Monday, May 31, 2010
Windows 2000 support ends on July 13, 2010
According to Microsoft, the official support for Windows 2000 will be ended after 43 days on July 13, 2010. The Windows 2000 End-of-Support Solution Center is a starting point for planning your migration strategy from Windows 2000. For more information see the Microsoft Support Lifecycle Policy.
Saturday, May 29, 2010
How to block spamming countries
I was recently asked about how to filter incoming traffic to a site by identifying the domains or networks of the traffic source, just like what a spam filter does on an email server, such as blocking all emails sent from the top spamming domains such as .cn and .ru.
If you intend to identify the source IP addresses for specific domains for ALL incoming traffic to your site, you have to reverse resolve the host's domain name from each source IP address. This procedure is called Reverse DNS Lookup, or briefly rDNS.
Unfortunately, not all IPs can be reverse resolved because not every IP has its registered domain name. So technically you can't use this approach (IP to host name) to identify all country domains that you want to block.
On the other hand, not all .cn or .ru hosts are using the IP addresses which are physically located in China or Russia. They may be located in the US or any other locations in the world.
Additionally, for every single IP, reverse resolving (rDNS) needs time to query your local DNS server, then ISP's DNS server, root DNS servers and all related DNS servers. It is acceptable for validating an email address, but NOT practical for filtering all TCP/IP connections.
However, if you really want to that, you may consider simply blocking the IP ranges of China, Russia or other countries on your firewall or router facing the internet. As no rDNS is involved, the performance is better, but the performance is still reduced if too many ranges are filtered.
You may get the IP ranges from Country IP Blocks. This site also updates you about the top 10 global spammers and provides you several popular formats to export the Country IP data you need. As of the first quarter of 2010, the top three spamming countries are Korea, China and India. "The biggest surprise on the list is Korea, as it takes over the number one global spammer spot from China. With the improved high speed internet infrastructure in Korea and ease of network access, we knew Korea would be on the rise. We just did not expect it to be so soon", the site comments.
Please be aware that this approach probably has impacts on your business if you are running commercial websites or Web Services behind the firewall or router blocking these countries, as all affected visitors from these countries can't see your websites at all, including your prospective clients just travelling in these countries.
According to MaxMind, there are 248,307,783 IP addresses for China, 86,613,071 for Korea, and 33,218,703 for Russia. Therefore you will must have a long list of IP ranges to be blocked.
The decision is up to you.
If you intend to identify the source IP addresses for specific domains for ALL incoming traffic to your site, you have to reverse resolve the host's domain name from each source IP address. This procedure is called Reverse DNS Lookup, or briefly rDNS.
Unfortunately, not all IPs can be reverse resolved because not every IP has its registered domain name. So technically you can't use this approach (IP to host name) to identify all country domains that you want to block.
On the other hand, not all .cn or .ru hosts are using the IP addresses which are physically located in China or Russia. They may be located in the US or any other locations in the world.
Additionally, for every single IP, reverse resolving (rDNS) needs time to query your local DNS server, then ISP's DNS server, root DNS servers and all related DNS servers. It is acceptable for validating an email address, but NOT practical for filtering all TCP/IP connections.
However, if you really want to that, you may consider simply blocking the IP ranges of China, Russia or other countries on your firewall or router facing the internet. As no rDNS is involved, the performance is better, but the performance is still reduced if too many ranges are filtered.
You may get the IP ranges from Country IP Blocks. This site also updates you about the top 10 global spammers and provides you several popular formats to export the Country IP data you need. As of the first quarter of 2010, the top three spamming countries are Korea, China and India. "The biggest surprise on the list is Korea, as it takes over the number one global spammer spot from China. With the improved high speed internet infrastructure in Korea and ease of network access, we knew Korea would be on the rise. We just did not expect it to be so soon", the site comments.
Please be aware that this approach probably has impacts on your business if you are running commercial websites or Web Services behind the firewall or router blocking these countries, as all affected visitors from these countries can't see your websites at all, including your prospective clients just travelling in these countries.
According to MaxMind, there are 248,307,783 IP addresses for China, 86,613,071 for Korea, and 33,218,703 for Russia. Therefore you will must have a long list of IP ranges to be blocked.
The decision is up to you.
Thursday, May 27, 2010
How to create a Drop-box folder on NTFS
I just answered the same question at Experts-Exchange (EE) and found it might be a FAQ for other people, so I post my answer here for your reference. Another consideration is that most people are not EE's Premium Service Members who can access all solutions there for free, so you will not be struggling on Google caches just for digging out a solution from Experts-Exchange.
As I don't have a Windows domain on my home computer, I simply use a Windows XP for illustrating how to implement a Drop-box folder on NTFS, named "Submissions" as an example. It is the exact same method for domain scenarios, except by replacing the users with corresponding domain users. The steps apply to Windows 2003, Windows 2008 and Windows 7, too.
Basically, Administrators have "Full Control" access to the folder "Submissions", Users have "List Folder Contents" and "Write" access to the folder, and CREATOR OWNER has special "Read" access to the folder. All NTFS permissions are shown in the screenshots below.
As the result, Users can list the folder, post files, and read the files they posted, but not the files of each other. Administrators can access all files with Full Control.
Permissions for Administrators
Permissions for CREATOR
Permissions for Users
Advanced Security Settings for Submissions
Detailed Permissions for Administrators - Full Control
Detailed Permissions for CREATOR - Read & Execute
Detailed Permissions for Users - Write
Detailed Permissions for Users - Read & Execute
As I don't have a Windows domain on my home computer, I simply use a Windows XP for illustrating how to implement a Drop-box folder on NTFS, named "Submissions" as an example. It is the exact same method for domain scenarios, except by replacing the users with corresponding domain users. The steps apply to Windows 2003, Windows 2008 and Windows 7, too.
Basically, Administrators have "Full Control" access to the folder "Submissions", Users have "List Folder Contents" and "Write" access to the folder, and CREATOR OWNER has special "Read" access to the folder. All NTFS permissions are shown in the screenshots below.
As the result, Users can list the folder, post files, and read the files they posted, but not the files of each other. Administrators can access all files with Full Control.
Permissions for Administrators
Permissions for CREATOR
Permissions for Users
Advanced Security Settings for Submissions
Detailed Permissions for Administrators - Full Control
Detailed Permissions for CREATOR - Read & Execute
Detailed Permissions for Users - Write
Detailed Permissions for Users - Read & Execute
Monday, May 24, 2010
105 XP updates since 2008
As I need to use Excel 2007 to process some spreadsheets, I just restored my work PC from a VM snapshot back to October 2008. The virtual machine running Windows XP Professional has been suspended on my hard disk for 20 months. It can be the evidence showing my switch from Windows to Mac OS X. Yes, I am a Windows guy, but I do use iMac as the platform at home, though I always work (test) on varied Windows VMs on Mac OS X at the same time.
I have switched my productivity applications from Office 2007 for Windows to Office 2008 for Mac. I am happy with most Mac versions of Microsoft Office applications, umm... except Excel 2008. In my opinions, it is a kind of totally different user experience compared to what I used to with Excel 2007.
As for that XP, as the screenshot shown below, it needs to install 105 updates (including 91 critical updates but IE7/IE8 and .NET Framework) in size of 740.6 MB, and it needs more than 3 hours to install. 740 MB is just a CD. As I remember, Windows XP initially released on a single CD in 2001...
I have switched my productivity applications from Office 2007 for Windows to Office 2008 for Mac. I am happy with most Mac versions of Microsoft Office applications, umm... except Excel 2008. In my opinions, it is a kind of totally different user experience compared to what I used to with Excel 2007.
As for that XP, as the screenshot shown below, it needs to install 105 updates (including 91 critical updates but IE7/IE8 and .NET Framework) in size of 740.6 MB, and it needs more than 3 hours to install. 740 MB is just a CD. As I remember, Windows XP initially released on a single CD in 2001...
Subscribe to:
Posts (Atom)
Posts
