Securing your Wiki

Securing your Wiki

After setting up the wiki for our project development website last week, I was assigned the task to make it secure. By default a wiki allows anonymous edits to the web page and also lets any one to create an account in it. So my primary task was to entirely disable anonymous edits & to prevent new user registrations.
In order to make such things possible it’s necessary to update the localsetting.php file in the wiki. As the name suggests this file is used to configure the wiki. I made the following changes to wiki’s LocalSetting.php file.
1. In order to prevent new user registrations, the following line could be added to the file: $wgWhitelistAccount = array ( "sysop" => 1, "developer" => 1 );
2. By adding the following line to LocalSetting.php , it is possible to entirely disable anonymous edits. $wgWhitelistEdit = true;

For more look help regarding wiki admin click here.

What's Directory Harvest Attack?

They are the most sophisticated email address harvesting attack that I have come across. And this method is also being used more and more by spammers. To understand how a spammer or list broker can harvest your email address directory, consider the basics of how email gets delivered. Before the SMTP protocol can deliver email to a server, it must first check to see if the delivery address is valid. It does this by sending a "delivery attempt" request. This request essentially asks, "Does this email address exist, and can I deliver mail to it?”.
An open source or stand alone Mail Transfer Agent (MTA) typically responds to delivery attempt requests with a synchronous "yes" or "no". If the response is "no", the sending server gets an SMTP 550 error message since the address is invalid and mail for that address cannot be delivered. If the sending server gets a "yes", it knows the address is valid and a message can be delivered. Spammers can exploit this simple functionality to probe your email servers and harvest legitimate email addresses from your server.
But won’t this be detected by an Intrusion Detection System, when someone is trying many (in hundreds of thousands) requests before mapping your entire email directory. It should if the spammer is tried & failed form the same IP for certain number of time. But most IDS don’t detect attacks because typically spammers don't attack any given domain for more than a few minutes and use brief blasts of a few hundred or thousand address requests from a shifting array of IP addresses which enables them over time to map an entire email directory.

How to install a wiki

Last week I had to install a wiki for my website. I will give a brief account of how I did that.
Some of the prerequisites for a wiki are
· Database - an SQL database to store the Wiki text, & user list.
· Web server - a web server to serve the HTML web pages
· PHP- the programming language that MediaWiki is written in.
· WIKI, which is a suite of programs written in PHP.
My choice for all these were MySql for database, IIS as the web server and media wiki was my choice of wiki.
Ok, so I had all this how did I set it up? I downloaded media wiki from http://www.sf.net/projects/wikipedia, changed it name to something reasonable (since you don’t want all the version details in the URL) and uploaded it into my site. Then I created a MySql database in my site using the plesk control panel. So now I had the database and the installation file in my site.
The next step is to install wiki using the form given in the installation directory. Suppose you had uploaded wiki into a dir called “start” in your domain then you can visit this form using the like www.yourdomain/start/. Then fill in the details asked here. Once this is done successfully you have to move a file called localsetting.php from the /start/config/ folder into /start / folder.
That’s it the next time you visit www.yourdomain/start/ you will see the default wiki page. There are lots of security settings which need to be set, about which I will write about in my next blog.

Ebay acquires Skype!! Why?

This week Ebay acquired company Skype for $1.3 billion in cash and $1.3 billion in stock and could pay up to $1.5 billion more if Skype meets financial targets. The big question is why would an online auction company buy an internet telephone company? My guess is that they were actually afraid that Google might acquire it. Ebay’s shares have already dropped significantly in the past 12 months, thanks to Google’s Adsence. Ebay definitely did not want Google to dominate another filed (IP based telephony). But the reason given by industry experts is that Ebay might use the services of Skype for better communication with its customers. I'm not sure if eBay really needs to buy a company like Skype to add another form of communications to its service. What ever the intentions were Ebay has certainly taken a very big risk by acquiring Skype.

Setting up website...

Last week I had to set up a web site for our project. It was my first experience in setting up a website. I will explain the steps involved in setting up the website.
There are two things that you need in order to setup a website, they are domain name and web space to host it. The domain name is a unique name identifying your website. This has to be registered with ICANN. Some companies help you register your domain name with ICANN for a nominal fee. The process for registration is first you should check that the domain name hasn’t already been registered, if it hasn’t already been selected, you pay and the domain name is registered on your behalf by the company.
Now that you have the domain name you need web space to host your website. There are lots of web hosting companies that will provide you the space for a yearly fee. This fee depends on lots of factors like the amount of space you need, the bandwidth you might need, & other facilities provided. You can browse around a select a hosting plan that’s suitable for you and pay for the web space.
Ok, so you have got your web space and the domain name, what do you do next? You need to provide the primary and secondary name server of your web hosting company to the company that registered your domain name. By doing so you let the world know where your domain is physically located. Once this information has propagated your web site should be visible i.e. provided you have uploaded some files. Most hosting companies provide the user with a control panel that makes your life easier in uploading and managing your files.

For more information read

1. Click Here for details on registerring a domain name

2. Click Here for FAQ .

Sixth Sense, Ok, but what about Six Dimensions?

My mind is totally at lost to think of anything that is more that three dimensions. But my interest on astrophysics landed me on this page where scientist at the University of Oxford claims to have identified evidence that space is six-dimensional.
They have purported that their theory solves an astronomical puzzle. Well, maybe, but after going through that doc I was totally perplexed. I think this is why I always like astrophysics, there is always something to wonder and argue about.
Yes, for instance you could always wonder about how a six dimensional thing looks like and how to draw such a thing on paper. And how do we argue, scientist claim that galaxies are six dimensions, I can vision them as only 2D because I have seen it mostly in pictures or utmost in 3D because that all I know. Anyone reading this please tell me at least how to draw an object that’s in four Dimensions. Then I would consider going on to the next levels…

Google Talk, AdWord and AdSence

Google’s Talk has been released and there have been a lot of reviews about it. Most of the reviews were just user experience, how it was different, and some about how it would affect Yahoo or Msn. But I also came across this Blog. It was some thing interesting. We could only speculate wether Google has this plan up its sleeves.

Even if Google has not tough in this direction, I personally believe that such a change will happen once they get hold of a large user base using their Talk.
Would it be annoying? It depends, on where the ads are placed and on lot of other things and offcourse user should also be given an option to select wether they want to receive ads or not. If ever Google was to come up with such a feature they definitely put a lot of thinking into these matters.

I would like to point out about this website that lets users to send SMS to mobile via its messenger service puts its own ads before every message. I used it and found it very annoying.