Denial of Service Attacks or (DoS Attacks) or (DDoS Attacks) are a common battle in the web world. They involve a repeated ping or call on a server. The goal is to make the server/website unavailable.

I do my best to keep up to date on the latest hacks and not to mention old hacks resurfacing. One of these issues seems to be coming up again. And that has to do with PHP's $_GET, $_REQUEST, and $_POST variables.

These are excellent ways of creating heavy loads on a server if the maxium allowed variables is to high. Not to mention if each one of those variables is not limited it could potentially unleash a lethal Denial of Service attack on a victim hosing and destroying there CPU's.

One of the things I love to do is learning various API's and new technologies. One of my many side projects is a Dance Dictionary that will contain step names, how to's, definitions, videos and pictures. I started writing up the tech specs and a scope for the project and start to think about utilizing a search engine to power parts of it.

Out of my research the two engines that came to mind were Google and Bing. Now my scope of the project will rely heavily on two things. 1) Images 2) Videos. Later on ill probably utilize more items such as question and answers and such but that cant wait.

Recently I got curious and adventurous into setting up a Virtual Environment on my Mac's VMware Fusion with Ubuntu, Apache, MySQL and PHP. As a Web Developer I often find little need to be a Sysadmin and spend WAY more time developing. It may come as a shocker but its often not a required effort to need to have the knowledge now days of how to setup the environment I work in! An analogy behind this is a mechanic doesn't necessarily build cars, but rather fixes them. While they may understand the details behind it they may have never put a car together from start to finish, but if they had to they could...

So I figured I would post a little bit about what I did to get it going. Because this was my first run of doing this it took a little longer than it should have. But now that I have gone through it I could probably do it as fast as my machine can download.

Lately I have had "caching" on the brain and have been working on a decent way of caching.

So far I have found that caching is obviously faster and in XML format makes it really easy to iterate through in Object format.

My methods so far are

1. Checking a database table for current cached item information.
2. If it has an expiration date or does not exist the feed needs to be cached.
3. If needs to be cached - Caching will grab the feed via curl, fopen, or file_get_contents()
4. Feed will then be stored in a file in a specific directory on the server. 
5. Database will either be updated or inserted with feed information.

One of my issues lately with my CMS system has been the TinyMCE (Wysiwig Editor). Doing example code has been extremely painful. As everytime I would go back in to make an edit I would have to rewrite the examples as it would convert it to real HTML and or Javascript. Because of this I found myself wasting a lot of time fixing these articles every time I would make an edit.

Luckily I found an easy fix. I switched from using blockquotes to pre tags with code tags. Not only this but I found a PHP script that cleans the code behind these tags to make things as they should be.

Recently I did a post about website loading. Which had me thinking... Paginiation! Its a lovely device that allows you to not have to display all the content on the same page. There are so many forms of pagination and pagination theories. One of which is a newer method called. "Auto Pagination." It is seen on many sites such as local pages on google and several others.

It basically detects the "windows" scroll and once a certain position on the page has been achieved it loads more content into the page. Some other neat useages of this window scroll is on mashable.com when reading an article if you scroll far enough down it will display the next article on the list. But this is about pagination...

Ever had issues with putting HTML inside of HTML text boxes? This can be a pain as often times you will find different browsers will read it fine, but then some will break it.

In PHP there is a wonderful function called "htmlentities."

Encoding is simply one of the most strangest topics with websites.

Usuaually I find issues when translating between encoding types such as UTF-8 to ISO or any variation of this. Setting the encoding type of the page is extremely important. "Obviously." Otherwise your browser trys to guess what it is and may fail at it. Along with this hackers can easily change the encoding type and get around your XSS filters. Which will then allow them to do XSS attacks.

Shaunware is ran on its very own content management system (CMS). It uses PHP/PHP5, MySQL, Javascript (Jquery), CSS/CSS3, HTML/HTML5 and more.

Here is a small list of features:

• Unlimited number of sites to hook into.
• Targeting content / tagging content to pages/tags.
• Unlimited varations of content types. Ex: Articles, Banners, and more...
• Records impressions and clicks on specific content types.
• Email Campaigns - Send HTML emails to a list of registered members.
• User/Member Handling - Allows extensive registration details for membership base sites.
• Read more...

Filtering inputs is often a huge issue when figuring out which method is best. Typicallly its a matter of what exactly are your needs. Asking these few questions can resolve the problem.

1. Is the input needing more than letters a-z and 0-9?
2. Does the input need to be able to allow some tags but not others?
3. Can you filter everything out and not worry about what it returns?
4. Can you convert html characters to their entities so it still displays properly?

Hacking seems to be a common occurance now days. While it seems to be a somewhat complicated process in reality it is mostly simple hacks that result in tremeduous damage, costs, and lose of data.

Two Types of Web Hacks

XSS and SQL Injections. There are obviously more such as DDOS attacks, but those are short term.

What are they?

XSS is simply inserting Javascript into a page. An example of this is a simple alert.

<script>alert("Hi!");</script>

SQL Injections are a wider range of possibilities. They allow you to delete an entire database, to outputting important information. Or even logging in as an adminstrator.

Finally I have recreated my website. It is using a content system I created from the ground up. I will be writing more on this system in the future. A small list of features this system can do:

• Manage Multiple Sites in one.
• Member Registration
• Banners
• Page Control / SEO
• And so much more...

Dance Informa
aus.danceinforma.com
usa.danceinforma.com

• Custom Frame Work
• CMS that controls both sites.
• Banner System
• Email Campaigns
• Content Types to breakup page types.
• Membership System

Scenic Rentals
www.scenicrentals.com

• Autocomplete for homepage search.
• Query to search database for autocomplete results.
• Created resulting search page query that lists out search results.

Sugar Snap Photography
www.sugarsnapin.com

• Custom Gallery System with CMS.
• Previewing Gallery for customers.
• Front page uses JQuery Gallery from: http://tympanus.net
• Tons of JQuery affects and plugins.
• Blog is powered by Wordpress
• Utilizes Font Face for fancy font changes.
• Branding done by Marco Suarez