Even though referer spam isn’t something new to black hat SEOs, WordPress blogs seem to get hit pretty hard with referrer spam these days.

Every time somebody clicks a link on a website, the browser sends the originating URL (the URL of the web page that hosts the link) to the target web server. This referer information can be parsed with web server log statistic software to show the webmaster where the web site’s visitors originated from. Read more »

You’re looking for a way to consume Web services in SAP NetWeaver 2004s (and SAP Composition Environment aka NetWeaver 7.1) from BEA WebLogic Server 8.1 (and newer versions) using Single Sign On (SSO)?

You may have figured out already that SAML is not an option here because the SAP side is just a SAML consumer and not a provider (as of today). The only way left is to use the proprietary SAP Logon Tickets. Proprietary authentication mechanisms always require some extra work. In this blog article I’ll fill you in on what you need to SSO-connect those two J2EE platforms. Read more »

It’s not a secret that these days most server hacking attempts originate from chinese IP addresses. A lot of attempts originate from other countries like South Korea and Indonesia as well. It seems that in those countries (cyber-)law-enforcement and technological advancement don’t correlate. I agree that a server has to be able to sustain non-flooding attacks just by using a proper and secure server configuration. But what if almost all traffic from those countries are automated vulnerability scans? Read more »

To validate/verify a SAP Logon Ticket in a non-SAP Java environment you have to call into native libraries. Fortunately there’s some Java sample code provided in the SAPSSOEXT library archive.

Go to service.sap.com (you need a valid user and download permissions) -> Download -> Support Packages and Patches -> Entry by Application Group -> Additional Components, follow the SAPSECULIB and SAPSSOEXT links and download the library versions for your operating system. You’ll also need SAPCAR to extract those .SAR files. Both libraries - sapsecu.dll and sapssoext.dll - are needed to validate a SAP Logon Ticket. Read more »

While the installation of the Linux binary for the Unreal Tournament 3 Server is dead simple, some very brave game server administrators apparently chose to run the server with root permissions because there’s no useful server start script. This usually is an exceptionally bad idea for everything that opens ports on an Internet server.

Here’s a very simple start script that starts the UT3 server with a different account which you have to create using the groupadd/useradd command. In my case I’m using user game in group game. The script will sudo to this less powerful account and then start a botless deathmatch UT3 server. The server will continue to run after you close your shell. Well, at least until the server crashes, which it does frequently. In its current form the script has to be put into the ut3-dedicated/Binaries directory. Read more »