国内挂号信单号含义



从2007年4月下旬开始,国内挂号签条更换成信函(绿色,首位字母为X)和印刷品(棕色,首位字母为S)两种,北京好象是5月中旬开始使用的,其他省目前还没见到,采用此项是为了实现挂号信函网上查询 国内给据邮件代码由邮件种类代码、邮件编号及省级行政区划代码三部分组成。邮件种类代码 邮件编号 省级行政区划代码 X1X2 X3X4X5X6X7X8X9X10X11 X12X13 X应是”信函”的第一个字母 邮件种类名称 邮件种类代码 条码应用方式 挂号信函 XA~XM 邮政营业专用 XN~XZ 客户制作专用 挂号印刷品 SA~SM 邮政营业专用 SN~SZ 客户制作专用 挂号商业函件 HA~HZ 邮政商函中心专用 X1~X2邮件种类代码,用两位大写英文字母表示 X3~X11为邮件编号,用9位阿拉伯数字表示。 X3~X10为同一省(自治区、直辖市)中同一邮件种类的邮件顺序号;数字范围为00000001~99999999; X11为8位邮件顺序号的数据校验码,数字范围为0~9;计算方法和校验程序参见标准 X12~X13为条码使用局或客户所在地的省级行政区划代码,用2位阿拉伯数字表示,采用GB/T 2260-2002《中华人民共和国行政区划代码》表1中规定代码的前2位。

MYSQL 使用 skip-name-resolve后,phpmyadmin出现#1045 无法登录 MySQL 服务器

MYSQL 使用 skip-name-resolve后,在用户名和密码设置正确的情况下,phpmyadmin 依然出现

#1045 无法登录 MySQL 服务器的提示。

原因在于,phpmyadmin依然使用 localhost 来登录,

修改 config.default.php文件

找到

$cfg[‘Servers’][$i][‘host’] = ‘localhost’

修改为

$cfg[‘Servers’][$i][‘host’] = ‘127.0.0.1’

Best practices against hacking

Friday, February 20, 2009 at 6:46 AM

These days, the majority of websites are built around applications to provide good services to their users. In particular, are widely used to create, edit and administrate content. Due to the interactive nature of these systems, where the input of users is fundamental, it’s important to think about security in order to avoid exploits by malicious third parties and to ensure the best user experience.

Some types of hacking attempts and how to prevent them

There are many different types of attacks hackers can conduct in order to take partial or total control of a website. In general, the most common and dangerous ones are SQL injection and cross-site scripting (XSS).

SQL injection is a technique to inject a piece of malicious code in a web application, exploiting a security vulnerability at the database level to change its behavior. It is a really powerful technique, considering that it can manipulate URLs (query string) or any form (search, login, email registration) to inject malicious code. You can find some examples of SQL injection at the Web Application Security Consortium.

There are definitely some precautions that can be taken to avoid this kind of attack. For example, it’s a good practice to add a layer between a form on the front end and the database in the back end. In PHP, the PDO extension is often used to work with parameters (sometimes called placeholders or bind variables) instead of embedding user input in the statement. Another really easy technique is character escaping, where all the dangerous characters that can have a direct effect on the database structure are escaped. For instance, every occurrence of a single quote [] in a parameter must be replaced by two single quotes [] to form a valid SQL string literal. These are only two of the most common actions you can take to improve the security of a site and avoid SQL injections. Online you can find many other specific resources that can fit your needs (programming languages, specific web applications …).

The other technique that we’re going to introduce here is cross-site scripting (XSS). XSS is a technique used to inject malicious code in a webpage, exploiting security vulnerabilities of web applications. This kind of attack is possible where the web application is processing data obtained through user input and without any further check or validation before returning it to the final user. You can find some examples of cross-site scripting at the Web Application Security Consortium.

There are many ways of securing a web application against this technique. Some easy actions that can be taken include:

  • Stripping the input that can be inserted in a form (for example, see the strip tags function in PHP);
  • Using data encoding to avoid direct injection of potentially malicious characters (for example, see the htmlspecialchars function in PHP);
  • Creating a layer between data input and the back end to avoid direct injection of code in the application.

Some resources about CMSs security

SQL injection and cross-site scripting are only two of the many techniques used by hackers to attack and exploit innocent sites. As a general security guideline, it’s important to always stay updated on security issues and, in particular when using third party software, to make sure you’ve installed the latest available version. Many web applications are built around big communities, offering constant support and updates.
To give a few examples, four of the biggest communities of Open Source content management systems—Joomla, WordPress, PHP-Nuke, and Drupal—offer useful guidelines on security on their websites and host big community-driven forums where users can escalate issues and ask for support. For instance, in the Hardening WordPress section of its website, WordPress offers comprehensive documentation on how to strengthen the security of its CMS. Joomla offers many resources regarding security, in particular a Security Checklist with a comprehensive list of actions webmasters should take to improve the security of a website based on Joomla. On Drupal’s site, you can access information about security issues by going to their Security section. You can also subscribe to their security mailing list to be constantly updated on ongoing issues. PHP-Nuke offers some documentation about Security in chapter 23 of their How to section, dedicated to the system management of this CMS platform. They also have a section called Hacked – Now what? that offers guidelines to solve issues related to hacking.

Some ways to identify the hacking of your site

As mentioned above, there are many different types of attacks hackers can perform on a site, and there are different methods of exploiting an innocent site. When hackers are able to take complete control of a site, they can deface it (changing the homepage), erase all the content (dropping the tables of your database), or insert malware or cookie stealers. They can also exploit a site for spamming, such as by hiding links pointing to spammy resources or creating pages that redirect to malware sites. When these changes in your application are evident (like defacing), you can easily spot the hacking activity; but for other types of exploits, in particular those with spammy intent, it won’t be so obvious. Google, through some of its products, offers webmasters some ways of spotting if a site has been hacked or modified by a third party without permission. For example, by using Google Search you can spot typical keywords added by hackers to your website and identify the pages that have been compromised. Just open google.com and run a site: search query on your website, looking for commercial keywords that hackers commonly use for spammy purposes (such as viagra, porn, mp3, gambling, etc.):

[site:example.com viagra]

If you’re not already familiar with the site: search operator, it’s a way to query Google by restricting your search to a specific site. For example, the search site:googleblog.blogspot.com will only return results from the Official Google Blog. When adding spammy keywords to this type of query, Google will return all the indexed pages of your website that contain those spammy keywords and that are, with high probability, hacked. To check these suspicious pages, just open the cached version proposed by Google and you will be able to spot the hacked behavior, if any. You could then clean up your compromised pages and also check for any anomalies in the configuration files of your server (for example on Apache web servers: .htaccess and httpd.conf).
If your site doesn’t show up in Google’s search results anymore, it could mean that Google has already spotted bad practices on your site as a result of the hacking and may have temporarily removed it from our index, due to infringement of our webmaster quality guidelines.

In order to constantly keep an eye on the presence of suspicious keywords on your website, you could also use Google Alerts to monitor queries like:

site:example.com viagra OR casino OR porn OR ringtones

You will receive an email alert whenever these keywords are found in the content of your site.

You can also use Google’s Webmaster Tools to spot any hacking activity on your site. Webmaster Tools provide statistics about top search queries for your site. This data will help you to monitor if your site is ranking for suspicious unrelated spammy keywords. The ‘What Googlebot sees’ data is also useful, since you’ll see whether Google is detecting any unusual keywords on your site, regardless of whether you’re ranking for them or not.

If you have a Webmaster Tools account and Google believes that your site has been hacked, often you will be notified according to the type of exploit on your site:

  • If a malicious third party is using your site for spammy behaviors (such as hiding links or creating spammy pages) and it has been detected by our crawler, often you will be notified in the Message Center with detailed information (a sample of hacked URLs or anchor text of the hidden links);
  • If your site is exploited to place malicious software such as malware, you will see a malware warning on the ‘Overview’ page of your Webmaster Tools account.

Hacked behavior removed, now what?

Your site has been hacked or is serving malware? First, clean up the malware mess and then do one of the following:

  • If your site was hacked for spammy purpose, please visit our reconsideration request page through Webmaster Tools to request reconsideration of your site;
  • If your site was serving malware to users, please submit a malware review request on the ‘Overview’ page of Webmaster Tools.

We hope that you’ll find these tips helpful. If you’d like to share your own advice or experience, we encourage you to leave a comment to this blog post. Thanks!

http://googlewebmastercentral.blogspot.com/2009/02/best-practices-against-hacking.html

 

Godaddy .com域名 7.99美元并送private registration的优惠码

截至日期2011年3月28日,抓紧时间了。

可以一次购买多年,都是按7.99美元(大约53人民币)的价格购买,赠送价值19.99美元的private registration,可以保护您的注册信息。

点击直接优惠

MYSQL经常出现连接失败、连接不上的解决方法

现象:

经常连接失败,刷新一下又可能成功连接,提示如下错误:

Warning: mysql_connect(): Can’t connect to MySQL server on ‘xxx.xxx.xxx.xxx’ (10048) in

错误的出现的原因:

应用程序需要快速释放和创建新连接, 但是由于 TIME_WAIT 中存在的连接超过默认值,导致较低吞吐量.

解决方案:
和本错误密切相关的两个windows的注册表项:TcpTimedWaitDelay和MaxUserPort的值.

TcpTimedWaitDelay 确定 TCP/IP 可释放已关闭连接并重用其资源前, 必须经过的时间. 关闭和释放之间的此时间间隔通称 TIME_WAIT 状态或两倍最大段生命周期(2MSL)状态. 此时间期间, 重新打开到客户机和服务器的连接的成本少于建立新连接. 减少此条目的值允许 TCP/IP 更快地释放已关闭的连接, 为新连接提供更多资源.

MaxUserPort 确定从系统请求任何可用用户端口时所用最大端口数,TCP/IP 可指定的最高端口号. 如果建立 TCP 连接最大端口连接大于 5000, 本地计算机响应以下错误信息WSAENOBUFS (10055): 因为系统缺乏足够缓冲区或者因为队列已满而无法执行套接字上操作, 从而导致应用程序的10048错误.

打开注册表编辑器regedit

TcpTimedWaitDelay 设置:
找到 HKEY_LOCAL_MACHINESYSTEMCurrentControlSet ServicesTCPIPParameters 注册表子键
并创建名为 TcpTimedWaitDelay 的新 REG_DWORD 值
设置此值为十进制 30, 十六进制为 0×0000001e
该值等待时间将是 30 秒。
本项的默认值:0xF0(16进制), 等待时间设置为 240 秒

MaxUserPort 设置(增加最大值端口连接):
找到 HKEY_LOCAL_MACHINESYSTEMCurrentControlSet ServicesTCPIPParameters 注册表子键
并创建名为 MaxUserPort 的新 REG_DWORD 值
设置此值为十进制最低 65535

该值等待时间将是 30 秒。
重启windows系统。
本项的默认值:5000(十进制)

关闭注册表编辑器, 重启windows系统,问题解决

下载下面的附件,自动修改注册表。

mysql连接失败解决——youyongma.com