Divide and Conquer » MySQL

Online PHP MySQL CRUD Scaffold generator

David — Mon, 06 Jul 2009 18:08:39 +0000

I needed some simple PHP MySQL CRUD and found www.phpscaffold.com. Perfect!

MySQL, the new Cinderella

David — Tue, 21 Apr 2009 07:37:34 +0000

Oracle tried to buy MySQL. Sun bought MySQL. Oracle buys Sun.

MySQL will become Cinderella with the ugly stepmother Oracle mistreating her.

The power of greylisting is aided by whitelisting

David — Sat, 23 Aug 2008 09:26:28 +0000

I’ve been running gld for more than two months now and it is truly efficient. The current statistics say:

# of entries in the database : 16077 # of one hit entries in the database : 15100 Oldest entry in database : 65 days ago

This means that almost 94% of the attempts to send mail through my server are only made once!

Unfortunately Facebook and Google Mail do not play well with greylisting, as attempts that are told Service temporarily unavailable, please try later by greylisting are very likely to be retried from a different IP. I’ve made a little script that scans /var/log/mail.log for such mail servers and add them to the gld whitelist table.

WordPress crack attempt this morning!

David — Wed, 16 Apr 2008 08:12:50 +0000

When I got to work and viewed this blog I noticed that Sidebar Widgets was disabled. I thought "That’s weird!"

When I tried to login to the administration interface I was told that my WordPress database needed upgrading. I thought "That’s weird!"

Some further investigation revealed that someone managed to upload a PHP script called ro8kfbsmag.txt (MD5 sum df3b74cd38c717d9d7bbf0cd1910baa1) to my /tmp directory. It starts like this:

/*Magic Include Shell by Mag icq 884888*/ //TODO: ñëèòü ôàéëî íà ñâîé ôòï (!) $ver='2.1'; if(isset($_GET[pisun233])) {

This gave me enough information too start googling. A must-read is Detailed Post-Mortem of a Website Hack Through WordPress & How To Protect Your WordPress Blog From Hacking, as it describes a very similar attack. There is also a support thread at wordpress.org: Weird and Dangerous : ro8kfbsmag.txt.

The attack vector on my server looked like this, originating from 78.109.21.80 with HTTP/1.0 as protocol version and "Opera" as User-Agent. I wish I logged POST data!

POST /wp-admin/options.php
POST /wp-admin/upload.php
POST /wp-admin/options.php
POST /wp-admin/options.php
POST /wp-admin/inline-uploading.php?post=-1&action=upload
POST /wp-admin/options.php
POST /wp-admin/options.php
POST /wp-admin/upload.php?style=inline&tab=upload&post_id=-1
POST /wp-admin/upload.php?style=inline&tab=upload&post_id=-1
POST /wp-admin/options.php
POST /wp-admin/options.php
GET /wp-admin/upgrade.php?step=1

Needless to say, I have restored a backup and taken certain precautions to prevent this from happening again.

Sun buys MySQL AB!

David — Wed, 16 Jan 2008 14:23:43 +0000

Read more at MySQL.com and Sun.com. Good it’s not Oracle.

Oracle, on the other hand, managed to buy BEA.

MySQL support for UTF-8 in Ruby on Rails

David — Tue, 11 Dec 2007 09:39:19 +0000

As a follow-up to my post about MySQL support for UTF-8 in PHP, here is the very same information for Ruby on Rails. In Rails it is a simple configuration entry in config/database.yml. I use the development configuration as an example:

development:
  adapter: mysql
  database: dev
  username: dev
  password: secret
  socket: /var/run/mysqld/mysqld.sock
  encoding: UTF8

UTF-8 is obviously configured with the encoding setting. Don’t forget to update the test and production databases too!

MySQL support for UTF-8 in PHP

David — Mon, 10 Dec 2007 12:30:19 +0000

Originally published in Swedish in my Folkmun.se Blog, a handy tip to make sure that you are reading and writing UTF-8 when connecting to a MySQL database:

mysql_query("SET NAMES utf8");
mysql_query("SET CHARACTER SET utf8")