Edventures in Normalcy

Pointing your domain to a CDN common thoughts and questions

Posted by Rose Bush on September 1st, 2016

When looking to host your site on a Content Delivery Network, there are a few questions as to how it works. With some providers, you are supplied a CNAME that utilizes anycast to resolve to a different IP depending on where in the world you are:
AnyCastCDNS
As an aside, due to the above behavior, a large file pulled through the CDN may hit numerous POPS. If each POP is configured to then pull the full file from the hosted origin, you can incur a LOT of traffic. Think a 44GB video file was rough, image paying for it being transferred 120 times just for one person to watch it. You’re frontloading the content, but still, that’s a lot of data. I digress.
With that, sure, you can resolve the www CNAME to the supplied address. You then ask yourself how do I point my root domain to the CDN. If you use your locally resolved IP address and 301 redirect to the www. CNAME, you only incur the one call to the particular IP. But what if you want the root domain to leverage the abilities of the CDN? You cannot simply point the root domain to the CNAME, that’s bad juju: http://serverfault.com/questions/430970/cname-for-top-of-domain
In the case of other CDN providers, you use their Name Servers, and it is at these nameservers that root domain flattening occurs. That is to say that they perform the resolution at the name server and send out that IP addresses in response to the lookup. This comes with caveats as well. The flattening CloudFlare utilizes gives the TTL the highest value found, not the lowest as you may expect. See here: https://support.cloudflare.com/hc/en-us/articles/200169056-CNAME-Flattening-RFC-compliant-support-for-CNAME-at-the-root
https://gist.github.com/cben/012c1fdbbb69d76cedaf

Solved dotDefender An error occured. Action: get_site_list Exception: Invalid Response or Action: get_xpath Exception: Invalid Response

The full error:
Can’t init python Can’t import module can’t init python Traceback (most recent call last): File “C:\Program Files\Applicure\dotDefender for IIS\cgi-bin\WebServiceLib.py”, line 1, in from WebService_Utils
import * File “C:\Program Files\Applicure\dotDefender for IIS\cgi-bin\WebService_Utils.py”, line 1, in from WebService_OS import * File “C:\Program Files\Applicure\dotDefender for
IIS\cgi-bin\WebService_OS.py”, line 53, in from win32com.client import GetObject, Dispatch File “py26-sp\Lib\site-packages\win32com\client\__init__.py”, line 11, in import gencache File
“py26-sp\Lib\site-packages\win32com\client\gencache.py”, line 662, in __init__() File “py26-sp\Lib\site-packages\win32com\client\gencache.py”, line 58, in __init__ Rebuild() File
“py26-sp\Lib\site-packages\win32com\client\gencache.py”, line 649, in Rebuild _SaveDicts() File “py26-sp\Lib\site-packages\win32com\client\gencache.py”, line 65, in _SaveDicts f =
open(os.path.join(GetGeneratePath(), “dicts.dat”), “wb”) IOError: [Errno 13] Permission denied: ‘C:\\Windows\\TEMP\\gen_py\\2.6\\dicts.dat’

Solution:
I was logged into the admin site under an account that had been added post install using the add_user_permissions_IIS7.bat script. It seems this script misses adding some permissions. In my case I granted permissions to my user to the C:\Windows\Temp\gen_py
folder. I believe I gave them write permissions.

Reset ColdFusion 10 or 11 Administrator Password Manually

Posted by Rose Bush on July 5th, 2016

If you need to reset the ColdFusion Administrator Password for ColdFusion 10 or ColdFusion 11, it is much easier than previous versions.

Windows

From the machine running ColdFusion, browse to cf_root/bin, in this case I am in

or

Right click on

and choose Run as administrator to ensure proper permissions during runtime. Enter 1 to change the password. Enter in the new password, and then re enter it to confirm. If not using RDS, you can leave the entry blank for the next two submissions, otherwise fill the RDS password in on both entries. Restart the ColdFusion Application Server and try to login. You may need to restart your browser to clear any cached session aspects that may cause issues.

Linux

SSH into the machine running ColdFusion. Navigate to cf_root/bin, in this case I am using

or

and run

Enter 1 to change the password. Enter in the new password, and then re enter it to confirm. If not using RDS, you can leave the entry blank for the next two submissions, otherwise fill the RDS password in on both entries. Restart the ColdFusion Application Server and try to login. You may need to restart your browser to clear any cached session aspects that may cause issues.

Pi Day Then and Now

Posted by Rose Bush on March 14th, 2016

A little backstory, On 3-14-1998 I find out it is Pi Day, and being a fat kid understand it as Pie Day. I’m thinking of cherry and apple being options during lunch. lol, nope, pi, π, as in 3.14159265359. On 3-14-2016 I am reminded by a coworker that it is Pi Day, and my first reaction is to note that it’s Steak and a Blowjob Day. In 18 years I went from being preoccupied with food to sex.

 

200_s

open task manager
go to services tab
right click on Synergy
start running the service

Yup, thats it. Thanks to http://superuser.com/questions/555137/synergy-server-doesnt-work for the help!

Running ColdFusion as A Separate User

Posted by Rose Bush on January 28th, 2016

ColdFusion needs to be limited, or in certain cased, granted more access, in the case of NAS shares, etc.

Defaults:
https://helpx.adobe.com/coldfusion/kb/running-coldfusion-specific-user.html

Way too open, give the user full control of:

“WebDocument Directory
c:\cfusion or c:\cfusionmx (and all subdirectories)
c:\winnt
c:\winnt\system32”

Okay, web root seems fine, the ColdFusion install directory seems fine. My OS installation folder, is not fine by me.

The first two give me a majority of what is needed, with few asides for other softwares:

Accounting for Fusion Reactor:
http://docs.intergral.com/display/FR455/Installing+FusionReactor+in+Locked+Down+Environments

I did find another person talking about the matter:
http://jochem.vandieten.net/2008/04/06/windows-file-permissions-for-the-coldfusion-account/

But they include ripping out existing permissions.

https://books.google.com/books?id=rI0OZhmcuc0C&pg=PT382&lpg=PT382&dq=Running+ColdFusion+as+a+specific+user&source=bl&ots=imQn_gDv_q&sig=QfRQ3DCqXzCNZ-sgcufo7iVtpxc&hl=en&sa=X&ved=0ahUKEwj-kMPvsKfKAhWGdj4KHQ7lAAsQ6AEIPTAE#v=onepage&q=Running%20ColdFusion%20as%20a%20specific%20user&f=false

 

Spoke to a coworker, the idea to add the ColdFusion user to the IIS_Users group which would inherently add permissions to the web locations.  Clean and direct, I like it.

KeePass for Web, ssh, MSTSC (RDP), ftp, sftp, and WinSCP

Posted by Rose Bush on January 26th, 2016

KeePass and You, Scheming the PC

KeePass (Professional Edition, I am using the 2 version Portable Package) is a phenomenal tool, that can save you insurmountable amounts of time if configured well.  I have taken the time to use it for numerous schemes and desktop environments to have it work best for me.  Find my learned results below:

 

Web (http and https schemes)

Chrome Browser Integration

chromeIPass
Url in title

Firefox browser Integration

KeeFox

 

URL Overrides

The following section shows many helpful setups.  In order to add a URL override in KeePass 2, click on Tools -> Options and navigate to the Integration Tab.  Click on URL Overrides… to bring up the following screen:

URLOverrides

As you can see, all of the below mentioned are shown in my configuration.  To use any override that calls a non browser application, highlight the entry and press Ctrl + U to initiate it.

 

putty.exe (ssh scheme)

Add putty.exe to system path

“To the Control Panel System tab then. In the Control Panel, System Properties, select the Environment Variables button at the bottom: and then select Path in the System Variables section, and press the Edit button. This set the path variables to include the PuTTY program directory in the search path.”  In some cases, it may be System, then Advanced system settings.  Environment Variables.  In mine I have:

C:\Program Files (x86)\PuTTY\

added making sure to delimit with semicolons and not end with a semicolon.  This does require a re login, so either logout/login or reboot for this to take effect.

URL Override

 

MSTSC (rdp scheme)

URL Override

Once the URL Override is added, from within KeePass highlight the entry and press Ctrl + U to automatically launch RDC with these credentials.  The credentials are then removed from your system and kept secure in KeePass.

FileZilla (ftp, ftps, and sftp schemes)

(Identical, yes)

 

WinSCP (scp scheme)

 

General Usage

Plugins

Getting Favicons when Favicon Downloader fails to

I find in some cases, that this fails to work, using the Download Favicons option.  Usually due to the icon not being on the same site, or not actually linked in the way one would expect. These are of course web specific.  You can change the URL in the entry to a URL where the icon does show, and pull the icon, change the URL back once done to get it.  After that, try www.google.com/s2/favicons such as:

http://www.google.com/s2/favicons?domain=http://www.edwinbush.com/

For pulling icons out of files, and for making them from screen shots, you can use this handy tool:

LiquidIcon [Download link] Virus Total Review of said file [downloaded then uploaded/linked directly]

True Story

Posted by Rose Bush on January 18th, 2016

xk4qn (1)

Enumerate or Count Active Connections on a Given Port

Posted by Rose Bush on January 11th, 2016

Enumerate Active Connections on port 1433:

Count Active Connections on port 1433:

 

To Enumerate and Count Active Connections on port 1433 and 443

 

Locating crontab scheduled tasks in *nix

Posted by Rose Bush on January 11th, 2016

If you need a list of all users crontab tasks, run this as root:

 

will loop over each user name listing out their crontab. The crontabs are owned by the respective users so you won’t be able to see another user’s crontab w/o being them or root.

–[edit] if you want to know, which user does a crontab belong to insert echo $user

As a side note, this doesn’t work when the users are defined in NIS or LDAP. You need to use

I have also seen this bash script that supposedly takes into account displaying other crons, (including the scripts launched by run-parts in /etc/cron.hourly, /etc/cron.daily, etc.) and the jobs in the /etc/cron.d.

I have not thoroughly tested this script, I ran it once on my server, I found it here.

Copyright © Edventures in Normalcy. All rights reserved.