danneh.org

Archive for July, 2010

Magento Buy X Get Lowest Priced Item Free

by Dan on Jul.28, 2010, under Magento, PHP

An extension for Magento on Magento Connect (here) allows users to run a promotion similar to Buy X Get Y Free, but of different products (instead of a number of the same products). The caveat to this extension however is that it breaks a Magento 1.4.x installation completely, due to key changes in the coupon validation routines in the upgrade.

Anyway, I attach to this post the fixed file. Unzip this file, overwrite app/code/local/Sttl/Buygetfree/Model/Validator.php with the one inside the zip, and go create some promotions!

Have fun.

P.S: This (Sttl (md5: d991b3b4eb37f8be53545ba6795a02f9)) is a full version of all the module’s files if you find it easier to do it that way. Place this file in app/code/local and extract. Then create a file called Sttl_Buygetfree.xml in app/etc/modules and put this inside of it:

<?xml version="1.0"?>
<config>
    <modules>
        <Sttl_Buygetfree>
            <active>true</active>
            <codePool>local</codePool>
        </Sttl_Buygetfree>
    </modules>
</config>
21 Comments :, , , , more...

Compaq CQ60 Display Woes – Part 2

by Dan on Jul.20, 2010, under Hardware

So in my previous post relating to this, I’d sent the machine back twice to HP to be repaired. The first visit gained a new motherboard and CPU. The second visit gained a new LCD assembly. But still the fault persisted. It sort of worked alright-ish for around a week or so, but then gave up the ghost completely. Sometimes the backlight would come on but no picture. Having had enough of it at this point, I phoned HP technical support a third time, claiming to them it would be my last call before phoning their Customer Complaints department.

So last Wednesday (July 14th 2010), it got picked up again, and was delivered back to me yesterday (Monday July 19th 2010). What did the service report say this time? I hear you ask.. “LCD cable replaced”… Are you serious? All this for a f*cking piece of wire? However annoyed I was at what their resolution was this time, so far it’s behaved exactly as it should. Resolved? Dare I say it this time? Yes…

So, third time lucky. In the meantime, I’ve found that the CQ60 isn’t on sale ANYWHERE anymore. It’s been deprecated and replaced with it’s mate, the CQ61. Casandra has one. There’s some key changes to the chassis and port placement on the unit. The power connector is on the opposite side to the CQ60. I assume that the Graphics, CPU and Power circuitry all the same corner of the board causes somewhat of a problem. I dunno. Either way..

Leave a Comment :, , , , , , more...

Managing hack/DoS attempts automatically

by Dan on Jul.11, 2010, under Hardware, System Administration

I was recently recommended some software to prevent (or at least act on) automated hack/DoS attacks on services. The usual suspects triggered this, dictionary attempts on common usernames on servers, “admin”, “administrator”, “root”, etc. Up until now, I’ve been monitoring for unusual network activity. When the traffic reached a certain peak for a specific length of time which was out of the ordinary, I knew something was going on. The hard job then was trying to find out which service was being targeted. I started on the usual suspects, proftpd, ssh, httpd. What I wasn’t expecting at this particular point was someone trying to hack open apache.

Anyway, I digress. The software is called fail2ban. Basically, it’s a python daemon which you configure to sit and monitor the log files from all your exposed services. It uses various timestamp algorithms along with checking using regex for failed auth attempts (configurable). In the regex, it also uses extraction parentheses to extract the host/IP address, then automatically turns to iptables and bans the host within a certain number of failed auth attempts. It defaults to 3 failed attempts getting you a 10 minute ban, but again this is configurable. I’ve set mine to 3 failed attempts with a 30 minute ban, and it seems to be quite happy with that. Since then I’ve actually noticed server load go down a touch, which tells me how many times my servers were being targetted without me even knowing it!

And since it’s configurable for practically every service that logs to a file, it’ll also work for custom applications that do the same thing, no matter what they are. I’ll have to bear this in mind when I write stuff in the future that could be prone to hack attempts.

Check it out: fail2ban

Leave a Comment :, , , , more...

Blogroll

A few highly recommended websites...