Today while searching in Google, a strange URL caught my attention: http://www.vwadviseurs.nl/joke/rizatriptan-10mg/. The Dutch domain sounds like a name for a legitimate advice company, but why would they have a page about a drug? Out of curiosity I clicked the link and saw an online pharmacy in English on the Dutch domain vwadviseurs.nl. Each link on this page points to a page on surfaid.me. This is all very suspicious, especially since https://www.vwadviseurs.nl looks like a sincere website for a financial company. So I decided to investigate this and found an entire web of malicious landing pages to surfaid.me.
At Creative Group we have several high traffic PHP web shops. If a web shop is offline for just a couple of minutes, we lose a lot of money. When there’s a technical problem, error messages are very important to fix it asap. We discovered that just using
set_exception_handler() is not enough, as in some situations the PHP error handler is not called. In this post I would like to share some practices we’ve implemented throughout the years to prevent this:
- Register error handler first
- Catch fatal errors
- Catch errors raised during error handling
- Prevent memory exhaustion during error handling
- Respect PHP settings
An embedded application on a Synology NAS is not automatically protected from accessing it without being logged in to DSM. Luckily Synology has an authentication mechanism, Web Authentication, described in their Developers guide. This enables you application to detect whether a user is logged in to DSM. Getting this to work for PHP is not that difficult, but you will encounter a few bumps on the road.
Not long after I bought my DS212+ I became interested in building my own embedded apps: packages that run within a window in DSM. I didn’t had much experience with Perl or Python, but I did with PHP. But I found out it wasn’t easy to get PHP to work as an embedded app without changing configuration files on the NAS, installing some other package first or forwarding a port. I want my apps to be usable for everybody in a user friendly way, so my first goal was to build an embedded Hello World app in PHP without any dependencies.