By TWhidden on 4/14/2008 3:04 AM

When you have 775 days of uptime, you really don't even want to touch the server.  This Linux server shows how long they can stay stable. I sure hope it boots back up ;)

By TWhidden on 10/24/2007 4:34 PM

Ryan, our Technical Director here at AMHosting.com showed me a video of a forklift driving off the receiving dock. It was posted on digg.com. I remembered that I had a video that our video software recorded at the surveillance company I used to work for. I had never posted it on Digg, but though this is a good addon now that we are talking about fork lifts. From what I remember, the guy tried to run away as if he did not do it.  Those are lemons that you see.

By TWhidden on 10/11/2007 10:16 AM

Recently, we had a customer who kept saying that his site was hacked and his server was not secure.  We looked at his clams very seriously and researched as hard as we could. We could not find any possible way that the server was exploited and there really was nothing wrong.

The customer insisted that we had an issue.  Somehow, his whole database was hacked. 

After a long extensive search, we found out how people were getting into his website.  They were using a very old tactic of "SQL injection".   SQL injection is actually very clever, and its totally what programmers and hackers both know.  A typical person would not know what SQL injection is because its not a typical input you put into a web form.  He recognized that it was not our fault, but instead his programmers fault .

A PERFECT example of this is located on Wikipedia.com.  I actually have used their example to prove if a site is exploitable.  Usually you just put in code like this:

a' or 't'='t 

into a username and password field and click login.  If the site is vulnerable, you may just login to the account.

Anyhow, there is a quick and simple fix for this.  When you take data from the end user, you just need to escape the values.  The single quote is the culprit for most SQL injections.

My solution in the past has just been to do a replace on all ' to '' (that is two single quotes).  SQL will take that input and make it a single quote in the database.

ASP example:  Replace(userInput, "'", "''")   or in .Net   strInput.Replace("'", "''");

I decided to write about this today because of a funny picture found on xkcd.com (http://xkcd.com/327/).  Here is the picture:

When I put this up as my signature on one of the message boards I run, people commented that the picture was very funny, even the non-techies thought it was.   I then realized that some of the code I wrote 7 years ago was vulnerable.   I even had another website of mine hacked due to this. Old unmaintained code sucks to go back and fix.

I hope the helps understand SQL injection a little more. It is still very common and MANY MANY websites on the internet are still vulnerable. Dont let your website get hacked because of this.

By TWhidden on 9/20/2007 10:01 AM

I recently moved from cable modem to DSL.  The move was because of poor customer service provided by Charter the local cable company.  When I made the move, I ran into some unexpected problems.  These problems had me stumped and confused.  This doesn’t happen much when it comes to computers. 

I spent hours on hours trying to figure out why I could not have an IPSec tunnel to my office via the network topology that I had configured.  All I have is a LAN -> Cisco -> DSL modem.

After 6 hours and 5 Cisco configs later, someone responded to my post on dslreports.com about the issues I was having. Everyone said “sounds like an MTU problem”.

For those that don’t know what MTU is, it stands for Maximum Transmission Unit and it refers to the size of the largest packet that a given layer can pass onwards.

Anyhow, the problem with a DSL modem is that you actually are NATING it even though you may have a public IP address.   The modem actually has the IP address bound to it and it forwards it to your machine (or router in this example).  Well, if you have a router before your computers, you have to again, NAT it (Nating is where the router re-writes the source/destination address as a packat passes through a router).

As it does this, the packet overhead changes.  This is when you need to adjust your MTU on your machine.

I had read an article about it on dslreports.com and people recommended to me that I adjust my MTU to 1458.  I did this, restarted my adapter, and everything worked like a charm.

I never though it would be handy in the hosting field, but I recently just helped with a customer with the same Cisco -> Modem configuration.  None of the machines in his network could send any emails so I exhausted all my resources trying to figure out why. Once I heard about his network configuration, I felt it was the last chance to fix this guys network.

I told him to download DrTCP (http://www.dslreports.com/drtcp) and run it.  When he opened it, I had him select his network adapter in the network settings and type in 1458 and click “save”. I next had him go to his control panel -> network settings and disable and enable his network adapter ( a restart would have done the same thing ).  He went into outlook and clicked send / receive and all 14 messages that were waiting to go out went out successfully.

I never though the MTU would ever be back in my life again.. but now I know that this is an important thing to know about if you have a more advanced network then a typical home would.

I hope this article helps you as much as it has helped me.

By TWhidden on 7/26/2007 2:33 PM