Thursday, November 6, 2008

Using Google Alerts to Check your Web Sites

I recently found Google Alerts very useful as a quick way to detect whether any of our web sites are hosting spam.  (For those who do not know, Google Alerts gives you updates of the latest relevant Google results based on your choice of query or topic. They can be in the form of email, or news feed).

What I did was, I defined several search terms such as the followings in Google Alerts.
  • viagra site:yourdomain.com
  • mortgage site:yourdomain.com
I chosed comprehensive search type, delivered to my email address, and once a day in the alert settings.

When Google found new entries, it would email me the summary once a day.  I can then glanced through the summary to verify if any of those entries could possibly be legitimate.  Or else, I would send that to the appropriate party to follow-up.

Posted by at No comments:
Tags:

Wednesday, October 29, 2008

SQL Injection Attacks by Country of Origin

Here is a world map of SQL injection attacks by their country of origin from January to October this year. The darker the color, the higher the number of hits or percentage.



Here is a pie chart representation of the information.


Posted by at No comments:
Tags: ,

Saturday, October 25, 2008

Network Problem Tonight

We had a network problem tonight which affected some of our servers and applications.

It was a strange problem. I could get to our applications from home. In fact, eLearning, Skylight and the Wiki farm were all working properly. Our legacy applications showed an error which pointed to the direction of AD authentication failure. 

My colleague went in to the office and said he could not get to any of our applications at all. So, for a while, we thought there were DNS resolution problems instead. I called central ITS. They checked and confirmed that everything was working properly on their side.

We performed further tests on various part of the network. Finally we concluded that it was our firewall cluster not routing traffic properly. We rebooted them one by one, and services resumed right away.

Fortunately, eLearning (which is by far our highest usage application), Skylight Matrix Survey System, and the Wiki farm were not affected. But the rest of our legacy applications were down for about 1 hours and 20 minutes. If it happens during the finals week, and the students cannot access their materials in their last hours of revising, the impact is much more severe. 

The firewalls have been performing reliably well all along. I almost believe that they are infallible. Nothing is! We need to better prepare ourselves, have better procedure to diagnosis network problems quickly.  

Or look at it in a different angle, firewall is just one example of many possible single point of failures. We need to ask ourselves what should our operational strategy (or institutional strategy?) be to prevent single point of failures as we move forward?

Posted by at No comments:
Tags:

Tuesday, October 21, 2008

Moving into Web2.0 - Delicious

Just finished our departmental retreat today about "Moving into Web2.0". I did a short story on how I am using Delicious social bookmarking service as a vehicle to help me do my job more efficiently.



I felt that the message was very well received during the presentation and demonstration. But yet during the "What are the obstacles in moving into Web2.0?" activity, many said they did not have time to experiment with various Web2.0 tools.

At least, the process of doing the presentation helps me reflect on what I'm doing and how it has been working. I feel very good about this.

Now... Challenge yourself to change some old habits, you can learn to work more efficiently. Yes, you can!

Posted by at No comments:
Tags: ,

Monday, October 13, 2008

Wrapper for Microsoft SQL Injection Source Code Analyzer Tool

Microsoft has released a SQL Injection Source Code Analyzer for ASP code. Refer to KB 954476 for more information about the tool. However the analyzer can only check one ASP page at a time. It does not automatically recursive scan all ASP files in a folder. Therefore I wrote a simple wrapper around it. Here is the source code:
@echo off
setlocal
set source=\\servername\applicationname
set include=%source%\include
set logfile=check_applicationname.log
IF EXIST %logfile% DEL %logfile%
FOR /F "usebackq tokens=1 delims=?" %%i IN (`dir /S /B %source%\*.asp`) DO (
msscasi_asp.exe /NoLogo /GlobalAsaPath=%source% /input="%%i" /IncludePaths=%include% >> %logfile%
)
endlocal

Posted by at 2 comments:
Tags: , ,

Wednesday, October 8, 2008

F5 iRule Competiton Honorable Mention Finalist

I attended the Load Balancer iRule (scripting) competition organized by F5 Networks. I didn't win the first prize. In fact, they never even contacted me afterwards.

I just found this out today that I was on their Honorable Mention Finalist.

Posted by at No comments:
Tags: ,

Thursday, July 31, 2008

SQL Mirroring Manual Failover for eLearning (Blackboard Learning System CE8)

In my previous SQL Mirroring for eLearning post, I listed the detail on how to setup SQL database mirroring for Blackboard Learning System CE8. Since the application (Weblogic) does not support automatic failover, we need to have a procedure and scripts ready to perform manual failover in the event of a diaster (when the production database server is no longer available).

Here is how:
  • Stop WebCT service on all frontend nodes.
  • If you use asynchronous mirroring, you can execute the following commands on the mirror (business continutiy) server to force failover. The databases will then be in "In Recovery" status. It will take a minute for it to change to "Principal, Disconnected" status. The Disconnected status means that there is no mirrored session going on for this new principal server which is correct.
ALTER DATABASE webctdatabase SET PARTNER FORCE_SERVICE_ALLOW_DATA_LOSS

ALTER DATABASE webctdatabase$PF SET PARTNER FORCE_SERVICE_ALLOW_DATA_LOSS
  • If you use synchronous mirroring instead, execute the following commands to failover:
ALTER DATABASE webctdatabase SET PARTNER FAILOVER

ALTER DATABASE webctdatabase$PF SET PARTNER FAILOVER
  • After failover, you need to execute the following in the new principal server to set the webct and webct$PF users' SID.
Use webctdatabase
go
sp_change_users_login 'report'

Use webctdatabase
go
sp_change_users_login 'update_one', 'webct', 'webct'

Use webctdatabase
go
sp_change_users_login 'update_one', 'webct$PF', 'webct$PF'


Use webctdatabase$PF
go
sp_change_users_login 'report'

Use webctdatabase$PF
go
sp_change_users_login 'update_one', 'webct', 'webct'

Use webctdatabase$PF
go
sp_change_users_login 'update_one', 'webct$PF', 'webct$PF'
  • Then you will need to change the jdbc connection string on the admin node and all managed nodes to point the database to the new principal server.
cd \bea92\weblogic92\config\WebCTDomain\config\jdbc\

copy /y CP-WebCTConnectionPool$PF-jdbc.xml CP-WebCTConnectionPool$PF-jdbc.before_db_migration.xml
copy /y CP-WebCTConnectionPool-jdbc.xml CP-WebCTConnectionPool-jdbc.before_db_migraton.xml
copy /y CP-WebCTJMSConnectionPool-jdbc.xml CP-WebCTJMSConnectionPool-jdbc.before_db_migration.xml

cat CP-WebCTConnectionPool$PF-jdbc.before_db_migration.xml | sed 's/ProdServer/BusContServer/' > CP-WebCTConnectionPool$PF-jdbc.xml
cat CP-WebCTConnectionPool-jdbc.before_db_migraton.xml | sed 's/ProdServer/BusContServer/' > CP-WebCTConnectionPool-jdbc.xml
cat CP-WebCTJMSConnectionPool-jdbc.before_db_migration.xml | sed 's/ProdServer/BusContServer/' > CP-WebCTJMSConnectionPool-jdbc.xml

diff CP-WebCTConnectionPool$PF-jdbc.before_db_migration.xml CP-WebCTConnectionPool$PF-jdbc.xml
diff CP-WebCTConnectionPool-jdbc.before_db_migraton.xml CP-WebCTConnectionPool-jdbc.xml
diff CP-WebCTJMSConnectionPool-jdbc.before_db_migration.xml CP-WebCTJMSConnectionPool-jdbc.xml
  • Bring up the Blackboard CE8 cluster.

Posted by at No comments:
Tags: ,
Subscribe to: Posts (Atom)