Does this sound familiar? I’ve taken the plunge and ordered a new, much faster and more secure server from UK2.net and started moving sites over. It should mean faster response times for websites (especially WordPress) and smoother running in general.
That’s not to say things have gone smoothly so far. I allowed BootBlock onto the new box and it promptly went a bit mad – intermittently refusing default documents, email and all kinds of nonsense. UK2 kindly wiped the box and started again at my request, and all went well the second time around.
There may be a brief period of unavailability across various websites, but I have a whole month with both servers, so I can take the time to get things right.
A new version of the software for LG’s BD370-P Networked BluRay player finally fixes the “There may be Network Congestion” error when trying to access YouTube.
Version 7.141.01.26 of the software is available to download from the Setup > Others > Software Update menu on your BD730-P as of tonight. Users can now access YouTube even behind a router, and can log in to access any YouTube favourites they have bookmarked. No new drivers have been released alongside this software update, but you should check for them anyway, especially if you have not updated for a while.
The only thing lacking now is the ability to play the HQ / HD versions of a video where present. Setting HD as the default in YouTube and even adding the video as a favorite while playing the HD version has no effect on the LG B370-P itself. If anyone finds a way to do this, please leave a comment.
In preparation for our upcoming trip to Tokyo I decided to check with airline KLM to ensure that my booking was complete and seats reserved. I toddled off to the KLM website using Internet Explorer 8 Beta 2 (since the window happened to be open) and was promptly informed that my browser wasn’t supported (click the image to the right).
The stupid thing about the method of detection they’ve employed is that it’s all JavaScript based, since the website loads without problems and then redirects to the error message. Once there, you can simply opt to continue using your current browser anyway and the site works without problems. Amazing!
The problem, of course, extends from using the browser’s UserAgent string to make a guess at compatibility. In this case a newer version of an existing browser, which you would reasonably expect to have the same feature set, has caused problems simply through not being recognised.
The answer is not to do any browser detection and – assuming your site is complex enough to warrant it – simply provide a link to a technical problems help page. Writing your site in a non-browser-specific way should be a no-brainer these days, too.
The missingMajordomoCf error crops up while trying to add a site if your Base Maillist package is not installed for whatever reason. In our case it was a problematic update which cause it to be removed, but you may also have uninstalled it manually to sidestep MajorDomo spam.
Reinstalling the package is simple, but the files are not signed, so before you start you need to turn off the GPG Check for the BlueQuartz repository. To do this, edit the file /etc/yum.repos.d/BlueQuartz-Base.repo and change gpgcheck=1 to gpgcheck=0.
Now you can perform a yum install base-maillist* and the package will be reinstalled without errors. Once done, change gpgcheck back to 1 as detailed above and all should be well.
Voila! No more missingMajordomoCf error! Hopefully.
All .web.com domains will cease resolving (ie, working at all) from the end of the month. This basically kills off any sites that use these domain extensions stone cold dead, with little option but to buy a new domain name and frantically redirect as much traffic as possible.
What I don’t understand is why web.com (who lease out, if you like, extensions of their own domain) have decided to kill off this revenue stream. CentralNIC were handling everything on their behalf and would presumably pay web.com for the priviledge of doing so, yet the new owners have essentially said they don’t want this anymore.
This is a copy of the email I received:
> Hello,
>
> We are writing to you because you have one or more .web.com domain
> names registered with 123-reg. We are sorry to inform you that as of
> March 31 2008, .web.com domain names will no longer resolve.
>
> This means that any website located at an address ending in .web.com
> will be unreachable at that address. It is also now not possible to
> renew .web.com sub-domains.
>
> We're really sorry about this: unfortunately the issue is out of our
> control. We've explained the full reasons for it below.
>
> You will need to move any affected sites to new domains before the 31
> March 2008. You can register an alternative domain for your site for
> free (as long as it is available) - please read on to find out what
> to do next.
>
> WHAT'S HAPPENING
> ----------------
>
> CentralNic is the global domain registry for many types of domain
> name. In December 2004, the owners of web.com asked CentralNic to
> operate the .web.com domain registry on their behalf.
>
> All .web.com domains purchased through 123-reg are administrated by
> CentralNic, and .web.com is the only sub-domain CentralNic has ever
> offered that they did not own or directly control.
>
> CentralNic agreed to operate the registry in good faith, based on the
> fact that web.com had managed it themselves for the preceding 6
> years.
>
> However, the web.com domain is now owned by somebody different. These
> owners have announced that, as of 31 March 2008, they will no longer
> offer domains ending in .web.com
Although it has not been possible to buy a .web.com domain for quite some time, it was at least possible to renew an existing one in order to carry on running whatever business was involved. Now that’s all out the window and a lot of people will be left up the creek without the proverbial paddle, since popular domain names that were still available as .web.com domains are pretty much sold out.
Thankfully I have been able to snap up MYDOMAIN.UK.COM as a replacement, though this is UK-Centric and not as generic as its predecessor, but I still have to recreate all the sites on that domain (it was a generic word that lent itself to multiple subdomains quite nicely) and redirect everything – an intensive excercise whichever way I look at it.
Another site I am involved with which currently uses COMPANY.WEB.COM already owns COMPANYWEB.COM and can use that, but the stationery, business cards and advertising all feature the .web.com address which – from the end of the month – will be quite useless.
It will be interesting to see what the outcry is on this.
Imagine you’ve just added a new domain to your BlueQuartz server. It was previously on another IP address and you’ve added the relevent DNS entries on your box, changed your nameservers and the new site shows up in your browser – great, all as expected.
But then you check email delivery and find that, while email from outside the server is being delivered, anything generated on the server, or send via that server’s SMTP, is being sent off to the old IP address. The problem you have is that your server is caching the old DNS entries until they expire.
In Linux, DNS Caching is handled by the nscd process. To restart this process, and thus flus the DNS cache, you’ll need to type one of the following while logged in as root:
You may find that this doesn’t work, in which case, try using ’stop’ instead of restart, ping your domain name from the server, then use ’start’ to restart the service. Your updated IP address should now show up.
It began, as so many adventures do, with a chance tip from a concerned netizen. A lady on the Internet had received an email saying she had won the Lottery and had been in communication with the offenders when she decided she didn’t like the way things were going. She emailed us, and things happened.
Many moons ago I wrote a Lottery Results website. The lady emailed us with an alternate address, revealing that the scammers had copied the entire website – including the list of Lottery Scam Emails – in order to give their 419 Email Scams that added air of legitimacy.
There were several changes, all geared towards getting an unsuspecting user to type in a username and password (supplied in the scammers’ original email) and then enter their legitimate bank account details. No doubt the scammers would plunder the account, leaving the scammee high and dry.
The WHOIS for uknlotteries.com showed it was on a free hosting company, Freehostia, and that the domain was purchased through ns.com / tucows.com on 14th August – just a week before we were told about it. Pinging the domain gave 64.72.119.253 – an IP handled by AlphaRed.com. All of these companies were sent a copy of our 14-Page report.
Next up, we noticed that the ‘Contact Us’ page still contained the IP and Host Name of the person who downloaded the first copy of the site – ironically this was a security thing:
80.178.248.142.satcom-systems.net / 80.178.248.142
Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)
This was an IP address in Israel. A quick search of the server logs showed that users from Satcom Systems had been visiting at least as early as October 2006.
Examination of the source code revealed other domains in use by the spammers: CTBPLC.co.uk (Not working) and GCBOFLONDON.com (A holding page on a Microsoft Office service). Another free hosting company, Multiververs.com, was used for the latter.
The /secured/ folder did not contain an index file and so we were able to examine the other files in that directory. We found IP activity mini-logs from Web2FTP.com for the following IP addresses:
Further examination of other know file paths that were cloned revealed that 82.206.163.11 was the IP of the user who had uploaded the files to the fake domain.
IP WHOIS Info for 82.206.163.11? Yep…
inetnum: 82.206.163.0 - 82.206.163.255
netname: CUST-SUBURBANTELE
descr: Reassignment to Suburban Telecom
country: NG
admin-c: BA771-ripe
tech-c: BA771-ripe
status: ASSIGNED PA
remarks: *************************************************************
remarks: * *
remarks: * For issues of abuse related to this IP address block, *
remarks: * including spam, please send email to at: *
remarks: * *
remarks: * s.ayonote@suburbantelecom.com *
remarks: * *
remarks: *************************************************************
mnt-by: AS22351-MNT
mnt-lower: AS22351-MNT
changed: TAC.OPS@Intelsat.com 20060623
source: RIPE
person: Bruce Ayonote
address: Plot 1105 Durban Street Wuse II
address: Abuja, Nigeria
phone: +234 80 3313 7201
e-mail: bruceayonote@hotmail.com
nic-hdl: BA771-ripe
mnt-by: AS22351-MNT
changed: tac.ops@intelsat.com 20030611
source: ripe
A quick IP WHOIS on the other IP addresses confirmed it – a classic Nigerian 419 Scam.
A copy of everything we’d found was sent to all concerned parties and the website was gone 10 hours later, with Freehostia being first to pull the plug. As of right now, we don’t know if the scammers can still access the domain, so it’s possible that the site will reappear on another hosting company. We’ll have to keep an eye out for that one.
Updated 6th June: It appears the scammers have created more than one site – this one actually made it into Google’s listings. I’ve tipped off the hosting company, as before, as we’ll see what happens.
Updated September 12th: Finally got rid of it. The hosting company in this case was a little less willing to help and had to be reminded, and even then asked for proof that it was a cloned and phishing site.
A bit of scandal! I decided to check up on a website we’d finished recently to see how many visitors were coming in after the client had launched it and promoted it a little bit, and I spotted the following in the list of URLs accessed:
Seems someone had been attempting to inject (currently) harmless SQL commands via the search form of the site, which was pretty pointless because the first thing results.php does is split any given string into seperate words.
Even better, the server that this site is on resolves IP addresses to their host names, and the IP that attempted the above resolved to… one of our competitors. The very competitor, in fact, that had lost this account to us.
After the daily log rotate had run I downloaded the log files and wrote a quick script to list all of their attempts, of which there were about 8 altogether. Of course, I reported this to the client and will let them ask the awkward questions. Could be interesting!
Does this sound familiar? I’ve taken the plunge and ordered a new, much faster and more secure server from UK2.net and started moving sites over. It should mean faster response times for websites (especially WordPress) and smoother running in general.
