My Mighty Blog: September 2005

Tuesday, September 27, 2005 | 0 Comments

Right now, I am building a new web site for my girlfriend. Those of us who are in the business of building web sites are constantly looking at security. One of those security areas are login pages. This is one of the more popular avenues of attack by many hackers. And why not? If the hacker and/or his software can just guess a username and password combo and get in to mess things up, then why bother with trying to get access to the database directly? Unless there are deeper motivations... However, I am not too concerned with those motivations on my girlfriend's family site. There shouldn't be any credit card or ssn numbers in her database. Hehehe...

Now we all come up with ways to deter hackers from accessing our web sites. One method of this is to simply send the request away. This is what I am talking about for this posting.

As an example, on this site I keep a count of how many times the requestor enters invalid login credentials. Since we cannot depend on client cookies, or session variables for this, I automatically log the IP number into the database with the date, time, and some HTTP request information should I need it later. A simple INSERT statement like below should do the trick . This one is VBScript for an Access DB, but it can easily be adapted into other languages and DBs.

Dim sql
sql="INSERT INTO blacklist_table (" & _
   "bl_ip, bl_date, bl_httpdata" & _
   ") VALUES (" & _
   "'" & request.ServerVariables("REMOTE_ADDR") & "'," & _
   "#" & now() & "#," & _
   "'" & request.ServerVariables("ALL_HTTP") & "'" & _
   ")"

On each request to the web site, it checks to see if the IPs login attempts are above 25 for the day. If they are, I send the visitor to the Homeland Security Contact page. Hehehe... Here is another VBScript example:

Dim sql
sql="SELECT COUNT(*) AS totalcount FROM blacklist_table " & _
"WHERE bl_ip = '" & request.ServerVariables("REMOTE_ADDR") & "' " & _
"AND (bl_date BETWEEN #" & formatdatetime(now(), 2) & "# AND #" & _
formatdatetime(dateadd("d", 1, now()), 2) & "#)"

Pretty simple, huh? As with anything else in the security world, one trick doesn't save the ship. The key to good security is LAYERS, meaning multiple defenses on multple fronts. I just thought this one was kind of amusing because of where I am sending them.

Have a good one!

posted by The Mighty Will @ permalink

My New Site is UP and running!

Saturday, September 03, 2005 | 0 Comments

Woo hoo! After a horrible battle with my current web host, previous web host, and the online registrar of my domain, I finally have everything up and running! It only took a month.

I got a bit nostalgic in building this one. I went back to "classic" ASP (a.k.a. ASP 3.0) to get this one done. I haven't developed anything in ASP in almost a year - so I wanted to keep my skills current. I don't know if the word "current" applies since the technology is already replaced. Hehehe...

I encourage you to check it out. It was a blast to build and although I built it from scratch, it didn't take long.

One more thing... We keep seeing and hearing all kinds of things about the aftermath of Hurricane Katrina. No matter what you have witnessed on the television, radio, or newspaper, the bottom line is that this people NEED help. Please do give them a helping hand. In my area alone, there are numerous shelters and private homes opening their doors to the refugees of Hurricane Katrina. You do not need to do that, but you could maybe eat lunch in the office for a couple days in a row and send the $25 you saved to the Red Cross. They need the help.

Have a good one!!!

posted by The Mighty Will @ permalink

		My Mighty Blog Listen to me and label every single thing I say as a 'fact'. You do it for the news networks, why not me??? These are my views on current events, family, news, government, technology, internet, programming, and whatever else pops into my head.
		About Me Name: The Mighty Will Location: Central Florida, United States Good Ol' Boy turned nerd View my complete profile Links NEW BLOG ADDRESS My Online Photo Album Google News Strohl Site Design I'm LinkedIn Service Rank Stricklands Online Kimbereley Boals Excavating RLS Technical Services InHhume Boone High School c/o '96 Reunion Subscribe to Comments [Atom] Previous Posts The Blog has MOVED! Whoa! Free Image editing program!!! (Paint.Net) Regular Expression - Date Regular Expression - Validating Time Microsoft AJAX 1.0 - Common Error Movie: Peaceful Warrior Interesting Social Networking Web Site Idea Net Neutrality I Met President Bill Clinton Today! Orlando .Net CodeCamp by ONETUG Archives April 2005 June 2005 August 2005 September 2005 February 2006 March 2006 April 2006 May 2006 June 2006 July 2006 August 2006 November 2006 December 2006 January 2007 March 2007 April 2007 Current Posts MARVEL and SPIDER-MAN: TM & © 2007 Marvel Characters, Inc. Motion Picture © 2007 Columbia Pictures Industries, Inc. All Rights Reserved. © 2007 Sony Pictures Digital Inc. All rights reserved.	Just to amuse myself... Tuesday, September 27, 2005 \| 0 Comments Right now, I am building a new web site for my girlfriend. Those of us who are in the business of building web sites are constantly looking at security. One of those security areas are login pages. This is one of the more popular avenues of attack by many hackers. And why not? If the hacker and/or his software can just guess a username and password combo and get in to mess things up, then why bother with trying to get access to the database directly? Unless there are deeper motivations... However, I am not too concerned with those motivations on my girlfriend's family site. There shouldn't be any credit card or ssn numbers in her database. Hehehe... Now we all come up with ways to deter hackers from accessing our web sites. One method of this is to simply send the request away. This is what I am talking about for this posting. As an example, on this site I keep a count of how many times the requestor enters invalid login credentials. Since we cannot depend on client cookies, or session variables for this, I automatically log the IP number into the database with the date, time, and some HTTP request information should I need it later. A simple INSERT statement like below should do the trick . This one is VBScript for an Access DB, but it can easily be adapted into other languages and DBs. `Dim sql sql="INSERT INTO blacklist_table (" & _ "bl_ip, bl_date, bl_httpdata" & _ ") VALUES (" & _ "'" & request.ServerVariables("REMOTE_ADDR") & "'," & _ "#" & now() & "#," & _ "'" & request.ServerVariables("ALL_HTTP") & "'" & _ ")"` On each request to the web site, it checks to see if the IPs login attempts are above 25 for the day. If they are, I send the visitor to the Homeland Security Contact page. Hehehe... Here is another VBScript example: `Dim sql sql="SELECT COUNT() AS totalcount FROM blacklist_table " & _ "WHERE bl_ip = '" & request.ServerVariables("REMOTE_ADDR") & "' " & _ "AND (bl_date BETWEEN #" & formatdatetime(now(), 2) & "# AND #" & _ formatdatetime(dateadd("d", 1, now()), 2) & "#)"` Pretty simple, huh? As with anything else in the security world, one trick doesn't save the ship. The key to good security is LAYERS, meaning multiple defenses on multple fronts. I just thought this one was kind of amusing because of where I am sending them. Have a good one! posted by The Mighty Will @* permalink My New Site is UP and running! Saturday, September 03, 2005 \| 0 Comments Woo hoo! After a horrible battle with my current web host, previous web host, and the online registrar of my domain, I finally have everything up and running! It only took a month. I got a bit nostalgic in building this one. I went back to "classic" ASP (a.k.a. ASP 3.0) to get this one done. I haven't developed anything in ASP in almost a year - so I wanted to keep my skills current. I don't know if the word "current" applies since the technology is already replaced. Hehehe... I encourage you to check it out. It was a blast to build and although I built it from scratch, it didn't take long. One more thing... We keep seeing and hearing all kinds of things about the aftermath of Hurricane Katrina. No matter what you have witnessed on the television, radio, or newspaper, the bottom line is that this people NEED help. Please do give them a helping hand. In my area alone, there are numerous shelters and private homes opening their doors to the refugees of Hurricane Katrina. You do not need to do that, but you could maybe eat lunch in the office for a couple days in a row and send the $25 you saved to the Red Cross. They need the help. Have a good one!!! posted by The Mighty Will @ permalink

My Mighty Blog

About Me