RSS
 

htaccess file to help prevent sql injection attempts

29 Mar

I use the text below in a .htaccess file to help prevent sql injection attacks that seem to crop up from time to time.

This will look for common attack methods and redirect them to a page called hack.cfm which I will commonly just leave as a blank page while recording the type of attack.

RewriteEngine On

Options +FollowSymLinks
ServerSignature Off

RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR]
RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC,OR]

RewriteCond %{HTTP_REFERER} ^(.*)(<|>|’|%0A|%0D|%27|%3C|%3E|).* [NC,OR]
RewriteCond %{HTTP_COOKIE} ^.*(<|>|’|%0A|%0D|%27|%3C|%3E|).* [NC,OR]
RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|”>|”<|/|\\\.\.\\).{0,9999}.* [NC,OR]

RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(libwww-perl|curl|wget|python|nikto|scan).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(<|>|’|%0A|%0D|%27|%3C|%3E|).* [NC,OR]

RewriteCond %{QUERY_STRING} ^.*(;|<|>|’|”|\)|%0A|%0D|%22|%27|%3C|%3E|).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(localhost|loopback|127\.0\.0\.1).* [NC,OR]
#RewriteCond %{QUERY_STRING} ^.*\.[A-Za-z0-9].* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(<|>|’|%0A|%0D|%27|%3C|%3E|).* [NC]

RewriteRule ^(.*)$ hack.cfm

 
No Comments

Posted in htaccess

 

Backup FTP/SFTP settings in Aptana/Coldfusion Builder

28 Jul

I have had a problem with Aptana in the past and also with Coldfusion Builder now (it appears to use Aptana used under the hood). The problem is if Eclipse/Computer freezes up and you have to restart the computer with Eclipse still open. This process seems to corrupt the workspace and you tend to lose all your settings (incl FTP/SFTP settings). So here is how you back them up.

1. Goto ‘File’ then ‘Export’
2. Select ‘Coldfusion’ then select ‘Syncing Settings’
3. Name the file and save somewhere

these can be imported in the same way. Hope this saves some time for people.

 
No Comments

Posted in Uncategorized

 

Changing the user of Coldfusion on Linux

08 Apr

I made the mistake of setting up Coldfusion 8 on a linux system (centOS) with the user set as ‘nobody’. This proved to be a big mistake when it came to using tags like cffile to write to the filesystem. I had a hunt around for some info on how to do this with Adobe suggesting a reinstall of coldfusion

To change the user running coldfusion to the same as the owner of the web directory I completed the following steps.

1. vi /etc/init.d/coldfusion_8 then change the runtime user to the same as the user of your web folder
2. vi /etc/init.d/cfsearch8 then change the runtime user to the same as the user of your web folder
3. vi /opt/coldfusion8/bin/coldfusion then change the runtime user to the same as the user of your web folder
4. chown -R /opt/coldfusion8 name_of_new_runtimeuser

This allowed me to then use cffile to copy files to my server, however I was still running into a minor problem with the image functions of Coldfusion. Thanks to Ben Nadal who has a note on installing a hot fix to solve this problem.

 
1 Comment

Posted in Coldfusion, linux

 

Forbidden 403 Error after installing phpMyAdmin

12 Mar

After I had installed phpMyAdmin (in my case centos, using YUM) I received a 403 forbidden error. By default phpmyadmin installed path is /usr/share/phpmyadmin and the apache configuration file is located in /etc/httpd/conf.d/phpmyadmin.conf.

To fix:

vi /etc/httpd/conf.d/phpmyadmin.conf

Remove or comment these lines

#Order Allow,Deny
#Deny from all
Allow from 127.0.0.1

Restart the apache server.

/etc/init.d/httpd restart

You should be able to see phpmyadmin working by going to http://ipaddress/phpmyadmin

 
No Comments

Posted in apache, mysql

 

Resizing a Amazon EBS Volume

09 Mar

I struggled to find the answer to resizing an existing Amazon Elastic Block Store Volume.

Here is how I resolved this

1. Created a snapshot of the existing volume (log into Amazons Console for this https://console.aws.amazon.com)

2. Create a new volume based on the snapshot

3. Attach this new volume to my Amazon Instance (after detaching the other volume)

4. SSH into my Amazon Instance

5. Enter the following, this checks the integrity of the disk ‘e2fsck -f /dev/sdf’

6. Enter the following ‘resize2fs /dev/sdf’

7. Mount the volume ‘mount /dev/sdf /mnt/data-store’

 
No Comments

Posted in amazon, linux

 

Arrow and delete keys not working in VMWare on Ubuntu

19 Feb

Browse to the hidden directory inside your home directory

.vmware

then create the following file

config

and copy the following info into the file

xkeymap.keycode.108 = 0×138 # Alt_R
xkeymap.keycode.106 = 0×135 # KP_Divide
xkeymap.keycode.104 = 0×11c # KP_Enter
xkeymap.keycode.111 = 0×148 # Up
xkeymap.keycode.116 = 0×150 # Down
xkeymap.keycode.113 = 0×14b # Left
xkeymap.keycode.114 = 0×14d # Right
xkeymap.keycode.105 = 0×11d # Control_R
xkeymap.keycode.118 = 0×152 # Insert
xkeymap.keycode.119 = 0×153 # Delete
xkeymap.keycode.110 = 0×147 # Home
xkeymap.keycode.115 = 0×14f # End
xkeymap.keycode.112 = 0×149 # Prior
xkeymap.keycode.117 = 0×151 # Next
xkeymap.keycode.78 = 0×46 # Scroll_Lock
xkeymap.keycode.127 = 0×100 # Pause
xkeymap.keycode.133 = 0×15b # Meta_L
xkeymap.keycode.134 = 0×15c # Meta_R
xkeymap.keycode.135 = 0×15d # Menu

 
1 Comment

Posted in VMware, ubuntu

 

Subclipse and Eclipse on Ubuntu

19 Feb

Install libsvn-java

The package libsvn-java contains JavaHL.

Install libsvn-java by typing the following into a command line:

sudo apt-get install libsvn-java

then make sure you add the following to your Eclipse launcher parameters (ie add it to the end of the shortcut to eclipse):

-vmargs -Djava.library.path=/usr/lib/jni

Restart Eclipse.

 
No Comments

Posted in eclipse

 

Adding a Column to JSON using Coldfusion8

16 Apr

I use Spry to output a lot of queries that I use in my projects.

So I call my coldfusion function from Spry

var ts = new Date();
var spry_ContactList = new
Spry.Data.JSONDataSet(“module_contacts.cfc?method=qry_ContactsList &returnFormat=json& queryFormat=column&TS=” + ts.toString(),{path:”DATA”, pathIsObjectOfArrays:true});

There are a couple of things to note here, first of I am using Coldfusion 8’s new returnFormat=json to return the query that resides in my function, as well as this I am also using queryFormat=column. Finally I have added on a date string to prevent browsers such as IE6 from caching the request.

So based on the above I can return my query as JSON, however I found that any dates were being returned in a fairly ugly way eg. March 21, 2008 00:00:00. I wanted to remove the dates and on consulting with a couple of people I came to the conclusion that doing this in Javascript would not be the best solution so I added the following after the query in my function.

<cfset tempArr = arrayNew(1) />
<cfloop query=”qry_ContactsList”>
<cfset arrayAppend(tempArr, “#DateFormat(qry_ContactsList.visitdate,’dd-mm-yyyy’)#”)/>
</cfloop>
<cfset qry_ContactsList.addColumn(“PRETTYDATE”, tempArr) />

This created an additional column in the JSON that was returned, and I could now display the date as I wanted to.

 
No Comments

Posted in Coldfusion, Spry

 

Change the Date and Timezone in Centos

14 Apr

Log into your server then retrieve the current date and timezone by typing in

date

all timezone information is stored at /usr/share/zoneinfo you can browse to this by typing

cd /usr/share/zoneinfo

you should see a list of all the available timezones including folders for countries which have multiple time zones eg. America

so to change the time zone just enter the following

ln -sf /usr/share/zoneinfo/Europe/London /etc/localtime

If you then want to manually set the time to 30/03/2008 09:57, the format to enter the date is ‘mmddhhmmyyyy’

033009572008

The following command will update your hardware clock

hwclock –systohc

And now when you type in ‘date’ you should see an up to date clock

 
No Comments

Posted in guide, linux

 

Setting up VSFTPD

29 Mar

The virtual machine I used was a centos 5 linux distribution, I then installed VSFTP

1. Install VSFTPD

[root@localhost]# yum install vsftpd

2. Make sure vsftpd starts on bootup

[root@localhost]# chkconfig vsftpd on

3. Switch of anonymous ftp access

[root@localhost]# vi /etc/vsftpd/vsftpd.conf

then change the line to

anonymous_enable=no

4. You can change the greeting you see when you connect to the ftp server by changing the line

tpd_banner= New Banner Here

5. Create a user group and shared directory. In this case, use /var/www/vhosts and a user group name of ftp-users for the remote users

[root@localhost]# groupadd ftp-users
[root@localhost]# mkdir /var/www/vhosts

6. Make the directory accessible to the ftp-users group.

[root@localhost]# chmod 775 /var/www/vhosts
[root@localhost]# chmod 775 /var/www

7. Add users, and make their default directory /var/www/vhosts

[root@localhost]# useradd -g ftp-users -d /var/www/vhosts user1

8. Change the permissions of the files in the /var/www/vhosts directory for read/write only access by the group

[root@localhost]# chown root:ftp-users /var/www/vhosts*

9. Restart the VSFTPD service using

[root@localhost]# service vsftpd restart

10. Make sure you are not blocking ftp ports to the server (ftp requires port 21 to be open)

system-config-securitylevel

11. After configuring the vsftpd server on an Amazon ec2 server , I was not able to connect to vsftpd in one server from my ftp client. It throws the error:

500 OOPS: vsf_sysutil_recv_peek

The solution for this problem is to load capability module:

# modprobe capability

12. If you are having trouble connecting with an FTP client (such as FileZilla) and receiving an error like below

Error: Could not read from socket: ECONNRESET – Connection reset by peer
Error: Disconnected from server
Error: Failed to retrieve directory listing

Then make sure you change the connection settings in the client to ‘active’ rather than ‘default’

 
No Comments

Posted in VMware, ftp, guide, linux

 
« Older Entries