shelter from a blizzard
Mon, 07 Apr 2008 21:09 - Daniel - World of Warcraft - Comments (0)
For quite some time the World of Warcraft forums include a interceptor to display a warning if you leave the official forums. This has been done to protect the user from keyloggers (and not only the users, some blues got keylogged too :D). No idea if this helps anyone but for me it became really annoying having to click two times to follow a links (not even to mention waiting for the interceptor page to load).
Until now I was using the Shelter from a Blizzard script for Greasemonkey by NeonGoat. But that script hat some problems with URLs that include & and was generally not that well coded. Therefore I reworked the script to parse the URLs correctly and only replace the onclick event if it present.
You can get the Shelter from a Blizzard (reworked) script at userscripts.org.
freewlan.info site report
Mon, 07 Apr 2008 20:36 - Daniel - Server - Comments (0)
Some stuff has been going on behind the scenes at freewlan.info. Mainly, we moved some of the services from the other servers to my box.
The first step was to move addons.freewlan.info to my server. Our old host kicked the whole site off his server, because the update service created a too high load on his box. We were partly to blame, because we didn't spread the load of our update service properly, but it's still annoying if your website gets blocked without prior notice.
Well, in the end we moved the addons.freewlan.info stuff and with that the update service to my box, and updated the autoupdate function of the add-ons to spread the load better. I didn't had any problems on my server since. The main site remained on the old server.
The next step was to update the forums. phpBB released version 2.0.23. It was kinda trick to install it since we use a lot of plugin to counter spam, add functions for the admins and users and make phpBB generally behave like we want. But in the end we had a up to date board again ;). We also enabled some addition checks to prevent spambots from registering. Namely, some bots that use gmail.com addresses and a very distinctive usernames that may look like real ones but follow a clear pattern.
Recently, the svn and trac service was about to shut down. So I spend the whole day today to move svn and trac from the old box to mine. Both services seems to be running fine after I got the config right and installed all the previously enabled plug-ins for trac.
If you find errors or got suggestions, you can leave a comment or send me a mail to daniel@tac-ops.net (PGP Key) or server@freewlan.info.
Akismet and persistent connections
Mon, 25 Feb 2008 00:10 - Daniel - Blogs - Comments (0)
The delays that sometimes occurred when submitting comments are apparently caused by an incorrect implementation of an HTTP/1.1 socket in the Aksimet PHP5 class.
The class didn't send a Connection: Close header to the Akismet server. The Server was keeping the connection open and delayed future request. By either switching to HTTP/1.0 (doesn't support persistent connections) or sending a Connection: Close header that problem is solved.
This also affected my Akismet plugin for yabs. There is already a updated version online, just override the old files and upgrade in the admin panel.
Akismet 1.0.2
Thanks to Jan who found this problem.
SNAT
Thu, 14 Feb 2008 10:32 - Daniel - Server - Comments (0)
There was a litte problem with the new SPF records yesterday. I'm running openvpn on my server and use SNAT to send the traffic to another IP than the http, ftp, dns services are listening on. But apparently it also sent the traffic originating from my server from this IP. Atleast one mail server had problems with this:
<someuser@gmx.net> host mx0.gmx.de[213.165.64.100] said: 550-5.7.1 {mx090} The
recipient does not accept mails from 'tac-ops.net' over foreign
mailservers. 550-5.7.1 According to the domain's SPF record your host
'78.*.*.*' is not a designated sender. 550 5.7.1 (
http://portal.gmx.net/serverrules ) (in reply to RCPT TO command)
The solution was simple. Instead of directing all traffic I added an additional source IP match to the command.
From:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 78.b.c.dTo:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 78.b.c.d --source 10.8.0.0/24SPF record
Mon, 11 Feb 2008 09:34 - Daniel - Server - Comments (0)
I just created a SPF (wiki) record for tac-ops.net. If anyone experiences problems sending or receiving mail from tac-ops.net, let me know.