ScrewTurn Wiki 4 Releases and News

Archive for the ‘Internet’ Category

« Older Entries

On Dumb Crackers

November 12th, 2009 by Dario Solera | No Comments | Filed in Internet, Security

It happens that there is an old version of a PHP-based CMS application that is affected by a bug that, if I understand correctly, allows an attacker to alter the content of a part of a site, called snippet.

ScrewTurn Wiki has snippets (but they’re secure).

The funny thing is that we get a ton of attacks that try to apply the same technique used for the above-mentioned CMS to our website because, I think, there is a page called snippets. Crackers are getting dumber I guess…

STW, in such cases, simply crashes as the HTTP query string is a complete mess, so no worries, we fail fast. At any rate, even if the request was well-formed, an attacker cannot bypass the security configuration like she’s doing in the above-mentioned CMS: permissions are checked for every single request, including all post-backs.

Support for IE6

September 14th, 2009 by Dario Solera | 7 Comments | Filed in Internet

I hate IE6. Well, actually I hate IE in general, but anyway.

I would like to completely forget IE6 and pretend it never existed, as I’ve been able to do for a while now. Then I discovered Expression Web 3 SuperPreview and I decided to test the new website layout (not yet public) in IE6. It’s totally, completely broken.

Luckily, the main themes for ScrewTurn Wiki look almost-decent even in IE6. They are at least usable. Actually, they look almost the same in IE6 and IE7, and they also look almost identical in Firefox 3.5 and IE8 (the difference is exactly one pixel).

Now, according to Google Analytics, 7.32% of screwturn.eu visitors still use IE6, and IE8 has become more used than IE7 only in the recent weeks and only by a tiny percentage. According to the data, IE6 usage has decreased by ~33% in the last five months and that’s a nice thing. I only wish the upgrading process would be faster.

Killing support for IE6 makes roughly 1,200 potential users a month turn away because the website layout does not support their browser. Even worse, you make some of the existing users unhappy.

Google Chrome is used by 8.78% of the visitors, so you might argue that we should focus on Chrome rather than IE6. There is a subtle observation due in this case: many corporate users are forced to use IE6 for absurd IT policies. On the other hand, I hardly believe that Chrome users do not have IE8 or Firefox at hand.

That said, I think I will keep pretending IE6 never existed, it’s simply too much of a burden to keep testing layouts in IE6 (not even considering JavaScript).

I hope IE6-bound corporate users will beg their IT admins to upgrade. Come on, IE6 is 8 years old and it’s the most unsecure browser known to mankind. It’s time to move on. I mean it.

Google Search… Inaccuracy

September 3rd, 2009 by Dario Solera | No Comments | Filed in Internet, Off-Topic

I was browsing through Google’s Webmaster Tools just out of curiosity (I barely know what SEO means).

The most interesting thing is the list of keywords that caused into your website being listed in the search result. This is the list for screwturn.eu:

Google Search Fun

It’s clear as sun that Google is wrong, sometimes.

Actually, now that I think about it, it makes sense if you consider the ton of spam messages that sometimes flood the forum.

ScrewTurn Wiki and Bots

July 20th, 2009 by Dario Solera | 4 Comments | Filed in Internet, Security

Since early v3 builds, ScrewTurn Wiki has the ability to report errors (exceptions) via email to a designated list of recipients. Well, I constantly get 20 or so notifications a day, all with the same reason: “Validation of ViewState MAC failed”, occurring always for Register.aspx and Login.aspx. These are obviously requests made by bots in the attempt of creating accounts and logging into the wiki. The funny thing is that ASP.NET (WebForms) automatically takes care of this issue: the ViewState information is validated before executing the request, rendering completely useless the automated sign up/login requests. Given that the number of registered users is not increasing much on a daily basis, but more importantly there are no abusive ads in the wiki pages, I think we can safely assume that the CAPTCHA and the ViewState validation completely make ScrewTurn Wiki immune from bots.

On a side note, there is a number of requests that are basically aimed at finding XSS vulnerabilities in the application (the requests throw exceptions due to malformed URLs). So far, there are no new XSS vulnerabilities (there was one in v2, promptly fixed).

Denial of Service

June 15th, 2009 by Dario Solera | 5 Comments | Filed in Community, Internet

It seems that this afternoon someone is performing some kind of DoS attack against our server. The PerfCounter reports that there are something like 100k open connections and the ASP.NET worker process consumes 100% of CPU time.

I apologize for any inconvenience, but I really have no tools to stop this right now except resetting IIS and this requires a manual action. At any rate, I reduced the number of queued requests to 100 (default is 1000). I hope this will help.

Update: BTW, the server seems to stay up without too much trouble.

New Server – Done

May 22nd, 2009 by Dario Solera | No Comments | Filed in Community, Internet

All the content has been migrated to the new server which seems to handle the load a lot better than the old one.

The old server, having served us for one year, is now shut down and will soon be discarded (being a VPS).

New Server + Trivia

May 20th, 2009 by Dario Solera | 1 Comment | Filed in Community, Internet

So, the new server is now (almost) fully configured and seems to run fine (even PHP on FastCGI). One of the following days I will finally migrate the website, forum and blog.

On a side note, the number of posts in the forum has reached an important milestone:

6666

Time For A New Server?

April 22nd, 2009 by Dario Solera | 1 Comment | Filed in Community, Internet, Off-Topic

This morning (or night, depending on your timezone) the instance of MySQL that serves the forum and this blog crashed. Reason: Out of memory (needed 16000-odd bytes).

This VPS only has 416 MB of RAM. So far it’s been enough, but it’s 2009 after all and maybe it’s time to upgrade. Anyhow, the network traffic has more than doubled in the last 11 months, so that is another reason. Moreover, I’m no more comfortable with Virtuozzo, which seems to go down with the machine if something bad happens (you can’t even restart the server in that case). I’m more inclined to a MS Virtual Server/VMware/XEN-based solution.

Luckily, the VPS subscription expires in about a month, so no money will be wasted.

Basic Stats Plugin

October 27th, 2007 by Dario Solera | 3 Comments | Filed in Community, Internet

In the last few days I developed a little plugin (Formatter Provider) that records all the wiki page views, and generates a statistical analysis like this:

basicstatspluginsmall.png

You can take a look at it here. A little roundup of the features:

  • Automatic bot filtering (opt-out)
  • Page hits counter
  • Sessions counter
  • Possibility to discard the hits generated by specific wiki usernames (such as mine, so the stats are not polluted by me checking the results every ten minutes)
  • Low performance impact when recording visits (hits are stored on disk every now and then)
  • Magic Word, which allows to discard requests adding a parameter to the query string (e.g. ?NoStats=1)
  • Charts for daily and weekly visits distributions
  • Chart for visitors’ language distribution
  • Chart for visitors’ OS and browser distributions
  • Possibility to let anonymous users to view the results (opt-in)
  • Easy integration (the plugin records the visits by default, and in order to view the results you just have to put “{stats}” somewhere in the wiki).

The plugin is still in test, especially to ensure that it does not cause performance pitfalls on high-traffic websites, so it’s not yet included in the Plugin Pack. It’s in the nightly build, though.

I am not really into this statistics thing, so I developed this plugin in a really dummy way (but I’m sure you’ll help reporting bugs). For example, the average values displayed by the plugin are actually a prediction: the Avg. sessions/month value is calculated as the Avg. sessions/day * 30, which is actually computed as total # of sessions / fractional # of days. I’m sure the math is correct, but 14,400 sessions (= unique visitors) per month feels like a huge number, especially for a site like this which has a very small and specific audience.

Excellent News

September 16th, 2007 by Dario Solera | 3 Comments | Filed in Community, Internet

It happens that ScrewTurn Wiki has been listed in the ASP.NET Community Projects (thanks to Ben for notifying me, because I haven’t noticed). It’s right below FlexWiki

I took two full-page screenshots, one for the news item and another for the Community Projects page. I think this is a very important accomplishment for a project like STW, whose success is only determined by its users.

A few statistics for the project (just to have some “fun”):

  • 1,440 SVN revisions
  • 28,156 lines of code
  • 459 source code and resources files
  • 73 resolved bugs (8 open)
  • 121 feature and enhancement requests
  • 77 known public wikis
  • 18 plugins
  • 10 interface languages

Not very impressive if you ask me, but interesting nonetheless. Thanks to all the contributors, especially to the translators which do a very hard work.

More good news in the next days, so stay tuned.

« Older Entries

Side Projects

  • RESX Synchronizer allows to synchronize multi-language .resx files (used for the development of ScrewTurn Wiki).
  • Pixel Picker enables to pick the color of pixels on your screen — very handy for day-to-day graphics-related activities.

About

  • Copyright ©2006-2012 Threeplicate Srl. All rights reserved. Some of the icons created by FamFamFam.
  • See our Privacy Policy.