Delphi Demo: DynDNS through your WebHost’s CPanel (e.g.

aka Dynaminc DNS with

aka How to automate a Web Session with Delphi

 Here’s a program I’ve been beta testing for a few months.  I use it on a subdomain of to allow me to always reach my home.  I use Road Runner Cable from Time Warner and have a dynamic IP address.  That means that my IP can change at any point in time.  And it does!

I used to use the site Dyn.EE to provide a link to my house.   I always liked them because their client is written in Delphi.  However, now that I have and a gazillion subdomains hanging off of it (,, and the list goes on) I thought I would also make an url that connected to my house.

 This was tedious but quite duable to do once.  You just go into the control panel, create the domain, wait for it to become functional, and then modify the DNS settings and override the A record.  Simple right? Well mostly, it is just point and click at what seems logical.

 However, that’s a pain to do on a regular basis because well…

  1. The UI is slow.  The control panel takes for ever to get through.
  2. You have to first look up your own IP address first.  I usually would call my wife and have her send me an email and I’d grab it from the email header and then fix the DNS.  What a pain.
  3. Why suffer through minutes of clicking a few times a year when several hours of programming can get your around it?

So, I give you : The Code Cave’s Dynamic DNS Updater.

The Code Cave's DDNS Updater!

 The usage is simple. 

  1. Create a subdomain on your site and twiddle your thumbs til it becomes active sometime in the next hour or two.
  2. Enter that domain in the first field.  NOTE: If you put your main URL, your main URL will no longer point at your website.  Be careful!  You want this to be something like:
  3. Enter the main password for your account.  This is sent over HTTPS to and not to me.  Have no fear. 😉  But it will appear in the debugging section if you check that “Show IE Data Sent” box.
  4. Click the Update Domain button and watch it work.

Your change should be available almost immediately, however, when debugging this program I sent the change a few (dozen) times and it eventually refused to allow any more updates to go through for another 24 hours.  It’s been fine ever since.  I’ve since changed the program so that does not try to update the DNS if the URL is already correctly set. 

I’ve additionally made the program so that it takes the three fields mentioned above as  parameters.  You can put this into Windows XP’s scheduler and every 15 minutes, it will check the current IP and update as needed.  Or just put it in your startup folder.  This of course means your password will be put into your scheduler, but you have the source code, you can add encryption if that is a concern on your PC.

So, an easy way to do it would be to create a short cut in the startup folder to the program with the parameters like this:


That will look something like this:

tcc_DDNSUpdater My1PaSsWoRd  12323213

 The quickest way to get your domain ID is to run the program manually once and just click the Update Domain button.  Then you can see the domain ID below.

 The program follows this procedure recreating the required browsing session (so it is only as fast as your connection to

  1. Go to and get the current IP address (This is a constant in the code and you can change it easily).
  2. Use a socket to retrieve the IP address for the URL you are looking up.
  3. If the two match, terminate the application.
  4. Navigate to and get a session ID needed to establish the secure login.
  5. Login using HTTPS, the domain to update as the user name, and the provided password.
  6. If a Domain ID has not been provided, navigate to the list of domains and retrieve the ID of the domain (The subdomain HAS to be amoung the first 50 domains, alphabetically, on your account.)
  7. Navigate to the DNS update page for that domain (a requirement of the 1and1 Control Panel software)
  8. Submit the DNS record change.

Simple as that!

The full delphi source is available in the Zip file.  The usual “If this crashes your site and costs you $30,000 dollars, why the heck did you run non-standard like this and risk a business site on it!  I’m not responsible for your site’s safety you are.  So consider the very real risk that things can go wrong with demo stuff downloaded off the Internet and err on the side of safety.” warning message applies.

You can download the file here: (link)

 I’ll post details of the code later.

I created this app using a Websession logger that might be of use to you.  I use it in my automation processes at work and also us it to create forum submission links that I could not have book marked on the web in any other fashion.

Enjoy! Sucks! 1 and 1? Says who?!?!

I came across another rant about 1and1 the other day and thought I’d post something I’d sent off to Michael ages ago. It sums up my thoughts on the subject completely and required very little editing… has labeled themselves “The worlds No. 1 web host [by the number of sites hosted]”. So they are a big target. It is true that they do not hold your hand, but that’s not what I am concerned about. I don’t care if they have crappy extras, in fact the more extras they add, the more stuff I’m paying for that I won’t ever use. What I care about is that they are willing to give you the access rights to add more to your shared server. Right now the ONLY things that I haven’t been able to do with my 1and1 account involve port access. And that simply isn’t possible with a shared server.

You will always find complaints about a company. Sometime they are valid. For, the complaints seem to come from the less technical users who looked for help. I agree that 1and1 isn’t great about explaining how to do new stuff. Three years ago, I was in the same situation, learning… but that’s what is great about the internet, there are many many resources available. That can help you through the rough spots if you’re patient and willing to work on it… I find that hosting at and searching Google works well for me and I’ve had my now account for three years plus.

Dreamhost* has the best help system out there, AFAIK, but their best service plan is $79.99. Through accepting an advertised upgrade deal for existing 1and1 customers, I have way more resources available and pay only ~12% of what a DreamHost customer is paying. I’m getting more resources for my money. I realized the other day that my 1and1 account has space available than what I’ve partitioned my Windows partitions to and that includes the partition I’ve set aside for multimedia. I’ll take my $839 dollars a year savings thank you very much.

*Update – Since the initial writing of this email, DreamHost has radicaly increase their available space available and resources. The prices are now comparable to what I get from There are trade offs, but by stats alone they basically even out until you look at the extra charges DreamHost has. DreamHost charges a $50 setup fee (It’s like charging an extra $4.16 per month for the first year) and has 100% higher domain registration fees.

I should leave this out and follow the “If you want comments, leave holes in your posts to allow people to reply.” But I know some WILL say “YEAH – but have you ever tried to cancel a service from them?”. Sure, I’ll address that and then THAT you can reply to. EVERY post I’ve seen about this subject has been from someone who’s filled out a form to cancel the service and then not checked on it until 6 months after the fact when they receive the next bill. I’m sorry but if something is important to you, you, yourself, ensure that it is done.

People would have had no problem if they’d:
1. Ensured that the cancel was on record the week before it was due to happen
2. Ensured that the cancel a week later that the cancel took place
3. Ensuring that the 1and1 representatives made notes on their accounts recording each call.
4. Recorded the name/number date and time of each phone call.

1and1 will retroactively refund if you can prove your case. I’ve read about that happening too. I don’t anticipate a problem if and when I cancel. And I CERTAINLY more willing to work toward cancelling a service if it means that I never have to worry about a site I have worked to build isn’t sniped out from underneath me. 1and1’s process doesn’t let that happen and I never have to worry about paying some scoundrel/thief/blackmailer $800 just to get back what is already rightfully mine.

Support is something I know about. I know what an effort is involved for our office to provide the best tech support in our industry. We’ve spent years learning what works and what does not. Mistakes have happened and we’ve learned from each one. When I make a call to any company, a call that matters to me, I’m going to do my best to make that representative take the steps needed to provide me with a good technical support, whether they are trained to do so or not.

Likewise, I realize that we will have customers that we cannot help for whatever reason. I also know that those customers are likely to complain, as loudly as they can, that we have the absolute worst tech support of anybody in the world. All that matters to them is that we could not help them, whether it was an issue on their side or if we did make a mistake. So, I naturally question the most inflammatory posts I read. Mistakes do happen, but all in all it is in the company’s best interest to provide good support. That’s true for where I work and has to be true for 1and1.

Anyway, that’s my take on it.

I guess some people need more help than others (link)…

UPDATE: Oh, look. Here’s another generic “ Internet Web Hosting Sucks”
article (link) from an SEO guy…

“They are by far the worst hosting company.”

Ummm… He doesn’t mention a single word about their hosting. So, I’ll ignore this part…

“They make it impossible cancel and account, “

OK, he’s upset. Obvioulsy, he’s gonna have some thick thumbs…

“and if you don’t do it correctly they will keep billing you.”

WAIT? WHAT? If you don’t actually cancel the account, the continue to provide you with service? AND they expect to be paid for that?????


“Think you’ll be ok when your credit card expires don’t worry they will keep billing you and eventually refer you to collections.”

So, he ignored the problem and assumed a business that he had an relationship would simply say “Oh, I don’t care about that money. It doesn’t matter that much. It’s only bad debt. Why collect on that?”

Why in the world would someone be surprised that they would collect upon what they see as a valid debt? Of course it is going to go into their “collections” department and you’ll be sent scary letters! That is evidence that the company is well managed and not that is evil. Just because you don’t feel it is important to follow up where your money goes, you should not assume someone else will be equally lax about where “their” money is.

When you call to speak to a supervisor and tell them to cancel an account you aren’t using anymore and is in collections, they still won’t cancel it.

OK. He had problems with the first cancellation. Don’t you think it would make sense to call and receive confirmation that the account was cancelled successfully? If he did that, I see no evidence of it. I do see that he admits to making a mistake in initial cancelling process. I’d guess that he never verified the cancellation that time either. Obviously, there was a mistake here and 1and1 should have canceled the account, and billed him for only the service up to the day of this “second” cancellation. Hmmm perhaps that’s what they did. It is not clear if the continued debt is the full amount due for that period.

They will however keep sending you an email to an address that no longer is in existence and refer you to their online web form.

So, he didn’t even continue update them with his correct contact information until the situation was finalized??? After all why should he care that they be able to reach him? Maybe he is just to frustrated to type all the details in this article but wait, he can clearly think of all possible search term for his post: (parenthetics mine)

1 & 1 Web Hosting Sucks (um not)
1 & 1 Hosting provider sucks (HA!)
1 & 1 Hosting Sucks (Oh really?)
1&1 Internet Web Hosting Sucks (says who?)
1& sucks (Did you try to protect your money?)
1&1 Control Panel Sucks (HORRAY for those that build their own!)
1&1 Internet Inc FAQ SUCKS (Not really)
1&1 Hosting Reviews (but he never reviewed their services)
Reviews of 1&1 (He still doesn’t offer a review)

From here on he just copy and pastes… yeesh… That’s enough for me…

I think I’ll spend 4.95 to get a domain and then cancel it before the year is out… It would be worth $5 just for the experience… I should make it something like “” so that people won’t say the name made them cancel it. Hmmm Not a bad idea….

UPDATE: Here’s a nice review of 1and1 (link):

The 1 and 1 services offered to the small and medium enterprise are impressive. Their strength is their excellent value for money, in offering a very large array of services and features with their web hosting products for an extremely low monthly charge.

The 1 and 1 homepage is attractive and is set up to give clear information about their products and services and what they offer. There is a graphic showing very clearly the extras to be had for each package, helping reveal what stands out. This is definitely a plus in deciding which package to choose. The company track record is also clearly stated with financial summaries, and is rock solid.

How not to query a Quake, Halflife, RtCW, FarCry game server status via PHP…

This is the story of a man who simply want to create a nice page describing the users of a few games servers for a Return to Castle Wolfenstein mod called The WildWest.

He was over joyed when he stumbled across a PEAR module called GameServerQuery. He’d spent hours and hours trying to get QStat to work on his server, but it never did work and no one could tell him why. He spent additional hours trying to find a PHP module that did the same thing, but everything he found was a wrapper for QStat. He’d given up on the search a full year before he stumbled across PEAR’s GameServerQuery. So, you can just imagine his joy.

Well, that joy was short lived…as the pain soon began. If you don’t want to know the whole sad story, feel free to jump ahead to the summary section where you can see the final results and decide what will best work for you.

The Painful Process

Now, if you are on a shared server, chances are you cannot install cusotm modules until you gotten your own instance of PEAR up and running. Read about how to do that here. After you have done this you are ready to install the GameServerQuery module.

Here’s how an average user would install the GameServerQuery module:
pear install –alldeps Net_GameServerQuery

Except that for 1and1, it won’t work. That command asks PEAR to install the latest officially released version. Right now that’s version 0.2.0. An Alpha release. And by default, only allows stable versions to be installed in a generic request.

So you have to request a specific version. Here’s how you do that:
pear install –alldeps “channel://”

BUUUUUT for, that won’t work. It gives you an error that Net_GameServerQuery requires PHP version 5 but the default version installed on is version 4.4.2. But as loyal readers of know, all users can run php 5 with a 1 line change to .htaccess. However, even with that change, PEAR has no way of determining that, at runtime, php5 will be used instead of php4. So, you have to tell the module to install no matter what… To do this you override that option by adding the –force option. Just like this:
pear install –alldeps –force “channel://”

AND THAT installs GameServerQuery!


Except…. that this version doesn’t work. It is all full of alpha version issues. For example, it was obviously written on a Windows Machine for all of the slashes are back slashes instead of forward slashes. That simply won’t work on a Linux server. It’s a novice PHP programmer mistake. Another problem is that as the code is written on, you would have to put a php.ini file in every PEAR GameServerQuery subdirectory. And that’s just not the way to do things!

Fortunately the newest version of GameServerQuery is available through CVS to install:

However, my CVS program is royally messed up right now and I haven’t needed it for ages. So I wasn’t about to mess with it again. So I decided to build an htm file from the contents of the XML file
( that describes the source files in the repository.

I REALLY think that should have been the hard way to do it. But I could not figure out the url for the zip or tarball for that release. If you know of an easier way to download a zip of a specific version of a viewvc processed cvs archive, I’d REALLY like to hear from you!

But anyway, I did the old right-click-save-as dance for all of the files and put them in the appropriate directories. I’ll save you that work. Here’s a zip:

You can extract it to the PEAR/PHP directory or to your web directory…

I have zipped up the examples too:

They’ve been somewhat mutilated by me in my testing. You can get the real ones here:
if those don’t work.

Version 1.0.4 is a working version (with one minor change) of GameServerQuery and produces very nice report of the server properties and reports.

BUUUUUT it won’t run This one is not their fault. It won’t ANY shared server to the best of my knowledge. I have seen at least one reference saying that access to socket level communication is restricted to root level access on (all?) shared server environments. It makes some sense that it would be. There is only 1 machine and that one machine might have to try and leverage a common socket across many different virtual servers. 1and1 just won’t/can’t let a single server lock up a socket.

What will happen when you try to connect out on a port, is that you will set off all sorts of internal alarms and you’ll get an email from the Customer Compliance Operatives (I’m serious – that’s how they sign their emails: “Customer Compliance Operative – 1&1 Internet Inc.”), but that’s a tale for another time.

So, what do you do? Well, it is simple. You use XAmPP to create a server on your local windows machine. Don’t bother with the whole PEAR install thing, just extract the zip (with directories in tact) to the folder that contains your example files and all will work beautifully. Then you just need to modify the scripts to produce static files and upload the results to your account on a regular basis – say every 15 minutes or so. Easy Peasy!


While manually downloading the 1.0.4 version of GameServerQuery produces a functional report on dedicated webservers, for it will not work on vitual hosts, you get a basic array in return and must do all the needed formatting yourself. The example files show some simple ways to do that. As shown here:
Game Server Query Pear Module output

Now that I knew the terms to search for, I was able to find another package on SourceForge that does this exact same thing in a much more professionally refined fashion. The package is called PHGStats. It includes an installation script that guides you through creating a configuration file for the servers you will monitor. It produces will formatted pages with special functions for each game, such as color code support in server and player names.
With very little configuration, you get nice server lists that look like this:

PHGStats server list.

and player lists that look like this:
PHGStats player list.

I think both tools have their place. I will probably use the QueryGameServer to create a program that monitors the servers and emails people when there is somene waiting around for a game. I’ll probably have it check the servers every 3 minutes or something like that. The second heavy weight tool will be used to generate pages every 15 minutes or so…

You have been hacked! or What not to do with your 1and1 account…

Well, I had a nice post about how I was distracted from posting more Delphi code because I was playing with a new pear module I’d found called GameServerQuery. I was finishing that post by asking if anyone had gotten it to work because I was pretty sure I had everything correct but it wasn’t working. Before I published the post I noticed someone had telneted into my account and run some bash commands. And I knew it was not me…

They searched for my local ip address and an example file I used for Game Server Query. Very odd…

Then I got an email from 1and1 saying I was hacked and that “WordPress needed to be updated because it had many security holes”. Uhhhh, no it doesn’t.

Long story short – I wasn’t hacked my anyone but a 1and1 representitive and dumbing language down for the end user is a bad practice if you don’t also provide them with an explaination of what you REALLY mean.

I’ve got enough materials for four or five posts out of this whole thing, but if I combine all the detail here, this post will be 5 pages long and it won’t make any sense when read as a whole.

So, here’s a summary and some good things to know when working with shared host accounts –

1. They say: Don’t use your account to host a game server or simliar program.
They mean: We monitor and block outbound socket connections from your server. By doing this we lock out people looking for a cheap game server, and we protect our customers sites from several common attacks. We will allow FSocketOpen but the traffic is interupted and you will be contacted by a “Customer Compliance Operative”.

“Customer Compliance Operative”?!?!?!!? So, is that like one of the Men in Black or more like a Mafia enforcer? Will I be zapped by a blinky light and forget all the PHP code for openning sockets if I continue with this post?

UPDATE: I just found a reference that indicates that this is probably NOT fault.
Someone was investigating why Traceroute was not available on shared servers and discovered that socket traffic could not be accessed without root level access. Of course root level access cannot be givin on a shared server. If anyone can Confirm or Deny this, I’d appreciate the additional information…
2. 1and1 passwords should not be considered secure and therefore should only be used on 1and1. Any/all 1and1 account representatives have access to your root passwords and can login as you and for all intents and purposes impersonate you using your accounts. What bothers me most about this is that they don’t have a policy of notifying you that they have logged in as you to do something… That’s wrong…

3. 1and1 Support reps as a whole – as might be expected – have only general knowlege about the vast number of programs out there that could be running on your server. So they will look for alarm words and offer generic advice when they see one of these dangerous words. This could be considered a form of Red Zone Management, I guess. They get involved only when they need to and only know the hot topic of they day. So they will search for a file called XMLRPC.php since last year it had a hole in it. So, that means you were probably hacked. If they see WordPress, they know it had vulnerablities earlier in the year, so they can assume you were hacked. They will not research/know the versions of the files involved even if they are listed in the logs. Again, this is really to be expected. I would not want every customer support rep to be a $90,000 a year security expert. I sure would not be paying what I am paying right now for the service.

4. When working with support, if you want a good solid response help them give it to you. You can be in control of the calls and guiding the representative will make the call easier on both sides. This is true of any company any where in the world. Not every support rep will have the same level of training, the pressing calls of the moment can and will take priority to the detriment of other calls, if something is important to you trust but verify it has been done.

5. The latest version of the Pear module GameServerQuery is good and functional. The latest version is not what pear serves up. You have to retreive it manually. PhGStats is a MUCH more refined tool and produces more fully functional pages. There’s a place for both of these tools. That place, btw, is NOT – see point 1.

More on each of these topics later…

How to run PHP5 on in 1 easy step…

It actually can’t get any easier than this.

Just put the following line in your .htaccess file:

AddType x-mapp-php5 .php
AddHandler x-mapp-php5 .php

And your done! Your site is now running under PHP5.


Want proof? Want to know details?

Well… Here you go…

It turn’s out that accounts all come with PHP4 active. By default php files are processed by PHP Version 4.4.2.

Test this out on your 1&1 server without affecting the operation of your site:

Create a new directory called TestPHP4

Create a file in that folder called index.php that contains the following text




Then open that directory in your web browser.

You’ll get something that looks like this:

PHP Logo

PHP Version 4.4.2

System Linux infong 2.4 #1 SMP Wed Jan 18 14:53:29 CET 2006 i686 unknown
Build Date Feb 6 2006 10:16:02
Configure Command ‘../configure’ ‘–with-pear’ ‘–with-mysql=/usr’ ‘–with-zlib’ ‘–enable-debug=no’ ‘–enable-safe-mode=no’ ‘–enable-discard-path=no’ ‘–with-gd=/usr’ ‘–with-png-dir=/usr/lib’ ‘–enable-track-vars’ ‘–with-db’ ‘–with-gdbm’ ‘–enable-force-cgi-redirect’ ‘–with-ttf=/usr/’ ‘–enable-ftp’ ‘–with-mcrypt’ ‘–enable-dbase’ ‘–enable-memory-limit’ ‘–enable-calendar’ ‘–enable-wddx’ ‘–with-jpeg-dir=/usr/src/kundenserver/jpeg-6b’ ‘–enable-bcmath’ ‘–enable-gd-imgstrttf’ ‘–enable-shmop’ ‘–enable-mhash’ ‘–with-mhash=/usr/src/kundenserver/mhash-0.8.9/’ ‘–with-openssl’ ‘–enable-xslt’ ‘–with-xslt-sablot’ ‘–with-dom’ ‘–with-dom-xslt’ ‘–with-dom-exslt’ ‘–with-imap’ ‘–with-curl’ ‘–with-iconv=/usr/local’ ‘–with-freetype-dir=/usr/include/freetype2’ ‘–with-bz2’ ‘–with-gettext’ ‘–enable-exif’ ‘–with-idn’ ‘–enable-mbstring=all’
Server API CGI
Virtual Directory Support disabled
Configuration File (php.ini) Path /usr/local/lib/php.ini
PHP API 20020918
PHP Extension 20020429
Zend Extension 20050606

Now copy and rename the TestPHP4 directory as TestPHP5 (or create the directory as above manually). Now create one more file in the TestPHP5 directory named .htaccess

Make certain a period is in front of htaccess like this: .htaccess

The period indicates this it is a hidden file. It tells your system how to process requests. In this case we will tell it to process all .php files as php5 files. That is done by adding the following line:

AddType x-mapp-php5 .php

Now save that file and browse to the directory with your web browser. You’ll see something like the following:

PHP Version 5.1.4

System Linux infong371 2.4.28-grsec-20050113a #1 SMP Thu Jan 13 08:59:31 CET 2005 i686
Build Date May 4 2006 13:56:29
Configure Command ‘../configure’ ‘–program-suffix=5’ ‘–with-pear=/usr/local/lib/php5’ ‘–with-config-file-path=/usr/local/lib/php5’ ‘–with-libxml-dir=/usr/local/php5’ ‘–without-sqlite’ ‘–with-config-file-scan-dir=.’ ‘–with-mysqli=/usr/local/mysql/bin/mysql_config’ ‘–enable-soap’ ‘–with-xsl=/usr/local/php5’ ‘–enable-mbstring=all’ ‘–with-curl=/usr/local/php5’ ‘–with-mcrypt=/usr/local/php5’ ‘–with-gd’ ‘–with-pdo-mysql=/usr/local/mysql’ ‘–with-freetype-dir’ ‘–with-libxml-dir=/usr/local/php5’ ‘–with-mysql=/usr/local/mysql’ ‘–with-zlib’ ‘–enable-debug=no’ ‘–enable-safe-mode=no’ ‘–enable-discard-path=no’ ‘–with-png-dir=/usr/lib’ ‘–enable-track-vars’ ‘–with-db’ ‘–with-gdbm’ ‘–enable-force-cgi-redirect’ ‘–with-ttf=/usr/’ ‘–enable-ftp’ ‘–enable-dbas’ ‘–enable-memory-limit’ ‘–enable-calendar’ ‘–enable-wddx’ ‘–with-jpeg-dir=/usr/src/kundenserver/jpeg-6b’ ‘–enable-bcmath’ ‘–enable-gd-imgstrttf’ ‘–enable-shmop’ ‘–enable-mhash’ ‘–with-mhash=/usr/src/kundenserver/mhash-0.8.9/’ ‘–with-openssl’ ‘–enable-xslt’ ‘–with-xslt-sablot’ ‘–with-dom’ ‘–with-dom-xslt’ ‘–with-dom-exslt’ ‘–with-imap’ ‘–with-iconv=/usr/local’ ‘–with-bz2’ ‘–with-gettext’ ‘–enable-exif’ ‘–with-idn’
Server API CGI
Virtual Directory Support disabled
Configuration File (php.ini) Path /usr/local/lib/php5/php.ini
Scan this dir for additional .ini files .
PHP API 20041225
PHP Extension 20050922
Zend Extension 220051025

You now have two different directories that process files using two different php engines.

Pretty cool huh?