alanreed.orgAlan Reed – [Tech Blog]

alanreed.org Profile

alanreed.org

Title:Alan Reed – [Tech Blog]

Description:Alan Reed is the founder of Proud Development, LLC - a technology company based in Pennsylvania

Keywords:

Discover alanreed.org website stats, rating, details and status online. Read and write reviews or vote to improve it ranking. Check alliedvsaxis duplicates with related css, domain relations, most used words, social networks references. Find out where is server located. Use our online tools to find owner and admin contact info. Go to regular site

alanreed.org Information

Website / Domain: alanreed.org
Website IP Address: 104.28.20.110
Domain DNS Server: zara.ns.cloudflare.com,cody.ns.cloudflare.com

alanreed.org Rank

Alexa Rank: 3545032
OursSite Rank: 3
Google Page Rank: 0/10 (Google Pagerank Has Been Closed)

alanreed.org Traffic & Earnings

Purchase/Sale Value: $5,082
Daily Revenue: $13
Monthly Revenue: $417
Yearly Revenue: $5,082
Daily Unique Visitors: 1,281
Monthly Unique Visitors: 38,430
Yearly Unique Visitors: 467,565

alanreed.org WebSite Httpheader

StatusCode 200
Content-Type text/html; charset=UTF-8
Date Sun, 22 Oct 2017 23:13:59 GMT
Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Server cloudflare-nginx

alanreed.org Keywords accounting

Keyword Count Percentage

alanreed.org Similar Website

Domain WebSite Title
alanreedltd.co.uk Alan Reed Ltd
kingedgartheaethlingalifeofregret.com King Edgar - A Life Of Regret || Alan Reed
beautysalondoylestown.com Home | Doylestown, PA | Alan Reed & Co.
alanswreed.com Alan S.W. Reed Nantucket Lightship and Friendship Baskets
the-reed.com The Reed
reedfootwear.com Reed
hudsonreed.co.uk Hudson Reed | Hudson Reed
trentreed.net Trent Reed – Trent Reed
thereedbrothers.com The Reed Brothers - The Reed Brother
reedkessler.com Reed Kessler
reednationaldrivers.com Reed National
reed-masonry.com Reed Masonry
reedexecsearch.com Reed & Associates
musiclessonsmooresville.com Reed The Music
reedmag.org reed-magazine
reedsorenson.com Reed Sorenson
reedsmith.com Reed Smith
reed.edu Reed College

alanreed.org Traffic Sources Chart

alanreed.org Alexa Rank History Chart

alanreed.org aleax

alanreed.org Html To Plain Text

Alan Reed – [Tech Blog] Skip to content Alan Reed [Tech Blog] Menu and widgets Home Tools About Contact Archives May 2016 April 2016 December 2015 September 2015 March 2015 January 2014 July 2013 Alan Reed is the founder and owner of Proud Development, LLC. [Solved] Install Hipchat 4 on Fedora 23 Hipchat has documentation for installing on Debian-based distros but not on RPM-based distros like Fedora and RHEL. However, there is an undocumented repository for RPM. The undocumented RPM repository is: https://atlassian.artifactoryonline.com/atlassian/hipchat-yum-client To install the repository: sudo dnf config-manager --add-repo https://atlassian.artifactoryonline.com/atlassian/hipchat-yum-client 1 sudo dnf config-manager --add-repo https://atlassian.artifactoryonline.com/atlassian/hipchat-yum-client Next, to install Hipchat 4: sudo dnf install hipchat4 --nogpg 1 sudo dnf install hipchat4 --nogpg Posted on 11 May 201611 May 2016Categories Code, Walk-Through1 Comment on [Solved] Install Hipchat 4 on Fedora 23 SSH Tunnel Local Port to Local Port on Remote Machine Reducing your attack surface is an important part of network security. If you are running a service that only needs to be accessed from localhost, you should not allow connections from the outside world. On my web servers, only 3 ports are open: 22 for SSH 80 for http 442 for https All other ports are filtered. This significantly reduces the number of possible attack vectors. Other services such as MySQL (port 3306) are only accessible from the private network. To access MySQL from a remote machine you can SSH tunnel to the database server and then connect to the database on localhost. Most database clients like MySQL Workbench support SSH Tunneled Connections. However, I came across a problem when I wanted to run a python script locally to update my remote database server. There is a library for connecting directly to a MySQL database with Python, but not for connecting through an SSH Tunnel. Another option would be to run the python script on the remote server, but in my case I did not want to do that. To solve this, we will have to manage the SSH Tunnel ourselves. After building the SSH Tunnel, you will be able to connect to a port on your local machine and the connection will be sent to a different port on the remote machine’s loopback interface. If you use key authentication to SSH, run this command: ssh -nNT -L 1234:localhost:3306 REMOTE_SERVER 1 ssh -nNT -L 1234:localhost:3306 REMOTE_SERVER If you are using password Authentication, run this command: ssh -fNT -L 1234:localhost:3306 REMOTE_SERVER 1 ssh -fNT -L 1234:localhost:3306 REMOTE_SERVER That’s it. The command will go to the background and you can connect to localhost:1234 as if it were locahost:3306 on the remote server. Final Notes Test the SSH Tunnel There are a few final notes when using this command. First, to test that your tunnel is working, try to connect to MySQL on the remote server by running this command on the local machine: mysql -u REMOTE_DB_USER -h 127.0.0.1 -P 1234 -p 1 mysql -u REMOTE_DB_USER -h 127.0.0.1 -P 1234 -p You must to set the host (using the -h flag) to 127.0.0.1. If you leave the host blank or set it to localhost, MySQL uses sockets and thus ignores the port flag (-P). Close the SSH Tunnel How do we close the SSH Tunnel? When you want to destroy the SSH Tunnel you can run the following command. It will kill a process that is listening to port 1234: fuser -k 1234/tcp 1 fuser -k 1234/tcp Keep SSH Tunnel Alive Finally, when using SSH Tunnels you may want to configure SSH to keep the session alive so your connection does not drop unexpectedly. SSH does not close connections after any length of time, but router’s remove inactive connections from the NAT tables periodically. To prevent this from happening, add the following code to the top of your SSH configuration file: Host * # Send keep-alive packet every 60 seconds ServerAliveInterval 60 # Send keep-alive packet only 60 times (1 hour) ServerAliveCountMax 60 1 2 3 4 5 6 7 Host * # Send keep-alive packet every 60 seconds ServerAliveInterval 60 # Send keep-alive packet only 60 times (1 hour) ServerAliveCountMax 60 Adjust ServerAliveInerval and ServerAliveMaxCount as desired. SSH configuration file is found in ~/.ssh/config Posted on 21 April 20166 June 2016Categories System Administration, Walk-ThroughLeave a comment on SSH Tunnel Local Port to Local Port on Remote Machine Solved: Laravel 5 Calling the Wrong Controller I recently encountered an issue that took me far longer to solve that it should have. Laravel is an excellent framework for building PHP websites. I have used it to build several sites now and it is by far the best framework I have seen. The latest version, Laravel 5, is powerful and well documented. With Composer, Laravel is easily extendable and allows you to pull in common php packages. Up to this point, I had used Composer to pull in packages and manage dependencies without really knowing how it worked. Unfortunately, due to my lack of understanding, Composer’s Autoload feature caused an issue that was very hard to debug. In the site I was making, I created a new configuration file that was used to dynamically set routes so I could create new sections and add those sections to the navigation menus in one step. Next, I created a template controller that I would simply copy, rename, and start working with for each of these new sections. Everything was working fine until I used Composer to install a new package on my production system. I installed Guzzle to which is need to interface with MailGun. When you install a new package Composer updates composer.json, installs the package, and reruns dump-autoload. After setting up email, I thought the site was ready for production. All the sudden, one of my many dynamically created sections was not working. For some reason, the route for this one section was calling the Template Controller instead of the proper controller. First, I though one of Laravel’s many layers of caching was the issue. I disabled Laravel’s route caching, configuration caching and view caching. I even turned off mod_pagespeed and CloudFlare just to be sure no caching was the problem. But it still was not working. I decided to hard code the routes to skip over my dynamic route generator. But still for just one section the Template Controller was being called instead of the proper controller. I checked the routes file again and again to ensure there was no earlier route being called. Eventually, I removed the Template Controller entirely and the section in question would error out saying TemplateController.php was not found. But how was this controller being called? The section was working before. Everything was working on my development machine. Just in production, this one section of the site was not working. For some reason, this route: Route::get('/quarters', ['as' => 'quarters', 'uses' => 'Content\QuartersController@index']); 1 2 Route::get('/quarters', ['as' => 'quarters', 'uses' => 'Content\[email protected] ']); would call the TemplateController@index At this point I had completely deleted the Template Controller. Something must be calling Template Controller somewhere. So I decide to SSH into my production server and run: $ grep -R 'TemplateController' public_html/ 1 $ grep -R 'TemplateController' public_html/ That grep command searches the entire web directory recursively for the string ‘TemplateController.’ As you can see, the string was first found in an error log file. But the final match led to the solution. We can see a file called vendor/composer/autoload_classmap.php contains a line that seems to be mapping the QuartersController class to the TemplateControllers class. How did that get there? It turns out, that when I created the TemplateController file, I did it by copying the QuartersController and stripping out all of the code specific the that section. Unfortunately, I forgot to change the name of the class in the TemplatesController.php file. I accidentally left that class name as QuartersController. Now, that should not be an issue. I am not even using the TemplatesController class. It is only there for a starting point when creating new sections. What I did not know at the time is when your run composer dump-autoload , composer scans your entire project’s source code and creates a autoload_classmap.php file. The classmap files allows the application to more quickly find the file containing a particular class. Because I had two classes with the same name (one of them not being used), composer mapped to the wrong file. I changed the TemplateController.php class name, reran dump-autoload and everything worked again! This error only surfaced after installing Guzzle because after a package install, composer runs dump-autoload automatically. The moral here is that you can only use a tool without knowing how it works for so long before it comes back to bite you. Posted on 16 December 201516 December 2015Categories Code, Tools, UncategorizedLeave a comment on Solved: Laravel 5 Calling the Wrong Controller Alan’s Exif Viewer Last week I launched exif.alanreed.org an online Exif viewer. This tool allows you to view the metadata embedded within images such as brand, model, and serial number of the camera. Some cameras even store the latitude and longitude of where the image was taken. Cell phones especially store tons of good information in Exif. I wanted to make this tool for a while and finally got the chance during a 20 hour drive to Orlando, Fl for the annual HTCIA conference. Right now the tool only works for images, but in the future I hope to add the ability to extract metadata from other file types such as pdf, docx, and exe. Posted on 17 September 201524 December 2015Categories ToolsLeave a comment on Alan’s Exif Viewer [Solved] Change httpd Document Root results in 403 Forbidden on Apache 2.4 and Fedora 22 Recently, I decided to take the leap and begin using Linux exclusively. I installed Fedora 22 and so far I like it. I hit my first major snag when setting up a LAMP development environment. After installing Apache and setting up a virtual host all pages returned error 403 Forbidden. I am running Apache 2.4. The first thing I noticed is that Apache changed the syntax for allowing and denying access to a directory. Previously you would use: Allow from All 1 Allow from All to grand access to a directory. In Apache 2.4 you use: Require all granted 1 Require all granted After ensuring I was allowing access to the new document root in httpd.conf correctly, I started to get stuck. Only after much digging, I came across the root of the problem: SELinux Contexts. SELinux adds an additional level of security by layering more flexible and powerful access controls on top of the standard Linux access control. SELinux is found on Fedora and Red Hat systems. You can check to see if SELinux is enforcing access control on your system by running: $ sestatus 1 $ sestatus You must add the httpd_system_context_t context to the new document root so that Apache has access. You can read more about SELinux here. In production you do not want to weaken security to get things working. You should give files the correct context so Apache works with SELinux. However, in a development environment, you can simply disable SELinux to make your life easier. To disable SELinux modify /etc/selinux/config to look like: # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted 1 2 3 4 5 6 7 8 9 10 11 # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted Save that file then restart. You can run sestatus again to make sure SELinux is disabled. If you configured httpd.conf correctly, Apache should now be able to access the new document root. Posted on 17 September 201517 September 2015Categories Code, Walk-ThroughLeave a comment on [Solved] Change httpd Document Root results in 403 Forbidden on Apache 2.4 and Fedora 22 Online WGET Tool About a year ago I came across a page that my browser flagged as malicious. I wanted to look at the source but my browser would not allow it. The solution is to run WGET on the page in order to view the source without executing it. I did not have a WGET utility on my computer and did not feel like downloading it just for one use. So I googled “online wget tool” and there was nothing. Just links to the WGET application. I had just started learning PHP and LAMP stack at the time so I decided to make my own online WGET utility. Here is what I came up with: Online WGET Tool. The tool allows you to enter a URL and see the HTML code without rendering it. The page sat around for a while – I have used it a couple times over the past year. It has also come in handy as a limited proxy server several times. Recently, the page was indexed by search engines and has started getting traffic. The tool is free to use and as long as my server does not get overwhelmed it will stay that way. Posted on 8 March 20158 March 2015Categories ToolsLeave a comment on Online WGET Tool On-screen Keyboard On-screen keyboards are useful for people who need alternate keyboard layouts frequently or people with disabilities. On-screen keyboards can also be used to thwart keyloggers. Hardware or software keyloggers can easily be installed on public computers allowing an attacker to see anything that is typed on an infected computer. Some operating systems come with a built-in on-screen keyboard. However if you are on a public computer the application may be missing or be modified. I created a web-based on-screen keyboard to solve this problem. This tool lets you type passwords or other sensitive information without a keylogger recording what you type. The input is obfuscated and can be copied to where ever you need it. The keyboard can be used from anywhere with an Internet connection and a web browser. You can also download the webpage and use it offline. This isn’t foolproof, but it’s a good solution if you are wary of the computer you are currently on. If you are paranoid you should inspect the page source before using the on-screen keyboard. I have made the page as simple as possible so it should be straightforward to inspect. The tool can be found at keyboard.alanreed.org Posted on 12 January 20144 March 2014Categories ToolsLeave a comment on On-screen Keyboard Vulnerability Disclosure: USCC CyberQuests 2013 USCC runs computer security challenges throughout the year to find qualified students for their Cyber Security Camps. The most important test is held in April — the last challenge before summer camps. The April 2013 Cyber Quest consisted of 30 multiple choice questions based on analysis of a pcap file containing evidence of an attack. The best score wins, if there is a tie then the fastest time wins. This was one of the easier challenges throughout the year — 65 participants got perfect scores. The challenge then became a race. To submit the test quickly, I wrote a JavaScript command that would select the correct answers and submit the test. My approach required loading the quiz and then running the script. I scored a time of 8 seconds. Some challengers wrote very cool scripts to start and submit the test in less than a second! To write my script I recorded the HTML value parameter for each radio-button and checkbox of the correct answers. While recording the values I discovered a pattern revealing all the correct choices! Below is an example of the HTML for a radio button from one of the answer to the test: 1 The value parameter is the problem. For each question there are 3 or 4 choices, each with a value that is unique to the entire quiz. Of the possible answers for each question, the correct answer is always the answer with the lowest value among the possible choices for that question. For one question on the test there were two answers. For this question, the correct answers were the checkboxes with the two lowest values among the possible choices. The radio button of every correct answer on the test had a value that was 1 more than a multiple of 4. Despite not having an explicit bug bounty program USCC payed a reasonable bounty. Posted on 24 July 20138 March 2015Categories Research, Vulnerability DisclosureLeave a comment on Vulnerability Disclosure: USCC CyberQuests 2013 Solved: WordPress wp_insert_post problem with post_status and tax_input keys wp_insert_post is the WordPress functions used to create new post. I used the function to create a plugin with a front end to allow anyone (anonymous users) to create posts. The function appeared to ignore several documented parameters. wp_insert_post would create the post but would not set the Category and Tags fields when anonymous users ran the code. The offending code: $post = array( 'post_title' => $title, 'post_name' => $slug, 'post_author' => $poster_id, 'post_content' => $content, 'post_type' => 'music', 'post_status' => 'publish', 'tags_input' => $tags, 'tax_input' => array('genre' => $term) ); $new_post_id = wp_insert_post($post); 1 2 3 4 5 6 7 8 9 10 11 $post = array( 'post_title' => $title, 'post_name' => $slug, 'post_author' => $poster_id, 'post_content' => $content, 'post_type' => 'music', 'post_status' => 'publish', 'tags_input' => $tags, 'tax_input' => array('genre' => $term) ); $new_post_id = wp_insert_post($post); It turns out that the post_type and tax_input keys only works if you user running the code is an administrator. If the user is not an administrator then all subsequent keys after the offending key will be ignored. To solve this problem, use wp_publish_post and wp_set_object_terms functions instead of using post_status and tax_input keys, respectively. These functions will work properly regardless of users’ permissions. This code will allow anonymous users to create and publish posts: $post = array( 'post_title' => $title, 'post_name' => $slug, 'post_author' => $poster_id, 'post_content' => $content, 'post_type' => 'music', 'tags_input' => $tags ); $new_post_id = wp_insert_post($post); wp_set_object_terms( $new_post_id, array($term), 'genre' ); wp_publish_post( $new_post_id ); 1 2 3 4 5 6 7 8 9 10 11 $post = array( 'post_title' => $title, 'post_name' => $slug, 'post_author' => $poster_id, 'post_content' => $content, 'post_type' => 'music', 'tags_input' => $tags ); $new_post_id = wp_insert_post($post); wp_set_object_terms( $new_post_id, array($term), 'genre' ); wp_publish_post( $new_post_id ); If you omit the wp_publish_post then the post’s status is subject to the current user’s permissions (Reference). Anonymous users will create pending posts. This behavior is not undocumented in the codex. Additionally, the behavior seems to be unintended. The function fails ungracefully by simply breaking when a permissions error is encountered rather than processing the remaining keys. Posted on 14 July 20138 March 2015Categories Code, WordpressLeave a comment on Solved: WordPress wp_insert_post problem with post_status and tax_input keys ARP Cache Poisoning Defense Last summer I attended the US Cyber Challenge Conference in Virginia. I was in the hotel room getting ready for a week of exciting security courses. The WiFi was unbearably slow but I attributed that to the masses of other conference goers downloading OS images needed for the morning classes. The morning class was Packet Crafting with Scapy, a powerful packet manipulation tool for Python. I was refreshing my Wireshark skills for the morning class and noticed something odd — there was a flood of constant ARP traffic. Someone was poisoning my ARP cache and intercepting all of my web traffic. This was my first up-close and personal introduction to ARP Poisoning. That experience inspired me to write a personal ARP Defense script. The script monitors a computer’s ARP table and notifies the user when an Attack is detected. The script can be found here. Additional information on ARP Poisoning can be found at arppoisoning.com. Posted on 12 July 20138 March 2015Categories Code, Research, Vulnerability DisclosureLeave a comment on ARP Cache Poisoning Defense Copyright 2016 AlanReed.org. All rights reserved.

alanreed.org Whois

Domain Name: ALANREED.ORG