I recent topic on CFGURU about clients who blame the technology rather than trying to diagnose the real problem reminded me of a couple of funny tech support stories I thought I would share where the client has incorrectly blamed ColdFusion/Hosting for their problems.

 

When is ColdFusion not ColdFusion, when it's PHP of course

I had a client (lets call him Dick) kept complaining that their site had stopped working AGAIN usually telling us there was a server problem and to restart CF as it was broken, every time I checked everything was working fine on the server, cf was working etc. They would never give us any more info about the problem other than that CF was broken.
It eventually turned out that they had got their site redeveloped some time ago  in PHP and also moved the hosting elsewhere as well, so not only was it not a CF site, but we were not even hosting it :-)

Every so often we will get another email from them saying they have problems with FTP, email or something, and each time we have to explain that we cannot help as we are not their host. Hopefully one day someone will update their records

 

2 sites are better than 1

Another client (lets call her Dizzy) emailed us to say that the changes she was making to her site were not showing up and ColdFusion must be broken. Bear in mind that we did not develop her site, so shouldn't be supporting it either really, but i'm such a helpful chap yaknow .
I got her to give me the URL of her admin interface, I logged in saw her changes, made some of my own changes, checked the site and there were the changes, no problems.
I couldn't understand why she couldn't see her changes, I got her to clear her cache, restart browser etc, after many exchanges of emails and phone calls, I eventually got her to send me a screen shot, at which point I noticed that the domain name was totally different to the one she sent me.
It finally transpired there were 2 different domains each hosting an exact copy of the site, one was hosted with us, one was hosted elsewhere.
When she edited her site, she did so on www.domain1.com/admin but then viewed the site on www.domain2.com, why I have no idea, but that was why she couldn't see her changes as she making them on a totally different site.

Unfortunately this happened every time she made changes to her site, she would contact us and we would go through this all over again.

Have you ever needed to login to webmail, a support ticket system, online gaming or in fact any site where you have multiple logins or simply need to login as someone else to check something. This is usually a pain in the backside, as you have to logout as your current user, then login as someone else, then remember to logout and login as yourself again.

 

Thankfully with the current browsers there is now a simple solution to this called “Private browsing”, which allows you to open a new (private) browser window which is isolated from your normal browsing  and does not record any data such as history, cookies etc. As well as being useful for hiding your browsing activities from your spouse or when using a public computer in an Internet cafe, it is also great for the aforementioned purpose as well.
many of you may have noticed this option in your browser but never been sure what it does or even tried it out.

In Firefox 3.5+:
Start private browsing from tools menu or press CTRL+SHIFT+P
more details here...

 

In Google Chrome:
Open  Incognito Window from tools (wench)  menu or press Ctrl+Shift+N
more details here...

 

In Internet Explorer 8+ :
Start In Private browsing from Safety menu, or press CTRL+SHIFT+P

more details here...

 

In this new private window you will now be able to login to any site as a different user and also remain logged in as yourself in your normal browser window. Remember though that cookies are not saved, so once you close the window you will no longer be logged, regardless of whether you clicked any “keep me logged in” box.

I had a very weird problem today. I downloaded a CSS menu from http://13styles.com and no matter what I did I could not get the GIF images to display (using IIS7 on windows 7), all I got was "HTTP Error 401.3 – Unauthorized".

I checked the file and folder permissions, nothing wrong there and permissions were fine, authentication in IIS was fine, I was stumped.

After much head scratching I finally decided to check the file attribute properties and discovered the cause.

The "Encrypt contents to secure data" option was checked. Unchecking this and re-saving solved the problem.

 

 

It seems I must have enabled encryption on my drives at some point, and even though it is now disabled, new files are still being created with this option enabled, which obviously plays havok with images on web pages.

 

Anyway hopefully this may help others from a lot of head scratching over this one.

I just can't seem to get away from this weird and wonderful tech issues that don't seem to affect anyone else or at least not enough for them to show up on google, I must be some sort of magnet for these things.

The latest bizarre episode was my Broadband connection at my office, which started to become rather unreliable, constantly dropping, becoming slow and then eventually died altogether and has been down for the last month. The router would connect for a few seconds and then disconnect again, so not enough time to do anything.

I replaced the router several times, all cables, ADSL filter, AC/DC adaptor, unplugged all other equipment from the router and phone line, nothing worked.

Finally my ISP sent out a BT engineer to do a line check, he fixed every possible problem he found on my line and at the exchange, so I now have a perfect line with an even better download speed than I had before.

The engineer even connected up his own BT Broadband router and connected to BT without an issue. So it appeared the problem was with my ISP, but they didn't have a clue what it could be so I decided to transfer to a new provider, after much careful consideration I chose Zen based on their good reputation and number of positive reviews for their business broadband.

 

My new ADSL was connected today, so I came in to the office with anticipation, only to be deflated again when I realised the problem was still there.

So I got on to the phone to Zen and literally within 10 minutes the problem was solved.

The first thing the guy asked me was if I had any other electrical devices near my router or the wires and if I did could I turn them off, which I thought seemed a bit odd but I did it anyway, and by heck my router came to life, the ADSL light went green and I had Internet access.

So it turned out to be by Snom 360 VOIP phone, some how it had developed a fault and was emitting waves at a frequency that was interfering with my ADSL, yes even when it was not plugged in in to the router.

It seems like such a simple thing, but I doubt I would ever thought of doing this myself as the possibility of my phone being the cause even when disconnected would not have even occurred to me, and obviously did not occur to my previous ISP either, so so I have to give Zen top marks for their tech support and this is why you pay more for a quality service.

Keeping your ColdFusion server patched and up to date can be a bit of a challenge. Adobe do not have any kind of automated update service or even a notification service and their RSS feeds are not exactly up to date or reliable either.

There are however some useful resources out there that can make life easier.
As far as actually applying patches and updates goes, if you do not read Adobe's install notes and guides then you can easily miss an important manual step and leave your server vulnerable.
ColdFusion veteran Charlie Arehart has recently published a great blog post covering all the bases and explaining which updates or HorFixes also require manual steps and what to watch for.

Easier updates and management

For an easier way to manage your ColdFusion server and find out whether all your updates are installed try Merlin Manager. Merlin is an AIR based management and monitoring system for ColdFusion 7, 8 and 9 servers.

Merlin has several unique features:

• Works with CF 7, 8, 9 Servers
• Easy to use AIR based Interface
• Save and restore configurations
• Compare server settings
• Monitoring for CF 8 and 9 servers
• Updates and Patches

Hack proof your site

Do you perform any kind of vulnerability testing on your site to make sure it is hack proof? If the answer is no then your site may be vulnerable to any number of attacks or may have already been hacked. Thankfully there are tools to make this easier too.

ColdFusion Server Security Scanner: HackMyCF

Have you ever wondered what your ColdFusion server looks like to a hacker? Try ColdFusion Server Security Scanner: HackMyCF which sends you a email report listing vulnerabilities found on your server. Run manual scans for FREE or subscribe to their automated service.

FuseGuard Web Application Firewall for ColdFusion

The FuseGuard Web Application Firewall (WAF) for ColdFusion blocks
and logs malicious requests on your ColdFusion Applications. Pricing
starts at $349 per application or is available as a monthly subscription from BlueThunder, we will also install Fuseguard into your existing application for you and perform general security analysis and updates to your code if you do not have the skills to do it yourself. Please contact us for more details.

The firewall comes with over 15 filters to help protect against vulnerabilities such as:

• Malicious File Uploads
• Cross Site Scripting / XSS
• SQL Injection
• Session Hijacking
• Cross Site Request Forgery
• CRLF Injection
• Path Traversal Attacks
• Password Dictionary Attacks