Capturing packets with a router

November 18, 2009 By Leave a Comment

I came across this story of how to capture packets using a Cisco router.  Nice when you don’t have any alternatives.

Filed Under: Blogs Tagged With: , , ,

Whitfield Diffie talks about secure cloud computing

November 17, 2009 By Leave a Comment

In this article Whitfield Diffie talks talks about secure cloud computing.  I take comfort in knowing that he and I used to work for the same company, Sun Microsystems.  There are some really smart people at Sun.  The article is small and I recommend reading it.  I specifically quote part of the article below as it mentions OpenBSD.  I’ve been running OpenBSD for years.

TR: If a full cryptographic solution is far-off, what would a near-term solution look like?

WD: A practical solution will have several properties. It will require an overall improvement in computer security. Much of this would result from care on the part of cloud computing providers–choosing more secure operating systems such as OpenBSD and Solaris–and keeping those systems carefully configured. A security-conscious computing services provider would provision each user with its own processors, caches, and memory at any given moment and would clean house between users, reloading the operating system and zeroing all memory.

An important component of security will be the quality of the personnel operating the data centers: good security training and appropriate security vetting. A secure data center might well be administered externally, allowing a very limited group of employees physical access to the computers. The operators should not be able to access any of the customer data, even as they supervise the scheduling and provisioning of computations.

Filed Under: Blogs Tagged With: ,

iBlogPro3 automatic thunbnail sizing

November 12, 2009 By Leave a Comment

While playing around with themes from StudioPress I learned about TimThumb.  I managed to get it working with iBlogPro3 from PageLines.  IMHO much easier than doing it the way the theme author suggested.  If you’re curious the changes need to be made within library/_posts.php find the line that deals with the thumb images and change it too something like the following.  I choose to also create a tools directory in the root folder and put timthumb.php in it.  Also make tools/cahe and make sure the webserver can write to the directory.

<img src=”/tools/timthumb.php?src=<?php echo $postimageurl?>
&amp;h=200&amp;w=200&amp;zc=1″ alt=”Post Pic” width=”200″ height=”200″ />

When all is done and working, you can simply put the img url in the custom field and timthumb will automatically size it accordingly.

Filed Under: Blogs Tagged With: , ,

WordPress – Comments and X_Forwarded_FOR

November 18, 2008 By Leave a Comment
This is a patch to comment.php for a wordpress installation.  Basically if the X_FORWARDED_FOR header is set then the comment is attributed to that IP instead of the IP address of the remote connection.  For those that run WordPress behind a reverse proxy, like Squid, Apache, etc. this is helpful.  Of course this header can be spoofed and thus the only way to really know from which IP the connection came is to check the logs on the proxy server.
Now I guess I could get a little more accurate by having the proxy server insert a custom header and then using the value of that header.  Of course that too could be spoofed, etc..  At the end of the day, having the real IP of the device submitting the comment is not all that important anyway.  Though I like having the value of this header more than I like always having the IP of my proxy server.


+++ comment.php Wed Nov 19 01:13:46 2008
@@ -715,7 +715,22 @@
        $commentdata['comment_post_ID'] = (int) $commentdata['comment_post_ID'];
        $commentdata['user_ID']         = (int) $commentdata['user_ID'];

+/* Original line to get comment users IP
        $commentdata['comment_author_IP'] = preg_replace( '/[^0-9a-fA-F:., ]/', '',$_SERVER['REMOTE_ADDR'] );
+*/
+
+       if ($_SERVER['HTTP_X_FORWARDED_FOR'] != "" ) {
+            $ipAddress = $_SERVER["HTTP_X_FORWARDED_FOR"];
+                if (strpos($ipAddress, ',') !== false) {
+                    $ipAddress = explode(',', $ipAddress);
+                    $ipAddress = $ipAddress[0];
+                }
+
+        } else {
+            $ipAddress = $_SERVER['REMOTE_ADDR'];
+        }
+       $commentdata['comment_author_IP'] = $ipAddress;
+
        $commentdata['comment_agent']     = $_SERVER['HTTP_USER_AGENT'];

        $commentdata['comment_date']     = current_time('mysql');



		

		
Filed Under: Blogs  

	

	


				
WordPress – X-Forwarded-For header

		
		
November 11, 2008  By  2 Comments 
		

			
For those that have not figured it out WordPress is the content management system for this site. I am using a plugin called StatPress.  A “visitor” in the lingo of StatPress is not cookie based (which one could argue it should be, since so many places use web proxies for their clients, myself included) but is based on the client’s IP address.  In my network the web server(s) are front-ended by a proxy server (so yeah I use proxies for my clients and my servers). I checked out WordPress ticket 4602 but apparently this has not made it into the code base yet.  I am an outsider with respect to WordPress development and plugin writing, but I think the plugins should be asking the core for things like client IP, etc..  This means one place to maintain, sanitize this information.


Anyways the code below is what I cobbled together into statpress.php file so that the “real” IP address of the client is seen by Statpress and thus my statistics are slightly more accurate. :) 


--- statpress.php       Wed Nov 12 04:30:35 2008
+++ statpress.php.new   Wed Nov 12 04:41:29 2008
@@ -1131,7 +1131,23 @@
        $vtime  = gmdate("H:i:s",$timestamp);

        // IP
-    $ipAddress = $_SERVER['REMOTE_ADDR'];
+
+        if ($_SERVER['HTTP_X_FORWARDED_FOR'] != "" ) {
+            $ipAddress = $_SERVER["HTTP_X_FORWARDED_FOR"];
+                if (strpos($ipAddress, ',') !== false) {
+                    $ipAddress = explode(',', $ipAddress);
+                    $ipAddress = $ipAddress[0];
+                }
+
+        } else {
+            $ipAddress = $_SERVER['REMOTE_ADDR'];
+        }
+
+
+
+
+
+
     if(iriCheckBanIP($ipAddress) == '') { return ''; }

        // URL (requested)
@@ -1320,8 +1336,20 @@
                $body = str_replace("%browser%", $browser, $body);
        }
        if(strpos(strtolower($body),"%ip%") !== FALSE) {
-           $ipAddress = $_SERVER['REMOTE_ADDR'];
-               $body = str_replace("%ip%", $ipAddress, $body);
+
+        if ($_SERVER['HTTP_X_FORWARDED_FOR'] != "" ) {
+            $ipAddress = $_SERVER["HTTP_X_FORWARDED_FOR"];
+                if (strpos($ipAddress, ',') !== false) {
+                    $ipAddress = explode(',', $ipAddress);
+                    $ipAddress = $ipAddress[0];
+                }
+
+        } else {
+            $ipAddress = $_SERVER['REMOTE_ADDR'];
+        }
+
+
+       $body = str_replace("%ip%", $ipAddress, $body);
        }
        if(strpos(strtolower($body),"%visitorsonline%") !== FALSE) {
                $to_time = current_time('timestamp');



If you find this helpful, please leave me a comment.  If anyone understands Italian and wants to send this over to the author of the plugin, please do and let me know.  I also need to now go hack the comments code so it does the same thing.  Of course then also package up both of these modifications so I can incorporate them in my future wordpress installs.

		

		
Filed Under: Blogs  Tagged With: , ,  

	


« Older Posts
Newer Posts »