6Nov/109

PlanetLotus and the Unexpected Server Rebuild

It all started Wednesday when the dedicated server I have hosting all my websites went down and became totally unreachable. As a rule, if I can't ping it I automatically log into my account with the hosting provider and request a power cycle (server restart).

And then I got this email, moments later from the Network Violations Team...

Regarding your server:

After a review of your hosting account it appears your Virtual Dedicated Server has been compromised. It appears there was a vulnerable setup.php script in PhpMyAdmin. The server was compromised on at an administrative level on or before 10/06/2010, allowing attackers to upload multiple attack tools. These tools resulted in complaints by our abuse department, once notified our security team immediately disabled the process and removed the attack tools. This server must be re provisioned to avoid further issues.

I actually only read or saw one word... "re provisioned" and didn't want to believe what it actually meant. So I dropped a dime and called, fuming.

I was that guy, saying everything I could to get them to reconsider, even escalating it, to no avail, all i wanted was a little more time to get some important files before reformatting. They said no... and then an amazing thing happened.

It turns out,  **lack of internal communication saved the day. The server reboot team didn't' get the word from the network violations team, so my server was back on and I was pulling down files faster then you can say efilnikufesin.

I waited it out, the second shut down, and took my time  moving all my non-vital domains to a hosted service. My main server goes down a lot. It's really just me supporting it and is a single source of failure so it goes down or, gets 'infected' occasionally. Hardware failures, hacks, stupid mistakes, it happens, a server room I have not.

So the rest of the story, if you're still reading, (I know Andrew is), the hacker exploited the phpMyAdmin setup.php file. I guess it's pretty common, and used it to upload a bunch of hacking tools. The network violations team removed all the tools but shut it down and forced a reprovision because they couldn't be sure they removed them all.

I get it, however the problem I have is, yes, you could say it's my problem, <rant from a Linux novice> a "zero day" issue but my server has Fedora 8 and every time I update the packages they're up to date. Even yesterday I tried, everything's current... the reprovision offering, the "Team" wants me to move to, Fedora 8.  So what is stopping the same person from exploiting the same issue? Only time will tell. </rant from a Linux novice>

Email #2 from the Network Violations Team:

We have included the log files as well as a list of the files that appear to be causing the attack. The vulnerability in the phpMyAdmin script allowed the upload of these files. These vulnerabilities are common in open-source PHP applications and it is strongly recommended that you keep all applications updated and patched with the latest security and application upgrades to prevent this from happening again. <plug>If you need assistance upgrading or patching an application we have a pay-per-use administrative service where we will do this for you.</plug>

In order to resolve the current issue the server must be re-provisioned. I reviewed the issue with several peers and admins and there is no other solution that would work.

FOUND ATTACK TOOLS
<removed just in case it helps some one do evil>

PHPMYADMIN EXPLOITATION

<removed just in case it helps some one do evil>[etc...]

I've changed around the IP numbers but you get the drift, update your packages, brush you teeth, eat an apple, blah, blah, blah. Until next hack, thanks for reading.

** There could be a small chance, OK, very small chance that the tech I spoke with let the server reboot slide. If so, the guy made my week, and Thank you, cool tech guy, if you ever come across this! (you never know).

Tagged as: , , , , , 9 Comments
6Nov/100

Cannot load mcrypt extension. Please check your PHP configuration.

Here is a quick little tip on how to remove the "Cannot load mcrypt extension. Please check your PHP configuration." message from your phpMyAdmin login window on a Fedora 8 Linux Dedicated or maybe even virtual dedicated server at Godaddy.

1. Open a ssh session. Switch to root.

2. Run each line individually (or copy each one and right click on the ssh window (putty)).

yum install libmcrypt
yum install php-mcrypt
yum install php-mhash

I didn't have to restart http but you might want to for grins.

A big nod to wayan on this one, and PS, don't search for GoDaddy images on Google while at work :)

Tagged as: , , , , , , , , , No Comments
7Oct/101

Travel Mode needed for Posterous

Posterous needs a Travel Mode. We all know that people have been targeted for burglaries based on social media postings. The practice is pretty strightforeward. Someone posts about the vacation they're on and a 'friend' robs them.

This is compounded on Posterous with a public facing blog. I don't feel comfortable posting pictures while I'm on business but really, really want to... so how about a mode that you can turn on 'Traveling'. You can send in pictures and capture the titles, content and times but they're queued until you return and turn the mode back off. Your feed is then updated with all the posts, with the original time stamps.

I realize you can set a future date to have your posts published but it's not intuitive, this would be a blanket mode.

If anyone is reading this from Posterous, I love your platform! If you are not from Posterous, you really must check out their offering for your next blog.

Tagged as: , , 1 Comment
7Oct/100

How to recover the Salesforce iPhone passcode

I coudn't find anyting on the web so here is what i did to resolve this.

Max out your passcode attempts. You will then get a message saying all your local data will be erased. You are then prompted to login with your salesforce user name and password (the one you use with your browser). You can then pick a new passcode.

I only use the iPhone app to check events and look up numbers so any local data is of no use to me; hopefully you too.

Tagged as: No Comments
23Sep/100

How to get Microsoft SQL Server databases sizes

I found this fantastic script of all places in the comment of someones blog post. It does a great job of laying out all the size detail for all the databases on your sql server.

SELECT DB_NAME(mf.database_id) AS databaseName
,mf.physical_name
,num_of_reads
,num_of_bytes_read
,io_stall_read_ms
,num_of_writes
,num_of_bytes_written
,io_stall_write_ms
,io_stall
,size_on_disk_bytes
FROM sys.dm_io_virtual_file_stats(NULL, NULL) AS divfs
JOIN sys.master_files AS mf ON mf.database_id = divfs.database_id
AND mf.file_id = divfs.file_id
ORDER BY 3 DESC

A great follow on to this is a File Size Calculator to help make scene of the sizes, especially if you're working with large database (i.e., SharePoint :)

Thanks pinaldave and Jerry Hung.

Tagged as: , , No Comments
11Aug/105

Yellow Day: Introducing the Domino Directory!

The Domino Directory is a showcase of sites build on Domino.

A place to show off your creation, promote your site or just point people to to see the potential of Domino.

Anyone can post a new site. There is a small team of editors to make sure your site submission is valid and complete.

The editorial team has been hard at work over the past couple months adding site, if you're site is not there add it, if you don't like the info on your site, create a new, better entry and add "UPDATE" to the post title.

A voting system has been added to identify the best site out there so go check out some new site design ideas and vote for your favorites sites today!

http://www.dominodirectory.com

Tagged as: , , , 5 Comments
10Aug/100

Using Visualization for Optimal Performance

It turns out I've done this in the past, used visualization to plot my performance before a race, but only informally. What I've never done is use it purposely before the event or just as important during the event.

After a conversation with a coworker that's used it in the past i figured id try it for an event i did this past weekend. I spent about 5 solid minutes, not too much time; visualizing my effort all the way through. I knew the course so it made it easier, I'll have to test this on unknown effort in the future.

Next, the performance itself. I had a stretch goal of riding the first 100 miles of a 110 mile ride in under 5 hours. This goal was on the line at mile 90, my average speed read 20.0 and I was racing to make sure it didn't dip. I stayed focused on how i would feel when the odometer turned over to 100 miles, actually visualized myself raising my arms in victory and rehearsing what i would scream out.

It was working so well that before i got to the 95 mile mark the avg. moved up to 20.1 giving me some much needed insurance and then 5 miles later success where I lifted my arms yelled out something ridiculous for others to hear and all in the world was in harmony.

Results may vary, see dealer for details.

Tagged as: , No Comments
9Aug/101

Bike Fit Calculator

If you're looking to get a bike you need to start with the type and size. The type is easy, road, mountain, etc. The difficult part is figuring out what size to purchase, order, borrow, steal...

Help is out there and it can be done in the comfort of your own home with the help of a close friend.

This online fit calculator seems to to be the best out there and has helped many a friend; including myself get a perfect sized bike.

Last note, when you get that ideal bike you want to nail all the measurements, not just frame size but also, crank arm length, handle bar width and stem length. The more you can match the less you'll after to upgrade when you find your bike is uncomfortable.

http://www.competitivecyclist.com/za/CCY?PAGE=FIT_CALCULATOR_INTRO

Filed under: Cycling 1 Comment
16Jul/101

How to change the default boot OS in GRUB – Ubuntu

If you're doing a dual boot and you want to change the default operating system that comes up, o' say, during a unplanned restart, you can do this with the Startup Manager, this will then make the change in *GRUB. Just do the following: (If you know of an easier way for amateurs please comment below details.)

Go to System / Administration / Synaptic Package Manager and search for StartUp Manager. Install it then go to it under System / StartUp-Manager and change the Default operating system as seen below. The change will occur the next time you boot.

* GNU GRUB (short for GNU GRand Unified Bootloader) is a boot loader package from the GNU Project. GRUB (shortened form of GNU GRUB) is the reference implementation of the Multiboot Specification, which enables a user to have multiple operating systems on his computer, and choose which one to run when the computer starts. GRUB can be used to select from different kernel images available on a particular operating system's partitions, as well as pass boot-time parameters to such kernels. (From Wikipedia, the free encyclopedia)

Tagged as: , , 1 Comment
16Jul/102

My First Time Trial – Road Bike

Serious butterflies.

Ever year around this time it's the same thing. My training is at it's peak, the heat fuels my every workout and I want to compete, or just apply the work I've been doing, OK compete. This usually entails hours upon hours of looking over the races in the area, and I'm picky, too picky. This race seemed to be perfect. Every time i thought about it, butterflies in the stomach. It was a low overhead event, go there pay and race kind of thing. It was a 11.3 time trial put on by a local cycling club and seemed very informal which is exactly what I needed to cut my teeth on.

I've known about this TT for years now, however it always conflicted with the Wednesday group ride i do in Newburyport. Since I've been doing so may of those i figured one night off wouldn't hurt.

I was on the fence until the last minute. The day before the race, to help along the decision, I want out for a quick ride and wanted to see what my times would be so i could compare them to the results of the last TT race. The ride went well, putting me somewhere in the middle for my age group. However we all know that you can never reproduce the conditions of actually doing the race so a loose measure. So there is only one way to know.

Yancy Lent Self test: Mile 7 pace, 22.9, Mile 11 pace 22.0, Mile 16.7 pace 21.8. I was considering doing my first race tomorrow (time trial) but this got that out of my system; for now. Tuesday at 9:27pm

Even on the drive there i was hesitant, thunderstorms, raining, wondering if i exhausted all my energy the night before, did i get enough sleep, was I wasting money, blah, blah, blah. Or maybe i could do a drive by, wimp. I pulled in the parking lot and it looked like it was on. A long line of cars, at one point 3 people within 7 cars putting air in their high end time trial rigs. I was home.

I've recently learned something deep with regards to hobbies. No matter what hobby you are into, look at those you consider the most extreme in that hobby and if you aspire to emulate them, your home.

So slightly overwhelmed with the body types, rigs, teardrop helmets, it actually had a calming effect. I was able to relax and just do my race, i wasn't here to compete with them, just do the best i could and make sure i wasn't last.

I went to the reg table, all 210 pounds of me; down from 220 in winter, and told them "im totally new". They asked if going in the beginning was OK, sure, get it over with early, they put me in position 8. I asked two questions, when would i start and what do the markers on the road look like? It was 5:38, my start time was 6:04. Given my single greatest fear was taking a wrong turn I studied the map and even road for a couple miles to see the first turn... no marker. Either way I'd manage.

It was good to get out for a little bit to turn over the legs and get some fluids in. This may have been my first _road_ bike race but I've done, but I have done tons of road races, they're all basically the same, you stress then everything just pans out. This would be no different. When i got back to the starting line, i was ready.

We lined up by number and went every :30 seconds. Two concerns, start my bike computer as close as possible and clip in fast, to the correct gear. I did notice my wife's friend and riding partner starting 2 or 3 places in font of me. All my other goals went away, I had someone to pass.

I got to the starting line and waited for a very fast 30 seconds and was off. I tried my best to just relax and keep a steady 26 mph. It was all about the breathing, I knew i would go anaerobic it's just a matter of when so pushing that out was key. There were some small rolling hills. I only got off my seat twice in order to not push it. The roads were perfect and at about mile 5 I passed the guy in front of me. Then another mile or so later, Johanna's friend; couldn't for the life of me remember her name, i blame nerves. At about this point another person was in view, the roads were long. I tried to catch her but never did and in the process got passed by the guy behind me. If you saw the two of us together you never guess that, even though he finished a little bit on front of my, i ended up beating him. He was tricked out, tri bike, full body suite, tear drop helmet and the body of a tour rider, it feed my deflated ego. The three of us finished with about a football field of each other with those two together and me behind.

I was happy with my pace of 23.4 but never thought to look at my time, for me 23.4 is way more telling of the effort then the number of minutes it took to do 11.3 miles. So that's what i looked at. When i got back to the results table, I was told my time was just under 29 minutes which is exactly where i wanted to be because that is roughly the middle of the age group pack on the last race. However i was pleasantly surprised when the official results were posted on line. 29:09 and 15th out of 18! 35 out of 50, wow, humbling. This lead to some confusion because my pace on the road and the time i was given didn't sync with the final results and it looked like the guy in 14th had what my time should have been.... and then you find yourself reading into 14th place instead of 15th place out of 18th.... talk about desperation.

After the race I had a great talk with Kelli, after asking her name. She is in a very structured tri program and was headed out for a 1 mile run. She is doing 6 tri's this summer and i wish her all the luck in the world.

Only the future will tell if i do it again. I'm guessing after a few rides in the future I'll convince myself i can do better and end up there bike in tow. Over all a great experience and looking to the future seemed like a bunch of people i could see myself hanging out with.

Yancy Lent First bike race ever tonight. A time trial put on by a local club. Not sure of my place yet but if I use the last race as a guide 7th out of 10 in 35 to 45 age group. 11.3 miles, pace 23.4 mph. Wednesday at 9:28pm via Facebook for iPhone

Things I would do different for next time:

  • Clean and oil my chain the day before.
  • Drink more water during the day
  • Eat a power bar or two an hour before the start.
  • Get a longer ride in before hand, i think i only did 3 or 4 miles
  • Bring a pump
  • Spend more time fixing my number to my side.
  • Not go all out the night before
  • Go to bed early the night before
  • Don't eat a burrito for lunch
  • Practice the start

Things that worked:

  • Borrowing a pump and making sure my tires were good
  • Having the correct amount of fluids (one water bottle)
  • Got there a little early
  • Not starting on fresh legs
  • Tightened my shoes a little more then usual.
  • Multi Vitamin at 2pm (who really knows)
Filed under: Cycling 2 Comments
 « Newer Entries  Older Entries »

Yancy Lent - Blog

Links

Categories

Archive