Managing hack/DoS attempts automatically

I was recently recommended some software to prevent (or at least act on) automated hack/DoS attacks on services. The usual suspects triggered this, dictionary attempts on common usernames on servers, “admin”, “administrator”, “root”, etc. Up until now, I’ve been monitoring for unusual network activity. When the traffic reached a certain peak for a specific length of time which was out of the ordinary, I knew something was going on. The hard job then was trying to find out which service was being targeted. I started on the usual suspects, proftpd, ssh, httpd. What I wasn’t expecting at this particular point was someone trying to hack open apache.

Anyway, I digress. The software is called fail2ban. Basically, it’s a python daemon which you configure to sit and monitor the log files from all your exposed services. It uses various timestamp algorithms along with checking using regex for failed auth attempts (configurable). In the regex, it also uses extraction parentheses to extract the host/IP address, then automatically turns to iptables and bans the host within a certain number of failed auth attempts. It defaults to 3 failed attempts getting you a 10 minute ban, but again this is configurable. I’ve set mine to 3 failed attempts with a 30 minute ban, and it seems to be quite happy with that. Since then I’ve actually noticed server load go down a touch, which tells me how many times my servers were being targetted without me even knowing it!

And since it’s configurable for practically every service that logs to a file, it’ll also work for custom applications that do the same thing, no matter what they are. I’ll have to bear this in mind when I write stuff in the future that could be prone to hack attempts.

Check it out: fail2ban

Compaq CQ60 Display Issues

So lately I acquired a (almost) new Compaq CQ60 laptop from the missus as she got a new one from the government (*sigh*). Anyway, we got this laptop about 6 months ago back in November ’09. When setting it up, I noticed the internal screen would take a while to switch on. I never thought anything of it as it was a first boot, then the screen came on and everything was happy. The troubles I had setting it up only become evident after more recent events. Just before she gave it up to me, opening the screen would result in a almost-white screen, one of them ‘pictures’ that show up when the LCD controller is goosed. It’s was very ‘wet’, drippy almost. But resetting the machine and the picture would come back to normal – weird.

Continue reading “Compaq CQ60 Display Issues” »

Adding Multi-select Attributes using an Installer in Magento (Part 2)

So in my last post, I talked about adding an attribute using an installer, as opposed to adding it through the admin panel. This would give you the ability to enforce the addition of an attribute if your code depends on it. However, my last code snippet adds the given attribute as a system attribute, thus “infecting” every attribute set, and not making it removable (or making it a right nightmare to remove from all sets except the one you want). Anyway, here’s a resolution.

Basically, it involves having to override and extend Mage_Eav_Model_Entity_Setup which contains the addAttribute method. This, by default (and is not configurable, for some reason) adds the new attribute to every set. Here is how to override that behaviour and allows you to add the attribute to one set and one set only.

Continue reading “Adding Multi-select Attributes using an Installer in Magento (Part 2)” »

Adding Multi-select Attributes using an Installer in Magento

I had to do a modification for a Magento install that required the use of adding a multi-select attribute. Most other people would just add the attribute by hand and forget about it, but I’m one for making the upgrade process easy. However, the Magento developers don’t seem to want you to know about it (or anything else for that matter, given the lack of documentation!!). Anyway, I eventually stumbled across a small snippet of code, and after a bit of tweaking to figure out where all the parameters went, the installer worked. Easy upgrading 🙂

// File: app/code/local/MyCompany/Catalog/sql/mysql4-install-0.1.php
// OR
// File: app/code/local/MyCompany/Catalog/sql/mysql4-upgrade-0.1-0.2.php

$installer = $this;
$installer->startSetup();

$installer->addAttribute('catalog_product', 'attr_id',array(
			 'label'             => 'Frontend Name',
			 'type'              => 'varchar',
			 'input'             => 'multiselect',
			 'backend'           => 'eav/entity_attribute_backend_array',
			 'frontend'          => '',
			 'source'            => '',
			 'global'            => Mage_Catalog_Model_Resource_Eav_Attribute::SCOPE_GLOBAL,
			 'visible'           => true,
			 'required'          => false,
			 'user_defined'      => false,
			 'searchable'        => false,
			 'filterable'        => false,
			 'comparable'        => false,
			 'option'            => array (
			 	'value' => array('optionone' => array('First Option'),
			 			 'optiontwo' => array('Second Option'),
			 			 'optionthree' => array('Third Option'),
			 			 )
			 			),
			 'visible_on_front'  => false,
			 'visible_in_advanced_search' => false,
			 'unique'            => false
));

$installer->endSetup();

Of course, ‘addAttribute’ isn’t a method of $installer (or $this if you’re running a standard Mysql4 setup). So you have to extend a different setup with addAttribute defined. I found this one works well:

// File: app/code/local/MyCompany/Catalog/Model/Mysql4/Setup.php

class MyCompany_Catalog_Model_Mysql4_Setup extends Mage_Sales_Model_Mysql4_Setup {}

One thing to note with this however, is that the attribute will end up as a System attribute, and applied to every attribute set on the system. I’m currently working on a way around this, and will edit this post when I have something more to share. 🙂

Magento and Google Checkout behind a firewall

So I came across an issue recently when developing a copy of Magento locally, and having to test the Google Checkout functionality. There was one slight problem with that though: Google Checkout can’t see 192.168.1.x. Hmm.. how to get round that? Came up with a solution which let me do a lot of testing as though Google was calling in. The advantage to this is that if your Magento site is behind a firewall and for some reason GC can’t see the endpoint, you can use this.

Continue reading “Magento and Google Checkout behind a firewall” »

n/a