Posts categorized “The Web”.

Security of WHM backups to an AWS S3 bucket

When you give your Web Hosting Manager (WHM) the ability to send a copy of your backup to Amazon’s AWS S3 service, you have to hand it a Key and Secret that give it that permission.

The worst option is to hand over a Secret and Key related to your own log in.

The best is to:

  1. Create a policy which
    • Only gives access to a single bucket
    • Only allows the least access required for the task
    • Only allows connections from trusted IP addresses
  2. Create a Group to connect the policy to
  3. Create a user (for the WHM) to connect to the group

For validation of connection to S3 WHM currently requires the ability to write objects, list all objects in a bucket, delete objects. Now for some this is frustratingly more than you want to hand over. In theory WHM could make do with just the ability to write to the bucket, but at the moment we have to make all those abilities available.

Luckily, the fact we’re also limiting by IP and then Secret and Key—which WHM encrypts when you submit them—should make it highly unlikely anybody else will be able to abuse the ability to delete objects.

Here is the example policy that I have in place. Feel free to copy, personalise and use:

    "Version": "2012-10-17",
    "Statement": [
            "Sid": "WHMBackupAccess",
            "Effect": "Allow",
            "Action": [
            "Resource": [
            "Condition": {
                "IpAddress": {
                    "aws:SourceIp": "YOUR_SERVER_IP/32"

If you’re in need of help putting this all together, let me know and I might expand this post to include how to do the setup inside WHM and the AWS console.

Add global Twitter Bootstrap modal listeners

If you’re ever browsed the Twitter Bootstrap javascript documentation then you’ll know that the modal parts of the Bootstrap library require some javascript to show and hide them.

Part of the javascript is related to events which you can attach listeners to so you know when your modal shown and hidden.

What they don’t tell you is that you can add a single global (or semi global if you want) listener to all modal events which will fire when any modal is shown or hidden.

$('body').on('shown', '.modal', function () {
	console.log('we have shown a modal');

For example the above will console log “we have shown a modal” when any modal is shown. You can switch the shown event to be show, shown, hide or hidden.

Ping a url or script using IFTTT (with no repercussions)

Update: This actually doesn’t work as I’d hoped. Because flickr reports an error each time, eventually IFTTT disables the recipe after a few hours of calls. Back to the drawing board.

I’ve been trying to get IFTTT (if this then that) to send a call to a php script file when a trigger goes off for months. The problem wasn’t getting it to work in the first place, but for it not to leave any artifacts hanging around, or repercussions as I call them. I wanted the script to be triggered and that to be the end of it, with no files being created or errors being recorded.

An example of the problem would be the IFTTT Google Docs channel. You can upload a file to google docs from a url. You can define that url to be your php script and then tell your script to return a 404 (after it’s done its coding goodness) but when you view Google Docs a new file has still been created. If you want to use this for a large number of pings, you’re going to end up with a folder full of pointless files and a waste of your disc space. The Evernote and WordPress channels are a similar story. Even when you attempt to fail the call to your url (with a 404 or 503) they still create a note or post.

More… »

Hide the Fancy Force Login Prompt

It really annoys me that Fancy force you to login before you can see that page you’ve click the link to view.

Here is a bookmarklet you can drag to your bookmarks bar. Then when they try to force you to log in, click it to hide the login prompt and view the page as normal.

Drag the following to your bookmark bar:

Updating the cPanel webmail welcome screen

Something I’ve always wanted to do is update the screen users see when they visit /webmail and log in on a cPanel server.

Now I know you can choose which webmail clients are available using whm, but I actually wanted to remove, move and change the look of some elements.

First thing I must state is that you need root level access to every folder on the server. Once you’ve logged in the location of the index.html which I was looking for is…

/user/local/cpanel/base/webmail/[TEMPLATE NAME eg x3]

In there you want to edit the file index.html using something like the command line tool vi.

If you need to you can also edit the css and javascript for that page by having a poke around the files in there.