Syndicate content


Attacks by ZmEu or w00tw00t robots

Who is ZmEu?

An image showing ZmeuThe name Zmeu (no capital E) is the name of a fantastic creature of Romania. There are so many stories that there isn't a clear understanding of what it is... but it is human like, can spit fire and wants to marry young women.

If you're wondering, it is generally a bad guy.

ZmEu Attack

Today, I noticed a lot of traffic on one of my servers. Looking into what was happening, I immediately found out that an attacker was looking for a loophole in that system. That attack was being performed from China.

Bad move for PHP unpack()! So unpack() stopped working?

Today I noticed many errors on one of my websites. Looking closer into it, I noticed that the code for the mo_references Drupal module stopped working.

It took me some time, especially because the code seemed to work just fine as all the files could easily be displayed.

Actually, that was not the case. The unpack() character 'a', which I used, was transformed from a simple string that gets trimmed, to all the characters, including the NULL characters. Ouch! Now we have to use the 'Z' character instead.

I use it to unpack() a tar file by loading 512 bytes of data in a ...

Sep 27 00:58:42 halk postfix/error[16751]: 628254C02F0: to=<>, relay=none, delay=1.8, delays=0.06/1.6/0/0.14, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to[]:25: Connection timed out)

My syslog was filled up with errors such as this one:

    Sep 27 00:58:42 halk postfix/error[16751]: 628254C02F0: to=<>,
    relay=none, delay=1.8, delays=0.06/1.6/0/0.14, dsn=4.4.1, status=deferred
    (delivery temporarily suspended: connect to[]:25:
    Connection timed out)

I've been wordering for a while, since I can use Thunderbird with a direct connection to my server, I was not too concerned, but tonight I really needed to support those emails because I have work to do that requires it.

Got NVG510 to setup?
Hacking my ...

Drupal blocks all disappeared!

Today I had an interesting experience... all of a sudden, all the blocks of a given theme disappeared.

It has been working just fine for months, so I really wasn't sure what the heck it could be.

The fact was that the theme was called the same as the module (as I work for a given client, I tend to do that...)

At some point, I must have added a function with a specific name and that would influence the theme. The result being blocks going bye bye!

I checked and the block content is computed just fine, the problem is the theme('block', $block) call. Although the ...

AddThis is down, how to prevent the slow download of your pages?

Today AddThis is down, big time! For hours...

So to make my websites load faster (although I did not delete all the caches, which is a problem too?!) I removed the functionality. If you have Drupal, there is what I have done to leave the settings the same but still hide the AddThis button and thus get all the pages of all my websites to load fast.

First we remove the link by returning an empty array:

 * Implementation of hook_link(). 
function addthis_link($type, $node=NULL, $teaser = FALSE) {
return array(); // immediate return
  $links = array();

  if ($type ===  ...

Testing your memory on a live Linux system

Today I wanted to test the memory on a remote server. I could not just reboot and run memtest86+ so instead I had to look for a different solution to testing most of the computer memory without having to reboot...

I found an interesting page in that regard describing a way to do so using md5sum on a very large file.

The is a verbatim copy of the Linux command line proposed.

  dd if=/dev/urandom bs=768304 of=/tmp/memtest count=1050
   md5sum /tmp/memtest; md5sum /tmp/memtest; md5sum /tmp/memtest

The size, 768304 is expected to be close to your memory size. You should know how much memory

Attack by Bots

Since the ZmEu attack, I've been watching my logs a little closer. I also found a page that I could not read (but Google could and was kind enough to provide a cached version.) That page listed many bots that are not nice bots. So? I decided to block some of them, especially those that use very bad URLs or load many pages too quickly.

The result is that I'm getting more and IP addresses in my firewall. Although they get removed in a schedule that I will not state here, I can tell you that each time I block tenth when not hundredth of useless hits (worst than that at times those could be

There are some forms where Drupal '#size' does not seem to work, why?!

I created a form a while back and included an entry like this:

  '#size' => 10

in several text fields of the form. Especially useful when you add a suffix:

  '#field_suffix' => 'Something'

But that would not do anything... I looked at the output of the form and it looked 100% correct. In other words, the input tag had its size="10" properly set. So the next step was to find whether some CSS code would be in the way.

You bet! The node.css file includes the following:

C++ automatic optimizations

Once in a while I check how the compilers are behaving in such and such situations to make sure that when I wrote code it gets properly optimized. Today I was surprised as I tried to put a break point of a variable and it looked like the compiler wasn't using it. Indeed, the optimizer 100% removed the variable from the final code. Quite interesting since trying to reverse engineer this assembly language would probably end up using a goto statement... (ouch!)

The code goes more or less like this:

[toc hidden:1]

Extremely slow pg_connect() call

Got to setup a new server and first got the firewall to where I wanted it to be:

  • Block everything except ssh, Apache, SMTP, a few other things, but really not much more than that.
  • Block everything with IPv6 since we don't use it.

Then I installed Apache and a couple of websites.

The first one finally started to work, but it was so very slow to show up. I checked the code, the database, nothing wrong... And the database is lightning fast! ( in comparison to our previous server that is.)

So I wondered and thought maybe that my Apache firewall is in the way. I turned it ...

Syndicate content Syndicate content

Diverse Realty

Diverse Realty Team

Want a New Home?
Want to Sell Your House?

Call Alex at
+1 (916)
220 6482

Alexis Wilke, Realtor
Lic. # 02024063

Cory Marcus, Broker
Lic. # 01079165


Terms of Site Index

Find the page/content you are looking for with our index.

  • captcha
  • customer
  • ext2
  • RAID

    Redundant Array of Independent Disks most often used to have your data duplicated between multiple disks for safety and fast access.

  • VLC