When will it stop?


#1

Just got another announcement, this one about IP changes…which, of course, affects some of my cgi scripts. When, oh, when is this moving and changing process going to be completed and the whole service settle down to a quasi-permanent hum like it used to be in the “good ol’ days?”

zentao web design, graphic art and design at www.zentao.com

zentao7, Gallery of Artists and Speculative Novel Writers Groups


#2

Hi zentao -

Very very shortly. We still have servers hosted at another data center, but those people were spared the first move (so if you’ve already moved, you shouldn’t be again).

This particular change - with the IP addresses - shouldn’t directly affect very many people. Unlike the server move, there should be essentially no downtime.

What kinds of scripts are you specifying your IP address in? Generally you should specify your domain name instead (though I suppose there could be special cases where an IP is necessary).

  • Jeff @ DreamHost
  • DH Discussion Forum Admin

#3

In one particular case especially in a shopping cart on marinepartsman.com, though we will be replacing that cart with another soon. In it, there is an optional uniqueip.pl file that bans the use of the script by any other IP except that of the secure server. It’s a back-up security measure only and not critical, but I like it there. There are a few others, but nothing that isn’t a quick fix.

And, several other places on clients sites I have .htaccess files that utilize the IP, but, no worries. All are actually redundant.

The reason for the post was just my frustration. I just feel like I am running around in circles patching this and adjusting that, then responding to visitor emails and client emails when, of course, they choose that moment to access a message board or script, when they could have chosen any other time to arrive and wouldn’t have known anything had happened at all. I think I just run too many sites. I wouldn’t want your job, that’s for sure. I can’t even imagine the volumes of queries you are getting in Support.

Thanks for your response.

zentao web design, graphic art and design at www.zentao.com

zentao7, Gallery of Artists and Speculative Novel Writers Groups


#4

It’s a back-up security measure only and not critical, but I like it there. There are a few others, but nothing that isn’t a quick fix.

I see. I guess that’s one of those special cases.

Usually in cases like this, we try to give fairly sufficient warning (and the more common those who may have problems are, the more warnings we give).

I apologize for the annoyance this is causing you, though. We’ll all muddle through it pretty soon, though, and things should be nice and boring again pretty soon. :>


I wouldn’t want your job, that’s for sure. I can’t even imagine the volumes of queries you are getting in Support.

I’m not in Support, so I wouldn’t know for sure, but I don’t think this is generating a disproportionate amount of concern. While your specific scripts are the obvious exception, most scripts are configured with domain names - not IP addresses. I imagine there are others with similar situations as you, though.

The move may have been a different matter entirely, though from what I heard it was a lot easier on Support than they were anticipating (I give credit to our Admin team for that).

  • Jeff @ DreamHost
  • DH Discussion Forum Admin

#5

Actually, I did receive warning about a month ago. I just have to wait for the new IPs to set before I can actually do the fixes.

As to “back to nice and boring,” I LIKE nice and boring when it comes to DH stability. Excitement usually means Trouble. :slight_smile:

zentao web design, graphic art and design at www.zentao.com

zentao7, Gallery of Artists and Speculative Novel Writers Groups


#6

Yeah. Boring is good, but we have to mix things up once in a while. When things are too stable for too long, Will drives out to our data centers and starts pulling out cables.

;>

  • Jeff @ DreamHost
  • DH Discussion Forum Admin

#7

Slash his tires. Cut his spark plug wires. Cut his hands and feet off!

While we’re on about things, I am trying to install The City Shop on several client web sites. It’s a nice, tight program with good support. But, it requires the cgi-bin to be protected by script aliasing as set by the hosting service. An email to Support netted me a “don’t support it. Put the program in the web root.” Ah…then customers can’t access it. Duh. And I don’t happen to want to have to go through and change every pointer in this huge script.

The POINT

Seems to me that on the OLD servers, our cgi-bins were automatically protected. I remember the access denied errors. What gives? Or is that classified information? :wink:

zentao web design, graphic art and design at www.zentao.com

zentao7, Gallery of Artists and Speculative Novel Writers Groups


#8

i don’t think there have been changes on our side - and customers have always been able to put their cgi-bins anywhere - we’ve never had anything such as you describe setup (to the best of my knowledge).

protected how? you can (of course) disable directory indexing, or set the permissions on the directory to 0711 or 0751; either one will give a 403 error when someone tries to view the index of your cgi-bin.

support can define a custom script alias for you if it’s really necessary; i’m not sure exactly how this would help though…


#9

It’s not accessing the directory that is the problem. Protecting the directory is not at issue. What is the problem are those who know the scripts, know how they are configured and the file names with critical information, who then find one, an easy thing, and then attempt a crack. If one can call the file, one can access the customer information. If one can sniff a data string, one can grab the customer info including bank account numbers, passwords, mummy’s maiden name, addresses, phone numbers, SS and CC numbers. But, if so well protected that the customer cannot input the information in the first place, they can’t buy anything. Now I know that if using tricky file sets and fixing the pointers, one can make it pretty much foolproof, but I don’t have the time nor inclination to rewrite and troubleshoot every shopping cart a client decides they like.

Shopping carts are my biggest bain. I hate them with a purple passion…because most of the time, regardless of how well they are supposedly protected, I can myself, who is NOT a wiz at this stuff, figure out a way to crack them open from surf side. Hell, I am an artist and .html coder. Husband grasps cgi, perl, and C . But I’m the one who winds up doing it all because HE is typical of coders: lazy. Steve, our degreed hired gun who configues the damned things is a whiz at this stuff but I can still crack most of them from surf side, which of course drives him crazy. He tells me I just have a talent for finding strange hidden openings no-one would ever think of. I don’t believe that for a moment. So it comes down to hoping the code originator has locked the thing up well. In most cases they haven’t. In most cases, it is a matter of having to fuss with the damned code so much, it would have been better to just put up an order form that splits off the CC number and writes to a protected file that one accesses via FTP or utilizes a .bat function to pull down. But this is NOT what customers want. They want a shopping cart. And if they have a big inventory, that is the only way to go.

Now, for the record, we have never had a cart hacked, but, like I said, IF I CAN DO IT, so can someone else.

And SSL, in my opinion, is a laugh. I’ve gone over to nice, top of the line shopping sites, no names mentioned, and sat outside them and pulled anything I might need were I dishonest to max out someone’s CC account. Encryption? Only if it is done PGP and getting a client to comprehend that function is like trying to get a pig to grasp algebra. Most of them can’t figure out how to do email, yet they want an online store.

Now, maybe I’m all wet here. I’ve been playing with this stuff for 7 years, 18 hours a day, and I have yet to find THE SOLUTION that will finally make my life easy. So if you know of a foolproof, iced NICE shopping cart, NOT MIVA which is a total AH of a program and dysfunctional for customer use, please advise. And don’t say Agora, because Agora does not work on DH, and neither do quite a few others.

Is my frustration showing? Sorry.

zentao web design, graphic art and design at www.zentao.com

zentao7, Gallery of Artists and Speculative Novel Writers Groups