Denial of Service Attacks or (DoS Attacks) or (DDoS Attacks) are a common battle in the web world. They involve a repeated ping or call on a server. The goal is to make the server/website unavailable.

I do my best to keep up to date on the latest hacks and not to mention old hacks resurfacing. One of these issues seems to be coming up again. And that has to do with PHP's $_GET, $_REQUEST, and $_POST variables.

These are excellent ways of creating heavy loads on a server if the maxium allowed variables is to high. Not to mention if each one of those variables is not limited it could potentially unleash a lethal Denial of Service attack on a victim hosing and destroying there CPU's.

Recently I was given a VDI, that is a Ubuntu Server. This runs a web app for a company that I work with. We use these VM's for development, integration testing, and testing. When I installed the VDI I found that it was not connecting to my local network by just using the regular settings. After roughly two tutorials I found a mix of the two to be my resolution.

I have been thinking on this topic for a while and have come up with a couple easy steps to figuring out what will be the best hosting solution for you.

Firstly you will need to ask yourself these questions.

1. What can I afford?
2. How big of an application / website am I going to run?
3. What level of traffic are you expecting / have?
4. What is your technical knowledge of administrating servers?
5. What kind of application / site are you running (Terms and Conditions may prevent you from doing some...)

These five questions should really help you decide in what to go with. So now ill go in depth and explain each portion. Aft ert this ill explain the differences in the different types of hosting.

1. Shared Host / Grid Hosting
2. VPS Hosting (Virtual Private Server)
3. Dedicated Server

Yes there are other hosting types that exit, but to not complicate this decision more ill leave that for another post. I have been round robin with several different hosts now. Each I have found things I like, and things I do not like about them. So with my research and sit back and enjoy. As a side note this will be a two part post as I want to go into details about each host that I will review.

One of the things I love to do is learning various API's and new technologies. One of my many side projects is a Dance Dictionary that will contain step names, how to's, definitions, videos and pictures. I started writing up the tech specs and a scope for the project and start to think about utilizing a search engine to power parts of it.

Out of my research the two engines that came to mind were Google and Bing. Now my scope of the project will rely heavily on two things. 1) Images 2) Videos. Later on ill probably utilize more items such as question and answers and such but that cant wait.

Recently I got curious and adventurous into setting up a Virtual Environment on my Mac's VMware Fusion with Ubuntu, Apache, MySQL and PHP. As a Web Developer I often find little need to be a Sysadmin and spend WAY more time developing. It may come as a shocker but its often not a required effort to need to have the knowledge now days of how to setup the environment I work in! An analogy behind this is a mechanic doesn't necessarily build cars, but rather fixes them. While they may understand the details behind it they may have never put a car together from start to finish, but if they had to they could...

So I figured I would post a little bit about what I did to get it going. Because this was my first run of doing this it took a little longer than it should have. But now that I have gone through it I could probably do it as fast as my machine can download.

Recently I ran into an issue with IE 8, but all the other versions of IE and Firefox, Chrome, and Safari looked just fine! Some of the sites I work on happen to get extremely large and the CSS, HTML portions get split up over several files. Because of this often times its easy to miss something. Especially when there has been 5-6 developers in that section over time.

When dealing with Cross Browser support I find that HTML validation is a must. It may not resolve every issue that comes up to bat, but it will certainly help on some crazy pesky issues.

Lately I have had "caching" on the brain and have been working on a decent way of caching.

So far I have found that caching is obviously faster and in XML format makes it really easy to iterate through in Object format.

My methods so far are

1. Checking a database table for current cached item information.
2. If it has an expiration date or does not exist the feed needs to be cached.
3. If needs to be cached - Caching will grab the feed via curl, fopen, or file_get_contents()
4. Feed will then be stored in a file in a specific directory on the server. 
5. Database will either be updated or inserted with feed information.

Something I have been saying for a long time now is how the Web World is a guessing game. The same thing can be applied to many other occupations. Facebook, Twitter, and so many other "start ups" that have succeeded in becoming a house hold name in the beginning had no idea if they would be viral.

Facebook had a humble beginning that lead to a insanely addicting social network that allows you to connect with everyone you know and their trash cans. Twitter provides us with a 140 characters or less thoughts. Which is nice as Facebook friends to give us WAY to many details about their lives.

Suddenly with these two start ups they created a new fad. Status updates!

What does this all mean? Basically they chimed in on what they thought to be a "hole" in the market. This hole they filled or rather created.

Recently I ran into a great Unix tutorial. It goes in great detail explaining the basics and goes up into some more advanced commands.

To say the least Ill just give you the link...

http://www.ee.surrey.ac.uk/Teaching/Unix/

Recently I posted about HTMLEntities and a PHP function that can convert crazy characters and such to their HTML form.

Along with this I posted about encoding types. Let me first say that these two go hand and hand. When dealing with funky characters such as "éœ∑´®†¥ˆ˙ƒ." And then throw in different page encoding's such as UTF-8 and ISO-8859-1. If you take those same characters and POST them or output them from a database to a different encoding type you might soon find them to be entirely different.

Frustratingly enough there is tons of methods to fix this issue, but found only one method to work for my situation. It basically involves changing the characters to their HTML variants before being saved to the database.

One of my issues lately with my CMS system has been the TinyMCE (Wysiwig Editor). Doing example code has been extremely painful. As everytime I would go back in to make an edit I would have to rewrite the examples as it would convert it to real HTML and or Javascript. Because of this I found myself wasting a lot of time fixing these articles every time I would make an edit.

Luckily I found an easy fix. I switched from using blockquotes to pre tags with code tags. Not only this but I found a PHP script that cleans the code behind these tags to make things as they should be.

Recently I did a post about website loading. Which had me thinking... Paginiation! Its a lovely device that allows you to not have to display all the content on the same page. There are so many forms of pagination and pagination theories. One of which is a newer method called. "Auto Pagination." It is seen on many sites such as local pages on google and several others.

It basically detects the "windows" scroll and once a certain position on the page has been achieved it loads more content into the page. Some other neat useages of this window scroll is on mashable.com when reading an article if you scroll far enough down it will display the next article on the list. But this is about pagination...

The speed of your website loading is still a common issue with websites. Looking back in the past 56k modems were the majority of people online. Now days its common for average speeds above 2-10MB per second! It would seem that with the increase of the speeds that size would truly matter. However, because faster download speeds are more common larger sites are even more possible.

Ever had issues with putting HTML inside of HTML text boxes? This can be a pain as often times you will find different browsers will read it fine, but then some will break it.

In PHP there is a wonderful function called "htmlentities."

Recently I heard a extremely random agrument about a simple Javascript method.

Basically take a random string.

Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Multiply this about 500 more times... And then run these two seperate items...

var str = "Lorem  ipsum dolor sit amet, consectetur adipisicing elit, sed do  eiusmod  tempor incididunt ut labore et dolore magna aliqua. Ut enim ad  minim  veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip  ex ea  commodo consequat. Duis aute irure dolor in reprehenderit in  voluptate  velit esse cillum dolore eu fugiat nulla pariatur. Excepteur  sint  occaecat cupidatat non proident, sunt in culpa qui officia  deserunt  mollit anim id est laborum.";
alert( str.split(" ").join("") );
alert( str.replace(/ /g, "") );

Which one is faster?

So you have a website and that site gets millions of hits per day. Either you are running a silly static site that you manually update or you have some intense CMS that caches using all sorts of methods.

XML happens to be one of the biggest tools of the trade.

Encoding is simply one of the most strangest topics with websites.

Usuaually I find issues when translating between encoding types such as UTF-8 to ISO or any variation of this. Setting the encoding type of the page is extremely important. "Obviously." Otherwise your browser trys to guess what it is and may fail at it. Along with this hackers can easily change the encoding type and get around your XSS filters. Which will then allow them to do XSS attacks.

When using JQuery it is easily abused with how many shortcuts and routes you can do the same thing.

I could go through my list of things to help with optimization, but this guy does such a good job...

ArtzStudio

Recently I was given a great link that gives ten great ways to optimize MySQL. With its may open ended methods that leave you crossed which direction to go. I found this article extremely helpful.

20Bits By Jesse Farmer

Filtering inputs is often a huge issue when figuring out which method is best. Typicallly its a matter of what exactly are your needs. Asking these few questions can resolve the problem.

1. Is the input needing more than letters a-z and 0-9?
2. Does the input need to be able to allow some tags but not others?
3. Can you filter everything out and not worry about what it returns?
4. Can you convert html characters to their entities so it still displays properly?

Hacking seems to be a common occurance now days. While it seems to be a somewhat complicated process in reality it is mostly simple hacks that result in tremeduous damage, costs, and lose of data.

Two Types of Web Hacks

XSS and SQL Injections. There are obviously more such as DDOS attacks, but those are short term.

What are they?

XSS is simply inserting Javascript into a page. An example of this is a simple alert.

<script>alert("Hi!");</script>

SQL Injections are a wider range of possibilities. They allow you to delete an entire database, to outputting important information. Or even logging in as an adminstrator.