The READIN Family Album
First day of spring! (March 2010)

READIN

Jeremy's journal

If we do not say all words, however absurd, we will never say the essential words.

José Saramago


(This is a page from my archives)
Front page
More recent posts
Older posts
More posts about:
The site
Programming Projects
Projects
Programming

Archives index
Subscribe to RSS

This page renders best in Firefox (or Safari, or Chrome)

READIN

READIN started out as a place for me to keep track of what I am reading, and to learn (slowly, slowly) how to design a web site.

There has been some mission drift here and there, but in general that's still what it is. Some of the main things I write about here are reading books, listening to (and playing) music, and watching the movies. Also I write about the work I do with my hands and with my head; and of course about bringing up Sylvia.

The site is a bit of a work in progress. New features will come on-line now and then; and you will occasionally get error messages in place of the blog, for the forseeable future. Cut me some slack, I'm just doing it for fun! And if you see an error message you think I should know about, please drop me a line. READIN source code is PHP and CSS, and available on request, in case you want to see how it works.

See my reading list for what I'm interested in this year.

READIN has been visited approximately 236,737 times since October, 2007.

🦋 Passed the first test

So in my log I see a bunch of requests today for 

GET blog/?k=<keyword> \'\'
and(char(94)+user+char(94))>0 and 
\'\'\'\'=\'\'

where <keyword> is one of the keywords that links exist to on the site; and also I see that my script translated those requests to 

<keyword> \\\'\\\' 
and(char(94)+user+char(94))>0 and 
\\\'\\\'\\\'\\\'=\\\'\\\'
before passing them to the database. So the queries just returned empty sets instead of wreaking whatever havoc they might have wruck unescaped. Yay PHP! Yay careful programming!

(Note: but while editing this post I realized there is a different kind of escaping that you have to do when you are writing to forms -- the < and > signs were translating to markup in my inputs. Funny I never ran into that problem on the old site, you wouldn't think it would be a PHP-vs.-ASP distinction.)

Update: So what do I have to do to ban these guys from my site? I tried putting the following in my httpd.conf:

<Directory (path to root of my site)>
    order allow,deny
    deny from (IP)
    deny from (IP)
    allow from all
</Directory>
and restarting the service, but that does not seem to have done it.

Another Update: I think I got it: the Directory directive in apache2/sites-available/default is overriding the directive in httpd.conf because httpd.conf is included first. I think I just need to take the default directive out.

posted evening of Friday, October 12th, 2007
➳ More posts about The site
➳ More posts about Programming Projects
➳ More posts about Projects
➳ More posts about Programming

Respond:

Name:
E-mail:
(will not be displayed)
Link:
Remember info

Drop me a line! or, sign my Guestbook.
    •
Check out Ellen's writing at Patch.com.

Where to go from here...

Friends and Family
Programming
Texts
Music
Woodworking
Comix
Blogs
South Orange
readinsinglepost