Monthly Archives: December 2009
If you have a web server then every day you are under attack from various automated attacks on your ssh, ftp, and web ports. These are a few of the things I do to try and curb their enthusiasm:
- Turn off unsecured ftp and telnet – these have no business in the modern world.
- Change your ssh port from the standard 22.
- Use long (16 character) and different passwords. It is easy to think you have a great password and use it everywhere, but if it does get discovered you will regret using the same one everywhere. It is a pain maintaining a list of different passwords but it is a practice I follow these days.
- Make sure you are using the standard Linux firewall iptables and augment it with apf.
- Optionally, use a brute force detection system like bfd. I say optionally, because I find once you remove ftp and change your ssh port bfd is less useful.
If you follow these basic steps you’ll cut out 90+% of the attacks. However, I have found that once you move your ssh port most of the action is on your http port 80 and this is where you need to focus. I have a simple script that looks for known patterns that show up in the web access logs. What are known patterns? Well it depends on your system and applications but things like phpMyAdmin are a great place to start. In fact phpMyAdmin, is a useful program but I restrict its use to just my IP address, it is too powerful to let other people even see it.
If you see a client trying to run a program they should not, such as phpMyAdmin, just block their IP address via apf or iptables. When it comes to server security I find it is best to act first and ask questions later. If there really is a reason why someone in China needs to access phpMyAdmin, then you can add an exception to your script. Another common pattern is /etc/passwd. If you just study your web logs for a few minutes each day you quickly see things that don’t fit with your applications. My script runs every five minutes and removes 5-20 IP addresses per day.
Wow what a truly brilliant system Drupal is. Dries Buytaert, creator of Drupal, is a rock star for sure. I was able to knock this site out in a few hours thanks to Drupal. I have spent the last fifteen years building custom web development solutions and over the last twelve months I have seriously questioned why am I bothering when systems like Drupal are available.
Luckily there are reasons why Drupal does not work for us, primarily to do with mass customization and new application creation. However, if you are looking for a solution that covers all the basics and more, you’d be hard pressed to find a better system than Drupal. I question what I’m doing everytime I use a Drupal site.
Thanks Dries your masterful code is appreciated here in Austin, Texas!
If you look closely you’ll notice that the favorites icon for Code Trials is a faded blue “C”. This is taken from, the seminal book on programming, the first edition K&R, or more fully titled: The C Programming Language by Brian W. Kernighan and Dennis M. Ritchie.
Of all the books on programming I’ve read, this is by far and away the one that had the biggest impact on me. I programmed in “C” for a close to twenty years. I think “C” is a beautiful language. Sadly I have not written much “C” in the last ten years, and when I do I’m rusty.
After the dot.com crash, I wanted to switch to an interpreted language for web development and back in 2000 with so much experience in “C” the only real option for me was Perl. Perl is a fun language for sure and thanks to its incredible selection of libraries there is pretty much nothing you can’t do in Perl.
However, Perl is not a beautiful language. Don’t get me wrong, I like programming in Perl and have written some of my “best” code using it. But it does not have the beauty or elegance of “C”. In the new year I will embark on the creation of a new platform that will permit Digital Cheetah to build 1000’s more custom websites for a fraction of the development required with traditional systems. For this project I will not use “C”, or Perl or Ruby or Java. I will use, what to me is rapidly becoming the perfect language, Python.
Over the coming weeks and months I will revisit why I love Python so much.
I have a passion for writing software. Solving problems by writing code keeps me up at night, and I live for the days when the code is flowing through my veins making sleep impossible. When I do have some downtime my hobby is collecting and performing Magic.
The software that my company, Digital Cheetah, uses was originally created to build my first Magic website: Martin’s Magic. Since then, when I have had a few spare moments I have have worked on many other magic sites. There is nothing better to fuel your passion than to incorporate it into your hobby.
Of course if you want to sleep or spend time with your family it may not be the best idea and you should take up train spotting instead.
If you were building websites back in the late ’90s you will probably remember how XML was cropping up everywhere. It was going to replace SQL and HTML and cure the common cold too. The vendors were promoting it as a panacea for all the evils of the web. As a result I became very disenchanted with the whole XML movement.
Over the last ten years the hype has subsided and thankfully XML has not taken over the world. However, it has emerged as a fine language for transmitting complex and arbitrary data structures between systems and over the web. It is well supported and most languages provide routines for its easy manipulation. I have just written a library that required importing and exporting complex data structures between websites and found it easy to do in XML. I saved a lot of time because I did not have to invent yet another encoding and I am able to reuse the code for my next project.
I for one will be making more use of XML in the future.
It continues to amaze me how many times a day hackers try to break into servers on the web. The majority are from China and Russia, but there are still plenty of others in the USA and Europe. If you install a brand new server on the internet I guarantee within 24 hours you’ll start to be flooded with break-in attempts, no matter where you are in the world. Nothing seems to stop the flood of ssh, email, and web attacks.
What does surprise me is how poorly protected most default installs of linux are. One company I was chatting with recently decided to block all IP requests from China and Russia from day one. May not be in the spirit of the Internet, but frankly I can understand why they did it. They certainly get less break-in attempts and for their primarily US based clients it does not seem to hamper their business.
Just imagine how much more we could do if these same people used their time more productively.
Bill Joy is still far and away the guy I most look up to in the world of software. Thirty years on and I’m still using Vi and Csh. Yeah, they might be newer versions and not his actual code anymore but to me they are still his. Without Bill Joy we’d never have Berkeley Unix which was the catalyst for the Unix phenomena. Back in the late 70’s/early 80’s when the Clash were still the best band in the world, the Bell Labs strain of Unix was struggling, System V was a disaster and although we’ll always be thankful to Ritchie and Thompson for starting it all some new blood was needed. Bill Joy fitted the role with room to spare.
Networking, the internet, software tools, editors, open software, and programming languages would never have had the impact and growth they experienced without him and this was all before he co-founded Sun Microsystems.
My passion for software all began as I studied the amazing poetry written by this true Software Genius.
Hard to believe I’m actually doing this. I guess I’m writing this blog for the following reasons:
- to keep my eye on the wonderful Drupal,
- to remind myself why, after over thirty years of writing code, I still love it with a passion,
- to relive some of my Glory Days of coding.
Hopefully, we’ll have some fun along the way.