Skip to main content

Posts

Showing posts from September, 2014

Some Blogger Templates Have Broken Rich Snippets

After 2 years I have a new template. The old template was but ugly, contained pointless functions like dynamically changing look & feel to ensure that no matter what option was chosen, everything was always broken. Other, necessary functions like contact information it hid deep within the code, never to be seen by mere humans. I've watched my readership dwindle from thousands a day to a few dozen, as presumably they escaped to more sanely-coded pastures. I had come to accept all of this until today, when I found myself extending some custom rich snippets. Over the years, you see, I've been fighting something of a crazed Google war with a dermatologist from California. A dermatologist who by happenstance is named Joshua Wieder. For some time a detente had been reached, the good doctor opting for the more formal Joshua while I controlled the top results for the more casual Josh. Then, a year passed in which I was focused on actual work. My domain name lapsed and was claimed...

Patching Your Redhat Server for the Shellshock Vulnerability

Introduction Alright guys, this is a biggie. Shellshock allows remote code execution and file creation for any server relying on bash v3.4 through v1.1. If you are using Redhat or CentOS and the default shell, your server is vulnerable. The patching history was sketchy, as well. If you patched immediately when the bug came out using  CVE-2014-6271 , you are still likely vulnerable (as of right now, 9/26/2013 12:50PM EST). Run the following to apply the patch: #yum update bash You need CVE-2014-7169  if you are using Red Hat Enterprise Linux 5, 6, and 7. Note that 2014-7169 DOES NOT address the following operating systems, which as of right now are still not fully patched: Shift_JIS, Red Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 Extended Update Support If you applied CVE-2014-6271...

RedIRIS Compromised?

For those not familiar with Spanish ISPs, RedIRIS is Spain's  National Research and Education Network . They are part of  Consorci de Serveis Universitaris de Catalunya and  Forum of Incident Response and Security Teams .  Essentially its an organization devoted to university networking projects and advanced R&D. They get their own nice big netblock to mess around with (in this case  193.144.0.0/14) . Similar projects in the US would be CalREN, Internet2 and LambdaRail.  I'm seeing what looks like malicious scanning from the RedIRIS netblock, like this: ** ** - - [08/Sep/2014:18:54:34 -0400] "GET /muieblackcat HTTP/1.1" 404 15 "-" "-" ** ** - - [08/Sep/2014:18:54:34 -0400] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 15 "-" "-" ** ** - - [08/Sep/2014:18:54:34 -0400] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 15 "-" "-" ** ** - - [08/Sep/2014:18:54:35 -0400] "G...

Schadenfreude + Irony = Blog Post

So I am looking around in one of Microsoft's websites for web development tips when I come across this: D'oh It's really one of the worst possible places to put one of those.

An Example of Bad Referrer Traffic and How to Block it Using ModRewrite and IPTables

Getting these on one of my web servers on an almost daily basis: 114.232.243.86 - - [01/Sep/2014:09:51:34 -0400] "GET http://hotel.qunar.com/render/hoteldiv.jsp?&__jscallback=XQScript_4 HTTP/1.1" 404 15 "http://hotel.qunar.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36" The traffic comes from all sorts of different IPs that are owned by China Telecom. 114.232.243.86, 114.231.42.219, 222.209.137.232, 222.209.152.192, 118.113.227.95. The host I am seeing this on does not need to speak to anyone or anything in China, so I used IPTables to filter the entire netblocks I see hits from. Here is an example of a filtering rule along with a little note for myself. Notice that this rule assumes two nonstandard chains - BLACKLIST and LOGDROP - that I use to organize my ruleset. -A BLACKLIST -s 114.224.0.0/12 -m comment --comment "Chinanet Hotel Qunar Referrer" -j LOGDROP Beca...

Thank You

The website is rapidly approaching a quarter million hits(!). I haven't really done much to plug the site besides announcing new posts on Twitter and Google Plus, of which combined I have about 30 followers. Some time ago I used the free Bing and Adwords credits they give you for signing up. It never drove any real traffic to the site, and I never renewed after the trial. The only explanation I can think of is that people are reaching the site while looking for a way to fix a vexing issue, which is exactly what I had hoped for. Well, in all fairness, 14% (at most) seem to be looking for free Windows product keys (and leaving disappointed - sorry folks). All in all, that wave was about 33,000 views, which leaves over 200,000. Our average post gets about 1,000 views, with quite a few getting around 5,000 to 10,000. India is the second largest source of traffic, behind the US and before the UK. Perhaps most surprising, my post about qBasic Gorillas is the most popular (behind th...