Personal Blog
So I decided to write my own blogging software.
I call it Blogfire.
Why did I do this?
I wanted something that was really simple and did not have a ton of code or features.
Just blog entries.
And each of the blog entries are just markdown files. No database.
I'm not here to ask anyone to download it or try it. Perhaps I will do that once it is more stable.
I'm going to pull in content I created during the past year.
Laravel site hacked.
I got a call from a friend that one of his sites was hacked.
This is a PHP/Laravel site and it wasn't responding as expected.
I'm not going into a lot of specfics here but I want to document the basics.
Several PHP files had code injected which was heavily obfuscated.
It appeared to be SEO spam which was lucky because they could have done much worse.
There were numerous version of the same files or similar files everywhere.
In addition, it launched a process that would periodically send out an email with the url of where to attack.
What it installed was a web shell and some mechanisms to respond with sitemaps.
First, I copied all the files to my local so I could look at them later.
Then the files were removed. I also looked for errant processes and shut those down.
I uses the firewall (ufw) to shut off the ports that were in use.
I updated apache so that it would only run index.php, and no other php files.
I then used SandFly to scan the entire server looking for other intrusions.
It turns out this was an application issue. This application allowed users to upload profile pics.
But it didn't prevent the upload of any file, including PHP files.
This was remidies with two approaches.
The application was updated to only allow JPG and PNG files.
The upload process also double checked the file to make sure it really is a PNG or JPG.
I reconfigure apache not to allow PHP execution in the upload folder.
I created two applications to help with monitoring.
webtaser - this scans the web server logs and looks for known and obvious attempts to do malicious things. Then it blocks the IP address for an hour.
filepat - this continually scans all the PHP files looking for malicious patterns and reports them.
All systems are up and running now. No site is ultimately secure. But I definitely closed the door on this attack.
When testing applications with email, it is always a good idea not to actually send emails.
It is very common to capture emails during the testing phase so we're not sending out a lot of emails with the subject "Test". We don't care if those emails actually reach an inbox. We only care that the application took the action to try to send it.
There are a number of tools that do this like, MailHog, Mailtrapper, etc.
These tend to fall into two categories. Those that are intended to run locally and those that are an SAAS and come with a price tag. Maybe I missed something, but the ones that are intended to be used locally are not suitable to be on the actual public internet.
If this is the case, how am I going to test my QA site that is on a public server somewhere?
So I built Email-Trapper.
I built this in python and I host it using gunicorn.
What I find useful is that it can support multiple users and each user can have multiple inboxes.
I use this tool all the time. And I gave away some accounts to a small number of people.
There's no code to write and no installation.
KVAL is a Key/Value pair API.
I was working with N8N and I wanted to save off some temporary data that I could use later in the automation.
So I made KVAL. I just need a JWT and I can call the API to store or retrieve a value. The value is typically JSON.
It is super lightweight and works well.
This was built with python and hosted using Gunicorn.
It isn't only for N8N. It can be used for anything.
Easiest API you will ever use.