Dynamic DNS Script for Namecheap.com

I have an Apache 2.2 web server running Debian Etch Linux on cable broadband Internet. My Internet Service Provider(like many others) charges way too much for static IP addresses. So the problem that I have is that my ISP frequently changes my IP, so static domain name resolution would suck. Also, I got lucky and my ISP leaves HTTP port 80 open. The solution to my problem is registering my domain with a domain registrar that offers dynamic DNS. I have chosen Namecheap.com because they offer dynamic DNS and have free whois protection. I checked out the Namecheap.com knowledge base to see exactly how their dynamic DNS works. There are a few clients that support Namecheap.com dynamic DNS for Windows. There is ddclient which supports Linux, but I decided since it was only a HTTP GET request I would just write a quick Perl script to do the task. The only requirement is that you have the LWP module installed. I setup a crontab so that every 10 minutes the script is called like this:

0,10,20,30,40,50 * * * * /home/dns/dynamicdns-namecheap-v1.pl >/dev/null 2>&1

You can download the Dynamic DNS Script for Namecheap.com here and the source is below.

#!/usr/bin/perl
#Perl script to update Dynamic DNS for Namecheap.com
#dynamicdns-namecheap-v1.pl
use strict;
use LWP::Simple;
my($ip, @hosts, $host, $domain, $domainpw, $url, $content);

@hosts = ("www","*");
$domain = "yourdynamicdnsdomainname.com";
$domainpw = "yourdynamicdnsdomainpassword";
$ip = `ifconfig eth0 |grep inet | awk \-F \: \'\{print \$2\}\' | awk \'\{print \$1\}\'`;

foreach $host (@hosts) {

$url = "http://dynamicdns.park-your-domain.com/update?host=".
$host."&domain=".$domain."&password=".$domainpw."&ip=".
$ip;
$content = get($url);
die "cant connect to dubdubdub" unless defined $content;
print $content."\n"; # uncomment for output
}

Wordpress 2.1 Vulnerabilities

Over the past few weeks there has been some vulnerabilities that have surfaced for Wordpress 2.1.* releases. The first link is sql injection attack in a weakness of xmlrpc.php. A prerequisite is that you must be a user on the target wordpress blog. The second link describes a blind sql injection attack on admin-ajax.php. The third link is the advisory of the admin-ajax.php exploit. The fourth link is to the proof of concept exploit code. I would highly recommend that you upgrade any older wordpress blogs. Enjoy! ;)

Wordpress 2.1.2 xmlrpc Security Issues

Wordpress admin-ajax.php Sql Injection

[waraxe-2007-SA#050] - Sql Injection in WordPress 2.1.3

WordPress 2.1.3 sql injection blind fishing exploit

Blogger with Your Own Domain

The goal I set out for is simple. I own the blog digitalcartel.blogspot.com and I have a few posts, but I wanted it on my own domain. I didn't want to migrate the existing posts and content to another blog system. I browsed blogger's management interface a little and noticed that in the Settings section there is a publishing tab that has domain options. Once your there, google has a very helpful link on the domain setup process. Okay, so now you know that we have to create a CNAME record for our domains DNS. Well, this goes one of two ways...Either your registrar is hosting your DNS or you are hosting it on your own. If you have it hosted by a registrar, go ahead and check this google page for more information. I happened to be hosting my own DNS and I'm running djbdns. You can only choose one host to point at google. I choose www.digitalcartel.org to avoid any conflicts involved with using a CNAME on your base domain. My CNAME alias entry in djbdns:

Cwww.digitalcartel.org:ghs.google.com

So now you have the CNAME alias in place so you just complete the rest of the steps from previous links. Once www.digitalcartel.org was working with my blog I was happy. But!!! I wanted the base domain digitalcartel.org to work with the blog as well. My solution of choice is mod_rewrite since I've been using it alot lately. I went ahead and made an DNS A record for digitalcartel.org and pointed it to one of my webservers. My A Record in djbdns:

+digitalcartel.org:1.8.7.0:3600

Basically, I just added the following to the apache webserver configuration to redirect anything heading for digitalcartel.org to www.digitalcartel.org. You could also put this in a .htaccess file.

ServerName digitalcartel.org
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(.*)$
RewriteRule ^.*$ http://www\.%1 [R]

Once this was put into position, now I'm satisfied. :)

Apache Mod Rewrite Cheat Sheet

Today I was struggling with mod rewrite and as usual feeling lazy. I really didn't want to dig through my apache books/ebooks. I came across this cheat sheet and it was exactly what I needed. Also, see the Apache mod_rewrite reference documentation and URL Rewriting Guide. Maybe if I'm not too lazy sometime next week I will post some examples of how I have used it. :)