Blambi's Bucket of Stuff

I noticed some days ago that tradera.com had changed their design a bit, and somehow my privoxy config (did not know that was it at the time) was a bit overzealous and made it impossible to make bids.

So mailed the JavaScript errors happily to the support and got a quite unexpected reply, since I had mentioned that I used GNU/linux debian and had the problem in both Webkit based browsers and Iceweasel.

I will just translate the first and another “helpful tip”:

- Start Internet Explorer, And go to “Utilites” och click on “Internet Options”
- Under the tab “General” you can klick on the buttons “Remove Cookies” and “Remove Files”.

Hmmm did you miss the part, not running Windows? But anyway I just hope this is an template they send out.

But this one was even better:

-Do you have a router connected?

Yeaa that really is the issue when I posted my questions this trough your online help-form. And second of all what does this have to do with Javascript errors?

So I decided that I did not want to waste more energie and tested with my “nothing but default and no proxy” profile and wait I could bid, not a big nasty general bug then, so fired up firebug to see what has up again in my normal profile.

Nothing special Google Analytics getting blocked as usual, so something broke their lightbox/modal what ever you want to call it.

So first test was to give tradera a special treatment in privoxy with the action -filter. That actually worked.

But since I did not want google tracking me even on this one single page so after some testing this was a quite good anti tracker and banner free environment:

-filter
+filter{img-reorder}
+filter{banners-by-size}
+filter{banners-by-link}

But wait one banner was left! So I added it to my “banner sites not currently handled by banners-by-link set like which have the following rules:

+block{Blocked image request.}
+handle-as-image

And after all this it works like before, just not really sure what broke their JavaScript still…

Just for fund during a lesson in well JavaScript I decided that I wanted to solve the problem in a quite different way, but the exercise etc is not really what I wanted to write about.

So here are the definitions:

function map( haystack, func )
{
    /* runs function for each element in haystack */
    var ret = new Array();
    for( var x in haystack )
        ret.push( func( haystack[x] ) )
    return ret;
}

function filter( haystack, func )
{
    /* runs function for each element in haystack and adds them if not false */
    var ret = new Array();
    for( var x in haystack )
    {
        var res = func( haystack[x] );

        if( res != false )
            ret.push( haystack[x] );
    }
    return ret;
}

Quite simple and works really well. An usage example would be something like this:

map( document.getElementsByTagName( "div" ),
         function( div ) {
             if( div.id == "" && typeof div.style != "undefined" ) {
                 div.style.background = "red";
             } } );

That is set backgroud to red for all divs without an id.

(in the real solution i have a lot of nice wrapper functions so this is even shorter there.)

For a while I have been using a modified version of ssh-faker.py that writes failed unlocks to a sqlite database. I have a PHP script for checking what is new etc and some small statistics.

Sample of this data would be:

IP                     Country                    Tries   Last Try
110.77.129.166  Thailand                    59      2010-12-09 18:18:49
217.65.220.245  Russian Federation    30      2010-11-28 02:36:33
203.199.200.63  India                         15      2010-11-24 14:34:35

I find this quite interesting since it gives a interesting view of how many probably zombie computers there really is in different countries.

So what is ssh faker? Well it is a little program that one adds to /etc/hosts.deny like this: sshd : ALL : twist /opt/sshfaker/ssh-faker.py %a. So when a user/program connects from an IP address not listen in /etc/hosts.allow the connection is given to ssh-faker instead. The user has then to enter a (unencrypted) key to make ssh-faker add it’s IP to hosts.allow.

My current SSH fail info: http://blambi.hopto.org/ssh.php

Diff to make ssh-faker.py also write to a sqlite database:

--- ssh-faker-org.py	2010-12-09 21:38:05.000000000 +0100
+++ ssh-faker.py	2010-12-03 01:01:54.000000000 +0100
@@ -4,21 +4,24 @@
 # This is a python program that basicaly does the same job as
 # ssh-faker by Charles Howes, but aims to fix some of the issues I had
 # with that program.
+# This version also logs to an sqlite database

-# Copyright (C) 2008 Patrik Lembke <blambi@chebab.com>
+# Copyright (C) 2008-2010 Patrik Lembke <blambi@chebab.com>

 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 3 of the License, or
 # (at your option) any later version.

 PASSWORD = "password"
 FAKE_VERSION = "SSH-1.99-OpenSSH_3.7.1p1"
-JUST_DROP=False # If false emulates ssh-faker more.
-TIMEOUT=60 # sec
-SYSLOG_NAME="sshd"
+JUST_DROP = False # If false emulates ssh-faker more.
+TIMEOUT = 60 # sec
+SYSLOG_NAME = "sshd"
+SQLITEDB = "/var/www/databases/sshd-tries.db"

 import sys, signal, syslog, time
+import sqlite

 def write_syslog( ip, message ):
     """Write message to syslog."""
@@ -26,6 +29,25 @@
     syslog.syslog( 'Got "%s" from %s' %( message, ip ) )
     syslog.closelog()

+def write_db( ip, message ):
+    """Writes ip (if new) and message to our sqlite db"""
+    db = sqlite.connect( SQLITEDB )
+    cur = db.cursor()
+
+    # Check if it exists
+    cur.execute( "SELECT RowID FROM hosts WHERE ip == %s", [ip] )
+
+    try:
+        row_id = cur.fetchone()[0]
+    except:
+        cur.execute( "INSERT INTO hosts (ip) VALUES ( %s )", [ip] )
+        row_id = cur.lastrowid
+        #db.commit()
+
+    cur.execute( "INSERT INTO tries ( host, got, t_stamp ) VALUES ( %d, %s, datetime( \'now\' ) )", [ row_id, message ] )
+    db.commit()
+    db.close()
+
 def unlock_ip( ip ):
     allow = open( "/etc/hosts.allow", 'a+' )
     allow.write( "# %s\n" % time.strftime("Added at %c") )
@@ -77,6 +99,8 @@
             unlock_ip( remote_ip )
         else: # Log other data to syslog
             write_syslog( remote_ip, read_input )
+            write_db( remote_ip, read_input )
+
             if JUST_DROP:
                 drop()
             else: