Tag Archives: Internet

Denial of Service attacks.

I don’t like them. But, at least some of them I can work around using bash, logfiles, awk, grep, tail, cut and netstat are handy tools 🙂

That’s all for today, I’m afraid. Not much else to talk about 🙁

Hopefully I’ll be able to produce some proper posts next week!

Help firefox wget and ssh shell script

I’m trying to create a script to allow me to command a remote server to download a file from firefox.

There are various reasons for this, mainly todo with connection speed.

What I have at the moment is:
#/bin/sh
terminator -x ssh user@site.com wget -qc -t 3 -o ~/wget_testlog ftp://anothersite.com/file.ext \\& \& &

I want it to kick off, ask for a password to login via ssh and then go away…
I would like to be able to set the location for the download to ~/www/files/

I was planning to place this script in /usr/bin and install it in firefox using the code/link provided on this blog: Wget from firefox

Can anyone complete my solution with the correct syntax, or provide a better solution (preferably KISS)?
I’m more of hacker than an expert IMO and I know when I’m out of my depth!

Cheers,
Garreth

How a website Works

This is just a quick guide on how a website stays online. It’ll probably be common knowledge to most reading this blog, but good to put up anyway.

You may think when you visit, for example, bbc.co.uk that it’s just “there”, and not worry about how, but my job is dependent on the how. The error messages you see when a website isn’t working are also very descriptive, but quite cryptic if you’re not in the know.

All websites are hosted on servers. A server is just a computer which we use to serve others, so in this case, serve a website, or provide email services. Normally, a server is a rackserver, designed to fit in a small space with a lot of other computers in a datacentre, far, far removed from that big beige box that allows you to browse the internet.

When you visit a website, a lot of different things are happening in the background. Firstly, your computer looks up the computer address with the domain name you just visited. Say you just hit my site, “kirrus.co.uk”. Well, the internet addressing system, that tells your computer where to look for the website is based in numbers. So, your computer asks special servers on the internet, we call “Domain Name Servers”, what the address is for that website. In this case, they’ll reply “80.87.131.49”. Your web-browser, firefox, will then ask for “kirrus.co.uk” from my server “80.87…”). Everyone has one of these IP addresses, even you. Go to http://itempeter.com to see yours 🙂

Once my server has the request, it then sends the web-page back to your computer.

What is a webpage?

A webpage, as your computer sees it, is a collection of a couple of languages. The most basic is “HTML”, or “HyperText Markup Language”. This was designed to allow you to quickly put together a webpage – all you do is wrap (or mark up) the text you want with the flags you want. For example <b>word</b> tells your computer to make word bold, so, you see: word

You can see the HTML that makes up this page by clicking on “View” and then “View Source” in your web-browser.

That’s the most basic level. It gets a lot more complex than that under the skin, with extra languages running on your computer (JavaScript, CSS [Cascading Style Sheet]), and on the server (PHP – PreHypertextProcessor, ASP, perl, python, MySQL) but they’re all too complex to go into unless you want to create dynamic websites. A good place to go if you want to create webpages is w3schools.com, where they have lots of tutorials on all the major web languages.

Eve Online

Eve MiningI had trouble trying to think of something to blog about. So I’ll blog about this.  Recently, I’ve taken to playing Eve Online, an interesting enough online MMORPG. It’s quite fun, in parts, although there are bits that get on my nerves. Firstly, the interface. It’s rubbish. The text font is too small, and you have to boost it by default.

On my machine, it and my graphics card drivers just don’t seem to get along. It crashes when anything interesting (or too busy) happens on my screen. A lot. The other week, it crashed whilst I was doing the utterly uninteresting task of mining (I set it go, and then go about doing something more interesting, like studying, whilst keeping half an eye on it to make sure I don’t get blown up), but more often it crashes whilst I’m trying to do something more interesting, like helping blow other people’s space ships up.

This game is interesting, in that you are effectively immortal, dying isn’t a problem. The only rule is, only fly what you can afford to loose.

Still fun game 🙂

I can give out 21-day free trials, if anyone wants one, let me know. (Disclaimer: If you sign up, I get 30 days free play 😉 )

Network Monitoring

I’ve been searching for some simple tools to monitor my internet connection for some time, and finally I’ve found a few tools that do the trick.

If you’re looking for a console application to give you a quick heads up on the transfer speeds across a network interface have a look for ifstatus (not to be confused with the ifplugd suite) .

Ifstatus

If you’re looking for something to log and display network statistics checkout vnStat

vnstat graphvnstat graph

Minor niggle: both these programs needed compiling and required additional dependencies which I recall were GD, for the graph creator of vnStat (vnstati) and curl for the console interface of ifstatus.

If you have any other suggestions, queries or points, please leave a comment!

Book Review: Altered Carbon

Altered Carbon cover courtesy of Amazon

Altered Carbon cover courtesy of Amazon

I finished Altered Carbon, the first book by Richard Morgan, Sci-fi, a couple of days ago. It’s taken a few days for my ideas upon it to crystalise..

It’s a complex weaving book, very, very good for his first. The plot moves thick and fast, set in an ugly futuristic society. The technology of the sci-fi not that new, but its a novel implementation.. what happens when humans can be digitally stored, but set in a plot. My most stringent criticism would be that the primary character shows borderline superhero syndrome, or of being a “superhero” in a world that should have none. Mostly explained in the story well, but borderline. If I want to read a superhero story, I’ll go read a superman or batman comic 😉

The book touches on our societies current quest for immortality, and it’s something I’ve thought of recently as well. Our society is broken, and still reeling from the changes that computers have brought upon it. We can now communicate a lot further a lot faster than ever before. It is unlikely, that had I been writing this 20 years ago, that this post would have been able to exist, let alone be able to be read by people living almost anywhere in the world. We seem fixated with our human needs; you just have to go on google, and be a little careless to bring up an example of rule 34 1 .

Believing as I do in a world beyond this, seeing everyone so fixated on their needs now, rarely thinking about others, rarely thinking about the future beyond their deaths hurts. Some humanists are changing this, and I am probably using too big a brush in some cases, but still.. worth thinking about possibly.

  1. Internet axiom created by the 4chan community. If it exists, there is porn of it (normally on the internet).

Fail.

Example one – forgetful screenshots

screenshot-fail

A couple of screenshots. Firstly, every now and then, people send us screenshots. They do this by sending them in word documents, which is bad enough. (Please, just send us an image file!) This example though, is quite fun.

Make sure you actually copy the screenshot in, instead of just linking it 😉

Example 2 – Infect yourself, and pay money for the privilege

Stupid-Script-Kiddies

My second example, is of a website trying to extort money, by making you think your computer has been infected with a virus. These are nasty sites, and I hate them with a passion. They feed off of people’s fear of computers. The interesting thing here is, this computer can’t be infected in this way… it’s running ubuntu, their silly antivirus software looks very, very out-of-place!

(See my first post this month if you’re afraid of computers.)

Click on the image for the full screenshot. It is quite large. As you can see from the timestamp, I’ve been meaning to post this one for a while 😉

p.s. Does anyone know how to force formatting in wordpress? This post took about 10 minutes of fiddling to get the images to go some-where near where I wanted them :/ If you do, please comment! If you don’t please comment. In fact, please comment, comments make my day!

Reporting Problems

Have you ever had to talk to tech support? Ask for help, when your computer, your email account, or your internet connection isn’t working?

Ever wondered what’s going through the mind of the person answering? Quite often, it’s this: “I’m not a mind reader!”

Working at a web-host, at least once a week, I get an email that goes “My email isn’t working” or “Please setup a new virtual host for me”. Those questions, whilst they make a lot of sense to the asker, who has the context in mind, make very little to me. What is wrong with the email account? What domain name do I need to add to the server, what server do I need to setup the hosting on? Hence, I’m not a mind reader 🙂

So, if you ever need to report a problem, give us as much detail as possible. What happens when you check your email? Do you get any error messages? Describe the steps you take, so that we can replicate your problem on our machines – fixing it is a lot easier when we can see it happening.

phpmyadmin in ubuntu now being exploited en-masse

Update: ubuntu patched this issue a couple of days after this post. If you’re reading, thanks guys! You just made my job a lot easier 🙂

At some point, I might try to look at helping maintain this, and other packages like it in the ubuntu archive. No idea how, though a colleague may be able to help…

———————–

The versions of phpmyadmin in ubuntu (at least Dapper – Intrepid) are susceptible to arbitrary code execution, as the web-server’s user. A bug1 was reported on the 15th of June about this issue, and marked as high priority on the 21st.

The phpmyadmin team patched this problem in their software on May the 24th. 2

Debian patched this in their system on the 25th of June.

I tried talking to people on #ubuntu-security about this problem. They said “motu” and “we’re not interested, its in universe”. I tried talking to people in #motu, and they talked about work-arounds.

The main questions now are:

  • Please can someone work on the bug?
  • Why did it take so long between upstream report and launchpad report?
  • Why has the bug been left to the point where it is getting automatically exploited, en-masse? 3
  1. https://bugs.launchpad.net/ubuntu/+source/phpmyadmin/+bug/387215
  2. http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php
  3. http://seclists.org/fulldisclosure/2009/Jul/0021.html