How to Return Page Not Found Error (Status 404) Instead of Access Forbidden (Status 403)

Posted by on Jul 11, 2016 in Web Development | 0 comments

Why bother doing this? If somebody is trying to access a file or a folder on your server the least they know the better. Once the attacker finds out that some files are there and potentially accessible they could start guessing file names to see if you have forgotten some interesting files like passwords for ftp, social media accounts etc. The how Add these lines in your .htaccess in the document root folder. If the file doesn't exist create it. ErrorDocument 403 /error/404.php ErrorDocument 404 /error/404.php In the folders that you'd like to protect (e.g. docs/, /includes/, marketing/) so they are not accessible via browser create a new .htaccess file with content: deny from all Note: Assuming that you're running Apache web server. In document root (where your site is) create a folder /error/ and then put create /error/404.php file We need php to correct the status code (if necessary) because the apache server will return the error page but if we don't override the status code the header will still show as 403 status code. <?php // Do not let any attacker know that they have just been denied access. // This code requires php 5.4 or newer. if ( function_exists( 'http_response_code') && http_response_code() != 404 ) { @http_response_code( 404 ); } echo "Page Not Found."; ?>   Effectiveness This is a pretty basic protection. It should be one of many that you use to protect your sites. Always keep the software you use up-to-date in order to reduce the risk. Whenever possible use a managed hosting. The admins know how to protect a server because that's what they do all they long.   Related http://stackoverflow.com/questions/6479198/denying-via-404-instead-of-403 http://stackoverflow.com/questions/3258634/php-how-to-send-http-response-code http://php.net/manual/en/function.http-response-code.php http://stackoverflow.com/questions/548156/problem-redirecting-403-forbidden-to-404-not-found   Other possible titles of this post: How to force apache to return 404 instead of 403? How to Redirect 403 Forbidden to 404 Not Found Denying via 404 instead of 403 How to Deny Access (Status 403) via Page Not Found (Status 404) Error Showing HTTP/1.1 404 Not Found instead of HTTP/1.1 403 Forbidden HTTP/1.1 403 Forbidden to HTTP/1.1 404 Not...

Read More

How to Add Custom Fields to Connections Pro

Posted by on Jul 8, 2016 in Web Development | 0 comments

I had to help with troubleshooting why some custom fields weren't showing up in a form generated by Connections Pro plugin. I've tried the example in this article. In addition to "cn_metabox" action, I have also tried cn_loaded, wp's init nothing. I have passed different attributes to the meta boxes so they are public. Nothing worked. I started thinking if a caching issue was doing some stuff. Finally, realized it can't and shouldn't be that difficult. I had checked the code and was well written so there had to be a reason. Then checked the admin area. It turned out that I had to manually approve or make the new field(s) active so they can show up in the form. I see this as nice feature especially if you want to reorder fields. In other cases I would have expected the field to show up. I wasted a f*** hour on this. That's why I am writing this for others to learn and also exercising my writing skills so that time doesn't go to waste. Solution 1) I've created a new plugin in /wp-content/plugins/orbisius-custom-form-fields 2) Customized the example code from this link (i.e. changed ids and title etc.) >> http://connections-pro.com/2015/06/23/quicktip-custom-field-adding-a-text-field/ 3) Activated the plugin 4) Went to WP Admin > Connections > Settings > Forms and then enabled the fields so they show up on the form. The direct link is: >> http://yoursite/wp-admin/admin.php?page=connections_settings&tab=form...

Read More

How to Convert a Date into User's Timezone Using PHP & JavaScript

Posted by on Jul 7, 2016 in Web Development | 0 comments

How to Convert a Date into User's Timezone Using PHP & JavaScript I needed to convert a date that is in PST (GMT-8) to date based on user's timezone. I had to find a way to get user's timezone and pass it to php so it can do the conversion. Here's the approach: Guess the timezone using momentjs and pass it to php and let it do the conversion. Steps 1. Download the minified versions of momentjs & momentjs-timezone http://momentjs.com/timezone/ 2. Include the files in your page <script src="share/momentjs/moment.min.js"></script> <script src="share/momentjs/moment-timezone-with-data-2010-2020.min.js"></script> 3. Guess the timezone with JavaScript var tz = ''; try { // moment js + moment timezone tz = moment.tz.guess(); } catch (e) {} // use tz and pass it to php via ajax or in a hidden field // index.php?tz=America/Toronto 4. Use it in php <?php $tz = empty( $_REQUEST['tz'] ) ? '' : $_REQUEST['tz']; $date = date( 'Y-m-d H:i:s' ); echo "The date is: " . orbisius_date_util::correct_date( $date, $tz ); class orbisius_date_util {     /**      * Recalculates the dates from one (base) timezone to another.      * We're using momentjs to detect user's timezone which is passed with the search filters.      * orbisius_date_util::correct_date();      *      * @param str $starting_date - July 6, 2016 14:00:00, 2016-11-26 6pm, 2016-11-26 22:00:00      * @param str $user_tz      * @return str      */     public static function correct_date( $starting_date, $user_tz = 'America/Toronto', $fmt = 'Y-m-d H:i:s' ) {         try {             // if the user timezone is invalid we won't modify the date.             $date = $starting_date;                          // http://php.net/manual/en/datetime.settimezone.php             $base_tz = new DateTimeZone( 'America/Vancouver' );             $date_obj = new DateTime( $starting_date, $base_tz );             $date_obj->setTimezone( new DateTimeZone( $user_tz ) );             $date = $date_obj->format( $fmt );         } catch ( Exception $e ) {             // Probably wrong date timezone.         }         return $date;     } } Related http://momentjs.com/timezone/ http://stackoverflow.com/questions/11883757/convert-utc-datetime-to-another-timezone-php...

Read More

How to change WordPress permalinks using wp-cli

Posted by on Oct 30, 2015 in Web Development | 1 comment

Here is how to get or set WordPress permalinks using WP-CLI wp option get permalink_structure wp option update permalink_structure '/%postname%' Success: Updated 'permalink_structure' option. The following command was supposed to set the proper permalink structure, however, I noticed that it also prepends index.php to the supplied stucture. Let's see if it's a bug or a feature https://github.com/wp-cli/wp-cli/issues/2184 wp rewrite structure '/%postname%'     Did your WordPress site ever crash because bad plugins or themes? Next time you should use...

Read More

Several Important questions to consider when looking for your next server

Posted by on Jul 16, 2015 in Web Development | 0 comments

One of our SaaS apps is qSandbox (setup WordPress test sites in seconds) which was growing steadily and started hitting some limits. It was time to look for another server. Here are the questions I needed answers to in order to consider the VPS or dedicated hosting provider. I am sure there are other important questions which you can add in the comments below the post. How is the upgrade handled? Instant or within day Cancellation notice? Instant or 1 month Are there any backups? How often do they run? daily, weekly, monthly etc. If there is a need can you make sure I get another server at the same location (data centre) but not on the same host? ... and the most important one is what is the inode limit (especially for VPSs)? Today I ordered a VPS from 1and1 (XL) with nice specs. It's good that I did only the basic security stuff and started transferring sites. I was planning on installing the other packages later. Because of that I learned that 1and1's VPS inode limit is at 750 000. I did start with rsync because the current server had very little free space and I couldn't just archive the sites folder and send it. Suddenly I started seeing some rsync errors rsync: recv_generator: mkdir "/.../qsandbox.com/sites/" failed: Disk quota exceeded (122) *** Skipping any contents from this failed directory *** I called 1and1 support to find out that that's their limit and I had to cancel. It didn't work for me but if your app can run below that limit it's great. To find out what is the current inode limit type the following command. [root@qsandbox2 slavi]# df -i Filesystem      Inodes   IUsed  IFree IUse% Mounted on devtmpfs        210186     309 209877    1% /dev tmpfs           212657       1 212656    1% /dev/shm tmpfs           212657     263 212394    1% /run /dev/vda1      3,932,160 2,943,382 988,778   75% / tmpfs           212657      12 212645    1% /sys/fs/cgroup tmpfs           212657       1 212656    1% /media I used these parameters for the rsync command. rsync -avuz -e "ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" --port 22 /var/www/vhosts/qsandbox.com user@10.20.30.40:/home/user/qsandbox I specifically passed the port as some of the servers run on different ports. I was curious to see what are the limits of my other staging server provided by BoltVM . I was so surprised to see that their inode limits are pretty high for a low end VPS ($20/year)! If you're looking for an affordable VPS that you can use as staging server give BoltVM a try. slavi@usw1:~$ df -i Filesystem        Inodes  IUsed    IFree IUse% Mounted on /dev/simfs     100,000,000 209,198 99,790,802    1% / none              131072     57   131015    1% /dev none              131072      1   131071    1% /sys/fs/cgroup none              131072     67   131005    1% /run none              131072     ...

Read More