Saturday 31 December 2011

Troubleshooting WAMP Server Installation on Windows 7 machines

Troubleshooting WAMP Server installation on Windows 7 computers

I like to code in both PHP and .NET or ASP so on my laptop or PC I need to be able to run
both PHP code and .NET code.

As both languages use different web servers to run their code this means on Windows PC's I have been installing WAMP Server to run and test any PHP code. However ever since moving to a new laptop (Windows 7 64 bit) I found that getting WAMP Server to work was a right pain in the arse.

I had managed it on my Work PC (also Windows 7 64 bit) without any problems at all so I don't know why on a fresh install I had issues. Anyhow this is how I troubleshooted WAMP Server installation on a Windows 7 laptop.

After installing wampserver turn it on and start all service then try and access it e.g http://localhost

You will probably be met with an IIS 7 home screen and not the WAMP Server home screen you might have expected.

This is because windows PC's come with their own IIS web server which sits on the same port 80 that WAMP Server does.

First off try turning off IIS by going into Administrator Tools, open IIS and disable it.

Or you could go into Administrator Tools, open Services and turn off World Wide Web Service.

Then restart all the WAMP Server services and try http://localhost or again

If it works then you will be met with the WAMP Server Home page but if like me on Windows 7 you might be met with a 404 page that just says

Not Found

HTTP Error 404. The requested resource is not found.

So WAMP is still not running even though the other web server running on that port is off. So something else is blocking or listening that port.

You can try to find out what this is by doing the following:

Running Command Prompt (under administrator rights)

Typing in: netstat -b -o

You need the -o so that you can see the Process ID column as long as you remembered to run under admin privileges and you need the -b to see which program is running or creating the connection consuming the listening port in this case port 80 on (localhost).

You will get something back like this

C:\windows\system32>netstat -b -o

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP           my_pc_name:49719       TIME_WAIT       0
  TCP           my_pc_name:49721       TIME_WAIT       0
  TCP           my_pc_name:49723       TIME_WAIT       0
  TCP           my_pc_name:49725       TIME_WAIT       0
  TCP           my_pc_name:49727       TIME_WAIT       0
  TCP           my_pc_name:49729       TIME_WAIT       0
  TCP           my_pc_name:49731       TIME_WAIT       0
  TCP           my_pc_name:49733       TIME_WAIT       0
  TCP         my_pc_name:49718       TIME_WAIT       0
  TCP         my_pc_name:49720       TIME_WAIT       0
  TCP         my_pc_name:49722       TIME_WAIT       0
  TCP         my_pc_name:49724       TIME_WAIT       0
  TCP         my_pc_name:49726       TIME_WAIT       0
  TCP         my_pc_name:49728       TIME_WAIT       0
  TCP         my_pc_name:49730       TIME_WAIT       0
  TCP         my_pc_name:49732       TIME_WAIT       0
  TCP         my_pc_name:49155       ESTABLISHED     1368
  TCP        my_pc_name:49441       ESTABLISHED     1128
  TCP        my_pc_name:5354        ESTABLISHED     1128
  TCP        my_pc_name:27015       ESTABLISHED     4768
  TCP      ww-in-f125:5222        ESTABLISHED     4884

Not very helpful as all the Proccess ID's for port 80 on are set to 0.

If it's not set to 0 you can find out what process is listening on it by going to your Task Manager, ticking the "Show processes from all users" box and then searching for the PID (process ID).

If the PID column is not shown then go to View > Select Columns and tick the PID (Process Identifier)

So because we are no nearer to working out what is using this port we are stuck as the other web server is disabled and not listening on port 80 but it seems nothing else is. A virus scan with a good tool helps here just in case something is running that shouldn't be.

As I haven't been able to find out what is using the port I have to now resort to a hack to get WAMP Server running.

This hack is actually useful if you want to be able to run WAMP and IIS on the same machine at the same time.

If you have done a default install then go to the httpd.conf ini file which should be at:


Then find the Listen option which will be under some comments near the top starting with

# Listen: Allows you to bind Apache to specific IP addresses

and change it to a port you want to use instead of 80 and one you know you are not using. I chose port 8888 a common HTTP alternative port.

So add this line in under the comments.

Listen 8888

This should get your WAMP Server default page up after a WAMP restart by accessing:


However you should also change another directive in the file which identifies the servers name.

It starts with these comments

# ServerName gives the name and port that the server uses to identify itself.

So replace

ServerName localhost


ServerName localhost:8888

or if you chose a different port then use that instead of 8888.

You will now find that you can access WAMP Server from your PC okay and if you still want IIS to run alongside then it's a good idea to change the PORT of WAMP Server anyway to prevent having to keep turning IIS off (or permanently disabling it).

A bit of a pain to get going but it works for my 64 bit Windows 7 PC and I know someone else who had the same problem with their new PC. On my older XP laptops and PC's I had no problems at all getting WAMP working and it's only since moving to Windows 7 I have had this issue.

If anyone know what causes this issue then please let me know but please don't reply SKYPE or some other application could be the problem as we ruled that out with the netstat -p -o command prompt scan earlier.

Anyway this hack gets WAMP Server running and it is good to know how to debug the problem.

Friday 30 December 2011

New form of Web Site DOS attack leaves millions vulnerable

New security vulnerability can cause most popular websites to become susceptible to DOS attacks.

In a demo called "Efficient Denial of Service Attacks on Web Application Platforms" hosted by
Alexander “alech” Klink and Julian “zeri” Wälde they explained in detail how most web programming languages utilize hashes and manage collisions.

We are not talking about encryption here but the common sort of hashing that allows us to store data in key/value type array objects. It is a simple mathematical hash used to speed up storing and retrieving data posted to web pages used by most web programming languages like PHP and JavaScript.

A very very simple example that doesn't cover all the possibilities that this technique is used and can be exploited would be the following. I k now this is a client side JavaScript hash that would cause more problems for the browser and the users computer than the webserver but as you can run arbitrary JavaScript on any page very easily and XSS hacks are very common nowadays it is still worth showing.

Say I had a client side hash that held some simple values about the system the site was running. These key/values hold different bits of information that are relevant to the object I am using and if a user want to obtain a piece of information they supply the key for the value they want.

System = {
 ProductName: "MySystem",
 Version: 3,
 Build: 3,
 Company: "My Company PLC",
 ServerType: "dev",
 LastBuildDate : "2011-Dec-24 12:45:21"

You can get the appropriate value out of the hash table by accessing the appropriate key. In this example if I wanted to find out the current version of the System I would do something like this.

if( System.Version < 3){
 alert("Please upgrade to the latest version");

Not a very big hash table but in some cases hash tables can be absolutely huge.

The problem comes if a hacker can overwrite the hash table and set all the keys and values to the same value.

This causes the webserver to get itself into a state of confusion a it doesn't know what to return as all keys are now the same and in the report the authors say:

"An example given showed how submitting approximately two megabytes of values that all compute to the same hash causes the web server to do more than 40 billion string comparisons."

This is obviously a lot of calculation and for just looking up some data on a webpage is a massive overhead that can basically grind the page to a halt.

You can see by my example that by just by overwriting the hash table with all the same values it means my look up for the System.Version would involve checking all the keys in the System object (which would all be set to version) and the server (or in this case the browser as it's client side code) would get into a fiz because it wouldn't know which value to return as all the keys were now the same.

As the authors say only 2MB of values can cause a huge amount of string comparisons which would slow the machine down no end.

Apparently Perl have already done something about this vulnerability some time back but no-one else has yet followed their actions and hopefully it won't take a few big sites to go down before it is fixed across the board.

Without fixing the hashing functions in the languages themselves there are three possible techniques available to website operators to prevent problems occurring.
  • Reduce the length of parameters that can posted.
  • Reduce the number of parameters accepted by the web application framework.
  • Limit the amount of CPU time that any given thread is allowed to run.

Microsoft have released a fix less than 24 hours after disclosure. ASP.NET admins can download patch MS11-100 to protect their IIS web assets. You can find out about this patch from

Thursday 29 December 2011

Running Whois commands from a Windows PC

How to run Whois commands from Windows Computers

Unlike LINUX this is a little more complicated and you will need to use a 3rd party tool like WhoisCL which you can download from here:

Be careful to click the "External Mirror link" and not the bright flashing "Download Now link" which is just there to trick you into downloading some kind of crapware.

Once downloaded, extract and then open the folder.

Copy the file WhoisCL.exe into your /windows/system32 folder OR make sure you edit your System Environment path so that it knows where the WhoisCl.exe file is located. This prevents you having to put the full path into the command prompt.

Also beware that many viruses often pretend to be commonly downloaded utilities like WhoisCL.exe so if you find a file with the name WhoisCL.exe in a place that you didn't install it then it "may" be a virus.

Make sure you always virus check every file you download and if you think you have a trojan use SDFix.exe in safe mode to hunt and destroy them. I have found that when virus checkers like McAfee or Kaspersky have run a full scan they still haven't found viruses that SDFix.exe has. Bewared though, because of the way the program works other Anti-Virus tools may falsely identify it as a virus.

To run Whois on a windows machine XP, Vista, Win7 (and above) then do the following.

Open up a command prompt and type:


You will get back a full Whois report for the domain you are looking at.

Add the flag -r to prevent the top line of the report from coming back e.g

C:\users\me\>whoiscl -r

C:\Users\me>whoiscl -r

WHOIS Server:

        Domain Administrator
        Microsoft Corporation
        One Microsoft Way
         Redmond WA 98052
        US +1.4258828080 Fax: +1.4259367329

    Domain Name:

        Registrar Name:
        Registrar Whois:
        Registrar Homepage:

    Administrative Contact:
        Domain Administrator
        Microsoft Corporation
        One Microsoft Way
         Redmond WA 98052
        US +1.4258828080 Fax: +1.4259367329
    Technical Contact, Zone Contact:
        MSN Hostmaster
        Microsoft Corporation
        One Microsoft Way
         Redmond WA 98052
        US +1.4258828080 Fax: +1.4259367329

    Created on..............: 1991-05-01.
    Expires on..............: 2021-05-02.
    Record last updated on..: 2011-08-14.

    Domain servers in listed order:

MarkMonitor is the Global Leader in Enterprise Brand Protection.

Domain Management
MarkMonitor Brand ProtectionÔäó
AntiFraud Solutions
Corporate Consulting Services

Visit MarkMonitor at
Contact us at 1 800 745 9229
In Europe, at +44 (0) 20 7840 1300

Tuesday 20 December 2011

HTML Hack to get Flash Banners to click through to external URL's

Flash Banner Click Hack

This might be old news to some of you but for those of us who spend most of our time developing rather than designing or cutting up sites this is a neat hack for getting flash banners to have click-through events without having to build them into the Flash Object itself.

I was given some banners the other day written in flash to put on a new site I am working on

However these banners did not have any links built into them and as we all know you unless a flash object has a click event and a redirect to a URL, either hardcoded or passed in as a parameter then you cannot just add an <A> tag around it as you would with an animated gif or another image as it just won't work.

As CSS is not my speciality I asked a friend how to hack this so I wouldn't have to go back to the designer to get such a URL click through parameter added and these are the steps he gave me.

So if you ever want to add a click event or <A> around a flash banner then this is what you can do.

1. The original banner code. This was the standard OBJECT / EMBED mix, which although not standard compliant is still used a lot on the web.

<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase=",0,0,0" 
 width="300" height="300" id="banner-300-300" align="middle">
<param name="allowScriptAccess" value="sameDomain" />
<param name="allowFullScreen" value="false" />
<param name="wmode" value="transparent">
<param name="movie" value="banner-300-300.swf" />
<param name="quality" value="high" />
<param name="bgcolor" value="#fff200" /> 
 <embed src="banner-300-300.swf" 
  pluginspage="" />

2. First off I added the wmode="transparent" parameter to the object and embed tag to stop the flash object being the top most element in the DOM. This allows you to then add other objects on top of it.

3. I then wrapped the object in a DIV tag that was position relative, had the same width and height as the banner I was showing which was 468x60 and had the same background colour.

This was because adding the wmode="transparent" removed the colour from the banner so it needed to be replaced by the DIV.

<div style="position:relative;background:#fff200;width:300px;height:300px;">

4. I then added some styling to the actual object tag to make it absolutely positioned within the DIV and positioned as the first item within it e.g top: 0px; left: 0px;

I also add a z-index on it of 5. You will see why later.

<object style="position:absolute;top:0px;left:0px;z-index:5;" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" 

5. I then added my <A> tag with the href of the URL I wanted the user to go to when they clicked the flash banner at the bottom of the <OBJECT> and before the closing </DIV>.

<a href="" title="Google Search Engine" />Google Search Engine</a>

6. I then added some styling to the <A> element so that it was also positioned absolutely within the DIV and was the same size as the banner.

I also made sure the text within the anchor element was hidden off screen by adding text-indent:-9000px; to it. This allows search engines to still access the anchor text for Search Engine Optimisation but it doesn't appear on screen which would look silly.

I also made sure the <A> was the top element in the DOM (above the FLASH object) by increasing it's z-index to a figure larger than the value of 5 I had set earlier on the DIV (see point 4)

<a style="position:absolute;top:0px;left:0px;z-index:10;width:468px;height:60px;text-indent:-9000px;" href="" title="Google Search Engine" />Google Search Engine</a>

7. Putting this all together looks like this.

<div style="position:relative;background:#fff200;width:468px;height:60px;">
 <object style="position:absolute;top:0px;left:0px;z-index:5;" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase=",0,0,0" width="468" height="60" id="jag-banner-468-60" align="middle">
 <param name="allowScriptAccess" value="sameDomain" />
 <param name="allowFullScreen" value="false" />
 <param name="wmode" value="transparent">
 <param name="movie" value="banner-468-60.swf" />
 <param name="quality" value="high" />
 <param name="bgcolor" value="#fff200" /> 
  <embed src="jag-banner-468-60.swf" quality="high" bgcolor="#fff200" width="468" height="60" name="banner-468-60" align="middle" wmode="transparent" allowScriptAccess="sameDomain" allowFullScreen="false" type="application/x-shockwave-flash" pluginspage="" />
 <a style="position:absolute;top:0px;left:0px;z-index:10;width:468px;height:60px;text-indent:-9000px;" href="" title="Google Search Engine" />Google Search Engine</a>

I tested this code in the latest versions of Google, Firefox, IE as well as going back to IE 7 in quirks mode and the banner was shown as it should and any click on it took the user to the desired anchor location. No text within the anchor was seen on the screen.

This is just a hack that non designers, like myself, might like to know for future reference as it saves having to ask the developer of the flash file to re-develop it to allow for click-throughs.

Wednesday 7 December 2011

Speeding up Google Chrome with DNS Pre-Fetching

Why Google Chrome is such a fast browser

I have written a lot about browsers, their intricacies and problems with upgrades and performance including Performance Tweaks for Firefox that you can access from typing "about:config" in the address bar that can increase your browser performance.

Whilst I use Firefox mainly for development at work I have always used Chrome for browsing due to its speed and I find myself using it more and more for development.

Their built in developer tools are just as good as the Firebug add-on which has gone through phases of being slow, buggy and sometimes just plain unusable.

Not only does Google Chrome allow you to inspect elements, modify the DOM on the fly, check resource load times and other useful developer tools it has some other features that many people probably don't even realise.

If you have never done it before just type in "chrome://version/" to your address bar to see details of your current browser e.g

Google Chrome 15.0.874.121 (Official Build 109964) m
OS Windows
WebKit 535.2 (@100034)
JavaScript V8
Flash 11,1,102,55
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2
Command Line "C:\Users\me\AppData\Local\Google\Chrome\Application\chrome.exe" --flag-switches-begin --enable-print-preview --flag-switches-end
Executable Path C:\Users\me\AppData\Local\Google\Chrome\Application\chrome.exe
Profile Path C:\Users\me\AppData\Local\Google\Chrome\User Data\Default

A nice overview of your browser.

For a list of domains that your browser pre-fetches behind the scenes to speed up load times type the following into your address bar "about:dns" You will see a list of popular domains that you visit along with stats about each DNS pre-fetch.

At the top of the report you will see the 10 pages that Google pre-fetches on startup and it does this to help speed up your browsing experience as it calculates which sites you visit the most so that it can keep these handy in case you want to visit them. By pre-fetching them when you start the browser up it make it look like page load times for these domains are a lot faster than they otherwise would be.

For example my own report shows:

Future startups will prefetch DNS records for 10 hostnames
Host nameHow long ago

All sites I regularly visit and at the bottom of the report I get the following message;

Preresolution DNS records performed for 328 hostnames
Preresolving DNS records revealed non-existence for 5 hostnames.

Another more complex report can be seen with this command "about:histograms/" which will show a number of basic graphs about various DNS checks, lookup speeds and other various stats.

This DNS Pre-Fetching is meant to speed up your browsing experience however sometimes it can cause issues which are noticeable if you ever experience slow page load times along with the words "Resolving Host" in the status bar.

If you have this issue try disabling the pre-fetch feature and compare and contrast page load times with the option on and off with a "ipconfig /flushdns" in between each attempt to make the test fair as well as clearing out any browser cache.

You can do this with either a web developer toolbar, choosing "Tools > Clear Browsing Data" or by selecting "Toolbox > Options > Under the bonnet > Clear browsing data".

You will also find in later versions of Google Chrome they have combined this pre-fetch option with the pre-rendering option under "Predict Network Actions" which is found under "Toolbox > Options > Under The Bonnet > Predict network actions to improve page load performance", 

This option will not only turn on the DNS pre-fetching option it will also aim to speed up searches by pre-loading the first 3 results of any Google search. They do this because statistics apparently show that when a user runs a search they will click on the first 3 links.

Obviously if you don't do that then those page loads have been a waste of time and resources as well as ensuring the HTTP requests are logged in any log file on your server.

However the aim is to speed your browsing up by pre-fetching pages you visit a lot which is a good idea in theory.

You can read more about these two features, pre-fetching and pre-rendering here: