So my friend hosts a little get together every once in a while where space is limited to the first 14 people who RSVP. He emails the invite out to a list and then accepts the first people who respond. Tonight I barely got in because I can't always check my email, so I told him that I would write a program that would respond instantly to his request. This would not normally be a problem (autoresponder, easy) except he has recently created an online signup form. I think it would be funny for him to send out his next invite and get a sub-100ms response from me, so I would like to give this a try.
The problem is, I'm not quite sure how to go about it without going to to much expense. I have a personal site that can host some .NET backend code, but it's on a shared GoDaddy server so I don't really have a ton of access to the mailserver or anything. I was thinking that if I could get an email sent to a certain address that maybe it could trigger a webrequest that could pull down his page and then fill the (very simple, like 2 or 3 inputs) form out and submit it, but again, I'm not quite sure how.
Would anyone have an idea about how I could go about this? I would want for this to happen automatically without any sort of interaction from me, just basically as soon as I get an email from a certain email address, somehow my code is triggered and the form filled out and submitted.
This is just for fun, but the programmer in me is curious as to how I could actually get this to work.
Thanks!
The most affordable thing I know of would be through NearlyFreeSpeech.NET. If you set up an account there, you can configure a domain with email forwarding for 3 cents/day. They have an option to forward the email to a script, so you could write something that would look at the mail, pull down the form, and post to a server.
I'm not sure but I think the script has to be running on their servers, so you'll have to set up a website (another few cents per day) and write the script to run in a UNIX environment (PHP or Perl or such). If you insist on .NET, you could write a minimal PHP script to forward the data to your GoDaddy account.
Related
I am new to this site and coding. I have self taught myself html and I understand css. I have been putting together a site of mine using my basic knowledge. I have no college experience but this is MY DREAM to put this site together so I have done a lot of research and read books to get started but I have hit a roadblock now. Here is what I have done:
-I have put together all of the front end pages and design using html/css. So, I have all of the pages that would be involved with the site, ready to go. All designed and have the layout how I wish it to be.
I guess I would call it the "skeleton" of the site. Any page that a user would be directed to, I have in a folder.
I have put together a little "demo" for myself to mimic a user experience. For example, I created a login page that "looks" how i want it to be but it doesnt actually store or save any logins.
This is my first question:
What is my next step? I admit it sounds stupd but I am self taught and I really have the ambition to acheive this I just can not figure out where to go from here in order to actually make a functioning site. All I have right now is my html "demo" where basically I have to follow a certain path down my site that mimics what a user would do on the site. I have it now where I click on the "sign up" button on my html form and it basically just redirects to my "new user" page. Then it is the same formula throughout the rest of my demo. I just put my other html pages I have designed into the html to sort of give a "user experience" to the demo. But I REALLY want to be able to have working accounts and saved data.
How do I create/save a user login to my site? DO i need to get a sql database? Is there a free one to use while i build the site? Honestly i really need someone who is willing to help me out with the steps in this journey without me sharing my entire site (i wish to keep it to my self) but.. i understand this is basic web stuff i just am genuinely lost as how to take it to the next level. I have all of the html done and now i need a way to actually make it work. I wish to conversate with someone please about this kink in the chain i am seeming to find myself in please. Thank you so much and I would be grateful. :)
----basically what programming languages do i need to learn, or when looking for someone to hire, what should they be skilled in? any software or sites or databases that i need? please help!!!
HTML and CSS are the languages that make up the front end of a website, like you said. In order for your website to have dynamic content (content specific to a user) and the ability to actually process logins, etc., there needs to be a server involved. A webpage is a text document that is interpreted by a browser. HTML makes up the content and CSS tells the browser how you want it to look. What you are missing, primarily, is server scripts, most commonly, in my experience, PHP. You can also include JavaScript for client-side effects.
Specific to your question about a user login, yes, you will need a database. The process should look something like this.
User visits login page
User enters information into an HTML form
User clicks submit
Form is submitted to a server URL using the 'POST' method
Server validates the form content
Server checks database for username or email (whichever you are using)
If the username/email exists, it compares the passwords
Server sends a response back to the client, either good or bad
Once the user is validated, you can redirect the user to the dashboard or user section.
Please keep in mind this is a very simplistic version of events. There are more in depth steps that need to be taken, for example, your passwords should never be stored in a database as plain text, you should use a one-way encryption (hashing) algorithm to make them unreadable. Then when a password is given to the server it should be hashed and you should compare the hashes. You can also use salts when hashing for more security. The form should use SSL to prevent man in the middle attacks, etc.
Sounds like you are off to a good start, but in order to make it work you have to add the server logic. Self-teaching will get you as far as you are willing to let it. I taught myself how to do web programming, and now I do it as a business. The Internet is a great resource. There are a ton of great tutorials online that will show you how to do everything I just laid out.
Why (other than moral reasons) don't more people use the CAPTCHAs of other sites as their own while selling the solving of said CAPTCHAs?
To me, such a system seems like it would be simple to implement:
set up a script that does something on another website that requires a CAPTCHA to be completed through the use of a proxy service
when a user on your site performs a task that requires the completion of a CAPTCHA, simply serve them the CAPTCHA that the other
site asks you to solve
when the user solves the CAPTCHA, your script can perform the desired action on the other site that is the source of the CAPTCHA,
and the user on your site is also verified through this process
Is this commonplace? If not, why not? What, if anything, could be done to prevent this?
Fetching the captcha. Assuming one could easily fetch the exact visual of the captcha from the foreign host. To do this, you have to pass the referral check (most browsers (navigated by humans) allow to send the http_referer). You also would have to save the session_id and the secret from the hidden input.
Checking the result. The foreign host must link the saved variables with the ones associated with the session of your first request, which requires you to implement tricky cURL methods. You would have to handle multiple parallel requests, all from your single ip.
Your server will probably use more resources when hacking a captcha on a foreign host than if it generates a captcha on its own.
Prevents
http_referer check
limit requests for single IP to e.g. 5 / minute
good session handling and tricky cookies
it's not impossible to reverse engineer javascript, but the more complicated your javascript is, ...
you have to find a pattern that recognizes the result on the foreign host. the easiest signature may be the Location header field, leading either to /path/success.html or /path/tryagain.php
Challenge:
I took a moment to prepare an example: http://woisteinebank.de/test/
In this example, I attach keys to the session_id(); and save it in the database.
Through session_regenerate_id(); I have a fresh session on every request.
In check.php, I compare the database values to the $_GET values.
Try to find a way to get leech this captcha, I'll try to defend. Everytime you sucessfully use my captcha on your site, I try to defend it.
What I'm trying to do is figure up how I can configure a mail server such that mails to a specific address will trigger certain actions- e.g. inserting the subject line into a MySQL database, etc. This is for a web app in LAMP- basically I want people to be able to add things automatically via email if they'd rather do that than use the web interface. Kind of like how e.g. with Evernote you can send a mail to your custom address to add a note that way.
I realize this is a pretty vague question, what I'm looking for is a general place to start looking and learning. I'm reasonably familiar with website tech but when it comes to mail servers I'm completely clueless. I'm not looking for any specific implementation: Rather I just want to know what are the basics I need familiarize myself to be able to attack the problem.
If you want to trigger actions "in realtime" you best work with your own mailserver and use something like procmail: Here is an example from the procmail faq how to trigger actions on incoming mails: http://porkmail.org/era/procmail/mini-faq.html#rtfm
But if you can avoid this, just let the fun stuff of mailserver work handle your provider and scan one or more mailboxes via cron-job (on linux/unix) triggered scripts. A cronjob could e.g. be a command line PHP script or a wget script that does a HTTP request on your webserver script to start the action. Your script reads the actual mails via something like http://pear.php.net/manual/en/package.networking.net-pop3.php
(Try to avoid importing the same mail twice e.g. by relying on the message id of the mail or by creating SHA1/MD5 hashes on parts or the body of the mail).
A lot of ticket systems work like this (for example OTRS: http://otrs.org/downloads).
This is traditionally handled on unix-like systems using fetchmail and/or procmail.
There is one IP (from China) which is trying to download my entire website. It downloads all my pages and loads the server significantly (I have more than 500 000 pages). Looking at the access logs I can tell it's definitely not a Google bot or any other search engine bot.
Temporarily I've banned it (using iptables rules), but it's not a solution for me, because some of my real users also have the same IP, so they are also banned and cannot acces the website.
Is there any way to prevent such kind of "user activity"? Maybe a mechanism which implements captcha if you try to request more than 5 requests a second or something?
P.S. I'm using Yii framework (PHP).
Any suggestions are greatly appreciated.
thank you!
You have answered your own question!
Make captcha appear if the request exceeds certain number per second or per minute!
You should use CCaptchaAction to implement, like this.
I guess the best way to monitor for suspicious user activity is really user session, CWebUser's getState()/setState(). Store current request time in user session, compare it to several previous values, show captcha if user makes requests too often.
Create new component, preload it via CWebApplication::$preload and check user activity in components init() function. This way you'll be able to turn bot check on and off easily.
While trying to debug my openid implementation with Google, which kept returning Apache 406 errors, I in the end discovered that my hosting company does not allow to pass a string containing "/id" as a GET parameter (something like "example.php?anyattribute=%2Fid" once URL encoded).
That's rather annoying as Google openid endpoint includes this death word "/id" (https://google.com/accounts/o8/id) so my app is returning 406 errors every time I log in with Google because of this. I contacted my hosting company who told me this has been deactivated for security purposes.
I could use POST instead, for sure. But has anyone got an idea why this could cause security problems ???
It can't, your host is being stupid. There's nothing magical about the string /id.
Sometimes people do stupid things with the string /id, like assuming no one is going to guess what follows, so that example.com/mysensitivedata/id/3/ shows my data because my user has id 3, and being the sneaky sort, I wonder what happens if I navigate to example.com/mysensitivedata/id/4/, and your site blindly lets me through to see someone else's stuff.
If that sort of attack breaks your site, no amount of mollycoddling by your host will help you anyway.
One reason a simple ID in the URL could be a security concern is that a user could see their ID and then type another one in, such as if its an integer they may select the next integer up, and potentially see another users info if it is not protected.