For 2021 - online Python 3 training - see ((here)).
Our plans were to retire in summer 2020 and see the world, but Coronavirus has lead us into a lot of lockdown programming in Python 3 and PHP 7.
We can now offer tailored online training - small groups, real tutors - works really well for groups of 4 to 14 delegates. Anywhere in the world; course language English.
Please ask about private 'maintenance' training for Python 2, Tcl, Perl, PHP, Lua, etc.
Are nasty programs looking for security holes on your server?
Looking through my log file reports for the last week, I have found the following in my "failed requests" log.
So what are these requests? Should I be worried?
They're attempts to break into my system. But I'm not being particularly targeted - this is an automated attack, attempting to call on a script which I don't have to run code that's held on those remote sites which have previously been compromised. And if they succeed, they they'll set the same hole up on my system and carry on to the next.
The particular accesses above actually don't worry me - they were all "404"d - but rather they form a warning of the dangers of allowing external code to be included in PHP.
Visiting the URLs given as the "error=" parameter, I find a variety of "not found" pages which means that the hole has not been closed on the remote system, and nasty pieces of PHP which mean that the remote machine is still compromised. (If you, reading this article, visit any of them you should get a 404 as I have distorted the URLs that were live - I don't want to make this into a "how to break in" manual page!). But I do have copies of the scripts that I can show bona fide delegates on our PHP courses, and of the futher log details of the programs (often in Perl) that are injected.
If you are worried about being infected, the particular attack file contains the string "Mic22" - so if you search for that ... (written 2008-02-17, updated 2008-02-18)
Associated topics are indexed as below, or enter http://melksh.am/nnnn for individual articlesH117 - Security in PHP 
Spotting a denial of service attack - (2005-06-12) 
Robust checking of data entered by users - (2005-08-27) 
A lion in a cage - PHP - (2006-11-10) 
What is an SQL injection attack? - (2006-11-27) 
Learning to write secure, maintainable PHP - (2007-01-25) 
Injection attacks - safeguard your PHP scripts - (2007-02-20) 
Easy handling of errors in PHP - (2007-08-27) 
Error logging to file not browser in PHP - (2007-10-11) 
Using PHP to upload images / Store on MySQL database - security questions - (2007-10-19) 
A story about benchmarking PHP - (2007-12-23) 
PHP - Sanitised application principles for security and useability - (2008-06-16) 
Defensive coding techniques in PHP? - (2008-07-02) 
Who is watching you? - (2008-08-10) 
Injection Attacks - avoiding them in your PHP - (2008-08-31) 
Injection Attack if register_globals in on - PHP - (2009-02-04) 
Security considerations in programming - what do we teach? - (2010-03-22) 
Protecting your images from use out of context - (2010-08-29) 
Catchable fatal error in PHP ... How to catch, and alternative solutions such as JSON - (2011-03-22) 
How to stop forms on other sites submitting to your scripts - (2012-04-15) 
An easy way to comply with the new cookie law if your site is well designed - (2012-06-02) 
A small teaching program - demonstration of principles only - (2016-02-08)
Some other Articles
The geometry of East LondonLetting new visitors know we provide training coursesFSB, EGM, AGM.Learning Object Oriented Principles (and perhaps Java)Are nasty programs looking for security holes on your server?Colour, Composition or ContentChinese New YearA forum is not always the best vehicleTeaching Object Oriented Java with Students and Ice CreamTo Wales - where theres still a toll on the bridge
4759 posts, page by page
Link to page ... 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 at 50 posts per page
This is a page archived from The Horse's Mouth at
the diary and writings of Graham Ellis.
Every attempt was made to provide current information at the time the
page was written, but things do move forward in our business - new software
releases, price changes, new techniques. Please check back via
our main site for current courses,
prices, versions, etc - any mention of a price in "The Horse's Mouth"
cannot be taken as an offer to supply at that price.
Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).