Tuesday 26 April 2011
Corneal Graft - Nearly there....
Wednesday 26 January 2011
Virtual Nightmare
I have never used virtual machines before so when it was suggested I install a couple on my Windows 7 machine and run the servers there I was a bit anxious to say the least, but I am always game to try something new so I downloaded Windows virtual machine and XP mode and away I went. It all installed just fine but XP mode will only run at 1600 x 1200 x 16 bit colour which makes the screen somewhat hard to read. It turns out that this is a well known bug that Microsoft are not breaking their necks to do anything about. This makes makes MS Virtual machine useless for developing web sites so I fired up Google and went looking for a better Virtual machine. The one I chose is Oracle VM Virtual Box because it is a good fit with my hard and soft ware.
Installing didn't seem to be difficult and so I went on to install a copy of XP Pro I had left over from previous my computers but I struck a snag when I couldn't get the virtual network card to link to my network. It took a good hour of digging through help files to find the solution but once I did, installing an antivirus program and my favourite FTP and HTML editors followed without a snag.
When I came to install the web server I hit another snag, my usual development web server is xamp and when I went to download the latest version I noticed it has been upgraded to PHP 5.3 so it was back to Google to find an alternative. I settled on Wamp 5 (now called WampServer since the upgrade to PHP 5.3) because it has all the elements I need (phpmyadmin, cpanel etc) but most importantly all the previous versions are still available and one of them runs on PHP 5.2. That solved the problem and in a very few minutes I had a virtual server that is a mirror of the one that hosts the two ecommerce site I need to upgrade.
This might sound a very long winded way of doing things but as anyone who runs an ecommerce site knows, if you give the hackers a tiny crack to get into they will find it and they can do untold damage. Working this way I can lock off the rest of my computer and network so that the hacker might get to the site I am testing but no further. That is possible to do just running web server software on Windows 7 but it has been shown it is so easy to hack a system setup like that which makes it a dangerous thing to do.
I now have two fully functional copies of the two ecommerce sites running on my virtual servers and can start the delicate and, on first sight, complicated task of upgrading them to be PHP 5.3 compliant.
I have written this really to ask you folk out there if this is the best way to go about solving a problem like this or do you know a better way. If you do I am all ears.
Thursday 2 December 2010
Brrrrrrrr and Wow !!!
On Tuesday, much to my surprise, the engineer from BT arrived to connect me to fibre broadband. He was wet through and frozen solid after working in the box at the end of the road for 30 mins before coming to our house. We wrapped him round a hot mug of coffee and our dogs did their best to cuddle him back to life again. Once he could feel his fingers he tested the line and found that we had indeed achieved the 40 Mbps we had been promised. There was a certain amount of re-running of wires needed to get fiber where I wanted it but it took less than an hour for me to be able to sit down and back up some websites in seconds that before took anything up to half an hour to download on ADSL. Uploads are now a breeze and files loaded into my FTP program just vanish even big ones are transferred in seconds. I have a feeling that my Internet life is going to be a lot richer from now on.
The attacks I wrote about last week are still going on but for the moment at least we seem to be able to catch them. Up to now we have dealt with the attacks by blocking the IP addresses of attackers. However this has lead to a .htaccess file of over 10,000 lines of code which is unmanageable. So we are thinking about a proactive way to cut down on the number of attacks by only allowing people from countries that we want to trade with access to the sites. You would think this would be relatively easy because as this is a UK company and all its products are in the English language then all you have to do is list the English speaking countries and job done. Not so. A lot of the UK's former colonies still follow UK teaching practices and use English language text books so orders can and do arrive from very unexpected places. At least the effort it will need to analyze the order books and see just where orders have been received from will only generate one line of code per country instead of the hundreds of lines needed to block all the individual networks as before (The UK would need 4,254 lines of code to block it properly, I shudder to think what the USA would need).
Given the weather outside I am so glad that I am offically retired. After our expedition to the Co-op I think that if I had to struggle through this weather to work everyday I would be permanently exhausted and my heart goes out to the folks I see on TV trying to carry on in very difficult circumstances. But that's the English - we moan like mad about almost everything but when the chips are down we get stuck in and the job gets done.
Wednesday 24 November 2010
The cost of being hacked
Thanks to good backup routines both sites were back up and running in hours and that was that we though - wrong !!!!
One of the two sites was re-hacked in minutes despite the access codes being changed, the other followed a couple of days later. Time for some serious thought about security. Both sites are run on a commercially available online shop package so there is a wealth of experience on the user forums. It quickly became apparent that this was not an unusual occurrence and there were plenty of examples of what can happen, what to do about it and how to increase security. After a good deal of reading this is what we decided to do;
- Change all the passwords to the back end of the site making them as strong as we could by using all the available characters (ASCII 0 to 254) and increasing the length of the password making it much harder for brute force hacking programs to discover the username/password.
- Changing the name of the admin folder and adding extra security to that folder.
- Making the .htaccess file as inaccessible as possible.
- Changing the robots file to exclude all the folders we didn't want indexing.
- Build some custom error pages that report every time a hacking attack is stopped.
So far this has thrown up some surprising information. Hacking probes are there all the time but most of them realise a site is protected and, after a very few attempts, stop trying to get in. A lot of the attacks come from IP addresses owned by large companies but it isn't clear at this stage if the companies are mounting the attack, a disgruntled employee is using the company equipment or the company had been invaded itself by a bot net and was unaware that their computers were being used in this way.
There seems to be three distinct types of probe;
- A robot that wants to index the whole of the site - these can mostly be stopped or diverted using .htaccess
- A probe looking for databases and/or customer lists
- An attack that has recognised which shop is being used and is trying to access the specific files that will reveal the order list, the customer list, payment methods etc. This is by far the most dangerous of the three and the one we need to make most effort to block.
I'm sure some of my readers will by now recognise which company I am talking about and I want to reassure them that to the best of our knowledge none of their financial details can possibly have been lifted by the attackers because the company doesn't trade using credit or debit cards. Likewise although we know the database containing customer list and product descriptions has been destroyed more than once, there is no evidence available at this time that any names and addresses etc have been stolen. However you may find that as we have had to use backups to rebuild the database your account no longer exists. If that is so, please login and make a new one and accept our apologies for the inconvenience.
This sort of action costs business large and small a lot of money in lost time, lost orders and other fees to get sites working again. I know what the criminal hacker is after - they want personal data and bank details. But the hobbyist hacker has me baffled. What possible motive can he/she have for trying to wreck some one's lively hood?
Friday 29 October 2010
Time to Change
Sunday 26 September 2010
Two steps forward and one back
I also had a setback. I had a fall that dislocated two finger on my right hand. One of them went back into place perfectly but the other has lost a chip of bone where the tendon has pulled away from the joint and a third tendon is ruptured. Thankfully it doesn't need surgery but I have been warned it could take some months to heal properly. In the mean time it is slowing and restricting the amount of time I can spend at my keyboard.
Speaking of keyboards, there have been a rash recently of alerts coming from the security firms who monitor the number of viruses and malware currently making the rounds of the system. They run from the mischievous ones that just send stupid messages to your screen through ones that can delete files on your HDD and cost a lot of time and effort to get rid of. However the worst of all are those that enroll your computer to a bot net and start to send your private details to the criminal gangs that run the bot nets.
The way to keep your computers free of infections like these are as follows :-
- Make sure you have the latest version of a good anti virus program (I use Avast Free) and ensure that it updates at least daily.
- Likewise download and install at least two malware programs and run a full scan weekly, the favourites for this are Adaware and Spybot both of which are free for home use.
- A favourite way of getting malware (Worms) onto your computer is via a round robin purporting to be a warning about a new virus. One came to my notice this week. It was titled 'There is a Muslim in the white house'. It tried to tell you that if you received an email like this it would contain a virus that would put a flaming torch on your screen while it destroyed your HDD. I can find no trace of this virus in the database of any of the major Antivirus companies but there is plenty of evidence of round robins like this being used to sneak worms onto your computer. If you receive an email that is addressed to a lot of people and it asks you to pass it on to all your friends. Break the chain. Delete it from your computer preferably unread and don't send it on. You should also do a full scan of your computer to make sure you haven't been infected.
- I use an email program that catches about 99% of the spam and infected email that arrives in my mailbox. It is called MailWasher and you can download it for free from here http://www.mailwasher.net/ It is free for personal use but if, like me, you have multiple mail boxes and accounts, then the pro version is worth every penny.
Just as a last aside, I was asked to look at a computer that was behaving 'oddly'. I had been asked to configure this computer when it was new and had loaded all the necessary antivirus and malware software. All the new owner has to do was register the software to activate it for a year. They didn't and the machine had been running on the web unprotected for about three months. The computer was slow because it was too bus running malware to be bothered to do what the owner wanted and it had enough viruses to keep a bacteriologist happy for months. It several days of hard work to get rid of them all and clean up the system and the owner's plea that it didn't seem important fell on deaf ears.
I have bought myself a Sony e-book reader. They are not all they are cracked up to be but they can contain a lot of books both e-books and audio books or music. For people like me who find it difficult to sleep they are a boon because with the addition of a small LED light, you can read in the dark or by plugging in a set of head phones (ear buds will do) you can listen to soothing music and read at the same time. I can also imagine that for long haul flights they could be an essential accessory as they have a long battery life (7,000+ page turnings) but I haven't yet had chance to find out how many songs/audio books they can play before the battery runs out. As they are recharged by the 5 volt USB system and only need a 4 hr charge from fully exhausted then there are many ways a traveller can find to refresh the charge in his reader's battery.
I have been offered some holly logs and that has spurred me on to clear all the rubbish out of my workshop. I am hoping I can disinter the two lathes that are in there and try to re-learn how to turn wood. There is nothing that cheers me more than something I have made giving pleasure to someone else so watch this space to see how I get on.
Thursday 8 July 2010
Home Again
While she was in hospital, my wife used the dongle and her notebook to keep in touch with me in real time using Yahoo Messenger. It made the world of difference to how she felt and to how she was able to keep in touch with the world outside. When you are in hospital for any length of time, you crave for contact with the outside world. These dongles make it possible AND cost less than a mobile phone to run. From the other patients point of view there are no annoying ring tones or someone talking. Typing on a laptop is almost silent so it annoys no one.
I only use a fraction of what one of these dongles can do as they can easily allow you to browse the web, download and watch streamed programs, use iPlayer or spend a fortune on eBay. When I am away from home I can collect my email, check my bank accounts and talk on yahoo with anyone I need to (a friend looks after our animals while we are away and calls to reasure us that all is well).
The learning curve for the CamCorder is going to be a steep one as mine is not sophisticated with anti shake and all sorts of other twiddly bits. I'll let you know how I get on when we come home.