28 December, 2006

Taiwan quake cuts off much of Asia Internet

If you experience connection problem with your web site or email, please read the news below. Let's all pray...

Update 29 Dec 2006 12:40PM:

Looks like things are getting better slowly, but still very unstable, especially users outside of Singapore or Asia may still experience problems every now and then at some locations in next few days.

http://news.yahoo.com/s/ap/20061227/ap_on_re_as/asia_quake

http://www.channelnewsasia.com/stories/afp_asiapacific/view/249389/1/.html

http://news.bbc.co.uk/2/hi/asia-pacific/6211451.stm

Here's the story I copy/paste from ChannelNewsAsia if you cannot access above link:

Taiwan quake cuts off much of Asia Internet

Posted: 27 December 2006 1840 hrs

HONG KONG - Internet and phone services were disrupted across much of Asia on Wednesday after an earthquake damaged undersea cables, leaving one of the world's most tech-savvy regions in a virtual blackout.

From frustrated traders seeking in vain for stock quotes to anxious newshounds accustomed to round-the-clock updates on world events, millions of people from China to Japan to Australia were affected.

The disruption was widespread, hitting China, Japan, South Korea, Taiwan, Singapore, Thailand, Malaysia, Hong Kong and elsewhere, with knock-on effects as far away as Australia for companies whose Internet is routed through affected areas.

There was no chaos on the stock exchanges or any of the other doomsday scenarios, but reports that services could be down for weeks were dramatic enough.

South Korea's information and communication ministry said all six undersea fibreoptic cables off Taiwan were hit, causing major disruption. All services, except for exclusive business lines, returned to normal shortly afterwards as they were switched to other systems.

But officials could not put a timeframe on when business lines would be fixed. "It is not a matter of days," said Hong Seoung-Yong, a ministry official handling the problem. "It will take longer than that to repair the damaged lines."

A 7.1-magnitude earthquake off the coast of Taiwan on Tuesday night, which was followed by several smaller quakes in the region, apparently damaged the vast network of underwater cables that enables modern communication.

"The Internet capacity in Taiwan is about 40 percent now, so the service is jammed," said a spokesman for Chunghwa Telecom, Taiwan's largest phone company.

A spokesman for CAT Telecom, Thailand's communication authority, said Internet services had been disrupted across the country.

"Those whose businesses mainly rely on Internet communication have been affected. They can't do anything," he added.

Phone services in some countries were also disrupted, in particular for calls to the United States.

"Several undersea data cables were damaged," said a spokesman for PCCW, Hong Kong's biggest telecoms company.

Service providers quickly tried to redirect customers to the cables that had not been affected but the reduced capacity was no match for the normal workload of users, leaving an Internet service that was painfully slow or non-existent.

"It's a nightmare, basically, because we have no idea what is going on in the markets today," said Steve Rowles, an analyst with CFC Seymour in Hong Kong, who echoed others in saying that damage was limited due to year's end.

"It has happened on the right day as a lot of people are away for holidays, so there's low trading volumes," he said.

In China, web users in cities as far apart as Beijing in the north and Chongqing in the southwest reported difficulties accessing overseas websites, state media reported, after several undersea cables belonging to China Telecom were cut.

The Tokyo Stock Exchange, the world's largest bourse outside of New York, was functioning without problems, a spokesman said.

The Hong Kong stock exchange also said it was also working without problems, but after-hours crude trading in Singapore was affected as traders reported they could not access the New York Mercantile Exchange (Nymex).

NTT Communications, the long-distance call business of Japan's largest telecom firm Nippon Telegraph and Telephone Corp., said 1,400 toll-free phone lines and 84 international lines used internally by companies were affected.

The crux of the trouble seemed to be in the underseas routes near Taiwan, which providers would try to bypass in favour of other routes through Europe, said a spokesman for Japanese telecoms firm KDDI Corp, Satoru Ito.

"If there is too much traffic on that route, it might get blocked up and further slow down Internet connections," Ito said.

- AFP /ls

03 August, 2006

register_globals disabled

Due to recent vulnerabilities for varies php web applications making full use of register_globals enabled, we have disabled register_globals on all our Unix/Linux servers on 20 July 2006.

Part of the past exploits found making use of register_globals or as one of the causes are as below:

PmWiki Unregister "register_globals" Layer Bypass -
http://secunia.com/advisories/18634/
phpMyAdmin register_globals Emulation "import_blacklist" Manipulation -
http://secunia.com/advisories/17925/
Mambo "register_globals" Emulation Layer Overwrite Vulnerability -
http://secunia.com/advisories/17622/
phpSysInfo "register_globals" Emulation Layer Overwrite Vulnerability -
http://secunia.com/advisories/17441/
Mambo / Joomla perForms "mosConfig_absolute_path" File Inclusion -
http://secunia.com/advisories/21044/
CzarNews "tpath" File Inclusion Vulnerability -
http://secunia.com/advisories/21038/
Phorum Cross-Site Scripting and Local File Inclusion -
http://secunia.com/advisories/21043/
Mambo SiteMap Component File Inclusion Vulnerability -
http://secunia.com/advisories/21055/
Joomla com_hashcash Component File Inclusion Vulnerability -
http://secunia.com/advisories/21053/
Pivot Multiple Vulnerabilities -
http://secunia.com/advisories/20962/
Mambo PccookBook Component File Inclusion Vulnerability -
http://secunia.com/advisories/21015/
Mambo SimpleBoard Component "sbp" File Inclusion Vulnerability -
http://secunia.com/advisories/20981/
Mambo Galleria Module "mosConfig_absolute_path" File Inclusion -
http://secunia.com/advisories/20949/
phpRaid SQL Injection and File Inclusion Vulnerabilities -
http://secunia.com/advisories/20200/
phpRaid SQL Injection and File Inclusion Vulnerabilities -
http://secunia.com/advisories/20865/
Pearl Products File Inclusion Vulnerabilities -
http://secunia.com/advisories/20819/
Mambo MOD_CBSMS Module File Inclusion Vulnerability -
http://secunia.com/advisories/20823/
Qdig Cross-Site Scripting Vulnerabilities -
http://secunia.com/advisories/20808/
phpBB THoRCMS Add-On "phpbb_root_path" File Inclusion -
http://secunia.com/advisories/20815/
Bee-hive Lite Multiple File Inclusion Vulnerabilities -
http://secunia.com/advisories/20814/
BandSite CMS "root_path" File Inclusion Vulnerabilities -
http://secunia.com/advisories/20768/

More such can be found at
http://secunia.com/search/?search=register_globals

Security is always our first priority.

By disabling register_globals, only those php web applications that were written with no code security in mind therefore depend on it will be affected.

There is a work around to have it enabled per site/directory basis by uploading the .htaccess file with the following content to the directory/site:

----------------------------------------
php_value register_globals 1
----------------------------------------

However please note enabling register_globals would open security hole for your application.

No matter where/how you get your script/application, written by your programmer, installed from cpanel, downloaded or bought from somewhere... please make sure your application is up to date and secure. Upgrade your application whenever there's new release.

We will not hesitate to remove any script affected/exploited immediately without notice.

Thank you for your attention.

12 March, 2006

EXPAN Down

The datacenter we locate our Linux servers, Singtel EXPAN, went down from around 2:10AM. Basically all EXPAN network down. Many web sites in Singapore affected, not only ours.

Will monitor and post here.

Update at 5:22am: 3 hours and still counting. This must be something screwed up big time in Singtel. All servers housed in EXPAN are not accessable.

Update at 5:45am: it's up now. Waiting for explanation from EXPAN.