Brandon Checketts

Web Programming, Linux System Administation, and Entrepreneurship in Athens Georgia

Category: General (Page 16 of 25)

Block comment spam with bcSpamBlock

October 10, 2007 / / 25 Comments

A while ago I installed Paul Butler’s JSSpamBlock on my WordPress blog here. His original idea is simple and brilliant: Spambots don’t (yet) execute Javascript. In fact, they usually post directly to the form without even displaying the form first. By having a hidden input field that is populated by javascript, you can verify that users are hitting the page without the user even noticing. For users with JavaScript disabled (are there any of you out there), they simply have to copy/paste a small string into a textbox for verification.

Since implementing a slightly modified version of it on this blog, I have gotten zero spam posts. Now, I wanted some way to implement the same logic on some of my own custom PHP sites to prevent spam on them as well.

While working on a way to re-implement Paul’s WordPress plugin in my own sites, I came up with something pretty clever. Instead of saving a row to a database every time that the form is displayed, you can use a little cryptography to make the client pass all of the data needed to validate the request back to you on its own. The idea is sortof merger between the JSSpamBlock plugin and TCP Syncookies, which use a similar method of having the client store the data for you.

Essentially, how it works, is that the function generates a Random ID. It then encrypts the current timestamp and the random ID using PHP’s crypt() function with some cryptographic salt that is unique to each server. All three of those values (the random ID, the timestamp, and the encrypted value) are then passed to the browser. The timestamp and the encrypted value are stored in hidden <input> fields, while the random ID displayed for the user to verification. If the user has JavaScript enabled, a few lines of JavaScript copy the random ID into another textbox, and then hide that prompt, so that it is never seen by the user. If the user doesn’t have JavaScript enabled, the would have to copy/paste that random ID into the textbox themselves, similar to a captcha.

When the form is submitted, it checks to make sure that the timestamp is not too old, and then re-encrypts the passed in timestamp and random ID using the same salt value to make sure it matches the crypted value passed in from the form. If everything matches, the comment is approved, otherwise an error is displayed to the user.

I wrote this up into a simple include file that can be used for any PHP application. I also implemented a quick WordPress plugin that uses the generic version. More information about it can be found on my new bcSpamBlock home page

Update 2024-10-01:

There are much better spam blocking plugins now, so this has been discontinued.

Get your Dell Service Tag number via the Linux command-line

October 2, 2007 / / 8 Comments

When your server is located in a data center far away, it makes it difficult to walk over to the box and read the service tag off of it. Fortunately, the Service Tag is stored somewhere in the system BIOS, and is accessible with the ‘dmidecode’ utility.

[root@host ~]# dmidecode|grep "Serial Number"
                Serial Number: 80NZV71

You’ll probably see several other serial numbers in there as well for things like your hard drives or other devices. The Dell shouldn’t be too difficult to pick out. I think they are always 7 digits and have letters in middle. There is lots of other interesting things in the ‘dmidecode’ output too, like the speed and type of each RAM module installed, and a description of all of the onboard devices (ie: video and network cards)

With Windows

Thanks to @kleinbaas who commented below how to do the same thing on a Windows machine:

  C:\Documents and Settings\brandon>wmic bios get serialnumber
  SerialNumber
  GX245D1

Fix for CentOS “Can’t do setuid (cannot exec sperl)”

October 1, 2007 / / 3 Comments

If you are running a Perl script with the setuid bit, it actually runs a slightly modified version of Perl so that it is a bit more cautious. On a CentOS box, you need to install the ‘perl-suidperl’ package to get the necessary files installed. Otherwise you get an error like this:

[root@host bin]# ls -al myscript.pl
-rws--S--- 1 mail mail 1218 Oct  1 13:09 myscript.pl

[root@host bin]# ./myscript.pl
Can't do setuid (cannot exec sperl)

Check DomainKeys, DKIM, SPF valiadity, and SpamAssassin score in one place

September 28, 2007 / / 8 Comments

I spent the whole day today stepping through DomainKeys, DKIM, and SPF for a customer to make sure that they were all set up and working properly. I found a couple of the existing tools available on the Internet didn’t test them properly and didn’t give enough explanation when they failed.

So, I went about creating some of my own tests using a bunch of Perl modules. I finally fixed a couple issues that I think were causing problems for this customer. Gmail and Yahoo are now delivering the messages anyway. Hotmail is still a mystery (no surprise since its from Microsoft). Their troubleshooting website is full of talk about how great their service is, but there is a huge lack of anything technical on the site.

Anyway, I made all of these nifty testers and figured that others might like to use them. So I created a way for others to send mail to it, and a web interface that you can view all of them results. I’ve added it as a link to the top of my website.

Perl Mail::DomainKeys module doesn’t verify gmail messages

September 28, 2007 / / 0 Comments

I was trying to verify a DomainKeys message from gmail with the Perl Mail::DomainKeys module and it wouldn’t verify for some reason.  After digging into the module a bit, I found that gmail doesn’t send the ‘q=’ parameter to specify the method to look up the public key.  Obviously this should default to ‘dns’ since it is the only currently supported method.

I modified Signature.pm and added this to line 56:

$self->{‘PROT’} = $self->{‘PROT’} || ‘dns’;

And now the messages are verified properly.  I’ve emailed the module’s author about it, but am not sure if he’ll bother with releasing a fix.  DomainKeys is being dropped in favor of DKIM.

Google before it was google

September 22, 2007 / / 1 Comment

I’m not sure how I stumbled on it, but I came across this really old version of the BackRub home page – which is what evolved into Google. Its kind of interesting to see that some of the links that work and see some of the things that they mention.

I particularly enjoy the note to ‘ignore cgi-bin errors’ and that performance is slow due to NFS and antiquated hardware

Also, in the description of their logo in the FAQ is funny:

“The logo is simply a scan of my hand, from a flatbed scanner converted to black and white. The “back” in the picture is the scanner cover, and the shadows are from the scanner light.”

BackRub logo

Cisco prefix-list to strip default route from received BGP routes

September 20, 2007 / / 1 Comment

In playing with some routing last night, I needed to filter the default route that we received from the BGP announcements from our peers. I didn’t find exactly what I was looking for via Google, so I began experimenting. After a dozen or so unsuccessful changes, I came up with this that actually accomplishes what I was trying to do:

ip prefix-list NO_DEFAULT_ROUTE seq 1 deny 0.0.0.0/0
ip prefix-list NO_DEFAULT_ROUTE seq 2 permit 0.0.0.0/0 ge 1 le 24

Then apply that to a BGP session with something like this in your BGP configuration 

 neighbor 10.20.30.40 prefix-list NO_DEFAULT_ROUTE in

Although that did accomplish that goal of filtering out the default route, it turns out it still didn’t do what I wanted. Oh well. Having a static default route is probably a bad idea anyway.

Saving money on Domain Registrations

September 18, 2007 / / 0 Comments

I have something like 30 domain names that I own, so I’m always looking for a way to save a few bucks on registrations.   GoDaddy.com always has some special offer for a percentage off, or reduced prices.   I used to keep all of their emails so that I could go back through them when I needed to buy something.  I just came across this site that displays all of the currently active and recently expired coupons.  Now I can unsubscribe to their newsletter and keep it from filling up my inbox.

Also, I stumbled on the ‘bulk pricing‘ on godaddy’s site.   When renewing 6+ domain names at a time, you can get a discount as well.  Over 20 domains and the prices are about the same as with discount codes.

Verizon 5750 on Linux

September 12, 2007 / / 1 Comment

About a week ago, I subscribed to Verizon’s EVDO service so that I can get online from practically anywhere. The first few days, I had it running on a Windows machine and that was pretty simple to install. I finally got around to putting Ubuntu on that machine and getting it working under Linux which was also pretty painless.

I specifically chose the 5750 because I found plenty of online documentation for getting it working. Specifically this post, which has some pretty simple instructions. Within about 30 minutes, I had configured my fresh Ubuntu install to work fine with the card. It’s not perfect yet and at this point I still need to run a couple manual commands to get it to connect each time. Also, I’m not sure how to make it cleanly disconnect so that I can reconnect to a wifi service when that is available. I haven’t played with it much past getting it working though, so I’m sure I’ll figure out the rest soon enough.

Performance seems pretty impressive. Speed tests have usually been around 500-700 kbps down and 120-200k up. I’ve seen it as high as 1.6 Mbps down/700k up though. When sitting stationary, latency has been around 100ms to google.com, compared to about 40ms on my Comcast connection. That is decent enough to work with an interactive shell on and to use vim remotely without too much complaint.

I just finished testing latency during a 40 minute car ride. I pinged google the entire way home for a quick test. Although not as impressive overall, I was still impressed that it stayed connected and had less than 1% loss. Latency got as high as 6600 ms though, and the average latency was 272 ms, so that would be more difficult to do something interactive like a remote shell.

brandonc@ubuntu:~$ ping -f www.google.com -i.2
PING www.l.google.com (72.14.205.99) 56(84) bytes of data.
...................................
--- www.l.google.com ping statistics ---
5120 packets transmitted, 5077 received, +10 duplicates, 0% packet loss, time 1809665ms
rtt min/avg/max/mdev = 69.177/205.808/6650.000/324.142 ms, pipe 15, ipg/ewma 353.519/104.946 ms

Overall, I’m impressed so far. Verizon has their 30 day test, so that has been nice that I had the chance to test everything out and would be able to cancel if necessary. At this point though, I’m satisified with the ease of getting it working under Ubuntu, and the performance so it looks like I’ll be keeping it.

Testing Radius from a command-line

September 12, 2007 / / 0 Comments

I like to test things manually to bypass any potential issues cause by multiple layers of applications. Here is how I found to test radius authentication using the command line radclient command:

[root@radius ~]# /usr/local/bin/radclient -x localhost:1812 auth <password>
< User-Name="<valid-username>"
< User-Password="<valid-password>"
<
> Sending Access-Request of id 228 to 63.172.126.12:1812
>         User-Name = "username"
>         User-Password = "password"
> rad_recv: Access-Accept packet from host 11.22.33.44:1812, id=228, length=180
« Older posts Newer posts »

© 2025 Brandon Checketts

Theme by Anders NorenUp ↑