JDPFu.com 2025

Yesterday, I took a look at the missing URL statistics for my blog and saw lots of attacks to phpMyAdmin. That’s sorta funny since I don’t use that tool and if I did, it wouldn’t be available publicly. When I say lots of phpMyAdmin attacks, I mean hundreds with every possible way of spelling it and every possible version listed. Certainly, these are scripts, but still they are many hundreds of attempts. My little blog isn’t THAT popular and it is non-commercial. You don’t need an ad-blocker here and most of the website works just fine without javascript enabled.

Anyway, I’ve added a reverse proxy filter to my web cluster that will prevent undesired requests. I’ve always had a reverse proxy, but never bothered to filter anything except PUSH size to this point. If something seems to be broken, please let me know, since I could have missed a few needed allow rules.

Between the blog spammers and random attacks, it sorta makes me wonder how many counter measures the average blogger installs and uses to pro-actively protect their work. Do you review your logs?

I did see that someone had a sense of humor in their attacks …

/oh.hey.there.how.you.doin

Here’s what I do to protect my websites

• DB – Limit any DB access to local, no network access and especially no internet access to DBs
• Firewall – Limit the ports which can get inside to the reverse web proxy, not to the actual ports where the applications are running.
• Remote – remote access from outside the network is only via key-based ssh or over VPN
• Use non-standard software that doesn’t have millions of users – low value target
• Limit plugins to simple ones so I can review the code
• Stay patched – weekly patching happens on all systems involved
• Stay up to date with released software that is not patched
• Review the server logs daily using summary tools like log watch
• Generally keep up with security issues for the platform and software installed
• Backups – incremental, daily, automatic, full. I can recover any file or the entire server as needed for any day from today to 30 days ago.
• Virtualization used for server platforms. If I do have a hardware failure, the VM can be brought back up on almost any other hardware, provided the VM host/Dom0 runs.
• Run 1 main service per VM. The blog servers don’t do email or vpn or monitoring or …. – they are each single purpose machines. The VM hosts are not available to the outside world.
• Avoid Microsoft solutions for servers – yes, this is a security feature to me
• Block full search engine access
• Perform local analytics – no outside service is used – this is for your privacy too

Anyway, I hope I wasn’t too restrictive on the verbs allowed to pass into this site. Again, if you see issues, please let me know. The script kiddies will need to find another site to bother and someone else’s bandwidth to waste.

What do you do to protect your websites from hackers? Tell me in the comments.

When you have a laptop, you expect to take it with you. When you have a portable computer, the data on it is at higher than normal risk for theft. This means you need to take steps to protect that data. In 2010, the Commonwealth of Massachusetts passed laws that require non-public consumer data be encrypted on disk and networks. Basically, disk encryption is here to stay, but there are some drawbacks. Below I’ll describe why you want to encrypt much of your laptop disk storage, why you probably don’t want whole disk encryption, and the setup that I’m using.

Each of us use a computer for various reasons. Some just want a system that works, without any hassle. Most of us want to run specific software, work with specific file types, connect with everyone else, and possibly just do what the people around us are doing to be the same.

I’ll be as honest as I can and put the reasons in order.

Some of you know that I’m a fan of Linux. Ok, so that is an understatement. Would you like to convert? I’ll help you! Linux lets me do what I want while still providing nearly complete control over the hardware, for free. I like it and I’m shocked when other computer users don’t like it too. In fact, I think that almost every Grandmother should be running Linux these days.

Here’s a story, Linux Experiment Gone Horribly … Perfect, about a tech trying to solve problems with a client’s laptop. After exhausting all other solutions to a virus infected, spyware running, root kit loving Vista install, he got to the point of needing to reinstall Vista, but no reinstall disks were available. The client didn’t have them or any backup. The answer? Ubuntu Desktop 10.04 (Lucid Lynx).

In short, unsophisticated computer users will probably do better with a properly configured Linux system. I’d try Ubuntu, Mint or PCLinux on end users for the best outcomes. All are based on Debian, very stable and work on almost any hardware.

Would you like to try Linux? I’ll help you!

The Best Linux Commercial that you’ve never seen.

Parts of it are clearly written by the marketing team, since it isn’t really 100% true and the performance displayed seems to be sped up 20%, but still it is a nice, slick looking commercial.

I wish they’d said – 30,000+ applications, instead of thousands of applications and pointing out that updates to all of them are handled centrally OR automatically, if you prefer. Synaptic for 10.04 shows over 30,000 packages now. Still, it is a very good view of what Linux and Ubuntu can accomplish today.

Dell needs to get some balls in their dealings with Microsoft.

Some more Linux commercials

I came across a short article on the Free Software Foundation building a federated social network solution and figured a few of my readers would be interested.

I’ve been interested in saving some money on home phone service since around 2001 when I dropped the babybell service for a VoIP solution. Over the years, I’ve switched providers and ended up with the cable company phone service to get the best quality for the buck. Now they’ve raised the prices and I’m looking again. I’m not interested in Vonage at $25/month when a $3/month plan will cover me. Further, I already own the necessary equipment to get this all working. You may already own the equipment too.

It always seemed that a $3/month SkypeOut account could be linked to a PBX (Asterisk/FOSS) to make this happen. A few months ago, I asked about this on Lifehacker, but didn’t get any acceptable answers.

How to Ask a Smart Question.

After reading a 2 pg rant from a new Linux user complaining that his questions were not being answered, I did a little googling and found a post on how to ask a smart question. I added a link here mainly so I could review it later, when I needed to ask a smart question.

If you are looking for the smallest Linux possible and want to add just a few applications, then you really need to look at TinyCore.

11MB of disk, 64MB of RAM (perhaps less), 2.6.xx kernel, X11 or not, your choice. What more do you need to know?

Small Footprint in Disk AND Memory – 11MB

Do you have 11MB of Disk and 64MB of RAM? TinyCore Linux will work for you.

2014 Update:
Adobe is at it again. This time violating paid customer privacy.
Adobe spies on readers: EVERY page you turn, EVERY book you own leaked back to base

Time to start blocking adobe domains, if you don’t already.
adelogs.adobe.com is one.

Adobe has been plagued with security issues in their most popular tool, like Acrobat and Reader. These issues seem to be on all platforms, but are mostly targeted by hackers on MS-Windows. For years, we’ve known that Acrobat allowed PDF documents more access than most people need by default – JavaScript and the ability to start other programs running on the system. 99% of Acrobat Reader users do not need or want either of those features, yet, they are enabled by default.

Adobe has been slow to correct issues and claimed to be on a quarterly patch cycle. This is for Flash, Shockwave, Reader and all products including PhotoShop. For almost all of these tools, there are alternatives that are not the main targets of hackers.

So, I gotta ask …

Why are you still using Adobe Tools?