Dedicated to my late brave, beautiful and silly mummy, Debra Ross. I love you mumster.

Skip navigation

Eventually there will be posts with substance

2008.12.20 – 23.47 UTC+08 (Singapore Time)

Promotional image from the Starbucks Singapore Christmas page
Promotional image from the Starbucks Singapore Christmas page

Given my blog has been under siege over the last week with code injections and having my webhost blocked by several ISPs because of the fact they host some less than reputable characters’ scamming and spamming sites, my writing spree that was so instrumental in allowing me to maintain my sanity during exams and bad news worldwide has been abruptly stopped.

For this reason I decided this Friday evening as I drink my Starbucks Toffee Nut Latte which you can only get at Christmas, I thought I’d break another blogging rule that states you shouldn’t abruptly interrupt a post dry spell by creating a pointless entry that really has no merit or that can’t really stand on it’s own.

By using a proxy server. To access my own site. What a rip.

I’m working through the transition to my new webhosts as we speak, and it’s surprisingly difficult but not because it’s complicated, rather it’s ridiculously time consuming. I’ll definitely be looking back at this and laughing.

“Christmas 2009 you ask? Well, I worked on moving webhosts and changing over 2 gigabytes of data because my old webhost stopped screening the sites they host for illegal activity and as a result my current sites crumbled! You?”

I wonder if P.G. Wodehouse had these kind of problems with his blog and webhosts. Wooster would have just had Jeeves sort it out for him no doubt.

Categories: weblog
Tags: ,

Post comment -   Post to del.icio.us

Servage hacking, Rubenerd blocking update

2008.12.17 – 17.03 UTC+08 (Singapore Time)

Perl Perl Perl
I can’t say I ever thought I’d be using Perl as a last resort emergency security tool. Sheesh Servage, get your act together.

My first few days back in Singapore have been eventful to say the least. I could have said they were uneventful, but that would have been inaccurate and would also have contradicted what I just wrote. And the last thing I want to do here is look ridiculous. Well, any more ridiculous than I look now walking down from my apartment building to Orchard Road while I type this post on my iPhone.

ASIDE: I used to mock people who spent more time looking at their phones than paying attention to where they were walking; now with this ridiculously useful iPhone I’m guilty of the exact same behaviour. Walking into light poles seems to be my divine punishment for this hypocricy.

Yes back to eventfulness, since coming back here last Saturday morning, I’ve had my first major problems with online hacking of my sites, to a degree I never thought possible. So far RubenerdShow.com and the associated subdirectories such as this blog have been the victim of 12 code injection attacks as a result of poor security standards on my webhost. I dislike it when people shift the blame onto others, but all my permissions are set perfectly and the attacks are coming from within my host’s IP range, so it’s a matter of lax internal security due to what I suspect is poorly enforced group permissions.

Bruce Schneier! As Bruce Schneier said in his Secrets and Lies tome which I admit I’ve read more than three times, internal threats are often more dangerous than external ones, though they often get placed second in priority. I am a huge fan of Bruce Schneier, I even wrote about the Bruce Schneier Facts website back in 2006. Very fun distraction when all this nasty stuff is going on!

For Servage this isn’t new; a quick Google search for Servage Hack returns thousands of results. Even Flickr has a couple of screenshots by people showing their sites and even the Servage host site itself being hacked.

Perhaps as a result of this or because Servage has also been caught hosting hundreds of spam and credit card fraud sites, the StarHub ISP here in Singapore has seemed to start blocking all Servage hosted material. As I sit here at Starbucks now in Tanglin Mall it seems SingTel haven’t filtered it, but given Singaporean ISP’s general low tolerance when it comes to abuse of their systems I worry they may be next.

ASIDE: For those interested in the attacks themselves, it seems shady Servage users have been inserting javascript into the first line of my index.php files and modifying my .htacess files to redirect to other sites. This despite all my permissions being set to allow myself to read and write, but others in the group to only read. I don’t know what else I can do to block these changes.

I’ve written a trivial Perl script to check the modification dates of every file on the server, and if it doesn’t match a list of predetermined values it deletes the hacked/modified file and restores it, then logs the change. This seems to have stopped all the attacks but it really is a clumsy measure. Servage need to get their act together, because it’s not just me this is affecting.

Suffice to say, I am already in the process of moving over all my material to Segment Publishing hosting and Ourmedia instead of using Servage as well. I had kept Segpub for use only for my university blog, but they’ve proven themselves for their stellar reliability and great service. They do cost more than Servage, but as I’ve learned from this experience cost shouldn’t be the primary consideration. As a student I do have a stretched budget, but if I have to pay a few dollars extra a month for peace of mind, a server running FreeBSD and my own dedicated IP address that I don’t have to share with hundreds of other sites — some of which engage in criminal activities — I think it’s worth it.

Bruce Schneier!
Segpub Christmas cheer!

What frustrates me is that it’s my own home ISP StarHub that has blocked Servage, which means I have to use a proxy to access my own site. I’ll be doing some serious cleaning up of my MySQL tables and I’ll be exporting them hopefully today or tomorrow.

Interestingly enough, this blog and all the images used within are quite small. Exporting gigabytes worth of Rubenerd Shows recorded since 2005 and re-uploading them to Ourmedia will be a painfully slow process, but I think it will pay for itself pretty quickly.

Will be keeping you up to date, and thank you everyone for your patience. Because of the difficulty I’m having right now accessing this site, if you want to leave comments you may want to just email me instead, rubenschade\\\at///gmail[[[dot]]]com, with the slashes and braces removed.

What a great thing to be dealing with over my preciously short Christmas holiday break. Though I guess had this happened during an exam period it would have been much more disastrous to deal with. Bummer though.

Categories: security, singapore, weblog
Tags: , , , ,

Post comment -   Post to del.icio.us

RubenerdShow.com and Servage have just been blocked

2008.12.15 – 23.11 UTC+08 (Singapore Time)

This is a shorter message because I don’t have much time here. It seems the reason why I haven’t been able to access my blog and Servage.net over the last few days here at home hasn’t been because my site is offline or down, but it seems that my webhost (and all the sites they host) is being blocked for some Singapore Starhub internet customers.

I am accessing my site now through a proxy. Google Reader seems unaffected.

This is extremely serious. I have long suspected Servage has been hosting some less than reputable sites, and with the latest code injection attacks which have been happening on my blog since Sunday on my site and on dozens of other Servage customer’s sites, I suspect Starhub have taken action against them.

I will be moving all my Rubenerd Shows which collectively account for around 92% of my bandwidth onto Ourmedia, and I’ll be moving my remaining sites over to Segpub (FreeBSD webhost in Australia with dedicated IP addresses, SFTP and SSH) once and for all. Perhaps this is the final wakeup call I needed to get my arse into gear and make the transition!

Servage were ultra affordable back when I thought the internet was a nice toy, but they’re lack of adequate checks on what they host and these security lapses have made me lose what little shred of confidence I had in them. I don’t approve of Starhub’s move to block all sites hosted by them, but I can at least see their reasoning, and can somewhat understand.

Stay tuned for further developments. This will no doubt be taking me this next week to do. What are you doing for your holidays?

Categories: security, singapore, weblog
Tags: , , ,

Post comment (1) -   Post to del.icio.us

Moving over to Segment Publishing!

2007.11.13 – 20.07 UTC+08 (Singapore Time)

Today it’s official, I’m moving over all my internet paraphernalia to Segment Publishing, a web hosting company in my birth city of Sydney in Australia!

Segment Publishing

Unlike every other web host I’ve done business with in the past, Segpub give you full SSH access to your home account, secure FTP, they give you your own unique IP address, their logo is a kawaii face… how could I refuse? But probably the two most striking features that drew me to them was the fact they run FreeBSD which just thrills my socks off, and… they’re not Servage. That last point in particular was very important.

Servage… didn’t

If you’re one to revel in Schadenfreude you would have loved reading my woes with my current web host over this last year, especially my latest experience with my MySQL tables being down for a whopping 4 days!

I figured that disaster plus the 2 cumulative days in total from the rest of the year (a conservative estimate, I’m sure it was more) puts the total uptime for 2007 for the Rubenerd Show and Rubenerd Blog to 98.63%, a far cry from their stated 99.98%. That said in either case I wouldn’t have minded so much had they either given me some form of warning or maybe even a discount for the times they weren’t able to provide service for the reason of the month.

Their "intermittently reliable" physical service is a shame because their technical support system is excellent. Support tickets I submitted never took more than a day to answer, and they always seemed happy to elaborate and explain points further when I replied asking for clarification.

Ironically the day I registered with Segpub on the 07th, Servage upgraded the design of their site and added new features. Go figure.

The move is on!

Lots and Lots of Boxes!

So by the end of this week this whole mess of a site will be lifted up and moved over to Segpub. I’m taking the opportunity to clean out my public_html folder while I’m at it. There are so many orphaned files and old Perl scripts from previous projects that are all just begging to be spring cleaned.

Categories: internet, weblog
Tags: , , ,

Post comment -   Post to del.icio.us

Servage takes site offline for 3 days

2007.10.27 – 16.55 UTC+08 (Singapore Time)

Well Servage went and did it again. For the second time in a year their service was interrupted for more than two consecutive days. This time they stuffed up the MySQL server where all my WordPress installations are stored:

Servage status

You read it right: they claimed it will cause slowness. I think they were supposed to say not work at all!

With the release of OS X Leopard last night, it was if they looked up one of the most important days of the year for this site and made it their mission to take it offline during that time. One of those things that no doubt will be hilarious in a few months, but for now is maddening.

Anyway so the SQL server seems to be having intermittent periods of responsiveness in amongst the phonebook length pages of errors, giving me just enough time to post this message. Word to those who want a reliable web host that has decent uptime and warns you in advance before they take your site offline for several days at a time, stay well clear of Servage.

Categories: internet, weblog
Tags: , ,

Post comment (2) -   Post to del.icio.us

Wordpress and webserver status

2005.11.26 – 17.01 UTC+08 (Singapore Time)

Ruben's RapidWeaver Blog

Okay, I caved. Again.

Looking into Wordpress again. I was just reading John C. Dvorak’s (http://dvorak.org/blog/) and even he’s using it, high praise indeed. I still don’t like using databases though for such small projects, just had bad experiences with them too often in the past. Then again, I’m still giving some thought to it.


Dvorak: He Gets No Spam

Here’s the problem: I want to have a blog, and at the moment I’m using RapidWeaver for Mac OS X, which is actually a brilliant program. But therein lies the catch: my PowerMac G5 has X on it, but my only laptop (my G3 iBook) has Gentoo Linux 2005.1 on it because X runs so slowly on it; Gentoo runs lightning fast on it. Anyway so when I go to Malaysia and Singapore for Christmas to see the Mumster and the Father (and the sissta) I won’t have a Mac to post on this blog!

There’s also something appealing with having a server-side program doing this stuff too, not a client based program; it would eliminate all the uploading step altogether.

I’ll have to check with Servage (my webhost) and see how easy it is to do database backups, because I’m thinking of moving off them for good. I’m so fed up with their slow and unreliable FTP server, and EVERY mp3 podcast file I uploaded for The Rubenerd Show was corrupted. I’ve managed to upload all my files to my account on Ourmedia which uses the Internet Archives server space, so it’s miles faster and more reliable. With this in mind it’s not really necessary for me to have a web host that provides gigs upon gigs of space anymore, especially considering I’m a uni student and don’t exactly have millions of dollars to throw around!

Categories: weblog
Tags: , ,

Comments Off -   Post to del.icio.us