You can't beat it with a stick

Category: debugging Page 1 of 2

A Brief Lesson in Email Spam

I received an urgent support ticket yesterday from a client’s hosting provider. It said that email spam was originating from our client’s website. It was the typical email that most people refer to as a “Nigerian email scam” or a “419 scam.” Here’s the email:

Dear Friend,

Greetings in the name of God,Please let this not sound strange to you
for my only surviving lawyer who would have done this died early this
year.

I prayed and got your email id from your country guestbook.I am Mrs Rose
Holtsbery from London,I am 58 years old,i am suffering from a long time
cancer of the lungs which also affected my brain, From all indication my
conditions is really deteriorating and it is quite obvious that,
according to my doctors they have advised me that i may not live for the
next two months,this is because the cancer stage has gotten to a very
bad stage.

I was brought up from a motherless babies home was married to my late
husband for twenty years without a child,my husband died in a fatal
motor accident Before his death we were true believers.Since his death I
decided not to re-marry,I sold all my inherited belongings and deposited
all the sum of 10million dollars with a Bank.

Presently, this money is still with the bank and the management just
wrote me to come forward and claim my money because they have kept it
for so long or rather issue a letter of authorization to somebody to
receive it on my behalf since I can not come over because of my illness,
or they get it confiscated.

Presently, I'm with my laptop in a hospital here in Switzerland where I
have been undergoing treatment for cancer of the lungs. My doctors have
told me that I have only a few months to live.It is my last wish to see
that this money is invested to any organization of your choice and
distributed each year among the charity organization,the poor and the
motherless babies home.

I want you as God fearing person, to also use this money to fund
church,mosque, orphanages and widows,I took this decision before i rest
in peace because my time will soon be up.

As soon as I receive your reply I shall give you the contact of my
Doctor Legal practioner(lawyer) who will issue you a letter of Authorit
y that will prove you as the new beneficiary of my fund.

Provide me with your information so i can send it to the bank as the new
beneficiary and issue you a letter of authorization.

Below is the information needed from you:<

FULL NAMES:__________SEX: _____ AGE: ______MARITAL
STATUS:_______________COUNTRY: ______
CONTACT ADDRESS: ________________________PHONE NO#___________FAX
NO#_________________OCCUPATION:______________

Please assure me that you will act accordingly as I stated herein.Hoping
to hear from you soon.

Mrs Rose Holtsbery

I had no idea where to begin solving this issue, so I called Rackspace, the hosting company. The support folks confirmed that the email was originating from the server and ran some diagnostics to locate the source. We quickly found the problem and I got an education in spamming…

On the client’s website, there is a folder cleverly named “uploads,” which stores all images and documents uploaded through the content management system. Some lazy web developer (me) had set the permissions on the folder to 777. What this means is that basically anyone has read/write privileges on this folder. Scammers use bots (automated scripts) to crawl the web looking for open folders like this. When they find one, they attempt to write a simple PHP script into the folder. This script is the spam mailer, but it uses your server to do the dirty work. We found a script named “isunn.php” in the uploads folder. If you navigated to the file in your browser, it looked like this:

Click on the image to see a larger version:
spam-GUI

Pretty slick. It’s basically an email spam GUI. You simply enter the details, including the number of people you want to email and hit the SEND button. Easy peasy.

Anyway, I thought it was interesting to get a brief education in the mechanics of spamming. And the lesson is: don’t ever set folder permissions to 777 on your web server.

SOLVED: IntelliJ IDEA LESS compiler failure

intellij Idea less compiler failI use IntelliJ IDEA for all of my web development work – it’s simply the best web IDE on the market, but I ran into a weird problem with the built-in LESS compiler recently. I cloned a project from the Github repo and set it up in IntelliJ. Everything was going well until I tried to compile the LESS files. I was getting weird errors whenever I tried to compile any LESS files in the project. Errors like this:

LESS CSS Compiler Error
mobile.less: Name Error: variable @screen-sm-max is undefined (line 2, column 20) near @media (max-width: @screen-sm-max) {

(This is weird because this variable is defined correctly)

or this:

LESS CSS Compiler Error
styles.less: org.mozilla.javascript.UniqueTag@15923b2d: NOT_FOUND Error: java.io.IOException: No such file file:/Users/admin/Desktop/_CLIENTS/Website%20build/BUILD/GIT/_WEB/styles/bootstrap/bootstrap.less (line -1, column -1)

(This is weird because it’s failing to compile Bootstrap, which I know is fine)

There was obviously something wrong with my setup because it worked fine for other developers. I was getting these errors when I used the “Compile to CSS” function or when I set up a LESS file watcher. I upgraded my LESS version. I spent a lot of time trying a lot of different things until I stumbled across this obscure thread.

That’s right. You can’t have any whitespace in the file path. My mistake was that the project was located in this folder:
Desktop/_CLIENTS/Website build/BUILD/GIT
Notice the space in “Website build.” I changed to folder name to “Website_build” and it worked. Note that manually adding “%20” into the file watcher path doesn’t work – you absolutely can NOT have any spaces in the path. I was kind of shocked at this problem. I thought we had gotten over this issue 20 years ago. Anyway, I’ve learned my lesson. No more folders with whitespace in the names. If this saves someone else a little time, then my wasted time will be worth something.

How To Use Firebug to Fine-Tune Mobile Website CSS

If you are doing front-end web development, you likely use Firebug. It’s a Firefox browser extension that provides all the basic tools you need to debug a website. Development tools in all of the modern browsers are based on the gold standard set by Firebug.

One of the most common uses of Firebug is to make changes to your CSS in real time. You can experiment with different styles until your layout looks right, then simply cut and paste everything into your stylesheet.

This works great for desktop browsers, but mobile browsers don’t have development tools. If you want to debug your mobile layout, you need another browser extension that allows you to switch the user agent. There are a number of good ones out there. I’m currently using User Agent RG for Firefox. Once this extension is installed, you can change the user agent string by going to the “Tools” menu and choosing “User Agent.” Simply choose a mobile device and you can get an idea of what your site looks like on a mobile device.

It’s important to understand what the user agent switcher does (and doesn’t do). What it does is tell the browser the type of device that you are using to browse the web. The Firefox plugin basically lies and says “I am using an iPhone” (or whatever). If you have a mobile version of the website, that version will be displayed.

What it does NOT do is make Firefox act like Mobile Safari, or any other browser. If there are browser-specific layout issues, you will not be able to see them with the user agent switcher. Luckily, mobile device browsers are fairly standards-compliant, so very few CSS issues are browser-related. Browser-specific issues like HTML5 video issues (*cough* Mobile Safari *cough*) still need to be debugged with that browser.

The other thing that user agent switching doesn’t do is resize your site to mobile browser dimensions. To get an accurate sense of how your site looks on a phone or tablet, you will probably need set a body width in your CSS:

body {
    width: 320px; /*older iphone width*/
}

This way, you can lock it to the dimensions of the device you want to test and tweak the CSS with Firebug to fix any layout problems.

This has been the quickest and easiest way I have found to fix mobile-specific layout issues. Good luck!

Why does my javascript fail in Internet Explorer?

If you’re like me, you use Firefox or Chrome as your browser of choice for development. They’re both pretty web-standards compliant and they have nice developer tools. So, your javascript code is working perfectly and you test it in some other browsers…

It silently crashes in Internet Explorer! If you are using IE9, you hit F12 to look at the developer tools and track down the error, but it suddenly starts working perfectly! No Errors! You close the developer tools and it fails again. Huh?!

This is a common IE issue. Internet Explorer does not have a javascript console by default, so any calls made to the console will throw an error and crash the program. If you open the developer tools, then the console works and it stops throwing the errors. There are 2 basic solutions to this issue:

1) Comb through your code and remove all calls to the javascript console. Usually the problem is some random console.log() statement you added for debugging and forgot to remove.

2) The more elegant solution is to add some code that will stop the console from throwing errors in IE. Here is a snippet of code I often include at the top of my projects to fix the problem:

<script type="text/javascript">
  try {
    console //does the console exist?
  }
  catch(e) { //if not...
    console = {}; //create a console object for IE
    console.log = function() {}; //add a log method to the new console object
    //add other console methods here if you need them
  }
</script>

Note that this code only fixes console.log() calls. The javascript console has other methods that may need to be added to this script too. If you do some Googling around, you can probably find a nice little polyfill* that you can include in all of your projects that will take care of all the console functions.

*If you don’t know what a polyfill is, don’t feel bad. It’s basically a piece of code that inserts non-native functionality into javascript. In this case, the polyfill doesn’t actually do anything except prevent IE from throwing errors.

Disclaimer: there are some other javascript peculiarities to IE, so this may not be your problem, but ruling it out is a good place to start.

Page 1 of 2

Powered by WordPress & Theme by Anders Norén