I wrote and Facebook app that uses sessions. I worked fine in my machine where I use mostly Firefox and Chrome. Suddenly I discovered that after resetting security settings to medium in IE 9 the app suddenly did not work anymore. Each time I refreshed the new session key was created because requests did notRead more about IE and Facebook iFrame app session cookies problem[…]
I have Facebook app as a page tab and sometimes it did not get the signed_request. I saw with Firebug that POST to my app is made and signed_request is there but this call made redirect to GET instead. This was always reproducible with one Facebook account but with another account it worked just fine.Read more about Facebook signed _request missing[…]
It might happen that some machine has missing CA chain certificates and you get error OpenSSL: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure Unable to establish SSL connection. If accessing the specific URL in browser works without warning then you can export and download CA certificate chain In Firefox right-click > View Page Info > Security >Read more about How to download ca certificate chain[…]
If you are running Ubuntu virtualbox guest then you cannot access the shared folder under /media/shared with regular user. However you can fix this by adding your user to vboxsf additional group.
Important! make sure you append the additional group so that other groups are not removed! Run te command below as exactly as seen and replace you username. If the permission is not applied immediately then reboot.
usermod -a -G vboxsf username
In case you forgot flag -a then it is bad but not hopeless 🙂 Read more about Access virtualbox shared folders from Ubuntu and fix ruined ubuntu installation. …
These days everybody are full of ideas but no time to make these happen. Same here, I have great business ideas every a few weeks but while working full-time on my day job I have hard time to implement these on my own and all my friends are also very busy.
I decided to try out the www.getacoder.com service to find affordable quality help to my projects and so far I have not been disappointed while following the below steps.
1. Write down IN DETAIL what you want to be done.
Before posting a job to www.getacoder.com make sure you have as detailed as possible overview of your requirements. This is called BRD – Business Requirement Document. This must list everything like, user must be able to register, user must be able to login etc. Programmers can take this doc and can implement every feature step by step. Read more about How to hire a freelancer – 10 lessons learnt …
DISCLAIMER If you are looking for help against DDOS look here. This page describes how to promote keywords in webpage.
Recently one of my friend had Spam attack in his rather small website. It happened on 20th of December and by 25th, when it was discovered, Google webmasters tool keywords top was full of unwanted sexual oriented words and one keyword was way above others.
Best webmasters struggle promoting keywords like that. I analyzed the situation and here is what I can say about the technique that was effective:
- Just repeating keyword in after every a few words works.
- Keywords are in sentences that kinda makes sense.
- Keywords are in link titles.
If you worry about your pagerank then try linking to high pagerank pages. In long run this technique does not pay and it it much more reasonable to write original and useful text that readers are expecting and looking for.
This is example how promoting keyword DDOS might look like:
It is secure and easy to login into servers with openssh using public/private key client authentication. You only need to generate keys with ssh-keygen and these keys are used automatically. Challenge starts when you dont want to use same key everywhere but prefer or have to use different keys for different sites. Firstly lets createRead more about Multiple ssh keys for logging to different sites[…]
Before taking Roboo into use for protection against DDOS it is needed to take a look into cons and pros of it.
Firstly nothing comes without drawbacks and sideeffects. Here are some that you need to consider.
- Searchengine crawlers have trouble indexing site. You never want that.
- Webservice clients have issues. Api calls might breaks and SVN server over https does not work well.
- Developers http://www.ecl-labs.org website by itself is not using the Roboo.
Good whitelisting plan must be developed to combat valid non-browser interactions.
I did some quick bruteforce analysis of performance with 3 virtualmachines on vmware. Target was simple vulnerable web application WackoPicko used to test web application vulnerability scanners 1 core 1GB RAM. Roboo machine was ubuntu server 1 core, 1GB RAM. Third was more powerful server where httperf was run. All of these machines were run inside one physical server on vmware ESXi.
Here are the testing results: Read more about Observations of Roboo usability and effectiveness agains DDOS …
I was fortunate enough to take part in Black Hat 2011 EU where was first public presentation of Roboo the HTTP mitigator http://www.ecl-labs.org/2011/03/17/roboo-http-mitigator.html. What is less fortunate is that it can be a pain to install, mostly because of dependency on perl modules. I have tried it a few times and present my experience in here.
Get yourself roboo which comes as a nginx module written in perl. Also get nginx example configuration. Newest versions are available in github https://github.com/yuri-gushin/Roboo. Place these files to those locations
To avoid problem below modify first line of nginx.conf and change user nobody to www-data for example: Starting nginx: [emerg]: getgrnam("nobody") failed in /etc/nginx/nginx.conf:1 configuration file /etc/nginx/nginx.conf test failed
It is tempting to install nginx from reposotory but you will get error.
Starting nginx: [emerg]: unknown directive "perl_modules" in /etc/nginx/nginx.conf:10 configuration file /etc/nginx/nginx.conf test failed