I recent topic on CFGURU about clients who blame the technology rather than trying to diagnose the real problem reminded me of a couple of funny tech support stories I thought I would share where the client has incorrectly blamed ColdFusion/Hosting for their problems.

 

When is ColdFusion not ColdFusion, when it's PHP of course

I had a client (lets call him Dick) kept complaining that their site had stopped working AGAIN usually telling us there was a server problem and to restart CF as it was broken, every time I checked everything was working fine on the server, cf was working etc. They would never give us any more info about the problem other than that CF was broken.
It eventually turned out that they had got their site redeveloped some time ago  in PHP and also moved the hosting elsewhere as well, so not only was it not a CF site, but we were not even hosting it :-)

Every so often we will get another email from them saying they have problems with FTP, email or something, and each time we have to explain that we cannot help as we are not their host. Hopefully one day someone will update their records

 

2 sites are better than 1

Another client (lets call her Dizzy) emailed us to say that the changes she was making to her site were not showing up and ColdFusion must be broken. Bear in mind that we did not develop her site, so shouldn't be supporting it either really, but i'm such a helpful chap yaknow .
I got her to give me the URL of her admin interface, I logged in saw her changes, made some of my own changes, checked the site and there were the changes, no problems.
I couldn't understand why she couldn't see her changes, I got her to clear her cache, restart browser etc, after many exchanges of emails and phone calls, I eventually got her to send me a screen shot, at which point I noticed that the domain name was totally different to the one she sent me.
It finally transpired there were 2 different domains each hosting an exact copy of the site, one was hosted with us, one was hosted elsewhere.
When she edited her site, she did so on www.domain1.com/admin but then viewed the site on www.domain2.com, why I have no idea, but that was why she couldn't see her changes as she making them on a totally different site.

Unfortunately this happened every time she made changes to her site, she would contact us and we would go through this all over again.

Keeping your ColdFusion server patched and up to date can be a bit of a challenge. Adobe do not have any kind of automated update service or even a notification service and their RSS feeds are not exactly up to date or reliable either.

There are however some useful resources out there that can make life easier.
As far as actually applying patches and updates goes, if you do not read Adobe's install notes and guides then you can easily miss an important manual step and leave your server vulnerable.
ColdFusion veteran Charlie Arehart has recently published a great blog post covering all the bases and explaining which updates or HorFixes also require manual steps and what to watch for.

Easier updates and management

For an easier way to manage your ColdFusion server and find out whether all your updates are installed try Merlin Manager. Merlin is an AIR based management and monitoring system for ColdFusion 7, 8 and 9 servers.

Merlin has several unique features:

• Works with CF 7, 8, 9 Servers
• Easy to use AIR based Interface
• Save and restore configurations
• Compare server settings
• Monitoring for CF 8 and 9 servers
• Updates and Patches

Hack proof your site

Do you perform any kind of vulnerability testing on your site to make sure it is hack proof? If the answer is no then your site may be vulnerable to any number of attacks or may have already been hacked. Thankfully there are tools to make this easier too.

ColdFusion Server Security Scanner: HackMyCF

Have you ever wondered what your ColdFusion server looks like to a hacker? Try ColdFusion Server Security Scanner: HackMyCF which sends you a email report listing vulnerabilities found on your server. Run manual scans for FREE or subscribe to their automated service.

FuseGuard Web Application Firewall for ColdFusion

The FuseGuard Web Application Firewall (WAF) for ColdFusion blocks
and logs malicious requests on your ColdFusion Applications. Pricing
starts at $349 per application or is available as a monthly subscription from BlueThunder, we will also install Fuseguard into your existing application for you and perform general security analysis and updates to your code if you do not have the skills to do it yourself. Please contact us for more details.

The firewall comes with over 15 filters to help protect against vulnerabilities such as:

• Malicious File Uploads
• Cross Site Scripting / XSS
• SQL Injection
• Session Hijacking
• Cross Site Request Forgery
• CRLF Injection
• Path Traversal Attacks
• Password Dictionary Attacks

CFSearch.com is an old CF project of mine that has been festering unloved for a few years which I have just given a new lease of life. The original site was built back in 1999 and was a ColdFusion directory/search engine type thing allowing users to register their site, product or service and allow it to be searched on. I have barely touched it since then. I kept meaning to build a new site and add features such as a rating and review system but never got round to it, so I eventually just turned it into a Google adwords site.

 

Recently I decided to revive the project using Google's custom search engine technology which does most of the hard work for you, I still need to extract and verify a lot of the sites from the old database as many of them are probably dead by now, but the system is up and running and has enough data in it to be useful and usable and allows you to categorize sites as ColdFusion, Railo or Bluedragon related. I have kept it very minimalist (Google style) for now, but will add more features over time as I get to grips with the Google CSE API.

 

So if you run a CFML related site or blog, have written some cf open source software or sell any CF related products or services then please pop over to cfsearch.com and submit your site.

On the cfdeveloper server a user today reported he was unable to connect to his database getting the following error on his site.

 

 

This left me scratching my head for a while as I could find no problems, until I tried to connect directly to mysql from the web server to the database server and got the following message back.

 

 

 

I didn't realise this about MySQL, but it appears it will block a server if too many errors occur. Simply running 'mysqladmin flush-hosts' on the MySQL server resolves the problem.

I thought this worth posting as I couldn't find anything else n google.

As most of you know, I have been running cfmldeveloper.com (formerly cfdeveloper.co.uk) for neigh on 10 years now, yet despite the fact that it has been going for so long surprisingly a lot of people don't know about it or indeed many other ColdFusion resources or communities.

One of the topics you will see regularly in forums, lists etc is people bemoaning how Adobe don't do enough to promote ColdFusion, and suppose I can agree up to a point, although I don't claim to know what exactly they do not do not do to promote CF. I can however say that I don't personally see ColdFusion mentioned or promoted very often in generic web development communities, websites or magazines, which if you think about it is quite odd as other Adobe products such as Flash and dreamweaver will get constant attention. You would think seeing as these products integrated best with ColdFusion that it would get preference over PHP, but no.

 

One might therefore assume that Adobe and others therefore don't seem to do anything to promote ColdFusion outside the already existing ColdFusion user base and communities, which seems a bit odd as what is the point in promoting ColdFusion to people who already use it?

Perhaps one idea might be for Adobe do not attend (non CF) developer conferences and promote CF or work with magazines to publish articles and have their community managers spend time on other web developer sites like Sitepoint.com or  internet.com promoting CF. So there is a suggestion or two for anyone looking to do a bit of promotion, get out there and write a few articles.

(nb: I have since been informed by Matt Gifford that there are some CF articles being published in mags as he in facts writes them himself. However these are quite few in the grand scale of things and I have not personally seen them.)

 

This is one area where Railo Technologies seem to have got it right, as this is exactly what they have been doing, pushing Railo at non CF events.I know some people at Adobe are not big fans of Railo and this may rub them up the wrong way, but in my view Railo can only be good for the community and growing the existing user base, which is also good for Adobe and ColdFusion surely?. While Railo may rule the open source roost, and be perfect for shared hosting, Adobe has never been really been targeting those markets, they only really target enterprise customers, and those people looking for enterprise solutions are still likely to choose ColdFusion as it still has many advantages feature wise over Railo plus the support of a large well known and successful corporation behind it and well established community with a ton of useful support documentation that Railo can only dream of right now. Plus the self contained installer and effortless deployment of new sites is also a big plus for many, if only they could do away with the need of the virtual directories it would be perfect.

So while Railo may be reeling in the new users with the open source bait,  Adobe can still reap the rewards with enterprise conversions that may otherwise never have even considered CFML, a fact perhaps the Railo haters may have overlooked. After 10 years running cfmldeveloper.com I certainly feel I have done my bit :-)

 

Of course Adobe are free to do as they wish marketing wise, and certainly no-one can say they have done a bad job with CF that's why we all love it and there is certainly no shortage of resources if you know where to find them. So perhaps those doing the moaning should also pull their fingers and get out there and spread the word a bit if it bothers them so much.

 

Spreading the word however can be more difficult than one might expect as I discovered recently when I tried to do just that. I decided to go and signup on several other generic communities/sites and do a bit of ColdFusion promotion and answer a few questions only to be met with what I felt a very sour anti-community attitude over at sitepoint.com. It seems you are not allowed to post links out to or promote any other community or forum. I can understand the need for anti spammer/scammer measures, but to treat other communities in the same wasy seems a bit OTT to me. So clealry you need to be quite subtle your promotions and not quite so blatent as I was.