Windows Server 2003 Operating Systems

Website Security Tip remove catch all bindings

May 23, 2010 by Paul White

A few months ago I noticed that one of my clients websites seemed to be getting spikes of traffic.  However with spikes in traffic most clients would report an increase in sales or business.  When looking at the stats server, the requests were for pages and files that were not even on the server, and were for technologies ( PHP ) that I do not run on m box.  If you see requests for files like /prx2.php, /phpmyadmin/config/config.inc.php, /roundcubemail/readme, or /webmail/readme.  You might want to read this article.

Hacker Attacks and Invalid character in a Base-64 string

Jan 13, 2010 by Paul White

On my websites I have them setup to email me anytime a server error happens.  If you ever get an error like "Invalid character in a Base-64 string",  This is likely a hacker attack.   In my case it was on the members login on my client's website.  I logged in and shut down the site.  10 minutes later I started it back up and the hacker had left.  Interesting is what the HTTP RAW data reveled.

HTTP_X_FORWARDED_FOR:84.0.182.175, 84.0.162.91, 84.0.237.176, 84.0.228.6, 84.0.220.100, 84.0.147.233, 84.0.159.1, 84.0.84.37 HTTP_PROXY_CLIENT_IP:84.0.182.175, 84.0.162.91, 84.0.237.176, 84.0.228.6, 84.0.220.100, 84.0.147.233, 84.0.159.1, 84.0.84.37 HTTP_CLIENT_IP:84.0.182.175, 84.0.162.91, 84.0.237.176, 84.0.228.6, 84.0.220.100, 84.0.147.233, 84.0.159.1, 84.0.84.37

Never seen these values before.  According to the logs the IPs were from hundreds of compromised systems. However they all had these values in common.   I am going to add a rule to detect the Class A IP in the 80.x.x.x block in the HTTP_X_FORWARDED_FOR, and block.  Hopefully this helps some other people out

MX records being used to block spam

Apr 20, 2009 by Paul White

Recently I have noticed that the open rates of a few of my client's newsletters are going down.  This is leading me to believe that most free mail servers are using yet another litmus test to detect and block spam.  Unfortunately those of us with legit bulk emails campaigns are also feeling the pinch. 

Windows 7 to increase hardware sales

Dec 19, 2008 by Paul White

With the huge disappointment of Windows Vista. Microsoft needs to make waves with the highly anticipated Windows 7 OS.  There have been several rumors, some of which could have a huge impact on sales for hardware manufacturers.  Keep in mind there are just rumors.  But if true Microsoft may been a good company to invest  come June 2009.

Most Software still does not Utilize Multicore Chips

Dec 14, 2008 by Paul White

Normally when you upgrade your computer to some new wild multicore chip, as I did with the Intel i7.  You would expect some dramatic performance results.  Unfortunately it would seem that most software was not written to take advantage of the multiple cores.  Read more for an in depth rant about software and the intel i7

MySQL Got an error reading communication packets

Dec 10, 2008 by Paul White

Aborted Connection to db. If you have ever had this little error in MySql and asp.net, you have most likely spent countless hours googling for an answer.  I have your answer read more the solution.

SQL injection IP blacklist from the botnet

Aug 26, 2008 by Paul White

The BotNet seems to be growing faster than ever.  I have included a list of all the IPs, I have caught attempting SQL injection via querystring.  If you have your own blacklist, feel free to add these to your list.

protecting against SQL injection attacks using querystring

Aug 15, 2008 by Paul White

If you run a website that is based on SQL, or MySQL. This is a must read.  Some of my websites recently have been under attack by bots that are trying a new method of SQL injection attack. 

HTTP black lists stop comment spammers

Jun 4, 2008 by Paul White

I got sick of seeing failed viewstate in my event logs. so I wrote some code that checks visitors against a HTTP blacklist.  I found that one of my blacklists was full of false positives.  Not that the given IP wasn't abusive at one point in time but I found it was full of proxies of which are frequently used by legitimate users.  After comparing some user logs I found that I was blocking a few of my member.  The HTTP blacklist from Project Honey Pot works, but had the problem with proxies as I stated above.  However one that I have had much better luck with is the one by stopforumspam.com.
If you are looking to stop comment spammers from seeing your site, I highly recommend them.  Read on for a code snippet that shows how I implimented this block

Stop Spam with Grey Listing in SmarterMail

Apr 17, 2008 by Paul White

For the longest time I had the wrong definition of what grey listing is.  Once I figured out what it really is, and implemented it on my server running SmarterMail 4.x. I saw a huge drop in spam.  If you hate spam, this might very well solve all your problems.  Read this article for information on how it works and why it works.