I’ve been going along mostly unaware of the fact that the internet is currently experiencing a nasty spate of SQL injection attacks. These attacks are being used to infect visitors to otherwise harmless and friendly websites. They’re advanced and complicated attacks that a few years ago the world had never really experienced, thats not the case any more. It is an increasing reality that viruses and worms are no longer the province of bored uni students, but rather done by what can only be described as a technologically aware organised crime. The site I happened to run across the problem at, finally took the site offline and cleaned the fields that had been ‘infected’, and I would hope that they’ve also taken steps to solve the problem.

I’m going to build some more information up on the technical aspects of this attack. So for the moment this is a place holder. I’ll be building up some more information over the next few days.

I upgraded my rails sites to use Passenger aka Mod Rails this week. I’d like to say its been all roses, but the truth is that my Typo blog would swear under oath that its not the case. I was quite happy with the out of box Typo + Sqlite combination, and that worked fine under mongrel. Not so under passenger, the website will work perfectly, but I won’t be able to get into the admin section. As you can see I managed to get it working, I switched the database to mysql and its been working fine ever since. I’ll get around to working out WHY it doesn’t work with sqlite at some point (and get around to extracting my lost blog posts).

Other than that small hiccup I’ve been extremely impressed with Passenger. Its certainly a step forward as far a simple rails production hosting. I’m not saying that its time to throw mongrel out the window. But when it comes to trouble free hosting, mongrel is just not there. I want a solution where you can do a simple config and forget about the site. Managing multiple clusters for each of the various sites is something that makes it harder to whip up simple sites.

Passenger allows the user to to configure an apache virtual host with a couple of rails specific parameters (more if you want to take advantage of somecool feature, or do abnormal things), and restart apache and you’re all up and good. Restarting your rails app can be accomplished by running ‘touch tmp/restart.txt’ in your rails root. You’ve then got a very simple solution that will allow you to host multiple sites without doing clustering.