Testing, testing...

Report anomolous behavior on the forum here.

Moderator: TMAX

Post Reply
Sharkey
Original Founder
Posts: 1364
Joined: Sat Oct 09, 2004 4:00 am
Contact:

Testing, testing...

Post by Sharkey »

I've just instituted some new, stricter rules in the web server access file, rules that thwart some new, virulent hacking attempts that have cropped up over the last two weeks or so.

These new rules take effect at the domain root level, so they will protect all the pages on the site as well as the forum. My fear is that because they are so powerful, there might be some interference with "normal" operation and page handling.

As such, I've made an attempt to sample pages around the site, but it's almost impossible to look at them all in a fast manner, and even more impossible to replicate any conditions that a variety of users might experience.

If you notice any broken pages or abnormal behavoir on the site, let me know! The new rules would result in your getting a plain, white page with "Forbidden - You do not have permission to access xxxx on this server". I'm hoping only spammers and hacker will see this, but having many eyes looking and reporting is much more likely to catch problems before they affect everyone else.

Thanks for helping make script kiddies go to bed without supper.
User avatar
stuartcnz
Site Admin
Posts: 875
Joined: Fri Dec 19, 2008 8:05 pm
Location: Aotearoa, New Zealand
Contact:

Post by stuartcnz »

I usually check in at the forum and chat at least daily. Haven't noticed anything untoward yet, though chat has been a bit slow loading the last couple of days.
Sharkey
Original Founder
Posts: 1364
Joined: Sat Oct 09, 2004 4:00 am
Contact:

Post by Sharkey »

The latest changes have been to fortify the .htaccess file for the site. There has been a LOT of PhpMyAdmin exploit tries in the last few weeks, dozens of probing page requests several times a day, designed to form a picture of the server's structure, and maybe get lucky asking for an unprotected configuration file. I'm not all that worried, I do uses PhpMyAdmin, but it's secured and squirreled away in a directory no hacker would look for it in, but each failed exploit request uses up server resources, makes a mess of my error logs (which I watch carefully), and allows some intruder to know what is and isn't a vaild request on the system.

The new rules include confusing the hacker computer (most all of these requests come from innocent conputers that have been turned into hacker zombies by viruses or malware, the owners have no idea that they are hosting a hacker site) into thinking that some of the files that it requests deliberately that would NEVER exist (thisdoesnotexisthaha.php for example) actually DO exist, the server returns a 200 - OK response, and serves up a one-bit file with a single character in it (" ` " is the character). The hacker learns nothing about the server's behavior or configuratiuon from this.

Other rules prevent the probing of obvious PhpMyAdmin file locations, prevents the inclusion of hexadecimal in file requests, and other query string exploit preventions.

None of this is likely to affect honest users.

After the last server slowdown, I discovered that the server is no longer connected to the backbone like I thought it was. Turns out that the server host has my box on a cable modem connection stuffed in the back of some disused rack somewhere. The server sysadmin wasn't happy to find this out, so he's building two new servers to replace the old one and connecting it to a 5 Mb/s connection in the corporate building where he can keep an eye on it. It'll have all the latest PHP and MySQL versions on it, so once I move over, I may be able to upgrade to newer versions of forum and CMS software. All of this will be a wintertime project, for sure.
Rudy
Posts: 2762
Joined: Mon Aug 17, 2009 3:01 pm
Location: Strangeweather, Mo.

Post by Rudy »

WOW!! Sharkey, You sure are brainy with this stuff. I read your post above, and it made me laugh because I didn't understand a word of it. So I looked at it as if it was some poetry. Actually, If I put some melody to the above post, It would make a cool song. Kinda like Morton Subotnick with words.
Got love? Give love.
Bob
Posts: 410
Joined: Sun Sep 20, 2009 5:39 am
Location: The Road
Contact:

Post by Bob »

I didnt understand a word either...but it sure looks good on paper! I just got a new computer...I am back in action!
Wherever I am...I am home.
Jones'n4chrome
Posts: 778
Joined: Mon Dec 31, 2007 3:10 pm

Post by Jones'n4chrome »

Thanks Sharkey.

Welcome back Bob.

Chuck
dburt
Posts: 811
Joined: Sat Aug 22, 2009 5:53 am
Location: NE Oregon, SW Idaho
Contact:

Post by dburt »

Just glad you are on top of this Sharkey! I have enough trouble just figuring out how to post pictures on the computer, much less figure out really complex issues that I can't even pronounce or understand! :)
Griff
~(G)Q
Posts: 337
Joined: Wed Dec 21, 2005 11:25 pm
Location: Off-Grid
Contact:

Post by Griff »

Speaking of posting pictures...can anyone see the image I posted on this thread?

When I previewed the post the image showed, and when I submitted & viewed the post the image showed...now all I see is the word "Image"...kinda took the fun out of the post... :(

~(G)Q
~(G)Q Arduously Avoiding Assimilation
Sharkey
Original Founder
Posts: 1364
Joined: Sat Oct 09, 2004 4:00 am
Contact:

Post by Sharkey »

??? I can see it just fine...
User avatar
stuartcnz
Site Admin
Posts: 875
Joined: Fri Dec 19, 2008 8:05 pm
Location: Aotearoa, New Zealand
Contact:

Post by stuartcnz »

Griff wrote:Speaking of posting pictures...can anyone see the image I posted on this thread?

When I previewed the post the image showed, and when I submitted & viewed the post the image showed...now all I see is the word "Image"...kinda took the fun out of the post... :(

~(G)Q
I cannot see it. What format is the picture?
Sharkey
Original Founder
Posts: 1364
Joined: Sat Oct 09, 2004 4:00 am
Contact:

Post by Sharkey »

The image is a .jpg.

I think I know what is going on. Griff, your server is denying service to requests for resources (images in this case) that are made from outside your domain. I was able to see the image because I use proxy software that doesn't send referrer information with the request. If I turn off the proxy, I can't see the image. When you view the forum page in a browser without a proxy connection, the browser sends out a referrer in the header saying the referral came from "http://www.mrsharkey.com/forum/vwtp.php?t=1395", and the server says: "Nope, no way you're consuming my resources", and no image is served up. To test this yourself, right click the image, copy the address, paste the address into your browser's address bar and hit "Enter". The image will then show up on your screen. (Note that once you do this, the image will be in your browser's cache and will show up in the forum thread until you flush your browser cache, so it's a one-time test.)

Somewhere, the server is set up (possibly through .htaccess or httpd.conf if running Apache) to deny off-site resource requests. An edit of the configuration files in in order.
Rudy
Posts: 2762
Joined: Mon Aug 17, 2009 3:01 pm
Location: Strangeweather, Mo.

Post by Rudy »

Sharkey, I LOVE reading your words. Especially the ones I don't understand. I can see the band Hooverphonic doing justice to your" professorisms."
The genius behind the curtain is one we all want to meet.
Got love? Give love.
Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest