A not so obvious 403 error permission denied in IIS 7.5

What could be worse than having your live website inaccessible for a long time? Yesterday, I went onto live chat with my web host because I couldn’t get something working. I wanted to block an IP address that was causing a lot of errors and 404s on my website. I’ve added an entry in the IP and Domain Restrictions Settings in IIS the day before assuming the web server will block all requests to any pages on my sites. Well the following day, I got a few more email alerts regarding more 404 errors through email and it came from the same IP I have banned.

ip address restrictions

So I talked to someone from the web hosting company but she seemed clueless. I figured out she was a Level 1 customer support and had little knowledge, so I left the chat but I was unaware she would mess things up completely for me. After an hour, when I was checking the real time data on Google Analytics, I was surprised to see no visitors online. This has never happened before and I waited for 5 mins but nothing changed. So I tried to access my website to see if there was a problem and bam, I was greeted with an HTTP Error 403 – Forbidden: Access is denied – You are not authorized to view this page – You do not have permission to view this directory or page using the credentials that you supplied. My heart sank and I tried other domains on the same server but everything was down.

I tried to fix the problem myself but I could not find the root cause of it. I checked whether anonymous access was enabled and whether the IUSR account was working fine. I tried assigning new application pools too but it did not work. I disabled the firewall as well but in vain.

By the time a support ticket was opened and someone fixed the problem, the downtime was just over 2 hours. I hate to think about how many visitors were put off by this and how much money I lost along the way. It was the first time, my sites were offline for such a long time. Anyway the problem was that the stupid lady went into IP Address and Domain Restrictions and turned “Access to unspecified clients” to Deny which caused the 403 problem. By turning this back to allow, the problem was fixed.

feature settings

I did not spot the problem because I did not realise the Feature Settings had more configuration options for the IP Address and Domain Restrictions module. Anyway, I’m glad things are working fine again.

 

Educating Mauritians to shop online

While the Government of Mauritius have managed to portray the country as a Cyber Island, the truth is far from that. A lot of development has been made in the recent years and looking at the infrastructure, you’d surely be convinced the government services are very well advanced and organised. Contrary to popular belief, a lot of paperwork is involved in nearly everything you do in this country. Go to the Police Station to file a case and you’d be asked to sign on a paper book where the officer has handwritten your statement. The hospitals, the births & deaths registrations, the pension schemes and all other services seem to be run on paper. The concept of a central data network seems to be missing. Too few services are available through the Internet to mention yet they talk about being the leader in ICT amongst the African countries. Of course, the one-eyed man is king amongst the blind.

With all that said, you’d surely wonder how often you’d need the government services such as applying for a permit or making an application for your driving licence. You can live knowing that only once in a while you’d have to experience the frustration of all those manual tasks. However as we move towards a more sophisticated lifestyle where technology surrounds us, surely we’d want all the facilities that comes along with it and one thing that’s bound to make life easier is online shopping. Who’s got time outside their busy schedules (work or other responsibilities) to actually go shopping for the things they need nowadays?

It is unfortunate that not many e-commerce websites are yet available in Mauritius. However it’s the attitude of the people which is the main problem. No one likes change and when you’ve been used to buying your things in person and pay by cash, you’d be apprehensive of any other ways of shopping. Take for example the Clever Dodo Shop which allows people to buy things through the internet and have their orders shipped to them. The idea is very nice but people use the website as an online catalogue instead. They are happy they are able to see the product photos, descriptions and get their questions about the products answered quickly but when it comes to actually making the purchase online, they seem to get scared. They want a phone number instead and prefer to meet in person, hand over the cash and get their items.

To an extent, it seems to be a backwards mentality as in they don’t want to evolve but at the same time, I think they need to be educated about buying online. Putting your credit card details online is a risk but this has been mitigated by multiple prevention schemes and Mauritians need to be aware of that. There are countermeasures such a Verified By Visa, Paypal if you do not want to enter your credit/debit card details on every website you make a purchase, or the password based transaction offered by MCB (Mauritius Commercial Bank). You also need to look at the credibility of the website before entering into a contract with them, so checking the terms & conditions, delivery information and other details relevant to you is a must. There’s also the padlock symbol on the web browser which gets displayed when a site uses SSL (Secure Socket Layer) to ensure the encryption of whatever you’re inputting on their website which gives you re-assurance that nobody will be able to intercept your data.

I think the Mauritian government should promote buying online and raise awareness in that field because that will benefit the economy of the country as well as making shopping easier for the residents. If the attitude doesn’t change in the coming years, we’re sure to have a country stuck in the enhanced barter system.

Installing OpenCart on Windows 2008 server

After deciding not to go ahead with NopCommerce, I was left with 2 choices – either I host the eCommerce website on a Linux server or get it to run on my Windows server. I thought it would be a waste of money to buy separate hosting and therefore I tried to install OpenCart on my Windows 2008 box. Although I managed to install it successfully, there were a few problems I encountered along the way.

The Basics First

OpenCart requires MySql database and PHP to work. If you don’t have MySql installed on your Windows server, then just download the latest version of the MySql Server and run the wizard. PHP was already installed in IIS 7.5 for me as a FastCGI extension. I checked that it was working properly by trying to install WordPress (the popular blogging platform) on the Windows server and it worked flawlessly and the SEO Urls in the htaccess file was automatically translated to Web.Config equivalent (more on that later).

The Install Process

I downloaded the zip file for OpenCart directly on my server and extracted the files there instead of doing FTP as the later was faster. If your domain (for the eCommerce shop) has not been added to your DNS yet, it might be the time to do it now. Then configure the domain in IIS and copy the files from the “upload” folder for OpenCart to the physical directory you want your website to be run from in IIS. Now all you have to do is visit your shop’s url (eg myshop.com) and it will direct you to the installation wizard. If you don’t see the installation wizard, your PHP configuration is not done properly in IIS.

You will need to tick the accept terms for OpenCart and the following screen will show you what dependencies you need and what files/folders need to be written to. I found that I was missing a PHP extension (mcrypt) and I went on installing this before I proceeded. I refresh the page after mcrypt was installed and I was given the green light to proceed. The 3rd and final screen is a form where you need to enter database information like (db name, user and password) and admin details (email/password). Once you hit submit, the installation process begins and it tells you that you need to delete the “Install” folder as soon as possible, otherwise someone might trigger the installation again and overwrite your files and database.

However although it seemed that the installation went through fine, when I tried going to the shop homepage, I was redirected back to the installation screen. This was because the files which were shown as writeable was actually not writeable. The config.php file was zero bytes which means there were no configuration written to it and therefore the index.php file redirects you to the installation page.

To overcome this problem, you will need to give read/write/modify/execute access to the IUSR group and the IIS AppPool\YourAppPoolName to the files/folders mentioned during the installation wizard. I gave the parent directory (the folder where I uploaded all the OpenCart files) these access to see whether it works first. Once it was working, then I deleted the directory, recreated it and assigned the privileges needed only to those specific files/folders. It was good to see the open source ecommerce software working properly on a Windows machine.

Configuring Friendly Urls for SEO

On a Windows box, htacsess does not have any meaning. You would need to translate the rules to what windows understand and for that you will need to make use of the UrlRewrite module and the Web.Config file.


<?xml version="1.0" encoding="UTF-8"?>
<configuration>
 <system.webServer>
 <rewrite>
 <rules>
 <rule name="OpenCart" patternSyntax="Wildcard">
 <match url="*"/>
 <conditions>
 <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true"/>
 <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true"/>
 </conditions>
 <action type="Rewrite" url="index.php"/>
 </rule></rules>
 </rewrite>
 </system.webServer>
</configuration>

The above web.config is generated for WordPress to use friendly urls. You just need to edit the rules to get OpenCart to have search engine friendly urls. Don’t forget to choose the “Use SEO Url’s” in OpenCart administrative area (System -> Settings -> Edit -> Server).

Say you wanted products to be available at myshop.com/products/product-1. You would need a rule like this:


<rule name="Products">
<match url="^products/[w+]-d+"/>
<action type="Rewrite" url="product/product&amp;product_id={R:3}"/>
</rule>

UPDATE
Scrap what I said above regarding the configuration of seo links. You can just put the following in your Web.Config file:

</pre>
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
 <system.webServer>
 <rewrite>
 <rules>
 <rule name="opencart" stopProcessing="true">
 <match url="^([^?]*)" />
 <conditions>
 <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true"/>
 <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true"/>
 <add input="{REQUEST_URI}" pattern=".*\.(ico|gif|jpg|jpeg|png|js|css)" negate="true"/>
 </conditions>
 <action type="Rewrite" url="index.php?_route_={R:1}" appendQueryString="true"/>
 </rule>
 </rules>
 </rewrite>
 </system.webServer>
</configuration>

Then, when you have set OpenCart to use SEO Links, you can get products/categories/information pages displayed in friendly URLs. It’s exactly the rules they have in the htaccess file.

Why I chose Tumblr over Posterous

For a site that I was working on, I wanted a blogging platform that was easy to use and had the social aspect to it. For example this blog which is powered by WordPress remains disconnected from the rest of the world because I don’t promote my posts at all. The only visitors that I get here is people who have been referred from search engines, Google most importantly. This means I’m at the whims of Google for people to know what I’ve written.

Tumblr on the other hand has a very big user base who like to engage with other tumblers. If this blog was on Tumblr and I was using specific tags to describe my posts, I’m sure that I would get a good following and engagement from other people.

I decided to opt for a micro blogging platform for the following reasons:

Easier to get fans/followers and for people to engage with your blog

By joining a network with millions of users, it is easier to attract people interested in your content to become loyal to your blog. Take for example Facebook users, they are very willing to like and comment as long as they stay on Facebook.

No need to worry about disk space (can upload any amount of images at will)

Using a hosted CMS means that you need to monitor how much disk space you’re using. I usually optimise images before putting them on the web for 2 reasons – one to reduce the size so that it does not occupy more disk space than it should on my server and second because that decreases page load time and increase page speed. With an account on Tumblr or Posterous, I don’t need to worry about these things, although that’s recommended. I can now put images in blog posts as much as I want no matter how silly they are..

Can write as minimum as I want without worrying about SEO

As an SEO person, you know that you need to produce content of great quality to rank well in search engines. It makes sense but these type of content is difficult to produce and I’ve noticed that I’ve become less productive as a result. I no longer can write a quick post or have a post with just an image. People say that an image speak a thousand words but if you want organic traffic, you need to write that 1000 words along with the image to describe it.

However looking at Tumblr for instance, it seems that it’s not necessary for a post to be of a certain length (minimum number of words etc). You can have a short phrase, an image or anything else and have lots of comments, likes etc as long as your posts is seen by many people and is appealing. It’s all to do with the fans that you have. Some people can write a posts of a 200 words and have 50 comments on it. That solves the problem of SEO, right? The UGC, user generated content?

Tumblr is better because

  • there are more users than posterous
  • the users like to engage, like your content, reblog your posts (maybe because they are the younger generation and posterous users are oldies, above 55 I think the majority are)
  • there are more themes to choose from
  • it’s easier to use (from signing up to blogging, tumblr is much much simple than posterous)

The only thing I don’t like about tumblr is that you cannot get contributors to your main site. Oh well, one vote down against so many thumbs up…

Using PHPList to send bulk emails for newsletter

Instead of developing a newsletter system, I thought it would be easier to find an already made solution which I could use with minimal effort. PHPList was the first when it comes to this sort of functionality. However I was not very much pleased to have all the emails I send with an image of phplist at the bottom, not because I did not want to give credit to the developers but only because I thought it would be considered paid advertising in my newsletter.

I thought that I needed a very basic system in place. I already have the email address of my subscribers, I just need to mass email them and give them the option to unsubscribe as well. It sounds easy but then again, I didn’t want a rushed solution, so I decided to go ahead with PHPList but opting for a text link instead of the image credit to the author.

I installed PHPList through Fantastico on Linux CPanel and I’m sure you can install it with Softaculous as well. When the installation was complete, I quickly navigated to the interface but was met with a deadend. These are the problems I encountered:

500 internal server error

To fix this problem, I had to remove the line for php magic quotes from the .htaccess file. You can uncomment it as well by placing the hash symbol (#) at the beginning of the line as follows:

#php_flag magic_quotes_gpc on

Could not load xml for FCK Editor

When going into messages to compose a newsletter, I couldn’t type anything into the rich text box (FCK Editor) because there was a problem with loading the xml for that file. I had to modify the htaccess file to include the fckstyles.xml file in the allowed list as follows:

<FilesMatch “(index.php|dl.php|ut.php|lt.php|download.php|fckstyles.xml)$”>
Order allow,deny
allow from all
</FilesMatch>

Users are set to receive TEXT instead of HTML by default when importing

If the users in your lists are set to receive text, your html newsletter will be converted to text when sent to them. This is really a bad thing especially if you know the users can receive html in their email. You can go to your main page on phplist where you’ll find the option to reconcile users and from there, you can “mark all users to receive html”. You can also add a column to your file (CSV) with the name “Send this user HTML emails” and a value of 1 so that all imported users are default to receive html emails.

Cron jobs not working

With the command line cron job, the queue was not being processed because a login username and password was required. So I was getting emails to enter the login in. Mind you that the emails were text based and I had to copy the source to a new file, save as html, to view it properly. Anyway, I fixed that problem by using cURL and providing the username and password as follows:

curl ‘http://www.domain.com/phplist/admin/index.php?page=processqueue&login=username&password=password’

My cron job runs every 10 mins as I have defined a batch mode of 20 emails every 10 mins because I’m on a shared server which only allows 150 emails per hour. I decided to go safe with 120 per hour.

And to get the cron job to not email me every time it runs, I had to change the output to this:

curl ‘http://www.domain.com/phplist/admin/index.php?page=processqueue&login=username&password=password’ > /dev/null 2>&1

The 2>&1 is required because it tells linux not to print any error messages as well (so no mailing of any sort to you).

Number 0 is for standard input

Number 1 for standard output

Number 2 for errors

Anyway, so far so good. Let’s if the newsletter brings in more traffic!

Google Chrome malware warning

The day before yesterday, I went to check my emails on Hotmail and to my surprise I saw a big malware warning from Google Chrome telling me that a particular domain is known to distribute malware and I should really not proceed with my request. I was shocked because Hotmail is a big company and a trusted site and I don’t think it would be possible to hack into the website to make it distribute malware. I googled the problem and could not find anything on the topic. I went onto Twitter as well just to make sure that it was not something that Google has not picked up yet but social networking site Twitter has because it’s more real time. Unfortunately there was not a single clue.

However the domain that was flagged as malware seemed familar but I could not remember what exactly though. After some time digging into my rusty brain, I finally realised that this domain (completely unassociated with Hotmail) was the status message of someone I know on MSN Messenger. It was someone who was into Graphic Design that I added to my contacts. It then occurred to me that his site was compromised and because his website link is in my contacts list on Hotmail, Google Chrome was warning me of the potential danger of clicking through this link. It was not very obvious though and it appeared that Hotmail was the one which was hacked into.

After removing this person from my contact list in Hotmail, the malware message no longer appeared when I checked my emails. So if you see this kind of message when browsing a trusted site, then it could be because one of the websites links on that website has been flagged as malware.

Cannot install iTunes on 64 bit Windows 7

I’ve installed Windows 7 64 bit on my computer which had Vista previously and I was in the process of adding the softwares that I use often when it came to iTunes on my list, problems started occuring. I downloaded the iTunes for windows (64 bit) without any problems but couldn’t get it to install. I’ve read on the web that quite a lot of people were having trouble downloading the iTunes setup package itself but my problem was different.

When I double click on the iTunes installer, it shows the progress bar for a split second and disappears. So I googled the problem and found that a lot of people were having the same problem. I know I’m using the 64 bit version of Windows and I downloaded the right package for my OS. On Apple’s website, I’ve tried everything listed on there. I’ve cleaned up my TEMP folder (in AppData under my username), remove all the programs (Bonjour service, QuickTime etc) and even changed msconfig to go onto selective startup as suggested by apple to no avail. I’ve had to uninstall Adobe Master Collection CS3 Suite to remove that annoying bonjour service and edit my windows features to delete everything from the TEMP folder and nothing worked.

I’ve spent hours on this and it’s really frustrating that I can’t sync my iPhone because Apple released a crap version of their iTunes installer. It’s not like there’s something wrong with my PC because I’ve got a fresh install of Windows 7 on it. So blame Apple! I’ve tried different versions, mix and match QuickTime as a standalone program or QuickTime with iTunes and nothing will get the iTunes install. I’ve even tried it on 3 separate computers! Now this surely is a joke, isn’t it?

Out of desperation, I installed a 64 bit version of iTunes 8.0 instead of iTunes 10.1.1 and got that to install without any problems. However when I plugged in my iPhone, iTunes complained that it was not compatible and that I needed to upgrade to the latest version (10.1.1). So all that for nothing. Deleted the old iTunes, tried again and back to square one. So now I’ve got an iPhone with no songs on it and I can’t sync it. Well done Apple.

UPDATE 08 Feb 2011 : I’ve just downloaded iTunes Setup 10.1.2  for Windows 64 bit and it installed without any problems. However when I plugged my iPhone to the computer, it did not recognise it. So I went to Device Manager in Control Panel and there was the little exclamation icon next to the “Apple Mobile USB Device” and I had to manually update the driver but after that I was able to sync my iPhone.

Question and Answer websites – Q&A

Knowledge should be easily shared and made available to others without having to pay an excessive amount of money. Ideally it should be free but there are times when that’s not possible. However I believe that many individuals have a lot of knowledge and experience which could be helpful to others and if these people were to share what they know, then life would be a lot easier to deal with.

I’ve always been fascinated with Question and Answer websites because the potential of these systems is really huge. At one point in everyone’s life, there comes a time when you have this doubt/question and you want someone to point you in the right direction. By yourself, it can take a substantial amount to time to resolve the problem but if someone was there to guide you, then it would make the hurdle easier to cope with.

My idea of a Q&A website is a place where people can ask questions no matter how trivial they might seem and get answers from other people. Of course, there’s no guarantee that the answers received will definitely resolve the problem in the said question but at least it can give the asker an idea how to go about solving the question. Sometimes there may be someone who’s had the same problem before and can therefore post a really good answer which would address the question being asked or there might be experts in the question field and therefore, it would be easier to tackle these questions objectively.

The Q&A system would need to have a reputation system whereby people who contribute constructively are rewarded in the community. This can be in the form of different levels attached to a user’s profile or points accummulated over a period of time. Not only does this show how engaging the member is but an answer from a reputable member is worth more attention than that from a person who posted his first answer. This is not to say that a novice cannot provide a great answer but when someone has built a reputation, it is easier to trust their contribution.

Questions can be voted on and rise up the scale when it gets really popular. This can be used to show that a lot of people actually like the question and think that it is interesting. They may not have asked the question themselves for one reason or another but are grateful that some other person has.

Answers should be votable as well and this helps to show which answers are better and which ones are not so good. When this happens, answers with more votes rise to the top and that helps a person searching for that particular question to easily locate the answer which more accurately addresses the question instead of the searcher having to go through all the answers and see which one is the best. Similarly a best answer option is a great way to label great answers and this should take that answer to the top of the page just below the question so that it is the first thing that you see when looking at a question.

Of course with such a system in place, it is upto the community to moderate the content that is being posted. So there must be a mechanism in place to report offensive content and members must be encourage to use that feature. Points should be awarded for doing good karma and the same applies for people trying to spoil the community, that is, negative points and when it gets below a threshold, an automatic ban is issued.

Articles for more in depth information

The question/answer website takes in generally a short question and several short answers. Most of the time, it is something very specific and there’s no need to go in details if a one line phrase can answer the question. This is why is believe that a section should be created for articles where indepth coverage of certain topics can be discussed. For example, an article on “Electric cars” might discuss the various technogies used and the best cars that we have so far whilst a question labelled “What is the best electric car” requires a 1 liner stating the make/model for the best electric car. However a link from the question page to the article page would be really helpful as a person looking for more information on the subject matter can read more.

Contests

I think that contests are a good way to engage the members of the website. You could do a contest for the best night photography and let members upload their best pictures and have other members rate/vote them. The one with the highest vote can receive a badge or something more tangible sent to him.

Poll

Poll is another good way to have your users interact with your website more. Polls can be anything really eg, have a list of 10 songs and ask users to vote on their favourite. At the end of a pre-determined time, you can close the poll and show the results to everyone.

Multiple networks in Windows 7 – Unable to connect to the Internet

After upgrading my Vista PC to Windows 7, I installed a few programs that I use frequently and was hoping everything was going to be fine. However things turned out to be a headache when I could no longer connect to the Internet. I connect to the Internet through a network cable that comes straight from my Netgear router, so there couldn’t be any wireless problems. I tried to hover over the little network icon in the system tray and it showed a message telling me that I was connected to multiple networks. I knew straight away that this was the problem and if I could get rid of multiple networks and make it connect to just 1 network (my home network), then that would solve my problem. Strangely enough, there was no option to delete the other network m (Public Network) from Windows.

I tried a few things and the only thing that worked was to disable the network adapter and enable it again. This would get rid of the multiple network problem and connect to my home network as it should do. However when the computer is restarted, the problem would come back again. I wanted to find a more permanent solution to the problem. So I searched on the web and it turned out to be a problem with a service called “Bonjour Service”. That’s  a program from Apple and basically it kicks in before another service and that’s where the problem starts. If you go into services, you will not find a service called Bonjour Service as it’s named some like “##IdString1…”. You will have to set that service to delayed autostart or disable it to get your internet working again.

The Bonjour Service got installed on my computer when I installed Adobe Photoshop CS3 but if you use iTunes, you are bound to have it as well. It’s a perfectly safe program but should be marked as Start type – Automatically (delayed) if you want no hassles with your internet connection.

WordPress automatic upgrade not working and asking for FTP details

I run quite a few sites and on some of them I’ve installed WordPress for convenience. Every now and then a new version of WordPress is released and I like to keep my installation of WordPress up-to-date so that I’ve got the latest security patches and new features which have been developed. For earlier versions of WordPress (before 2.7), you had to do the install manually but with WordPress 2.7, you now have the option to upgrade automatically. As soon as a newer version is available, you have a link in the admin panel telling you to update your installation. You should be able to click on the update link and WordPress itself will download the latest files, extract them and update your WordPress accordingly. On one installation, it took no more than 15 seconds to complete the upgrade. However on my other hosting accounts, I’ve found that I just cannot update the software as it keeps asking me for my FTP details.

I know for a fact that the automatic upgrade should work but I wanted to give the FTP connection a go as well and it didn’t run as expected. WordPress couldn’t either extract some files or couldn’t create folders/files. I could have fixed the problem by giving write access to the required folder but I thought it was getting a bit too much as I don’t like the idea of putting my username/password for FTP in the first place. So I decided to find out a solution to the automatic upgrade problem instead and I spent hours researching the topic.

Here are the solutions that I tried:

  • define(‘FS_METHOD’, ‘direct’); in wp_config.php (didn’t work)
  • Give write permissions 777 to the whole wordpress directory for testing (didn’t work)
  • Editing file.php (found in wp_admin/includes) so that getmypid() is returned instead of getmyuid() (didn’t work)

If you’ve got full access to the server where wordpress is installed, you should be able to fix the problem easily but if you’re on shared hosting, things get complicated. My wordpress files/folders are owned by me on the hosting account but when a php script is executed, it runs as the nobody account. This is the default apache user that the server uses to run scripts on the shared hosting and that’s what is causing the headache. WordPress does a test to see if a file is owned by the current user executing the script and if that fails, it promts you for your FTP connection details.

I’ve looked into ways to overcome the problem but the shared hosting account doesn’t give me shell access, otherwise I would have been able to change the owner of the files/folders. If I get to run apache as my own user account, I should be able to get the wordpress automatic upgrade to succeed but I’m still looking for a solution at the moment. I’ve looked into php scripts executing commands (with exec) but I’ve still got to learn how to use that. If you’ve got the solution, then let me know.