Page 38

Are You Looking at the Right Metrics?

Posted on August 17th, 2011 by Victoria Pal in Tech

Performance metricsThe most dangeours type of downtime is the one you don't know about. It is discturbing how true that one line actually is. Should it occur, website/server downtime can and will cause problems and ripples throughout your organization. Before we get tarred and feathered for making such a bold statement, let us build our case.

The Problem

In this realworld situation, a business lost roughly 30% of their leads for July. Apart from their initial loss, they simply handed out a good portion of the market to their competitors, in high season. When the figures arrived, all hell broke loose. All major markets felt the downturn. In search for a logical explanation, hours of daytime were invested in finding the reason. After it was made clear that the traffic was stable, the management went on to search for answers somewhere down the line. The marketing team had to pull out detailed reports for their activities in the last three months. Seasonal sales people got numerous tests calls. A full-scale internal audit took place. This caused a ripple effect and the normal workflow was seriously disrupted.

Read more...

Submarine Communication Cable Lines

Posted on July 7th, 2011 by Victoria Pal in Tech

There are currently 121 existing submarine communication cable systems with 25 more planned for the next few years. That sounds like a lot but actually, they are way more than this. 121 is the number of all currently functioning underwater communication cables.

Submarine communication lines

Read more...

How to use HTTPrint

Posted on March 30th, 2011 by Victoria Pal in Tech

HttPrint is a web server fingerprinting tool by Net Square. It reveals all the details about a web server, and it makes a pretty decent conclusion about what the webserver used. Identification is based on the implementation differences in the HTTP protocol.

httprint

Read more...

Custom Error Pages

Posted on March 22nd, 2011 by Victoria Pal in Tech

Custom 404 error pageAs you most probably know, each year we have several seasonal report periods during which we monitor the leaders in the retailing industry to see if their online performance matches their reputation. This year is no different and last month we published the results for this Valentine’s day online retailer monitoring.

One of the interesting cases that caught our attention is the site of Victoria's Secret. While at first glance their uptime does not strike the user with a 100% uptime percentage, the downtime recorded for their transaction happened regularly (every 2 days), always around 5 am and lasted usually for about 15 minutes. Since 5 a.m. is clearly not the busiest shopping time of the day, it was most likely a regular, scheduled site maintenance. However, this was not indicated either in their error message or elsewhere on their site. Instead, next to the picture of the stunningly beautiful Alessandra Ambrosio stood the awkward downtime excuse "We're sorry, our site is temporarily unavailable." .

Read more...

Server Masking - First Line of Defense

Posted on March 15th, 2011 by Victoria Pal in Tech
Protect your serverThere are various ways to protect a web server. Web servers often become victims of DDoS attacks and it is not uncommon for exploits to be used to gain access or break a web server. Protection comes in different forms and levels, the costs vary, but sometimes there are simple solutions. This one you can implement today. You can mask your server. When looked up, the server can say anything. I mean it, anything. It is probably a good practice to not make up something like “WSP Unbreakable Server 1.3.5”, but to instead choose one from the existing web server platforms.

There are two ways to go about this. You can make your server identify as a completely different server or just to say it is an older version of the server you run. When you choose to make your Lighttpd server identify as Apache, you take a great portion of amateur attacks and direct them in a completely wrong direction. On the other hand, if you decide to simply identify as an older version, 3rd parties who try anything funny will probably try to exploit your server with outdated tactics. It can still be useful. What actually works best is to change the name and version of the server. This should take care of at least some malevolent eyes.

 
Server mask
Many sites use this. Torrent trackers are one good example. Most of these sites do not use Apache as trackers usually go for Lighttpd or Nginx. From the example above you can see that the web server powering the site is Apache 1.3.29. This is actually quite old now. The latest stable release is Apache 2.2.17.

There is actually a bit more to it than just masking your server’s name. If you are running a Windows server (secure enough, but it can use some tweaks), there is a commercial software solution. It takes care of more than just server name change. It’s called ServerMask. Like with most commercial software there is a free trial for you to try. A great solution for Apache is Mod_Security.

Read more...