You get a call "We've been getting technical notice errors from your computer and can help you out" or was PT Barnum really right?

WOW! How nervy, blatant is that call? It’s bad enough we get infected by clicking an innocent link while surfing the web. Now, they call us to fix us via “Scam-ware”.

(advertisement)

I recently heard of this “scam” from one of our customers, and I almost fell off my chair.

Here are the details:

“Windows Technical Support calling, we are getting technical error notices from your computer, we can connect into your computer and fix the errors” then they told him that they didn’t feel comfortable with that, he said “We have your ID Number, we should call back when an owner is available” They told me it was difficult to get the guy off the phone, and they immediately checked with me. Glad they did!

For more details on this type of scan see: malwarebytes.org and directly from Microsoft

 

(Updated / Solved) Session Timeout in ASPX Application Using Shared Hosting

After scouring Google and the internet for possible solutions to authenticated users getting logged out in 5 minutes of my web application I finally came up with a solution that works.

Background-
After a user logs into the website, and leaves the browser up, idle, after 5-10 minutes when they would return to do something on the site, they were presented with the login prompt to re-authenticate. What we wanted to do is give the user more time before they would have to login again.

(advertisement)

Problem-
The website is not hosted on our servers, but, through Godaddy.com in shared hosting and even though we have control of how the web applications settings are configured (via web.config) we can’t control the physical server settings. In the examples I found they did modify authentication timeout as well as session timeout via the web.config, but, the actually settings never took effect, users were still timing out. Even contacting Godaddy.com support didn’t product any positive results, they said “You control that in your web.config, there isn’t anything on our servers that would affect you”. As a web host I know that isn’t true, the application pool has settings specific to idle time, and defaults to 20 minutes and that is a server setting that I cannot change in the shared environment. But, I must find a solution, so here is what I tried and it worked!

Solution-
After several days of trying different methods, this is what I did. I kept my web.config with my new timeout settings (even though they didn’t produce results I just thought I would leave them. Plus, they would be useful if I move the site to my servers). Here they are:

<system.web>
	<authentication mode="Forms">
		<forms timeout="90" name=".ASPXAUTH"/>
	</authentication>
	<sessionState mode="InProc" cookieless="false" timeout="90"/>
</system.web>

(advertisement)

But, what really did the magic was creating my own authentication ticket. I added this code in the login controls “LoggingIn” event, and it did the trick. Here's the VB.Net version:

 Protected Sub Login1_LoggingIn(sender As Object, e As LoginCancelEventArgs) Handles Login1.LoggingIn
        If Membership.ValidateUser(Login1.UserName, Login1.Password) Then
            ' ticket version
            ' authenticated username
            ' issueDate
            ' expiryDate
            ' true to persist across browser sessions
            ' can be used to store additional user data
            Dim ticket As New FormsAuthenticationTicket(1, Login1.UserName, DateTime.Now, DateTime.Now.AddMinutes(90), True, "", FormsAuthentication.FormsCookiePath)
            ' the path for the cookie
            ' Encrypt the ticket using the machine key
            Dim encryptedTicket As String = FormsAuthentication.Encrypt(ticket)
            ' Add the cookie to the request to save it
            Dim cookie As New HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
            cookie.HttpOnly = True
            Response.Cookies.Add(cookie)
        End If
    End Sub

Here's the C# version:

if (Membership.ValidateUser(Login1.UserName, Login1.Password)) {
	// ticket version
	// authenticated username
	// issueDate
	// expiryDate
	// true to persist across browser sessions
	// can be used to store additional user data
	FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, Login1.UserName, DateTime.Now, DateTime.Now.AddMinutes(90), true, "", FormsAuthentication.FormsCookiePath);
	// the path for the cookie
	// Encrypt the ticket using the machine key
	string encryptedTicket = FormsAuthentication.Encrypt(ticket);
	// Add the cookie to the request to save it
	HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
	cookie.HttpOnly = true;
	Response.Cookies.Add(cookie);
}

I must say after looking and looking for a solution, and coming up with this one, it was rewarding, and proves we once again live up to our motto "You'll never hear "That can't be done!".

Call us to get your IT stuff working the way YOU want it!

Update! Update! Update! Update! Update!

Not too long after I posted this and with more testing the session timeouts continued. I gave up after the long hours not finding a solution and left a post on the asp.net website and got a reply that would actually fix the timeout problem, the web.config file only needs one little modification from above, here's the updated code:

<system.web>
	<authentication mode="Forms">
		<forms timeout="90" name=".ASPXAUTH"/>
	</authentication>
	<sessionState mode="InProc" cookieless="false" timeout="90"/>
  <machineKey validationKey="8A64..." decryptionKey="02F24..." validation="SHA1" decryption="AES"/>
</system.web>

To generate your own machine key for the web.config see http://aspnetresources.com/tools/machineKey 
Note: Site will generate the entire line to insert (not just the keys). Also, you can forget about generating your own authentication ticket, using this method eliminates that.

For a description of why this works see my original question at asp.net here.

Cheers!!

McDonald's is your kinda place or get the Stradivarius I'm about to whine

The other day I stopped by McDonald’s late at night, this is probably the first time this has happened to me in the million and millions of burgers I have been served there. So here it goes…

I walk in and there are only three people working, I can see one girl behind the grill just standing and another girl running to the back, then back to the front, there was another customer ahead of me and another customer waiting for food off to my right. The third employee was feverishly re-supplying the ketchup and napkins. The girl came up to the counter where the guy in front of me was and just stood there not saying anything, she then ran back again to the back. I wasn’t sure what was really going on. When she came back up this time she had the order for the guy off to my right, then disappeared somewhere in the back. After a few moments here she comes again and gives the guy in front of me his food. I step up, but, before she takes my order she runs over to the fryer and presses a few buttons. This whole time I can see the other girl at the grill just standing there and now the third employee is beginning to sweep the floor.

(advertisement)

I order a sandwich, the girl runs to the back again and a few minutes comes back to tell me the price, I hand her my check card, and she says “Cash only”, I’m like “What, cash only??” She says “Yeah, the computers are down”.  (I’m thinking this might have been something you should have started with) anyway, I reach in and give her cash and she goes to the back and after about 5 minutes brings me change. Now, she tells the other girl behind the grill the order and she goes to the back again and brings out a broom and begins sweeping behind the counter, then after about 5 more minutes go by and the girl behind the grill asks the girl, “What was that order?” She drops the broom on the floor and tells her, then she goes to the fryer and is working with the potatoes, when the food is up she grabs the food (while kicking the broom laying on the floor) and hands it to me.

Needless to say this was the first time in 35+ years I’ve been to McDonalds, that the crew was so discombobulated, and out of the three of them I think the guy cleaning the floors should get a big-time promotion and the two other girls should get a big pink slip!