ztrauq

Here's mine...

Paul (McCartney) Hehe... one of the first sets of names that I learned growing up were the names of the Beatles. Strangely enough, the only Beatles music I really like to listen to are the instrumental versions...

From what I'm hearing, it doesn't look like secured FTP (at least with out special shell access request) will be showing up any time soon. While I don't agree with this decision, I do definitely understand the rationale behind it, as the FTP connections don't have the security headache that allowing people direct shell access to the system can cause. Still, are there any other workarounds to this? I've been using the CPanel over SSL, which is adequate for small posts. Is ther som way, though, to have CPanel upload more files at a time, or upload whole directories? Until there's some other method, though, I just came across something to get around the CPanel limitation. Take all the files you want to upload, and stick them in a standard type of archive (.tgz or .zip). Then, you only have to upload 1 file, which can be uploaded to the directory you want over the encrypted CPanel File Manager. From there, select the file and choose the "Extract File Contents" option. This will then extract all of your files into the current directory. Anyway, hope that helps anyone who wants to transfer a bunch of files in a secure manner. It's a shame that you can't grant someone scp access without a full secure shell login - that would make things a lot simpler.

I've seen these before on some of the webserver's I've administered - my home server especially got nailed with a lot of these. Most of these types of requests seem to be people trying to access the URLs of known vulnerable locations in IIS - /admin/ or the like is one of them. The backslashes especially seem to indicate that someone is trying to access a Windows file path. Since TCH sites are hosted on Linux webservers, these vulerabilities are not present, so I wouldn't worry about it too much. Still, tracing back the IP of the person trying this might be a good idea - if it's from a domain ending in .ru or something fairly exotic and is asking for an admin directory, chances are it's someone "casing the joint" for a hack. If they're in the US, you can try sending an email to the abuse address of the originating ISP if you suspect that someone was trying hacker activity.

If you can, give it a try in another browser. Sometimes IE just does weird stuff, and if you have it locked down for security reasons (which you should) it may not work properly on all sites. Mozilla Firebird is a fast, unobtrusive, and free web browser with a number of useful features that go above and beyond IE, and also is not vulnerable to as many spyware programs and browser hijackers. If you can, download it and see if the script works. Also, in IE, you can also set the security to custom, and manually select each type of script that you allow. There may be separate settings for generally running scripts and scripts that set cookies. If you set both of those specifically to "allow" the script might then begin to work in IE. Still, though, I recommend to anyone who can to get away from IE. It's full of security holes that can compromise your computer and private information, and lacks a lot of features of other browsers (like popup-blocking or tabbed browsing). If you need (or want) to run IE, I would recommend using SpywareBlaster, SpywareGuard, and Spyware S&D to keep your computer secure against some of the vulnerabilities inherent in IE.

This is a weird one... I use a form-mailer script on my site called SouperMail. One of the features of this mailer is the ability to encrypt messages to a PGP key before sending them. From there, they are sent to an email account on my domain that I check through POP. Recently, one of the emails was flagged by SpamAssassin as possible spam. Here are the spam values that it listed: pts rule name description ---- ---------------------- -------------------------------------------------- 0.3 NO_REAL_NAME From: does not include a real name 0.7 ADDR_NUMS_AT_BIGSITE Uses an address with lots of numbers, at a big ISP 0.9 FROM_ENDS_IN_NUMS From: ends in numbers 0.5 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers 3.3 MSGID_FROM_MTA_SHORT Message-Id was added by a relay NO_REAL_NAME is becase everything, including the name, is encrypted in the body of the message. ADDR_NUMS_AT_BIGSITE seems to be because the email was sent from a big ISP (i.e. TCH?) FROM_ENDS_IN_NUMS is unrelated to this, the person's email had numbers in it FORGED_YAHOO_RCVD seems to be due to the fact that the email address entered into the form is from Yahoo, but the message is actually sent from my site. MSGID_FROM_MTA_SHORT because it's sent from TCH servers but is actually from my domain? (not sure how this one works) I'd like for this not to happen, but I don't want to turn off SpamAssassin as it seems to be doing a good job so far with catching a lot of other spam. A lot of these spam flags seem to be generated from a message being sent from my website on TCH's computers (addr_nums_at_bigsite, msgid_from_mta_short, forged_yahoo_rcvd) - is there any way to fix this so that I don't miss people who contact me from my website, or do I just have to turn SpamAssassin off altogether?

This is sort of a review of TCH, but not eactly, so I didn't know whether to post it to the reviews forum or not. Anyway, the other day, I was working on a project, and I decided that I needed a mailing list. In another ISP, or through my university, this is a daunting proposal, and usually requires emailing overburdened techs in the vain hope that they might eventually get around to implementing what you wanted. With TCH, all you need to do is click on a link in CPanel, fill out a couple of form fields, and bam! Instant mailing list. Want an email forwarder? It's there and working in 15 seconds. Want a whole new email address? It only takes slightly longer. Need a subdomain for that new project? It's up with an attendant FTP account almost instantly - no waiting, no limits, no hassles with busy techs. I actually run a small, local webserver using Mandrake Linux, supposedly the simplest and easiest to configure with GUI everything - and yet, doing setup on that system is still much more complicated than just logging in to TCH and setting it up. It's just that simple. With TCH, you don't just get some webspace and a slot to run CGIs in. You get the power to do just about everything you might ever have wanted to do on a webserver, and most of it takes but a few ckicks to set up. Rock Sign In that vein, though, I have a request for a future improvement - maybe add some more scripts to the add-on menu, if you can. It would be great to have something like MovableType that could be set up in a few clicks. I was able to download and install it fairly easily, but it would be even greater if someone who wanted a weblog or online column just needed to enter a few things in CPanel. That's the power of TCH - it takes web hosting and makes it work. There's a reason I do all my important work on a Mac: it just works, it does what you expect it to do, and it allows you to do incredibly powerful things in an intuitive way. And that's the reason that I use TCH.

Personally, I like analog, but AWStats seems to get the job done, and it'd definitely less confusing to do the stats this way. I just wanted to mention that if anyone is missing the other programs, Analog can be run as a standalone app on Linux and OSX (and maybe windows) - I'm pretty sure you can download it for free, and it should work fine with downloaded raw log files.

Right now, it looks like it leads to a page containing a paid-listing search engine - no direct VeriSign pitch so far. Still, this is annoying, and it's screwing up many automated DNS scripts, including a lot of spam filters - hope this doesn't hurt SpamAssasin's perfomance too much.

A pic of the radio station where I work... The interesting thing about this is that it was taken with a digital camera a little smaller than a 15-stick pack of gum and costs something like $40 - the downside, obviously, being that the picture qulity leaves a little to be desired.

A small farming town in rural Montana, which happened to be home of the famous...

Knoppix.net - English site for the best operating system you've never installed - because you don't have to. Some wacky, sarcastic comics: http://riboflavin.keenspace.com/ - Riboflavin http://icomix.com/maze/comicpage/index1.html - Irritability Comic http://angryflower.com/ - Bob the Angry Flower Useful site for keeping your computer up to date: http://www.versiontracker.com/ http://home.ecn.ab.ca/~jsavard/crypto/jscrypt.htm - Just about everything there is to know about cryptography. http://world.std.com/~reinhold/diceware.html - The DiceWare word list, a method for creating passwords that are easy to remember but difficult to hack.

Steak seriously, that's the first thing that popped into my head, I don't know why.

inexplicably, it started raining down hailstones the size of large kegs of beer, which actually turned out to be...

Must be easy to judge its obsolescence - instead of comparing CPU speeds and graphics cards, you just wait until it starts turning green...

Here's a photo I took a while back of an interesting sunset...

I've been having this happen as well. The virus can spoof emails from people's address books, in an attempt to convince people to open the email because it's from someone they know. As I mentioned in another post, there are various ways to "sign" your email, so that people know that you actually sent it - this can be used to differentiate between real email messages and virus emails with spoofed addresses. If you're worried about people thinking you sent these messages, signing your email with something like PGP is what some security experts recommend, as you can prove that you dsidn't actually send any virus emails.

Just one thing to note about this virus if it hasn't been mentioned already - it can apparently access a user's address book, and then send out emails spoofing any address listed as the from address. I've had a few emails that I had apparently "sent" from an OSX machine that can't be infected returned by email servers becase of the virus, and I've been worrying that people getting the email with my spoofed address might get tricked into opening it. If you have the capability, I would reccomending using a program like PGP to sign all of your emails. This allows people to verify that you actually sent the message, and that it wasn't spoofed by a virus, because a virus doesn't have the password needed to calculate your signiature. This way, if people get messages from you without your signiature, they can determine that the address might be spoofed by a virus, and avoid spreading the infection. That, and convincing people to use virus scanners is a good idea

It's not a big deal. It was basically similar to this post, with a few criticisms - one that I actually discovered to be incorrect. I had been complaining about slow connect times to the FTP accounts on my site, but I later found out that there was an issue with FTP on my connection that did this to all FTP sites. The other concern is using FTP for file transfers in general, which sends passwords in the clear. Apparently from what I've read, most web hosts also run into the problem of insecurities in FTP, simply because there's no popular secure file transfer program available. I won't go into greater discussion of that here, since it's already posted in the security forum. If TCH had a way to upload a bunch of files quickly and securely off the bat, this would be just about a perfect web host. Thumbs Up

It looks to be a site-monitoring thing from the Netherlands. As far as I can tell, it's a cross between a site-stat program and a click-through program (i.e. doing crediting and redirection for clicks on banner ads). I doubt that it will hurt your site, but it might be interesting to know the context - if this was in your log as a referring URL, you might want to figure out who is referring you through that site.

According to their website, SpamAssassin, in addition to using blacklists, also uses heuristic analysis to analyze features in the header and text of the emails to decide whether or not they are spam. Because it uses multiple methods, I would think that SpamAssassin should still be able to do a good job of filtering, but perhaps not quite as good without the blacklists.

I have to say that, overall, I'm very pleased with TCH. My account was up and running within an hour or two of submitting payment, I've only noticed one short period of server downtime the entire time I've had my site here, the CPanel is a breeze to use while at the same time allowing you to do powerful tasks, and I haven't seen a better value for what you get anywhere else. The support has also been good - all of my inquiries were responded to quickly and were able to answer my questions. I do have some criticisms, but the last time I tried to "tell it like it is" with them included, my review suddenly disappeared without explanation . I'd certainly like to know why that was, but that aside, like I said in my original review, TCH has done a fine job - and while no hosting provider is absolutely perfect, TCH is the best I've seen by far.

The thing is, I don't really need a shell account - I just want a way of uploading a bunch of files at once in an efficient and secure manner. I understand your security concerns - obviously, you don't want someone with shell access to also have access to another user's directory. Still, does TCH have any plans for installing a more secure uploading method? If so, just tell me and I'll shut up - if not, just tell me why, and what your concerns are. I mean no offense - I'm just looking for solutions. There are hackers out there, and I'd prefer that one of them didn't grab my password and mess up my website, that's all. Any other solutions that people have to at least make the FTP connection somehow a little more secure would also be welcome.

If you're on a Windows box, I would reccomend FileZilla - it's a free, open-source graphical FTP program with a lot of functionality. On Linux (or Mac OS X using Apple X11), you could try axyftp or ncftp, and there's also RBrowserLite for the regular OSX interface, and all of those are free.

I noticed that CPanel has a function under network tools for doing a traceroute, but when I click on it, I get the message "traceroute: icmp socket: Operation not permitted." Should traceroute be enabled, or if it shouldn't, why is there an option for it?