Easyrec – Integrate Recommender Engine in your website – open source

Easyrec is an open source recommender engine which can be trained and customized to provide personalized recommendations using REStful Web Service.

easyrec-engine
Easyrec exposes its functionality through REST API which provides several interaction types:

Actions

  1. view
  2. buy
  3. sendaction

Recommedations

  1. other users also viewed
  2. other users also bought
  3. items rated good by other users
  4. recommendations for user
  5. related items
  6. action history for user

Community Rankings

  1. most viewed items
  2. most bought items
  3. most rated items
  4. best rated items
  5. worst rated items

The list of recommendations is returned in XML and JSON notation to be further processed by your web application.

Easyrec API can be accessed from its main website http://easyrec.org/ or could be installed alongside with the web application on your own server. Easyrec require at least Java 1.5 and MySQL server for its functionality.

Download easyrect from: http://easyrec.org/recommendation-engine

Stop Comment spams with IP Blacklist Cloud

Comment spams is the bane of any website operator that rely on real human interaction. Stopping comment spams by hand is a tedious process especially when comment spam attacks are sophisticated and are launched from Botnet. There are several techniques that can be employed to fight comment spams including behavioral analysis and also IP analysis.

In maintaining WordPress and Joomla sites, I myself has analyzed several web logfiles and Cloudflare logs to learn that most comment spam originated from certain ip blocks and countries. Therefore, I decided to completely deny access from those affected ip block through firewall (which keep the comment spam low and saves web server resources!)

ipblc_server

However, recently I found a new service IP Blacklist Cloud which list the top most blacklisted ip address through collaborative effort. Normally I find blacklisting by ip address is tedious and probably harmful to legitimate visitors, however after conforming the ip addresses that I found inside my spam logs, I decided the list is legitimate and decided to firewall-block some of the worst offenders in the list.

IP Blacklist Cloud free WordPress plugins, which I personally does not use due to my policy of keeping my installation lean with minimal (to no plugins!), however I see that there’s no harm giving a shot!

Securing Ajax and Web Services

It is undeniable that Web services and AJAX-ified interfaces are the trend now. Application that utilizes internet to retrieve data (such as mobile application or other thin client) uses web services alongside with its data format. AJAX-ified interface and website gives a modern and edgy look can make websites more attractive and can create great impression to the users.

However the issue of the web application security would still remain the same, if not more challenging, since there are so many ways to exploit the vulnerability of websites that utilizes Web Services and AJAX transfers on the background.

Therefore, it is imperative to use the right technique in order to evaluate the security of these services before deploying them out in the open.

For that matter, now I’m currently reading Ajax Security (Hoffman,B. & Sullivan, B.) and Securing Ajax applications (Wells, C.) which in my opinion is a pretty good start for somebody like me to understand common methods for securing web services and websites which uses AJAX heavily.

Hopefully the situation would improved as there are a lot of campaigns around to raise the state of awareness of web application security.

How to: Quick and Dirty Web Server Load Balancing with IPTables in Linux

Load balancing is a method to distribute workload across multiple computer over a network. The purpose of load balance in web server is to avoid one web server from being overwhelmed by requests which eventually leads the machine to come down to a crawling halt.

Assuming that you have 3 web server to assign the load to each with this IP Address:
10.20.20.1
10.20.20.2
10.20.20.3

You can drive the traffic to each of this on every third packet with this iptables rules:

iptables -A PREROUTING -i eth0 -p tcp --dport 80 -m state --state NEW -m nth --counter 0 --every 3 --packet 0 -j DNAT --to-destination 10.20.20.1:80

iptables -A PREROUTING -i eth0 -p tcp --dport 80 -m state --state NEW -m nth --counter 0 --every 3 --packet 1 -j DNAT --to-destination 10.20.20.2:80

iptables -A PREROUTING -i eth0 -p tcp --dport 80 -m state --state NEW -m nth --counter 0 --every 3 --packet 2 -j DNAT --to-destination 10.20.20.3:80

This will ensure that every 3rd packet of the request will be properly distributed among the three servers to balance the load. Note that this is only useful in simple website which serves static content or for a download servers that serve large files over the internet (CD or DVD iso downloading)

Setup Free Web Proxy Service with Glype (PHP Script)

Glype is a web-based proxy script written in PHP which allows user to browse the internet anonymously using a web-based user-interface. Website operator can easily setup web-proxy without the need to go through complicated installation procedures.

Glype Proxy Service

Among the feature of Glype Proxy Script are:

  • No Installation – Just upload and done!
  • Javascript support – Allows website to keep their javascript functionality
  • Blacklist by IP – Admin can easily block users by IP address range
  • Virtual browser – allow user to change user-agent and
  • Server-side caching – Reduces bandwidth and server loads for frequently accessed website

Download Glype from its official website