Archive for May, 2012



Welcome everyone. I hope all the information on this blog intrigues and informs all those out there trying to stay on top of our fast moving field of computing. One of the things i have been trying to stay on top of is what the latest is out in the hacker community. Good admins cannot be complacent and think their networks are secure and out of harms way. Hackers today are some of the most intelligent and innovative thinkers out there. They will find a way into anyones network if they desire to. Our job is to be up on the latest exploits so that we can readily identify a breach if and when it happens, and by doing this you mitigate your risk and exposure.

One of the new trends out there that i have talked about before is social engineering. The art of exploiting and convincing someone to do something that allows an attacker to have access to your PC or network. Now i know growing up i always thought hackers were socially inept people who stayed in their mothers basements, punching out code and playing video games. However i have been proven wrong, today some of the easiest ways into a system is by using the person who owns it. By preying on the ignorance of the owner of the PC or network, hackers can gain access and have a field day at your expense.

We all would like to think that we are smarter then just opening a door and letting a stranger in, but fact is a lot of us do just that. Obviously we would not just let someone in that calls up or emails and asks for access, but what if that call or email looked official or put a scare into you where you reacted quickly without thinking. This is what social engineering is about. Have you ever received an email from what looked like your bank, saying that your account will be closed down unless you click on the link and verify your information?. Many of us have received them and many of us have read it and gotten so scared that it would happen so you just clicked on the link and gave all your information away on how to get into your bank account. That is scary in and of itself. Now I have read these emails before and stepped back and laughed thinking “who would fall for this?”. Well believe me, many people do.

The latest out there now is starting to happen in Columbia where people are receiving emails from what claims to be the transportation authority. The email claims that the person has committed infractions and provides links for the user to click on. So it builds up the fear in the person to make an otherwise irrational decision and click on the links provided in the email in order to “view” the details of the infraction. In reality what they are clicking on are files that are attached, that once they are clicked on they will install themselves onto your PC then connect back to a botnet and provide information to the hacker. See the link provided here by ISC a leader in security on the web. https://secure.dshield.org/diary.html?storyid=13309

Gone are the days of the standard brute force attacks or attempting to get in to a system from the outside. Why do all that hard work when you can just get the person to open a door for you and let you in?. This is certainly a much easier thing to do sometimes. Especially when people do not know about these scams. Please protect yourselves, ask questions, get involved in the communities out there and educate yourselves. The information is free and extremely valuable. It could save you and your information.

Advertisements

One issue I ran into on one of my Ubuntu servers was that each time i put my nameserver into the /etc/resolv.conf it was being reset back to a blank page after a reboot. Well there is tons of information out there about if your using DHCP then you need to go into the dhcp config files and setup the nameserver in there. One problem, I was not using the DHCP. Most of us running Linux on a server use the static IP option so this nullifies the instruction sets Iwas finding on the net.

So here I thought I would pass along this quick little summary. The best way for you to get around this is to hard code you nameserver’s into your interface file for your ethernet card like below. For Ubuntu you can find this by going to /etc/network/interfaces and edit this file with nano or VIM or whichever you like.

As you can see on the last line using dns-nameservers with an ip is the same as using nameservers in your resolv.conf file. You can also add multiple ip’s by separating them with a space. If you have any questions or comments, feel free to drop me a line.


A couple of days ago I had a sudden panic when all of a sudden my Virtual Machines began to shut down. You can only imagine how bad this can be when a fully redundant system, simply fails. As I began looking into the issue, I start to receive errors that some of my LUN’s on my brand new EVA had reached capacity.

Baffled as you can imagine I began to look at my usage in VMware and found that I still had approx 180 Gig available. When I opened up the datastore I noticed that my VM’s had a massive amount of snapshots that have piled up in the directories.

We use a utility called Backup Exec from Symantec to provide a backup utility for our entire production environment. One of the plugins for Backup Exec allows you to make backups of your VMDK’s. When BE makes backups of these files it makes a call to VMware and creates a snapshot of the VM at that moment. If for whatever reason the backup job fails, the snapshot is not deleted and it becomes the current working version of the VM. After several failed jobs this began to pile up for the VM’s and the LUN ran out of room.

Well as you remember I told you that when I looked at the LUN I had 180 Gig available. Well unknown to me that coupled with the fact that my LUN had run out of space but now VMware was not reporting my usage correctly. What this caused was a failure of the alarms triggering to tell me that my LUN utilization was getting high.

After calling VMware to assist me with getting my environment back online and clear out all my snapshots, I found the issue with the alarms not triggering. The recommendation was to edit your datastore alerts and make a change to it in some way so that when you click ok, VCenter server will reset the trigger and start to poll the actual datastore size at that moment.

After all is said and done I have learned and am now passing on to all of you. Always check your backups and make sure that there is no snapshots left behind that were not cleaned up. I have also learned to double check my usage stats and look more closely at VSphere client for anomalies.


A reader asked, “I want a tab to show a list of orders to approve. When the user selects an order to approve I want to approve the order selected, then refresh the list under the tab”.

So this one is for you. One way i gave before was to use the coldfusion javascript tags to deselect then reselect the tab which would refresh the content, as long as you had refreshonactivate set to true for the cflayoutarea. Now one thing i had mentioned before was that using the functions were flaky at best. So another method i used is the following.

AjaxEngine.js

var http;
var textResponse;
var returnFunction = "httpReturnResults";

function sendHttpRequest(params) {
// Create the HTTP Object
http = new getHTTPObject();

if (!isWorking && http) {
 if (params != "") {
 httpURL = url + "?nocounter=yes" + "&" + encodeURI(params); + "hash=" + Math.random();

http.open("POST", httpURL, true);
 http.setRequestHeader('Content-Type','application/x-www-form-urlencoded');
 http.setRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT");
 http.onreadystatechange = handleTextHttpResponse;
 if (arguments[1]) {
 returnFunction = arguments[1];
 }
 isWorking = true;
 http.send(params);
 }
 }
}

function handleTextHttpResponse() {
results = "";
if (http.readyState == 4) {
 results = http.responseText;
 eval(returnFunction+"(results)");
 isWorking = false;
 }
}

function handleXmlHttpResponse() {
if (http.readyState == 4) {
 // XML Parsing
 xStr = "";
 xArray = new Array();
 var xmlDoc = http.responseXML;
 var xRoot = xmlDoc.getElementsByTagName('sources');
 for (x=0; x < xRoot.length; x++) {
 for (xx=0; xx < xRoot[x].childNodes.length; xx++) {
 xNodeName_id = xRoot[x].childNodes[xx].firstChild.nodeName;
 xNodeName_val = xRoot[x].childNodes[xx].lastChild.nodeName;
 xNodeId = xRoot[x].getElementsByTagName(xNodeName_id).item(xx).firstChild.data;
 xNodeValue = xRoot[x].getElementsByTagName(xNodeName_val).item(xx).firstChild.data;
 xStr += xRoot[x].getElementsByTagName(xNodeName_val).item(xx).firstChild.data + "\n";
 xArray[xx] = xNodeId + "_" + xNodeValue;
 }
 }
 results = xStr;
 }
 httpReturnResults(results);
 isWorking = false;
}

var isWorking = false;

function getHTTPObject() {
var xmlhttp;
// NOT SURE WHY THIS HAS TO BE HERE, BUT THE FUNCTION WILL NOT WORK IN IE WITHOUT IT...DO NOT REMOVE
/*@cc_on
@if (@_jscript_version >= 5)
 try {
 xmlhttp = new ActiveXObject("Msxml2.XMLHTTP");
 }
 catch (e) {
 try {
 xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
 }
 catch (E) {
 xmlhttp = false;
 }
 }
@else
 xmlhttp = false;
@end @*/

if (!xmlhttp && typeof XMLHttpRequest != 'undefined') {
 try {
 xmlhttp = new XMLHttpRequest();
 //xmlhttp.overrideMimeType("text/xml"); //this is for XML files only
 }
 catch (e) {
 xmlhttp = false;
 }
 }

if (!xmlhttp && window.createRequest) {
 try {
 xmlhttp = window.createRequest();
 } catch (e) {
 xmlhttp=false;
 }
}

return xmlhttp;
}

Index.cfm

<script type="text/javascript">
        <cfinclude template="ajaxEngine.js">
     function conReturn(obj){
         document.getElementById('divid').innerHTML = obj;
     }
     function senddata(){
          url = "approveorder.cfm";
          paramStr = 'urlparam=1';
          sendHttpRequest(paramStr,'conReturn');
     }
</script>

<cflayout type="tab" align="center" name="mainLayout" tabheight="620px">
      <cflayoutarea title="View Some Title" refreshonactivate="true" name="test2" source="test2.cfm">
      </cflayoutarea>
</cflayout>

Test2.cfm

     <div id="divid">
          <!---- content here ----->
          <input type="button" name="approveorder" id="approveorder" value="Approve Order" onClick="senddata();">
     </div>

approveorder.cfm

      <!----- once approve order button is clicked it will pass data to this page and then take the html that was produced here and replace divid with this content so you should make sure that the output of this page looks exactly like test2.cfm just does all the grabbing of updates and any other processing you want----->
      <!---- content here ----->
          <input type="button" name="approveorder" id="approveorder" value="Approve Order" onClick="senddata();">

After testing this a bit and trying out some of the javascript functions that are available from ColdFusion when the layout is included, i found this method to be more reliable to ensure the events fire correctly. I am sure there is a cleaner way to do this, so i invite any comments on your experience of making this happen.

%d bloggers like this: