Category Archives: Software

IOSEC Anti Flood Security Gateway Module – It blocked me, not the bots!

blue stocking nerdThis is a plug in for WordPress by Gokhan Muharremoglu that is supposed to block robotic visits. However, I used it and I was very disappointed. It blocked me, not the bots! Not only me actually, my customers too.

I took it down after I had a customer telling me that he tried to make a purchase, but was blocked by the anti flood module. However, based on the access log, the bot traffic was still the same.

The most effective way to fight a DDOS attack was to actually change the htaccess file. In my case there was bot traffic on the images, so I blocked that option and things got back to normal at least for now.

password-decrypting-hashing

Why Hash the Passwords?

I’ve  learned about encryption before, but the concept of a hash has only been introduced to me recently in my php computer course.  It actually was quite surprising to learn that good websites don’t store your password!  They can’t tell you what your password is if you forget it, but they can only re-set it.

Hashing the password is the best way to protect yourself and your users. This way you don’t actually store the password.  The diagram below explains this concept.  Our text is converted into something that looks unreadable and that hashed form is stored.

hash password example

Do you think this is common knowledge?  You’d be surprised how many companies don’t use it.  Plenty of Fish website, for example, got hacked this way. They stored the actual password, not the hash.

You shall also remember that there is such a thing as reverse md5 that makes it possible to decode simple words.   That’s why we should use numbers.  For example, even WordPress senses when you enter a weak password like “kittens” – a hacker can easily identify what is behind that hash if that word exists in a dictionary.  Try “kiTt707EN” for a better result!  That could be much tougher to decipher.

 

password-decrypting-hashing

port 80

Common Networking Ports – 21 for FTP, 80 for Web

What are ports?

There are soft and hard ports out there.

HARD PORTS (NETWORK):

  • Keyboard
  • Mouse
  • Modem
  • Printer
  • USB

SOFT (NETWORKING) PORTS:

  • 21: FTP,
  • 23: Telnet,
  • 25: SMTP,
  • 53: DNS,
  • 80: WWW HTTP,
  • 443: HTTP SSL (HTTPS),
  • 445: Windows file sharing

Networking ports – communications endpoint set up in software

Used by parts of TCP/IP protocol suite
  • Transmission Control Protocol (TCP)
  • User Datagram Protocol (UDP)
  • Used in Transport Layer
  • Port number range (0-65535)
  • Specifically identified by port number, IP address, protocol used (TCP, UDP)
Software process binds its input/output channels (sockets) with a port number and IP address to send/receive data via network
Port number groupings
  • Well known ports (0-1023)
  • Registered ports (1024-49151)
  • Dynamic/Private ports (49152-65535)

I found this handy for myself to know and decided to share it.  Let’s say, skype may run on port 80 and thus if you are trying to use Apache and localhost, you may be at conflict.

I remember once even calling Cisco about this because my glorious computer instructor assumed that I know all that.  My loclhost wasn’t working.  But their staff had no idea what ports I am talking about and kept on asking “what hardware are you attaching?’.   I guess they had no idea about the difference between hard and soft ports.

port 80

disable, safe, safety

Why do so many users disable cookies?

disable, safe, safety Many users (perhaps one-quarter of all Web users) have cookies disabled on their Web browsers, often in the belief that they can be dangerous.

However, cookies are in fact not dangerous. (In fact if cookies are switched off PHP 4 and higher will use session variables instead of cookies, and your cookie code will still work.).  Another good point is that browsers don’t share cookies.

There are restrictions on the number of cookies a browser may store. A browser may store a maximum of 300 cookies in total. A browser may store a maximum of 20 cookies per server. If more data is required to be stored, the server must store the data on its own hard drive (e.g. a database or use session support).

simpletest-logo

Why do Software Startups use Test Driver Development?

simpletest-logoWhat is Test Driver Development? (TDD)

It’s a new way of doing it more efficiently and this is the way all the fresh start ups do their development.  Most likely Google and Facebook use this strategy too.  This means to write tests first and code later.  The best way is to start building and find mistakes as you go.  It saves the cost.  But also you may be without code for a while because it may take months of work to see that green bar.

Let’s look into it right now, not a month or a year away from creation when quality control personnel find it.   Find bugs, program requirements, errors, differences as soon as you can. We can use simpletest.org for example to test your software as you go.

test-with-1-pass green line simpletest

test-with-1-fail red bar simpletest

 

From my php programming course notes at BCIT:

“Once all of your code has been written, how can you be confident that it works? How can you ensure that it fulfills all of its “contracts”? How can you guarantee that when valid inputs are given, only valid outputs are the result, and when invalid inputs are given, proper Exceptions are thrown? When certain actions are taken on a web page, certain specific expected outcomes are the result? Furthermore, how can you give confidence to other people that your code and classes and objects and pages do exactly what is expected?  One answer is provided by unit testing. An extreme version of unit testing is test-driven development, whereby the developer writes the tests first, and the code later!  Java has a very good, successful unit-testing framework called JUnit, and there are many versions of PHPUnit which copy it. There is also another very elegant and simple PHP unit-testing framework called SimpleTest (simpletest.org), which we will use.  SimpleTest allows us to test our methods, objects, classes, and web pages.  ”