Northland Digital Agency » Website Hosting

An Awe-Inspiring Website Attack: RFI

Northland Digital — Sun, 10 May 2009 14:29:34 +0000

RFI stands for Remote File Inclusion. We’ve seen some captured demos here and there, but this one is one of the most impressive yet. The example shown in the post Bots Galore! is worth reading – in fact, studying! Look how it ends, with a simple GUI for controlling your site. Chances are, there’s eight or nine of these scripts floating around on underground file sharing networks right now.

Wikipedia gives an excellent description of the RFI attack. Briefly, you used PHP’s “include” function to include whatever file was specified after the ‘?’ prompt in the URL. Guess what? We’ll just include our own file from some other server there and look at your web page that way! No password cracking, no muss, no fuss, and not even any trace left.

Guard against this! Turn off “register_global” on your server if it isn’t off already, and just plain don’t allow URL-include in the first place. If you have several pages of code that have to link together, include the file specifically by name in the code itself.

Peter Brittain

Web Page Speed – Microseconds Count

Northland Digital — Sun, 10 May 2009 14:25:59 +0000

This little study conducted by Google and Amazon re-confirms what many of us have known for years: Web page visits drop even if the page took a half-second longer to load.

This makes sense when you combine a couple of factors of human nature. One is habit. We people are getting more and more used to instant gratification. Have thought, text message, post to Twitter. Get sudden urge to hear old 80s song again, search YouTube, listen to it. You get the picture. We’re surrounding ourselves by mobile devices of every shape, and it’s just training us to be less and less patient with lag.

The other factor is uncertainty. If you knew, every time, that no matter how long it takes, the page you want will eventually come up, you’d probably wait longer. But there’s so many things that could go wrong. Is it a bad connection? Server failed? Account suspended? Bad link? Too much Javascript slowing the page down? A Flash load? Webmaster mistake? We don’t know, but if it doesn’t come up in a few seconds, we know that we’ll get what we’re lookign for somewhere else.

Just one more reason to only host your site on a server running Linux (the fastest, most efficient system), and with a local web host so you cut out all the lag you can.

Peter Brittain

Will We Even Invent a Spam-Proof Communications Technology?

Northland Digital — Tue, 05 May 2009 14:29:44 +0000

Just in case you needed a reminder that the good times never last, there’s a Twitter spammer tool out there now. Like so many of these cases, it’s one person making the software, then dozens of gullible fools buy the software and believe that they can make money by spamming the world.

People always ask, “How do these idiots make money?” There’s your answer: they don’t. They pay money. At the end of the chain, perhaps all of the spam that has ever been sent in the history of mankind has only made one, single person any profit: the guy who made the spamming tools and sold them to a few suckers.

Anyway, look for trouble on the Twitter front. Which means more interoperability for malware and worms, which should be all over this like ants on a sugar cube soon. Bots – even the ones who infect PCs – have traditionally used IRC to communicate in a network and collect orders, but now they might have Twitter available, too.

Peter Brittain

Web Host GoDaddy Hates Women

Northland Digital — Mon, 09 Mar 2009 15:43:34 +0000

That title is a sweeping claim to make, and yet that’s just what many of their own customers seem to believe.

This starts with a commercial during the SuperBowl. The SuperBowl is the biggest game of the year of the sport which our friends across the ditch so laughably call “football”, though we’ll throw our lot in with the idea of what football should really be called. Anyway, the advertisements during the SuperBowl are nearly as big a draw as the game itself.

So GoDaddy decided to buy some airtime for its own commercial, and, well, the fallout from the sexist advertisement actually drove customers away. One Twitter comment summed it up nicely: “They assume every web designer is teen male. This midage female web designer taking work elsewhere.”

Now, we have as much of a sense of humor as anybody. But in addition to being gross, sexist, raunchy, and tasteless, the advertisement is also pointless and unfunny. And to the point, they’ve just offended half of their market base. While women lag behind men statistically in other tech professions, there is a more equal ratio of women to men in the Internet-related industry than any other branch of IT.

Plus, as far as the audience goes, studies are finding that women are outnumbering men on the Internet. So now if you have a GoDaddy site and your visit numbers have dropped due to women refusing to patronize sites hosted by them, now you know why.

It’s About Time Cisco Showed Linux Some Heart

Northland Digital — Thu, 10 Jan 2008 14:31:33 +0000

Cisco, the name spoken with the most reverential tones in the IT and telecommunications market, has a new push for their hardware’s interoperability with Linux software. The move ties in Yahoo!, who will be working with Digium to deploy Asterisk throughout Yahoo’s global communications net, using Cisco SIP end points on the desktop.

Actually, Cisco has shown plenty of love to Linux in the past, just not in supporting Free and Open Source Software on telecommunications systems. Remember, back in 2005, Cisco internally rolled out Linux desktops to their workforce.

The reason given being, not cost, but because Linux is easier to support! Take that, MSCEs!

And then back in April of 2008, Cisco opened up its ISR routers’ API, with an application extension platform based on Linux. So you might actually compare Cisco more to IBM. They’ve been planning this move for a long time, and they do it like they do anything, in slow, steady steps.

Peter Brittain