Search Results

Search found 18715 results on 749 pages for 'website attack'.

Page 37/749 | < Previous Page | 33 34 35 36 37 38 39 40 41 42 43 44  | Next Page >

  • Should I be worried about a ReDOS attack?

    - by PeeHaa
    Can the following code be use to ReDOS attack my site? Or will it just be ended when the max_execution_time is exceeded or is it a problem of the past? I use the following code to validate emailaddresses on my sites (by Douglas Lovell): function validate_email($email) { $isValid = true; $atIndex = strrpos($email, "@"); if (is_bool($atIndex) && !$atIndex) { $isValid = false; } else { $domain = substr($email, $atIndex+1); $local = substr($email, 0, $atIndex); $localLen = strlen($local); $domainLen = strlen($domain); if ($localLen < 1 || $localLen > 64) { // local part length exceeded $isValid = false; } else if ($domainLen < 1 || $domainLen > 255) { // domain part length exceeded $isValid = false; } else if ($local[0] == '.' || $local[$localLen-1] == '.') { // local part starts or ends with '.' $isValid = false; } else if (preg_match('/\\.\\./', $local)) { // local part has two consecutive dots $isValid = false; } else if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain)) { // character not valid in domain part $isValid = false; } else if (preg_match('/\\.\\./', $domain)) { // domain part has two consecutive dots $isValid = false; } else if(!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/', str_replace("\\\\","",$local))) { // character not valid in local part unless // local part is quoted if (!preg_match('/^"(\\\\"|[^"])+"$/', str_replace("\\\\","",$local))) { $isValid = false; } } if ($isValid && !(checkdnsrr($domain,"MX") || checkdnsrr($domain,"A"))) { // domain not found in DNS $isValid = false; } } return $isValid; }

    Read the article

  • Apache attack on compromised server, iframe injected by string replace

    - by Quang-Tuan Luong
    My server has been compromised recently. This morning, I have discovered that the intruder is injecting an iframe into each of my HTML pages. After testing, I have found out that the way he does that is by getting Apache (?) to replace every instance of <body> by <iframe link to malware></iframe></body> For example if I browse a file residing on the server consisting of: </body> </body> Then my browser sees a file consisting of: <iframe link to malware></iframe></body> <iframe link to malware></iframe></body> I have immediately stopped Apache to protect my visitors, but so far I have not been able to find what the intruder has changed on the server to perform the attack. I presume he has modified an Apache config file, but I have no idea which one. In particular, I have looked for recently modified files by time-stamp, but did not find anything noteworthy. Thanks for any help. Tuan. PS: I am in the process of rebuilding a new server from scratch, but in the while, I would like to keep the old one running, since this is a business site.

    Read the article

  • Tricks and Optimizations for you Sitecore website

    - by amaniar
    When working with Sitecore there are some optimizations/configurations I usually repeat in order to make my app production ready. Following is a small list I have compiled from experience, Sitecore documentation, communicating with Sitecore Engineers etc. This is not supposed to be technically complete and might not be fit for all environments.   Simple configurations that can make a difference: 1) Configure Sitecore Caches. This is the most straight forward and sure way of increasing the performance of your website. Data and item cache sizes (/databases/database/ [id=web] ) should be configured as needed. You may start with a smaller number and tune them as needed. <cacheSizes hint="setting"> <data>300MB</data> <items>300MB</items> <paths>5MB</paths> <standardValues>5MB</standardValues> </cacheSizes> Tune the html, registry etc cache sizes for your website.   <cacheSizes> <sites> <website> <html>300MB</html> <registry>1MB</registry> <viewState>10MB</viewState> <xsl>5MB</xsl> </website> </sites> </cacheSizes> Tune the prefetch cache settings under the App_Config/Prefetch/ folder. Sample /App_Config/Prefetch/Web.Config: <configuration> <cacheSize>300MB</cacheSize> <!--preload items that use this template--> <template desc="mytemplate">{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}</template> <!--preload this item--> <item desc="myitem">{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX }</item> <!--preload children of this item--> <children desc="childitems">{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}</children> </configuration> Break your page into sublayouts so you may cache most of them. Read the caching configuration reference: http://sdn.sitecore.net/upload/sitecore6/sc62keywords/cache_configuration_reference_a4.pdf   2) Disable Analytics for the Shell Site <site name="shell" virtualFolder="/sitecore/shell" physicalFolder="/sitecore/shell" rootPath="/sitecore/content" startItem="/home" language="en" database="core" domain="sitecore" loginPage="/sitecore/login" content="master" contentStartItem="/Home" enableWorkflow="true" enableAnalytics="false" xmlControlPage="/sitecore/shell/default.aspx" browserTitle="Sitecore" htmlCacheSize="2MB" registryCacheSize="3MB" viewStateCacheSize="200KB" xslCacheSize="5MB" />   3) Increase the Check Interval for the MemoryMonitorHook so it doesn’t run every 5 seconds (default). <hook type="Sitecore.Diagnostics.MemoryMonitorHook, Sitecore.Kernel"> <param desc="Threshold">800MB</param> <param desc="Check interval">00:05:00</param> <param desc="Minimum time between log entries">00:01:00</param> <ClearCaches>false</ClearCaches> <GarbageCollect>false</GarbageCollect> <AdjustLoadFactor>false</AdjustLoadFactor> </hook>   4) Set Analytics.PeformLookup (Sitecore.Analytics.config) to false if your environment doesn’t have access to the internet or you don’t intend to use reverse DNS lookup. <setting name="Analytics.PerformLookup" value="false" />   5) Set the value of the “Media.MediaLinkPrefix” setting to “-/media”: <setting name="Media.MediaLinkPrefix" value="-/media" /> Add the following line to the customHandlers section: <customHandlers> <handler trigger="-/media/" handler="sitecore_media.ashx" /> <handler trigger="~/media/" handler="sitecore_media.ashx" /> <handler trigger="~/api/" handler="sitecore_api.ashx" /> <handler trigger="~/xaml/" handler="sitecore_xaml.ashx" /> <handler trigger="~/icon/" handler="sitecore_icon.ashx" /> <handler trigger="~/feed/" handler="sitecore_feed.ashx" /> </customHandlers> Link: http://squad.jpkeisala.com/2011/10/sitecore-media-library-performance-optimization-checklist/   6) Performance counters should be disabled in production if not being monitored <setting name="Counters.Enabled" value="false" />   7) Disable Item/Memory/Timing threshold warnings. Due to the nature of this component, it brings no value in production. <!--<processor type="Sitecore.Pipelines.HttpRequest.StartMeasurements, Sitecore.Kernel" />--> <!--<processor type="Sitecore.Pipelines.HttpRequest.StopMeasurements, Sitecore.Kernel"> <TimingThreshold desc="Milliseconds">1000</TimingThreshold> <ItemThreshold desc="Item count">1000</ItemThreshold> <MemoryThreshold desc="KB">10000</MemoryThreshold> </processor>—>   8) The ContentEditor.RenderCollapsedSections setting is a hidden setting in the web.config file, which by default is true. Setting it to false will improve client performance for authoring environments. <setting name="ContentEditor.RenderCollapsedSections" value="false" />   9) Add a machineKey section to your Web.Config file when using a web farm. Link: http://msdn.microsoft.com/en-us/library/ff649308.aspx   10) If you get errors in the log files similar to: WARN Could not create an instance of the counter 'XXX.XXX' (category: 'Sitecore.System') Exception: System.UnauthorizedAccessException Message: Access to the registry key 'Global' is denied. Make sure the ApplicationPool user is a member of the system “Performance Monitor Users” group on the server.   11) Disable WebDAV configurations on the CD Server if not being used. More: http://sitecoreblog.alexshyba.com/2011/04/disable-webdav-in-sitecore.html   12) Change Log4Net settings to only log Errors on content delivery environments to avoid unnecessary logging. <root> <priority value="ERROR" /> <appender-ref ref="LogFileAppender" /> </root>   13) Disable Analytics for any content item that doesn’t add value. For example a page that redirects to another page.   14) When using Web User Controls avoid registering them on the page the asp.net way: <%@ Register Src="~/layouts/UserControls/MyControl.ascx" TagName="MyControl" TagPrefix="uc2" %> Use Sublayout web control instead – This way Sitecore caching could be leveraged <sc:Sublayout ID="ID" Path="/layouts/UserControls/MyControl.ascx" Cacheable="true" runat="server" />   15) Avoid querying for all children recursively when all items are direct children. Sitecore.Context.Database.SelectItems("/sitecore/content/Home//*"); //Use: Sitecore.Context.Database.GetItem("/sitecore/content/Home");   16) On IIS — you enable static & dynamic content compression on CM and CD More: http://technet.microsoft.com/en-us/library/cc754668%28WS.10%29.aspx   17) Enable HTTP Keep-alive and content expiration in IIS.   18) Use GUID’s when accessing items and fields instead of names or paths. Its faster and wont break your code when things get moved or renamed. Context.Database.GetItem("{324DFD16-BD4F-4853-8FF1-D663F6422DFF}") Context.Item.Fields["{89D38A8F-394E-45B0-826B-1A826CF4046D}"]; //is better than Context.Database.GetItem("/Home/MyItem") Context.Item.Fields["FieldName"]   Hope this helps.

    Read the article

  • Cracking Websites with Cross Site Scripting

    - by Akemi Iwaya
    You may have heard the term ‘cross site scripting’ before, but what exactly is ‘it’ and why is it dangerous for a website? YouTube channel Computerphile presents a nice primer on the ‘how and why’ of cross site scripting and the dangers it presents in their latest video. Cracking Websites with Cross Site Scripting – Computerphile [YouTube]     

    Read the article

  • What should you do differently when designing websites for an embedded web server

    - by Roger Attrill
    When designing a website to be accessed from an embedded webserver such as KLone, what do you need to do differently compared to a 'standard' web server. I'm talking about considerations at the front end design stage, before the actual building and coding up. For example, typically in such situations, memory size is a premium, so I guess larger images are out, and maybe more attention should be focused on achieving a good look and feel using CSS/Javascript rather than bitmap images.

    Read the article

  • Is Live Chat a valuable feature?

    - by Jim
    Does having a live chat feature on a website increase conversions enough to cover the cost administration? Most of the data I have found comes from companies selling live chat solutions and is unreliable in my opinion. Do users find this as a valuable feature or an annoyance? Personally, I'm annoyed by sites that use live chat especially when a little box pops up without my explicit request, but if users find this valuable then I should consider implementing it. Any concrete data is appreciated.

    Read the article

  • Why do none-working websites look like search indexes?

    - by Asaf
    An example of this could be shown on every .tk domain that doesn't exist, just write www.givemeacookie.tk or something, you get into a fake search engine/index Now these things are all over, I use to always ignore it because it was obvious just a fake template, but it's everywhere. I was wondering, where is it originated (here it's searchmagnified, but in their website it's also something generic) ? Is there a proper name for these type of websites?

    Read the article

  • Why do non-working websites look like search indexes?

    - by Asaf
    An example of this could be shown on every .tk domain that doesn't exist, just write www.givemeacookie.tk or something, you get into a fake search engine/index Now these things are all over, I use to always ignore it because it was obvious just a fake template, but it's everywhere. I was wondering, where is it originated (here it's searchmagnified, but in their website it's also something generic) ? Is there a proper name for these type of websites?

    Read the article

  • Punch Line Marketing

    - by jackman
    There are so many "punch line" websites like: http://www.thatswhyyoufail.com www.canrailsscale.com/ www.nooooooooooooooo.com/ but it's a mystery how they ever get so popular. I have an idea for a punch line website too, but I want to make it BIG! Does anyone have any tips for marketing these kinds of sites? p.s. and no, I do not own any of these sites, and am not disguising it as a question to market them lol.

    Read the article

  • Best method to do A B testing across to subdomains

    - by Lior
    I want to do an A B test of an entire site for a new design and UX with only slight changes in content (a big brand site that has good Google rankings for many generic keywords. My idea of implementation is doing a 302 redirect to the new version (placing it on www1 subdomain) and allowing only user agents of known browsers to pass. The test version will have disallow all in the robots text. Will Google treat this favorably or do I have to use Google Website Optimizer (which will give me tracking headaches)?

    Read the article

  • Desktop Software to monitor online status of web site and web-based application

    - by pansp
    I'm basically looking for a desktop-based software which can monitor my company's website and the web application's online availability. I know there are few online applications like Uptime Robot which does the same work but I have been asked to find a desktop based software which can monitor running in system tray and notify any down-time. A free software would be great. Any help would be appreciated. Thanks!

    Read the article

  • Will multivariate (A/B) testing applied with 302 redirects to a subdomain affect my Google ranking?

    - by Lior
    I want to do an A B test of an entire site for a new design and UX with only slight changes in content (a big brand site that has good Google rankings for many generic keywords. My idea of implementation is doing a 302 redirect to the new version (placing it on www1 subdomain) and allowing only user agents of known browsers to pass. The test version will have disallow all in the robots text. Will Google treat this favorably or do I have to use Google Website Optimizer (which will give me tracking headaches)?

    Read the article

  • Using MLP, how to make a link to the according page in the other languages?

    - by lyle
    the question says it all, but here's a bit more detail: I help building a bilingual website using MLP on TextPattern. It's trivial to put a link to the top level page of another language, but how to put a link to the current page in another language? Eg. /en/contact should link to /de/kontakt (the same article in another language). I'm sure there are some variables somewhere that I could put into the template that would be filled with the correct links. Thankx in advance. :)

    Read the article

  • The Best Title for my Skill Set [closed]

    - by nickelpickle
    I'm about to branch off into the freelance world. I'm starting an LLC and I'd like some input on what I should title myself as the owner. For example "creative specialist" or "creative technician" or something like that. My services would be: Website design / development Graphic design: icon design, templates, web graphics, business cards / brochures / letterheads / etc. Writing: content writing/copywriting, technical writing, editing / proofreading / copyediting Photography, photo editing Does anybody have any ideas on some general terms that would apply to this type of business?

    Read the article

  • Website not reachable via mobile device

    - by sanders
    I have this very strange problem with a website. The site works normal when coming from a webbrowser which is non-mobile. But when trying to reach the site via a mobile device (tried different browsers) it doesn't get to the website. The only error I see is: This website is not available and the message is: DNS_PROBE_POSSIBLE Does anyone know where I should look for the problem. The website is based on Joomla. The Url of the site is: http://bit.ly/1bOToII

    Read the article

  • What's your hobby website; do you maintain it for your users or yourself?

    - by Glennular
    What is your hobby website? Do you care if it has high traffic or is it more for personal satisfaction? When deciding on the features to implement are you taking in to consideration the needs of general user-base or features you really want to build? What balance do you use to keep yourself satisfied as well as your users? When do you feel your site is able to release to the world? Do you release it initially and hope for anticipatory beta group? or wait till you have a solid built set of features?

    Read the article

  • Is it possible to use DLR in a .NET 3.5 website project?

    - by Aplato
    I'm trying to evaluate an expression stored in a database i.e. "if (Q1 ==2) {result = 3.1;} elseif (Q1 ==3){result=4.1;} else result = 5.9;" Rather than parsing it myself I'm trying to use the DLR. I'm using version .92 from the Codeplex repository and my solution is a .NET 3.5 website; and I'm having conflicts between the System.Core and Microsoft.Scripting.ExtenstionAttribute .dll's. Error = { Description: "'ExtensionAttribute' is ambiguous in the namespace 'System.Runtime.CompilerServices'.", File: "InternalXmlHelper.vb" } At this time I cannot upgrade to .NET 4.0 and make significant use of the .net 3.5 features (so downgrading is not an option). Any help greatly appreciated.

    Read the article

  • Website content hosted with Google. Good or bad?

    - by user305052
    I recently decided to host my styles.css and various scripts on Google Docs and link them into my website. I also have all my images hosted through Picasa so that they too will load much faster and consistently across users. My site has most of its traffic from Japan, Africa, and South America, so I assume there will be a performance boost for my users since my server is hosted in Hong Kong. I (in Canada) have measured my load times to be half of what they used to be. Basically it's a free CDN for my personal stuff. I'm not too sure about all of this yet, so here's my question: what are the caveats of this setup?

    Read the article

  • What's the best license for my website?

    - by John Maxim
    I have developed a unique website but do not have a lot of fund to protect it with trademark or patents. I'm looking for suggestions so that when my supervisor gets my codes, some laws restrict anyone from copying it and claim their work. I'm in the middle of thinking, making the application a commercial one or never allowing it to be copied at all. What kind of steps am I required to take in order to make full measurements so my applications are fully-protected? I've come across a few, one under my consideration is MIT license. Some say we can have a mixture of both commercial and MIT. I would also like to be able to distribute some functions so it can be modified by others but I'd still retain the ownership. Last but not least, it's confusing when I think of protecting the whole website, and protecting codes by codes in division. How should we go about this? Thanks. N.B I have to pass it over to the supervisor as this is a Uni project. I need this to be done within 2 weeks. So time to get my App protected is a factor here.

    Read the article

  • Oracle’s FY14 Partner Kickoff Recap & New OPN Website

    - by Kristin Rose
    There is no doubt that we are off to a strong FY14! Now that Oracle’s Global Partner Kickoff has come and gone, it’s time to take what we have learned and focus on having the strongest year ever! To quote Oracle pilot, Sean D. Tucker, “FY14, it’s all about growth baby!” Here are some of the ways you can grow with Oracle! Sell into accounts where Oracle isn’t selling directly Offer customer added value solutions leveraging our technology Offer deep market capabilities that leverage transformative technology Be aggressive, sell the entire stack, engage with Oracle in the marketplace and get engineered for growth! With this being said, we also know that to have the strongest year ever, you also need the strongest tools ever! Ladies and gentleman, in case you missed its debut during Oracle’s Global Partner Kickoff, let OPN introduce you to the newly redesigned, Oracle PartnerNetwork website, providing  easy access to key business processes, systems and resources! We took your advice and implemented the following enhancements: A new OPN home page, highlighting paths to top tasks Streamlined top navigation New business process focused pages Restructured Knowledge Zone areas (currently applied to select pages) Learn more about the new Oracle PartnerNetwork website and all that Oracle has to offer, by watching the FY14 Global Partner Kickoff replay video below! Thank you for your hard work and partnership in FY13, here’s to an even stronger FY14! Good Selling, The OPN Communications Team

    Read the article

  • Our New Website Header (& Other Tweaks)

    - by justin.kestelyn
    Last week, the Oracle Technology Network Website went fixed-width. There are several reasons for this, most relating to providing a consistent user experience, easier management of Website content, etc. Furthermore, it's fairly standard for developer portals these days - java.sun.com, MSDN, and IBM DeveloperWorks are also all fixed-width sites. (My apologies to everyone who is unhappy about this change, but it really is an overall positive one.) Today, we have rolled out a brand-new header, the first step in what we call the "Mosaic" project - which is an effort to make the user experience across all Oracle Websites more consistent. To summarize the impact: The "pull-down" menus on the OTN site disappear; most of them move into a "flyout" button in the header. You can access the OTN flyout from any page on Oracle.com or the OTN site. Great for our page views. :) You also have direct access to the Downloads index from anywhere on Oracle.com. If you so desire, you can directly access product overviews, Oracle University and Support info, Oracle Store, etc etc from the OTN site now. Due to limited space in the flyout we cannot accommodate *all* the pull-down items, but they are all no more than 1 or 2 clicks away. This approach has been validated in extensive user testing over the last few months; I welcome your feedback now in comments. There are many other changes in train, with the next one being: A major homepage redesign, the first in 4 or 5 years.

    Read the article

  • Scalable solution for website polling

    - by Tom Irving
    I'm looking to add push notifications to one of my iOS apps. The app is a client for a website which doesn't offer push notifications. What I've come up with so far: App sends a message to home server when transitioning to background, asking the server to start polling the website for the logged in user. The home server starts a new process to poll for that user. Polling happens every so many seconds / minutes. When the user returns to the iOS app, the app sends a message to the home server to stop polling. The home server kills the process polling for the user. Repeat. The problem is that this soon becomes stupid: 100s of users means 100s of different processes. It's just not scalable in the slighest. What I've written so far is in PHP, using CURL to do the polling and I started with PHP a few days ago, so maybe I'm missing something obvious that could help me with this. Some advice would be great.

    Read the article

  • Tracking state of a one time event on a big website

    - by Mattis
    Assume a website with 250 million active users. I add a new feature to the website. Once a user visits I want to use a short tutorial to teach them how to use said feature. I only want them to complete the tutorial once (or actively click it away). What is the smart way to code the verification check for this? How do I track the progress in the database? Having a separate table with like NewTutorial_completed = 1 for user_id = 21312315 would just snowball. It also feels intuitively bad to check for every one-time event for every user on every page view. While writing the question I got one idea, to have a separate event log that is checked periodically for any new action the user need to see or perform. I push events to this log and once they are completed they are removed from the log. No need to store NewTutorial_completed = 1-type variables this way. I am sure this is a common problem. I would appreciate any input on what best practice is.

    Read the article

  • Changing website Url - Am I making an SEO mistake

    - by Denis
    I have a webiste with a .com domain that is a year old. The business is a shop based in Ireland and I have purchased a .ie domain. I plan to move the website over to the new domain, SEO Good or Bad idea? Old Url - SmythsOfTerenure.com | New Url - SmythsComputerRepair.ie (I am using Fake names and fictional business in the example Url's) The new domain has my main keyword in it. The old domain has my family name and business location (city district) It currently ranks high for lots of relevant keywords in Google with low traffic and low competition. Current website traffic is about 80 session per week. 80% of that traffic is Organic from Google. I am changing domain in an attempt to help SEO long term by having a CC TLD (.ie rather than .com) and having my main Keyword in the domain. I plan to do 301 re-directs from old to new and update GW Tools and G Analytics but am I making a mistake changing it at all as I know rankings may fall in the sort term. Homepage PR=0 and very few inbound links. Should I just leave it on the old domain? Or after a few months should I be back up ranking as well as I am now?

    Read the article

  • Multilingual website without language component in the URL

    - by user359650
    I'm working on a website for Canada which will have French and English versions. For SEO purposes, I would like to avoid using any language tag in URLs because I believe it will have more impact (e.g. example.ca/products better than en.example.ca/products or example.ca/en/products). I believe this is technically possible because the2 languages are sufficiently different that the URLs won't be conflicting with one another (e.g. if you want a "product" page, it will be /products in English, and /produits in French so you know which language the URL is about). Since Google (and most likely others) doesn't rely on the URL (nor HTML tags) to determine the content language I don't see any problems with search engines. To make this possible I've thought about using a cookie distinct from the session cookie (e.g. example.org_language) with long term expiry (e.g. N years) that will memorize the language chosen by the user. That way when people visit the website with a new browser session, they get served the proper language. I have already given up on users being able to switch one page from English to French: when people will chose English or French from the menu they will be redirected to the corresponding version of the home page. Do you foresee any problems with not using a language component in the URL (whether domain or path)? (as long as one makes sure URLS don't conflict).

    Read the article

< Previous Page | 33 34 35 36 37 38 39 40 41 42 43 44  | Next Page >