Stuffing JavaScript into DNS TXT Records

This is from the slightly interesting notebook.

If you check out the TXT record for dor.ky you'll see there is a record
stuffed with Javascript, which will fire in a lot of whois web services.

scott$   dig txt dor.ky @sam.ns.cloudflare.com

;; QUESTION SECTION:
;dor.ky.                IN  TXT

;; ANSWER SECTION:
dor.ky.            300 IN  TXT "<script type='text/javascript'>alert('This is from a DNS record!')\;</script>"

You can see this firing in action over at http://mxtoolbox.com/SuperTool.aspx?action=txt%3ador.ky, I'm not picking on them specifically, there were a number of online tools that were vulnerable to this.

I'd be interested to see if you have any more creative ideas on what we can do with this.

This is from the slightly interesting notebook. If you check out the TXT record for dor.ky you'll see there is a record stuffed with Javascript, which will fire in a lot of whois web services. scott$ dig txt dor.ky @sam.ns.cloudflare.com ;; QUESTION SECTION: ;dor.ky. IN…

Read More

Malware Detection for Linux Servers using Maldet

Maldet is a malware scanner that's useful on servers that accept file uploads. I use it especially on servers where I have Wordpress sites hosted and it alerts me to the fact that people have used themes with Malware tucked away inside.

You can visit the Maldet website for a more detailed description.

Installation will only take a few moments and it's a handy tool to have. It'll also install a cronjob that will run automatically each day and alert you of any potential or found issues.

Fetch the current version of Maldet

[root@bob]#  cd /tmp
[root@bob]#  wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

Unzip

[root@bob]# tar -zxvf maldetect-current.tar.gz

Installation

[root@bob]# cd maldetect-*
[root@bob]# ./install.sh

Edit Configuration File

[root@bob]# nano /usr/local/maldetect/conf.maldet

Run an on-demand Maldet scan

[root@bob] maldet /home

Maldet is a malware scanner that's useful on servers that accept file uploads. I use it especially on servers where I have Wordpress sites hosted and it alerts me to the fact that people have used themes with Malware tucked away inside. You can visit the Maldet website for a…

Read More

Lessons Learned When Building a SaaS

A recent post by the saasclub.com newsletter had a good article in it by Clément Vouillon which was titled "9 Lessons Learned Building SaaS". Effectively they had asked a few members of eFounders what the lessons they learned when building their services.

You can read the full article at efounders.co/9-lessons-learned-building-saas/.

A recent post by the saasclub.com newsletter had a good article in it by Clément Vouillon which was titled "9 Lessons Learned Building SaaS". Effectively they had asked a few members of eFounders what the lessons they learned when building their services. You can read the full article at…

Read More

JavaScript Equivalent of PHP's in_array

I can't remember where I picked this up from originally, I think it may of been StackOverflow. Anyhow, this is a retty useful Javascript function that provides PHP's in_array functionality:

function inArray(needle, haystack) {
    var length = haystack.length;
    for(var i = 0; i < length; i++) {
        if(haystack[i] == needle) return true;
    }
    return false;
}

I can't remember where I picked this up from originally, I think it may of been StackOverflow. Anyhow, this is a retty useful Javascript function that provides PHP's in_array functionality: function inArray(needle, haystack) { var length = haystack.length; for(var i = 0; i < length; i++) { if(haystack[i…

Read More

What You Should Do About the OpenSSL/Heartbleed Security Problem

By now you have probably read the news and seen the warnings about the OpenSSL Heartbleed security vulnerability that is present in certain versions of the software that powers 66% of the internet.

Here's what you should now do:

If you're not a server admin then check the websites you frequently use at http://filippo.io/Heartbleed/. If the site shows as 'seems safe' then login and update your passwords to something secure and that you have not used before. Nearly every large tech company has recommended resetting your passwords.

Read the BBC article Heartbleed Bug: Public urged to reset all passwords for more information.

As noted in the above BBC article:

The University of Surrey's Prof Alan Woodward is among security experts to have suggested internet users should now update their login details.

He suggests the following rules should be observed when picking a new password.

Don't choose one obviously associated with you

Hackers can find out a lot about you from social media so if they are targeting you specifically and you choose, say, your pet's name you're in trouble.

Choose words that don't appear in a dictionary

Hackers can pre-calculate the encrypted forms of whole dictionaries and easily reverse engineer your password.

Use a mixture of unusual characters

You can use a word or phrase that you can easily remember but where characters are substituted, eg, Myd0gha2B1g3ars!

Have different passwords for different sites and systems

If hackers compromise one system you do not want them having the key to unlock all your other accounts.

Keep them safely

With multiple passwords it is tempting to write them down and carry them around with you. Better to use some form of secure password vault on your phone.

If you are a server administrator, make sure your openssl libraries are up to date using yum/rpm/apt or your package manager of choice and then test your sites using the tool above.

By now you have probably read the news and seen the warnings about the OpenSSL Heartbleed security vulnerability that is present in certain versions of the software that powers 66% of the internet. Here's what you should now do: If you're not a server admin then check the websites you…

Read More

Google Apps Toolbox

A neat feature I came across this week was the Google Apps toolbox. If you're a user of Google Apps then this can be very useful to track down issues and configuration problems.

The toolbox currently features a browser debugger, DNS verification and couple of log analysers.

You can find the toolbox at https://toolbox.googleapps.com/apps/main/.

A neat feature I came across this week was the Google Apps toolbox. If you're a user of Google Apps then this can be very useful to track down issues and configuration problems. The toolbox currently features a browser debugger, DNS verification and couple of log analysers. You can find…

Read More

How to Exclude IP Address(es) from Google Analytics

Google Analytics

If you're like most developers and you need to exclude yourself from showing in a Google Analytics profile, then you can set your IP address in the exclude list so that you don't skew your analytics.

To do so, login to Google Analytics, select the account your wish to edit and then click the Admin tab.

  1. Login to Analytics
  2. Select Admin
  3. Select the Account that you wish to edit
  4. Click 'All Filters'
  5. Click 'New Filter'
  6. Enter name 'Filter my IP'
  7. Select Exclude, then 'Traffic from the IP Addresses', then 'that are equal to' and enter your IP address in the boxes provided.
  8. Select the views you wish to apply this to and then click 'Add'.
  9. Once finished, click 'Save'.

If you're like most developers and you need to exclude yourself from showing in a Google Analytics profile, then you can set your IP address in the exclude list so that you don't skew your analytics. To do so, login to Google Analytics, select the account your wish to edit…

Read More

Solr, Tomcat and UTF-8

I had to fix an issue recently where Apache Solr wasn’t returning any results for German words. After altering the schema to accommodate the German language, the same issue of being unable to search for German words was still there. It turns out that earlier version of Apache Tomcat aren't UTF-8 enabled by default, it’s a configuration option that you need to explicitly set the URI encoding used.

<Connector port=“8080” protocol=“HTTP/1.1” connectionTimeout="20000" redirectPort="8443" URIEncoding="UTF-8" />

You can read more on the Tomcat Wiki.

I had to fix an issue recently where Apache Solr wasn’t returning any results for German words. After altering the schema to accommodate the German language, the same issue of being unable to search for German words was still there. It turns out that earlier version of Apache Tomcat…

Read More

Tip: Apache mod_rewrite Rule Tester

If you're a #devop then at some point you've probably had to deal with Apache's mod_rewrite. You can find a really handy tester written by Martin Melin on his website.

With his mod_rewrite tester you can test your rules before putting them into staging or production.

If you're a #devop then at some point you've probably had to deal with Apache's mod_rewrite. You can find a really handy tester written by Martin Melin on his website. With his mod_rewrite tester you can test your rules before putting them into staging or production.…

Read More

Export All Your Flickr Photos with Flump

Flump - Flickr Image Export

This year I've decided to not renew my Flickr Pro membership and then had to the fun task of exporting all my images.

I came across this nifty Adobe Air application called Flump that will run on my Mac.

You can download Flump and export your own images.

This year I've decided to not renew my Flickr Pro membership and then had to the fun task of exporting all my images. I came across this nifty Adobe Air application called Flump that will run on my Mac. You can download Flump and export your own images.…

Read More

AirMail for Mac is Awesome - Almost.

Airmail for Mac

For a few months now I've been using Airmail for Mac as my main email client on my home Mac and Macbook Air. The interface is fantastic and it's lightweight too which is exactly what I wanted. The whole experience of using the app is comfortable.

The problem comes however with no support for PGP/SMIME and no preference syncing across multiple computers.

Sadly, this means I can't ditch Apple Mail just yet, but if there are enough people who want these two features within Airmail, I think the developers would implement them.

You can cast your vote for the features over on the Airmail help forum:

Airmail Support for PGP

iCloud Preference Syncing

Image credit: airmailapp.com

For a few months now I've been using Airmail for Mac as my main email client on my home Mac and Macbook Air. The interface is fantastic and it's lightweight too which is exactly what I wanted. The whole experience of using the app is comfortable. The problem comes however…

Read More

Using Iron.io Workers for Large Scale PHP Posting with Laravel

The most popular and prolific codebase I've created and worked with has been the best way to post last.fm to twitter, the wonderful tweekly.fm. Each day, the service publishes hundreds and thousands of social media updates to Facebook and Twitter.

The Challenges & Self-DDOSing

The biggest challenge with having a system that posts so many updates is that every time we post an update, there is a link to the users profile which is then visited and spidered. The effect this has on the website and service is massive.

It's the equivalent of a lower scale Distributed Denial-of-Service attack.

Last.fm Help

In late 2013, tweekly.fm had become massively popular. We had users from some of the largest tech companies in the world using our service. Scalability once again became an issue. Towards the end of the year, Last.fm provided us with a beefier hosting solution which eased the load we would be under daily and allowed the service to expand.

Sequential Posting

To alleviate the DDOS effect the first few versions of the service would post social updates sequentially with a predefined sleep between each outbound post. This worked well when there was only a few hundred users onboard but as the service grew it became impossible to post all social updates within the 24 hour period we required them to go out at.

Multi-curl

One of the first libraries that I'd used to post Twitter updates was twitter-async by Jaisen Mathai. This introduced me to multi-curl and then I discovered rolling-curl. Being able to post multiple tweets was a great advancement, but this brought with it an unintended consequence of amplifying the DDOS feeling for our servers.

In January 2013, we moved away from our Last.fm hosted solution to a dedicated server and a dedicated database server. This allowed massive expansion for a short period of time. We quickly ended up encountering more issues with scalability and more importantly cost. Nearly 99% of our user base consists of free users that are shown advertising. We were fast heading past revenue for server costs.

Resolutions

Around October 2013 I discovered iron.io almost by accident. I'd recently begun rewriting tweekly.fm into the excellent Laravel framework. I was testing Laravel 4's queuing systems and noticed a reference to iron.io. After reading more into the IronMQ product - I came across IronWorker.

The difference IronWorker provided for tweekly.fm cannot be understated. It allows us the create updates, package them up to be sent and then queue en-masse into an IronWorker queue. These are then processed in batches and an entire days updates can be sent out in a matter of minutes.

Sunday is the busiest day of the week for tweekly.fm. Regularly for a year now, we've been pushing out over 200,000 updates. That's 8,333 updates an hour or 138 a minute. This would take over 24 hours sequentially, around 18 hours with multiple curl calls and takes just over 40 minutes with IronWorker at a fraction of the cost.

I was able to remove one of the servers and save on the hosting cost - this alone reduced our costs by half.

The exceptional service, support and price is worth it alone. Mix that in with the fact costs were halved - I'm not too sure how you can look anywhere else when needing to run PHP workers for your large scale projects.

The most popular and prolific codebase I've created and worked with has been the best way to post last.fm to twitter, the wonderful tweekly.fm. Each day, the service publishes hundreds and thousands of social media updates to Facebook and Twitter. The Challenges & Self-DDOSing The biggest challenge with…

Read More

Markdown Editors for Mac OSX

I've recently began to use Markdown for almost all of my text writing needs. This includes technical notes, readme documents and Github commits/issues/comments. Even my blog is now powered by Markdown as I'm using Ghost.

One thing I'm missing though is a Mac based Markdown editor. I have iA Writer which I'm still happy with and that also syncs via iCloud. I'd be happier with a program that has an inbuilt preview so that I don't have to keep opening Marked to see if I've got the formatting/flow of the document correct.

I've just come across the highly rated Markdown Pro and I'm thinking of giving it a try. Have you used it? Would you recommend it?

If you have any suggestions , please let me know in the comments and I'll check them out. I don't mind paying for good, worthwhile software - I'd just like something that can fit my needs of writing and a 'live' preview.

I've recently began to use Markdown for almost all of my text writing needs. This includes technical notes, readme documents and Github commits/issues/comments. Even my blog is now powered by Markdown as I'm using Ghost. One thing I'm missing though is a Mac based Markdown editor. I have…

Read More

Heart Internet: Switch PHP Version to 5.4 & 5.5

If you're a Heart Internet customer and have a project that needs to run a newer version of PHP, you can add a SetEnv flag to your .htaccess file to switch the version on the fly.

For PHP 5.5 use:

SetEnv DEFAULT_PHP_VERSION 55

For PHP 5.4 use:

SetEnv DEFAULT_PHP_VERSION 54

You can also switch back a version down to 5.2 and 5.1.

If you're a Heart Internet customer and have a project that needs to run a newer version of PHP, you can add a SetEnv flag to your .htaccess file to switch the version on the fly. For PHP 5.5 use: SetEnv DEFAULT_PHP_VERSION 55 For PHP 5.4…

Read More

View Column Numbers in Excel instead of R1:C1 Letters

Ever wanted Excel to display column numbers instead of letters (think CSV imports!):

Microsoft Excel can be configured to display column labels as numbers instead of letters. This feature is called "R1C1 Reference Style", and though it can be useful, it can also be confusing if inadvertently enabled.

You can select between the two modes quite easily. Read more at https://kb.wisc.edu/page.php?id=781.

Ever wanted Excel to display column numbers instead of letters (think CSV imports!): Microsoft Excel can be configured to display column labels as numbers instead of letters. This feature is called "R1C1 Reference Style", and though it can be useful, it can also be confusing if inadvertently enabled. You can…

Read More

Microsoft Word, Excel, Powerpoint and One Note for iPad (and free!)

If you've missed the news today, Microsoft has finally released an iPad version of Word, Excel, Powerpoint and One Note on the app store.

“Microsoft is focused on delivering the cloud for everyone, on every device. It’s a unique approach that centers on people — enabling the devices you love, work with the services you love, and in a way that works for IT and developers,”

Satya Nadella, Microsoft

I was quite surprised to see that they're free too.

You can download them via the app store.

If you've missed the news today, Microsoft has finally released an iPad version of Word, Excel, Powerpoint and One Note on the app store. “Microsoft is focused on delivering the cloud for everyone, on every device. It’s a unique approach that centers on people — enabling the devices you love…

Read More

Fix Artisan Command Errors with 'Allowed memory size .. bytes exhausted'

If you encounter an error resembling the following:

Fatal error: Allowed memory size of 117647092 bytes exhausted (tried to allocate 14 bytes) in /home/v_102/Laravel/database/connection.php on line 192

PHP has run out of memory while performing Eloquent operations. The biggest cause of this is the query logging that Laravel does behind the scenes. You can either increase memory_limit to a higher amount, however a better solution is to add this line before you start your database queries:

DB::disableQueryLog();

If you encounter an error resembling the following: Fatal error: Allowed memory size of 117647092 bytes exhausted (tried to allocate 14 bytes) in /home/v_102/Laravel/database/connection.php on line 192 PHP has run out of memory while performing Eloquent operations. The biggest cause of this is the…

Read More

Preparing for Laracon EU 2014

Preparing for Laracon EU 2013

It's the time of year again when I start to plan the summer months and the conferences I'll be attending. Last year I attended the wonderful Laracon EU at Bim Huis and it was a magnificent venue and the content of the conference was great.

I'm currently in the process of planning this years trip, which I'll be taking a few extra days before the conference to do tourist type things in Amsterdam. If you have any suggestions for places and things to do for tech minded people, let me know in the comments.

It's the time of year again when I start to plan the summer months and the conferences I'll be attending. Last year I attended the wonderful Laracon EU at Bim Huis and it was a magnificent venue and the content of the conference was great. I'm currently in the process…

Read More

Let's Be Friends!

You can find me on various social networks, feel free to add me and I'll be happy to accept.

GitHub:
https://github.com/ssx

Facebook:
http://www.facebook.com/dordotky

Twitter:
http://twitter.com/ssx

AppDotNet:
https://alpha.app.net/ssx

Google+:
https://plus.google.com/106907043234809752768

Foursquare:
https://foursquare.com/ssx

Last.fm:
http://www.last.fm/user/dordotky

You can find me on various social networks, feel free to add me and I'll be happy to accept. GitHub:https://github.com/ssx Facebook:http://www.facebook.com/dordotky Twitter:http://twitter.com/ssx AppDotNet:https://alpha.app.net/ssx Google+:https://plus.google.com/106907043234809752768 Foursquare:https://foursquare…

Read More