level of our support. Kindly provide us some time and we will revert back to you soon with the appropriate solution.
Hoping for your kind cooperation!
Warm Regards,
Rachit Trehan
Technical Support Executive
Stellar Information System Ltd.
-------------------------------------
-- note: Ohh.. second level support. Refunds must be very hard to do
-------------------------------------
-------------------------------------------
---- July 16, 2007 8:34 PM - To Stellar Tech support
-------------------------------------------
Name :Travis Whidden
Email :NA
Order No :137595265
serial Key :WDDRY7S60VVOHxxxxxx
Ticket NoNA
Product :Phoenix_FAT_NTFS
Cause of Data Loss :The software appeared to be working great, but after we spent about 6 hours recovering data, we found that almost all the files that were 1 - 2kb or less were corrupted somehow. We found this out after we went to go live with a fresh install of 2k3. We ended up going back to the original drive and rebuilding the partion table on the disk and we were fine, and none of the files were corrupt. So, somehow, your software has a bug pulling small files. Your support said \"our software has no bugs\" but being in software development for many many years, we all know that all software has bugs. Anyhow, I would like to get a refund as your software was great, but wasted many hours of my time and we could not use the results it produced. This is the last time I submit / call for a refund. Next I will call my bank and charge it back. I have been patient, but this is getting out of hand on the loops you are putting me through to get a refund.
Drive Type(Crashed Hard Disk) :SATA others
Drive Type(Where Stellar Phoenix is installed) :SATA others
Drive Configuration(Crashed Hard Disk) :Standard/Master/Slave
Capacity :200GB
Bad Sectors:No
Partition :3
NoiseNo
Operating System(Crashed Hard Disk):09
Operating System(Where Stellar Phoenix is installed):08
File System(Crashed Hard Disk or Drive from which you need to recover data) :NTFS
File System(Where Stellar Phoenix is installed) :
Brief explanation of problem faced using Stellar Phoenix.:Files that were small in size, would have a strange bit that would currupt the file. Some of our files would have a \"+\" instead of text in the code. Some of the webserver files such as jpg and gifs were bad an unuseable.
What remedies has been tried on crashed disk or the disk from which you need to recover data after data loss?:We rebuilt the partition table and we were able to get back online.
Stellar Phoenix Event Log:
Was the drive compressed before crash?:Not Compressed
Was the drive encrypted before crash?:Not Encrypted
----------------------------------------------------
---- Tue 7/17/2007 1:59 AM - To me --
---------------------------------------------------
Hi!
Thank you for submitting the Technical form!
Regarding your concern, we would like to inform you that our software does not have any bug, this is just a recovery issue which can be easily resolved and we want your kind cooperation for the same.
| | | | |