Category Archives: Web Development

Beware of FTP Apps

Posted by Carbonize on January 16, 2014 No comments

Yesterday I received an email from my hosts saying they had received a report of email spam coming from my site. They said they had removed the offending script and suggested my site had been exploited. Like a good webmaster I logged in and checked my files. Nothing was amiss except a new directory with a random name like rbdfghydhf. I deleted the directory then started checking my server logs to see what requests had been made around the time the directory was created. I found nothing so began the process of deleting old files and scripts, which is something we should do regularly anyway.

So four hours later, after some Battlefield 4, I log back in to find a whole bunch of new directories had been made and again nothing in the logs to indicate how they were created. So I contacted my hosts and asked them to check the ownership of the directories and the files they contained. They eventually got back and told me they had been created via my FTP account from an an IP address in Poland, 77.114.120.185. Given my username and password are not simple things I scanned my computer to make sure it hadn’t been compromised. Two different anti virus programs and no malware found. Then I remembered that about a month or so ago I tested three FTP apps on my Android phone. One didn’t seem to work but the other two worked just fine after some messing with the settings. So by logical deduction I suspect this is how my account details got compromised. I checked the Play Store and only two of the three apps I tested are still listed which is another sign that this was the problem.

The moral of the story, if you need to FTP from your mobile device or anything else that requires your sites login details stick with trusted names or those that have a lot of reviews both good and bad. I was lucky but they could of done some serious damage.

Animated Div Collapsing

Posted by Carbonize on March 10, 2013 No comments

A few years ago I was looking for a simple JavaScript to animate the hiding/showing of a div. I came across one that was perfect from harrymaugans.com but the site is currently undergoing a revamp so the original post is no longer there. Anyway the script was perfect but it had one issue, it required that the div’s height be already set and I was working with dynamically populated divs that I wouldn’t know the size of. My original solution was to loop through the divs I was going to hide and set their height to what their height currently was (if that makes sense) before hiding them with display: none;. Anyway I got sidetracked and I felt this solution was inadequate anyway so left it in my test folder. Jump to the present day. I started looking at it again and realised I can grab the original height of the div once it’s display had been changed back to block by the script and it’s height set to 1px ready for the sliding into view. The solution was simply to use scrollHeight which gets the height of a div including any hidden content such as when overflow is set to hidden.

I also added a new function, toggleSlide, which means instead of needing a link to call the slideDown and then one to call the slideUp you can just call toggleSlide and it will either slide it up or down depending on it’s current state.

And so I am offering my version of the script here since I think some people might be in the same boat as me and find my solution useful and also because the original source is no longer available.

Use your website to help find missing children in EU

Posted by Carbonize on September 26, 2012 No comments

Do you run a website, blog or forum? Then you could help find children missing in Europe. Thanks to the NotFound project, you can make a difference. Install our application and a picture of a missing child automatically gets published on every ‘page not found’ of your website.

In the European Union alone, thousands of children are still missing. They run away from conflicts at home, are the victims of parental abductions, disappear after having travelled across the EU alone, or are abducted by criminals. But there is a way you can help, namely by installing the Notfound application. By doing this, automatically, a picture of a missing child will be posted on every 404 page of your website. This is how you can help Child Focus spread a maximum number of photos and help all missing children find their way home.

Discover the application on www.notfound.org.

Random Character Generation in PHP and JavaScript

Posted by Carbonize on February 8, 2012 No comments

I wrote this function in response to someone else’s attempt on a forum I was asked to join. It basically generates a string of random letters and numbers with the letters being in both upper and lower case. It is easy to edit it to only use upper or lower case letters or even add symbols as well. I initially wrote it in PHP and then rewrote it in JavaScript as well.

function randomString($strLen = 32)
{
  // Create our character arrays
  $chrs = array_merge(range('a', 'z'), range('A', 'Z'), range(0, 9));
 
  // Just to make the output even more random
  shuffle($chrs);
 
  // Create a holder for our string
  $randStr = '';
 
  // Now loop through the desired number of characters for our string
  for($i=0; $i< $strLen; $i++)
  {
    $randStr .= $chrs[mt_rand(0, (count($chrs) - 1))];
  }
  return $randStr;
}

Using it is simply a case of calling it and specifying how long to make the string otherwise it uses the default length of 32 characters.

echo randomString(12);

To also make it use symbols you just change the array_merge to
Read more »

Sending email via SMTP using PHP

Posted by Carbonize on October 24, 2011 No comments

A couple of my users contacted me to say that their host had disabled sendmail and required any scripts they use to now use SMTP to send emails. This resulted in me quickly reading all I could about SMTP and the result is this slightly rough script I am sharing. It’s pretty self explanatory. Put your SMTP server details in the $mailCfg array. Next simply call the smtpMail function which uses the same variables as the standard PHP mail() function but with two additional variables. The additional variables are the email address we are sending from and $mailCfg. I could of put $mailCfg as a global but this way you can include the script in a different script and store the required information where ever you want. The from address is important as most SMTP servers will reject the message if it’s not included.

Just remember the code is far from perfect and was created to do a simple job.

It also has one nice extra function you might find useful… Read more »

Safari 4 and Firefox 3.5b99

Posted by Carbonize on June 9, 2009 4 comments

Well Apple has gone and released the memory hog that is Safari 4. It does look good but given that it uses a ridiculous amount of memory I think I will pass. It has some nice features that only work on a mac. Go figure.

Also Mozilla has released a new version of Firefox 3.5. It is marked as beta 99 but is basically something between a beta and a release candidate. it has improvements to Tracemonkey, the engine used to clean up memory usage but not sure it works that good at removing things from memory it no longer requires.

Now Google Chrome has excellent memory handling it’s just a shame it’s options are sparse, ~~it has no extension support (even IE supports extensions/plug ins)~~ (apparently as of version 2 it does) and the rendering engine, WebKit, is far from perfect. Sites like Facebook can prove a nightmare at times when it’s divs disappear behind it’s ad bar.

I’ve personally decided to give Firefox a break and use Flock for a few weeks.

Blocking IP Addresses Using htaccess

Posted by Carbonize on May 15, 2009 No comments

I’m writing this because blocking by domain on my hosts pretty much kills my web site and so I have had to learn to block ip addresses. Blocking single ip addresses is simple as you just need something like the following

order allow,deny
deny from 9.120.161.206
allow from all

And that will block the computer at ip address 9.120.161.206 from being able to access your site. But what if you want to block a whole range of ip addresses such as 9.120.161.0 to 9.120.161.255? Well then we just leave off the end number like this

order allow,deny
deny from 9.120.161.
allow from all

Ok so now we get to the clever and damn fiddly bit. As of Apache 1.3 we can use CIDR codes to specify ranges of ip addresses. So another way of writing the above code would be

order allow,deny
deny from 9.120.161.0/24
allow from all

and that would do exactly the same as 9.120.161. but we can do so much more. After the break (ie click the read more link) I will show a list of the CIDR codes and what they do.
Read more »

Top Ten Javascript Functions

Posted by Carbonize on April 28, 2009 2 comments

Whilst surfing the ether we call the internet I came across a list of top ten javascript functions by Dustin Diaz. As the saying goes it does exactly what it says on the tin. It is a collection of ten (and a bonus one) basic javascript functions that most Javascript writers will need/use quite a lot. Such functions as adding onload events to the window even if you’re not sure that it’s already been set by another script. getElementByClass which to me is something that should of been in Javascript from the start . If you write Javascript then you will find atleast one of the functions useful.

And I know it was written in 2005 but the functions are just as valid today.

Rising Antivirus Review

Posted by Carbonize on April 19, 2009 21 comments

I recently decided to try / review a new anti virus program I had heard about called Rising Antivirus. Now my first issue with this anti virus is the fact that the installer is over 60MB and the download was slow as hell. Took me around 30 minutes to download and I’m on a 20Mb connection. Once installed it takes over 200MB of hard drive space. First thing I did was run an update and it seemed to me that every component had an update and given I had only just downloaded the program this seems excessive. Next I ran a scan of the local drives. After twenty minutes I stopped it as it had only done about 5% and was saying it had over an hour left to go. Given this was my laptop with little on it this was far from acceptible.

Now we get to the main reason I swiftly uninstalled it. I downloaded the Eicar test file which is a standard file that all antivirus programs recognise as a test file so you can test if your antivirus is working or not. So I put the eicar.com file on my desktop and ran it. Rising Antivirus did absolutely nothing. I can accept it not detecting it during the download because my favourite free antivirus, AntiVir, only scans files when they are opened or read. To not detect the test file when run makes me wonder what else it doesn’t detect. I told it to scan the eicar.com file and it alerted me that it was a virus (well a test file which is what it should report it as) but not even a beep from Rising Antivirus when I run the file. In fact I had to turn Rising’s detection level up to high to get it to report it as a virus when I opened it. Even then I could see the command window in the background that eicar.com opens so I’m not even sure that if it had been a virus Rising Antivirus would of stopped it doing anything.

So my advice is avoid this anti virus like the plague. The best free anti virus, in my opinion, is AntiVir and the next best free one is Avast. I can no longer even recommend AVG as third place because all reports say as of version 8 AVG has become a resource hog that slows your computer down.

Bad Web Devs

Posted by Carbonize on March 30, 2009 No comments

I’m a hobbyist web developer and nothing annoys me more than web sites that have obviously paid for someone to build their sites but whoever has built it has done a half arsed job.

My main gripe at the moment is sites that require you to have cookies enabled but have terrible code in place for if you don’t.

A good example is Game who put you in to an infinite redirect loop if you have cookies disabled. In fact you have to enable cookies on their site to see the page that tells you that you needs cookies enabled to view the site

Another bad one I just found, and this one is really really bad, is download.com. You don’t need cookies to view the site but if you have them disabled and click through to view a programs page your browsers memory usage goes through the roof. I tested this in Firefox 3.1 b3, IE8 and Chrome. With all three browsers I had to use task manager to close them thanks to download.com’s sloppy web code.

So please, if you are going to write a site that requires that visitors accept cookies, make sure you have good code in place to handle people like me who have cookies disabled.

Carbonized Blog

Just a bunch of stuff