GENERAL (Pinned Post)

In building this website, I've treated the blogging a bit differently. For those wanting to read about a specific topic, I've posted those by category in the Blog Posts menu to the left. In this General section of the blog, I will be writing about anything and everything of interest to me in day-to-day life.

I hope you enjoy!


WEBSITE ANALYTICS

January 16, 2020

analytics

I mentioned in an earlier post that I've enjoyed developing some webiste utilities. I've been using PHP and HTML to develop data collection and analysis utilities for this website.

One thing that has intrigued me is the website crawler activity that occurs against the site. In 2020 I've already collected evidence of 464 crawler hits against the site that included 224 unique IP addresses from 55 unique locations and 34 unique organizations.

A large number of the hits were from Microsoft and Google but also included were some exotic locations such as Moscow, Russia; Beijing, China; Hongkong; Berlin, Germany; and Thessaloniki, Greece; among others.

I was also able to determine that the malware injection (see previous post) redirected to a website that is apparently owned by an organization named PDR which is located in Mumbai, Maharashtra, India. Disclaimer: I have no way of knowing whether PDR is the offending organization, which injected the malware, or simply a client of the offending organization.


CHASING DOWN A MALWARE INJECTION

January 10, 2020

injection

In years past, I had become relatively comfortable with the idea that computer system security breaches were most often possible due to help from an insider. In fact, long ago I had personal exposure to exactly that sort of thing. To put all of this in perspective, back at that time a computer virus was more an idea than a reality. We sort of chuckled at those who gave this idea any serious attention. Well, that was then and this is now!

More recently, I was reading about SQL injections. I'm quite familiar with SQL (or Structured Query Language - a commonly used database access language) but was not familiar with the idea of SQL injections. It wasn't difficult to imagine the kind of damage that might occur if the wrong person had access to a database and could inject SQL code to gather private data.

However, little did I know that the term injection was meant to communicate a highly unusual and stealthy method for inserting or injecting code into the system through readily accessible port holes such as the user name and password fields in a sign-on screen. This approach can allow an experienced individual to whittle away at collecting enough knowledge of the system's structure to ultimately locate and collect usernames and passwords. With those in hand, enough information would have been gathered to sign into the system and potentially gain full access to everything in a fashion that would likely appear completely legitimate to even the most attentive technical insider.

I had no idea, when I read about SQL injections, that I would soon be the victim of a similar injection and one that would stretch my knowledge and problem solving skills beyond anything I had previously experienced. And, ironically, any such knowledge and experience I had gained over the years would work against me as I repeatedly tried to make the problem even more difficult than it already was.

On my website, and as I mentioned in an earlier post, I've been playing with some back office tools that I built using PHP in order to keep up with various website stats. As it turns out, someone hacked me in such a way that executing one particular utility resulted in a redirect to another website and the screen pictured above instead of the screen I had constructed and was expecting. I felt a bit out of my league in attempting to chase down the cause and instead considered my alternatives for performing some kind of clean-up so I could get on with life.

The good news was that by accessing that PHP utility tool from multiple locations, I had been able to prove that the malicious code was somewhere on my website host's system and not on my computer. The bad news was that my website host's sales people wanted to charge me an arm and a leg for a one-time cleaning service to correct the problem and they wanted the other arm and leg for an ongoing service to prevent future reoccurrences. For a site where all I really do is play, they were asking far more money than I wanted to pay. So I decided to go forward without executing that utility and all was fine.

Out of fear of either additional attacks or the spread of my current problem, I finally decided I had to do something. I renamed the PHP program to see if that would help, but it didn't. I deleted the program and transferred a new copy from my laptop, but the infection was still there somehow. The thing that was throwing me off was that none of my other PHP programs had become infected. I tried copying the code off my laptop and placing it up on the server in a new file, but the malicious redirect still occurred.

I was trying to imagine how some type of metadata location on my infected php file (metadata that would surely be beyond my knowledge and experience) might contain the hacked code that was causing my problem. After all, my PHP program only contained a few lines of very simple PHP code and all it was doing was displaying a log file of all the web crawlers that had visited my site. For the same reason that I mentioned earlier, where it challenged my thinking to inject SQL code in a userid or password field, it hadn't occurred to me that anything malicious might have actually been in the log file. After all, log files don't execute code. They usually just contain data. How would displaying that data execute any code, malicious or otherwise?

To make sure my thinking was on target, I tested it by creating an empty log file and running the utility against it. And, to my surprise, it ran without a redirect. I put the log file entries back in the empty log file and ran it again and, sure enough, it redirected to the bad website.

Could there be some malicious code stored in some place I didn't know existed such as a metadata location on the log file? After all, the only other thing the file contains is rows of log data about the crawlers that visited my website. How could that hurt anything?

Remember the rule of thumb from Occam's Razor whereby the simplest answer is most often correct? Well, that was definitely the case here. It's just that a simple answer may not be that simple if you've never had any experience with the question or the answer before! And, that was definitely the case for me in this instance. The answer was sitting right in front of me, but I didn't have the experience to see it.

Was there a bad row of data in the log file causing the redirect? If there was, I didn't even know that could be done. And, even if I had known, I would probably have no idea how to do it! There were over 300 rows in this log file and so I started removing them in blocks of 100 in an effort to narrow things down to the potentially offending row.

I was able to prove that the malicious code existed somewhere between row 100 and row 199. I removed rows 100 through 150 and the problem still occurred. I glanced at the remaining rows 151 through 199 and there it was on row 172! Executable scripts had been injected into the fields that would usually contain the browser definition and the referrer definition for a legitimately logged website visit. I removed everything from the log file except row 172 and restarted my PHP utility program. Once again I was redirected. I had found the problem and it was a code injection into an otherwise harmless row of user agent log data.

Here's an example of a legitimate log entry from a Google web crawler:

6 2019/12/30 11:15:23pm 66.249.70.30 Browser = Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) Referrer = Direct

In the malicious code (which I will not show here) the creator injected a script into both the Browser = location and the Referrer = location of the creator's User Agent String.

Fortunately, I did not click the Allow button on the redirected website page pictured above. Quite frankly, I almost did considering how Windows has programmed me to respond positively to the same question. From all of the documentation I've read about this particular attack, the consequences for clicking that allow button are pretty extreme and in some cases considered rather permanent.

All in all, chasing down this injection was quite an interesting and highly educational experience.


MONARCH BUTTERFLIES

January 9, 2020

monarch

I really enjoy crossing paths with people studying wildlife and such was the case today when Patty and I were out for our two mile walk and came across Tonya Vanhook. Tonya is down from Tennessee and holds a Ph.D. in etymology. As we met up with her, she had just captured a Monarch Butterfly that she was planning to tag and release.

Tonya very kindly took time out to share with us what she was doing and how and why she was doing it. Her study of the Monarch Butterfly migration patters was something Patty and I have read about and Tonya's depth of knowledge and infectious passion for the topic drew us in.

She provided a few suggestions of how we could plug in and keep up with all that is going on and I found myself taking careful mental notes of all that she was sharing. With all that is going on in this area with the Monarch Butterfly migration, it just seems like an interesting thing with which to be involved.


INTERNET?

January 4, 2020

internet

With respect to internet access here at the house, Patty and I have been living off of tethered connections from our phones. We've been with Verizon pretty much all along for our cell phones and out in these rural areas along the coast there simply is no access to fiber or cable.

On our senior plan, which is very affordable, Verizon provides a reasonable speed to our phone. However, the moment we try and tether off of our phone with our computer, Verizon steps in and slows things down to a crawl. And, we've been living with that for quite a while.

Even in using Filezilla from my computer to provide updates to this website, I'm frequently confronted with errors due to long waits trying to upload even the smallest (text only) web page. In dealing with this, I've had to adjust to a new way of life and get comfortable doing many things from my phone that I would have done (in the past) from my computer.

When I was working from our new home for the first year we lived here, I was using a Verizon cantenna and paying a pretty steep price for the kind of access I've always been used to and that I needed to host meetings, provide online training, and perform other work-related tasks. When I retired, I honestly couldn't justify the price for that kind of access even though it was tempting due to the amount of time I tend to spend on the internet each day and the more data-demanding things that I wanted to do.

For example, I've been itching to add a weather underground weather station and a camera or two to our setup. But, with our present internet capabilities, those hopes and dreams are nothing more than a fantasy.

Well, that's all about to change! It turns out that there are now government imposed mandates to provide folks like us with reasonable options and they are indeed reasonable. Thanks to some great research performed by one of our neighbors, we should be high-speed here at the house very soon - perhaps next week! Things are about to get exciting!


HAPPY NEW YEAR!

January 1, 2020

weather


WEBSITE CODING

December 31, 2019

weather

I've enjoyed writing posts for the various topics on this site, but the real fun still comes from all of the coding going on in the background - the stuff that brings the site to life!

I've built a number of highly interactive sites over the years using HTML, PHP, Javascript, and a MySQL Database. From likes and comments to security and intiutive functionality, there's an incredible amount that can be done with all of the aforementioned technologies.

I'm not quite ready to incorporate likes and comments into this site since I'm not really looking for all of that, but I have enjoyed building some back-office logging and analytics capabilities into the site for my own entertainment.

One of the interesting things upon which I've been educated in years past and even more recently are the web crawlers (aka Bots, SpiderBots, Internet Bots, and Crawlers) that are out there! My back office coding shenanigans and logging capabilities have introduced me to the wide world of an often unseen part of the web used for indexing and organizing the web pages out there for easier and more efficient retrieval.

Some of what I have found led me to this interesting article that really brings clarity to the browser's user agent string or UA. It's an item that each browser provides to identify itself, its version, and the operating system. It's worth a read if you're so inclined.


WEATHER

December 17, 2019

weather

Looks like today is going to be a weather day. We're right in the middle of a ferocious storm as I write and we're also under a tornado warning and marine warning.

I used to find weather events very entertaining, but after Hurricane Michael and what it did here on the Florida panhandle just over a year ago, I'll never look at damaging storms the same way ever again. The idea that people are losing property, and in some cases their lives, weighs heavy on my mind each time a storm rolls in.

I think one of the most sober images I've seen in a very long time was the Youtube video of individuals who had stayed back with their homes during hurricane Michael. The next day after the storm they had gathered what they could and shoved it in a travel bag and were rolling it down a virtually destroyed Highway 98 in search of civilization.

Regarding the storm related challenges we endure, they call it the price of paradise down here on the forgotten coast. But, with each new hurricane season that rolls in, we are hyper-aware of the risk we are taking for all of the romance we enjoy in living here.


BIRD FEEDING

December 16, 2019

birds

In the world I grew up with, one of the signs I observed that indicated people were getting old was when they took up bird feeding and bird watching. Well, I can't say that I sit on the back deck waiting for them to show up on one of the feeders, but I do enjoy the sight whenever I pass by the windows and glance in that direction.

As with anything else in life, there always seems to be a challenge to anything worth doing and the bird feeder has proven to be no different. I don't mind refilling it but I do mind the way the countless crows have taken to emptying the feeder in less than a day's time after a refill.

We purchased another feeder designed to prevent larger birds from feeding, but the crows have become pretty adept at shaking it and flying down to the ground to enjoy the smorgasbord. We even purchased a seed type that crows aren't supposed to like, but I haven't seen it slow them down so far. Oh well, just one more of life's many opportunities for problem solving. At least we don't have any squirrels out here on the waterfront.


WILD HOGS

December 13, 2019

Wild Hog

I was recently making the 6+ mile trek through the St. Marks Wildlife Preserve from our house to the closest store when I saw this guy on the side of the road. I knew if I slowed down and tried to bring the camera app up on the phone he would be gone before I could get my foot to the brake pedal.

So, I took a close look as I drove on by and he acted like he could have cared less that I was even there. As I drove further I was really regretting that I had not pulled out the phone and tried my luck at getting a shot.

So, on the way home I decided to have the camera app loaded and ready in case my friend decided to hang around for dessert. To my surprise, when I approached the same spot, he was still there chowing down on the roadside cuisine. And, when I stopped and let the window down he didn't even pause to glance my way. He seemed happy to just snack and wait for his close-up.


MEET LILY!

December 12, 2019

Lily

Yesterday Patty and I celebrated our 43rd wedding anniversary and part of that celebration involved adding a new member to the family. Patty's had a heart for a dog or a cat for months now, and when we both met Lily I think we knew she belonged with us.

Lily is a long-haired Tabby Cat somewhere between 1 and 2 years old and we rescued her from the (local) Crawfordville, Florida animal shelter. She's a very gentle and loving cat and clearly smart as she located all of the essentials items that Patty put out for her.

She's officially Patty's cat but I'm sure she will bring much joy to both of us. She's already found one of her comfortable places in our closet below my hanging clothes and on top of the chest where we store the rest of our clothes.

Welcome Lily!


CELEBRATING OUR 43rd ANNIVERSARY

December 11, 2019
Anniversary

43 years ago, I married my beautiful bride and we began what would become a new and very exciting season in our lives. In all of those years since, the adventure has been all that I could have possibly hoped for and much, much more. At the top of the list of wonderful things was the birth of our daughter in 1981 and the birth of our son in 1983. Sharing in their adventures was easily one of the best parts of our adventure.

Memorable anniversary trips over the years include North Georgia, Maine, multiple cruises including an Alaska cruise, an Amtrack train ride through the Rockies, and another wonderful Amtrack train ride up the west coast from LA to Seattle including a cruise over to beautiful British Columbia

Even though the trips were incredible, they were first and foremost in my mind a celebration of an amazing and wonderful life together. I'm so grateful to God for the incredible blessings He has poured on us over the years. I pray there will be many more wonderful and exciting years yet to come!


BLOGGING AGAIN...

December 10, 2019
Blogging

I'm really excited to get active once again with blogging. More than anything it's always been a fun way to record and share memories with friends and family. Beyond that, I enjoy the opportunities to write about anything and everything that's interesting to me, dabble with the technology, be creative, and dive into a bit of artistic expression with website design.

I'm moving away from Wordpress for a lot of reasons and getting back to my roots with my own website. For the most part I've wiped the slate clean from almost 15 years of posts, completely rebuilt this website, and look forward to a new start.

And so, here I am back in the world of blogging and website development. Since this site is honestly nothing more than an online scrapbook, I've removed the PHP code that previously allowed for comments and likes. If anyone needs or wants to get in touch with me or leave a message, I've provided a "contact" form over in the menu. Feel free to reach out!

I hope you enjoy your visit!


WEATHER ON THE COAST

April 15, 2018

Water Spout

One of the things I really enjoy about living on the coast is the opportunity it presents to see interesting weather related events. The picture above is of a water spout that Patty and I watched off of the back deck last year, not long after we moved here. We watched the water spout travel west to east as it moved on away from us and toward the St. Marks Lighthouse, also visible from our back deck. The spout lasted quite a long time and disappeared from view before it showed any evidence of falling apart. Weather 1

This morning, we had another weather event. This one came in the form of a line of strong storms with sustained winds of 30 mph and gusts reaching 72 mph. Despite having lived here almost a year, and going through several such events, residing in a home that is up on stilts (not to mention facing the gulf with nothing to block the strong winds coming up from the south) offers a back and forth sway of the house that I am only now getting used to. It's particularly noticeable when I'm laying in the bed or sitting here at the computer - basically any situation where I'm sitting still. I'm told that houses up on stilts are built to sway. With what I've experienced, I sure hope so! Smiley

I'm thinking about obtaining a Personal Weather Station (PWS) and connecting it to the online Weather Underground Network. Being a data kind of guy (as I mentioned in my previous post) makes a PWS a perfect fit for this all things geek kind of guy. Smiley

Until then, I'm enjoying the benefit of several PWS's that are online and located a stone's throw to our west over on Shell Point. They provide much more accurate information, in terms of what we are experiencing out here on the coast, than the weather.com reports for the city of Crawfordville. In fact, the differences in wind and temperature conditions can often be quite extreme between the two.


BEST KEPT SECRETS

April 14, 2018

Hot Mess Dip

Just south of us is the small town of Panacea, Florida. I have great memories of Panacea from my older teenage years (early 70's) as I traveled with my dad while he worked that area. I still vividly remember eating at Angelo's and Sons (maybe it was just Angelo's back then?) and fishing under the bridge right there next to the restaurant.

The events that lead to one of my best (and favorite) fish stories occurred late one night right under that bridge! I hooked a very large ray on a very old deep sea reel and the reel broke while trying to pull him in. Dad grabbed an empty beer can off of the ground (beer cans were more sturdy back then!) and began winding line around it.

We would both drag the can up the hill to tug on the ray and then run back down the hill winding as fast as we could. It's too bad we didn't have cell phones and video back then. You probably had to be there to appreciate just how hilarious the entire event was! Smiley

Anyway, we moved Patty's mom down to Panacea recently to get her closer to us as she's approaching her 90's. We turned her on to Posey's Steam Room Restaurant and now she grabs lunch there a couple of times a week. I can't believe that we introduced her to the restaurant and now she goes and eats there without us. What's up with that?! Wink!

Still, in keeping with the title of this post, one of the best kept secrets down that way is the Hot Mess Dip made by Mineral Springs by the Bay, Seafood Market. They have a lot of other great offerings, including the bacon wrapped crab and shrimp, but that dip keeps me coming back for more!


INTERESTING VISITORS

April 13, 2018

Deck bird

One of the things Patty and I enjoy most about the forgotten coast is the incredible variety of wildlife that tend to reside in this area. Whether it's a new visitor on the back deck, or a school of porpoises feeding down below and on the ever present and plentiful mullet that school close by, there is always something to be enjoyed.

On a recent visit from our son, we had the rare treat of seeing a tagged manatee (aka sea cow) swim by off the back deck. They seem much more common up around Wakulla springs during the colder time of the year, but it was a real treat to see this one swim by.


DOLPHIN JUMP

April 12, 2018

With all of the dolphin activity we tend to see from the back deck, and especially with the youngsters that jump completely out of the water and do flips, we decided to name our place Dolphin Jump.

We moved here in May of 2017 and I shot the video below in June, not long after we arrived. I've seen reference on nature programs to what we're observing in this particular video but it's still something to witness it up close and in real life.

A dolphin will paddle around a school of fish and then slap his or her tail in the middle of the school to create confusion and open up an opportunity to grab one of the unsuspecting victims.

It's quite something to watch and has been a pretty common sight around here.

(Apologies for the background noise)


Copyright © 2019 Hutch DeLoach