Securing Apache server

If you operate a successful site with thousands of pages,  take a look at your server and you will be amazed. The level of crap that your server is constantly bombarded with is simply amazing.

There are some friendly bots like Googlebot, Yahoo Slurb, MSN, Cuil etc and then there are all these spammers who send thousands of requests per day for various reasons.

After few months of being at the mercy of spam bots, we recently decided to take action and start blocking them more actively.

For our Apache + Mongrel set up, we did the following -

1. Installed APF firewall to make our system more fool proof. See How to setup APF for step by step guide.
2. Installed DoS Deflate to throttle any incoming request. For now, we have taken the extreme step and we are blocking pretty much anyone who is sending beyond a reasonable number of requests.
3. Configured Apache to block certain request patterns if they are suspicious.

I hope you and your servers have a nice holiday.

Rajat

Setup email in Ruby on Rails using Godaddy/SMTP

This is to help you setup SMTP email using either sendmail or Godaddy in Ruby on Rails. RoR as usual makes it very easy for us to do that.

1. Open ROOT/config/environment.rb file
2. For sendmail, add following lines -
   ActionMailer::Base.delivery_method = :sendmail
   ActionMailer::Base.server_settings = {
   :domain  => ‘www.example.com’
   }
3. For Godaddy, add following lines -

   ActionMailer::Base.delivery_method = :smtp
   ActionMailer::Base.server_settings = {
   :address => ‘smtpout.secureserver.net’,
   :domain  => ‘www.example.com’,
   :port      => 80,
   :user_name => ‘johndoe@example.com’,
   :password => ‘yourpassword’,
   :authentication => :plain
   }

4. Save and restart your webserver. You are all set.

Remember that you can only send 300 emails per day from Godaddy, so if you need to send more emails, you will have to use sendmail or some other solution.

Regards,

Rajat

PilotOutlook blog added to Alltop

A quick news – PilotOutlook blog has been added to Aviation category of Alltop.

Aviation enthusiasts can now get our feed through them and hear about the latest happenings at PilotOutlook and aviation industry.

Thanks for all your support.

Rajat

Bi annual flight review

I just realized that I have lost the PIC privileges due to not completing Bi-annual Flight Review. For all pilots that are certified by FAA, they are required to go to any certified instructor and take 1 hour of oral and 1 hour of flight instruction.

Until then, they can’t fly as PIC. If you have taken a flight test for any other FAA certification, you are not required to go for this BFR until next 24 months.

So, all those pilots, who have not gone for their BFR in last 24 months, call your instructor and go flying.

If you don’t have one, you can find local instructors using our flight instructor directory

Thanks,

Rajat Garg

A new layout for PilotOutlook

We are very happy to anounce that work on new design for PilotOutlook was completed last week. We have added number of new features like -

1. Ride share for Pilots
2. Online scheduling system
3. Booking for Airline Tickets, Hotel and Car rentals
4. Pilot Store in partnership with Amazon aStore program

There are many other features that you are welcome to check out.

Feel free to email me if you have any feedback.

Thanks,

Rajat

Week of technical issues

PilotOutlook.com encountered a week full of technical issues and the site was down for many days large week. This was driven by two changes, which we had done last Friday (5/9/2008).

1. Apache installation with Open proxy – We had installed Apache and forgot to close Proxy server. Few spammers got an idea of this and exploited our server, thus bringing it down for almost 3 days. We have fixed these issues but there are still lot of useless requests coming in and eating our bandwidth.
2. SSL installation issues – We had further issues with SSL installation (yeah!, there are paid services coming) and that brought the server down for 2 more days on Wed and Thu.

Good news is that we are back up and all user data remained secure during these changes and we now have it under control.

Have fun using PilotOutlook.com!
Regards,

Rajat Garg

Airport page redesign and addition of landing videos

Bryan Starbuck from TalentSpring recently organized a usability study for startups in Seattle area. Based on that feedback, one of the first things we tackled is redesign of Airport page. A lot more changes are going to come in the near future.

Changes are -

1. Larger Google maps for all of airports
2. Tab view to switch between pictures, videos and maps instead of scrolling down.
3. Addition of takeoff and landing videos. Check out San Francisco Airport (SFO), Boeing Field Airport (BFI), John F. Kennedy Airport (JFK), Aspen Airport (ASE)

Lot more videos will be added soon …

Thanks,

Rajat

Goal of this blog

This is my first blog and I felt that it will be appropriate to write up what I expect to do with this blog -

1. Open a communication channel with the local startup community as well as folks in the industry
2. Talk about PilotOutlook – challenges and achievements.
3. Contribute – Given that we are building site in RoR, we will share our key learnings along the way.

With that stated, a little history about PilotOutlook.com. The goal was initially to launch a site where users can find directory of all flying clubs. With that idea in mind, we launched this site in November, 2007. Over last few months, we have added numerous other features like -

1. Flying club directory with over 3,500 flying clubs
2. Airport DB of 23,000 US airports + an API to access airport database all of it.
3. User related features – Log books, ability to join or add a flying club, profile pages, adding pictures, testimonial and scraps etc. We also did a cool mashup of all our users on the home page . Search mechanism can also be used to find instructors in the region.
4. Aircraft DB with over 400,000 aircrafts – users can add their own pictures for each of the aircrafts.

And a lot more is coming …

Stay tuned…

Regards,

Rajat Garg