Operations | Monitoring | ITSM | DevOps | Cloud

Oh Dear

Making sure Laravel's debug mode is always disabled in production

Recently, people started talking about a malware called “Androxgh0st” specifically targeting Laravel apps. In a recent edition of Securing Laravel, Stephen Rees-Carter wrote a good explanation of how it works. The malware targets apps with APP_DEBUG set to true. When enabled, Laravel will give detailed error messages, and some security features will be disabled. In production, you always want this value to be set to false.

Two smallish improvements to our DNS check

As you probably know, Oh Dear is run by a small but capable team. One of the advantages of being small is that we can implement stuff pretty quickly: there’s no red tape, and our code base is very healthy. So, when our users have feature requests that make sense to add to Oh Dear, we can move fast. In the past month, we implemented two smallish feature requests for our DNS check we got through support. Here’s what our new DNS settings screens look like.

Laravel Pulse cards to show response times, scheduled jobs, broken links

Today, we released the ohdearapp/ohdear-pulse package, which contains Laravel Pulse cards to show you the status of your scheduled jobs, any broken links you have in your Laravel app, and uptime / HTTP performance stats. All of these cards use the Oh Dear API to fetch their data. Laravel Pulse is a first party package that can display a dashboard with information surrounding usage and performance of your Laravel app. Here’s how a default installation looks like.

Our Lighthouse check has been upgraded to Lighthouse v11

We are happy to announce that we have upgraded our Lighthouse check from v9 to the latest version, Lighthouse v11. Lighthouse is an open-source tool by Google that helps developers improve the quality of their web pages. Oh Dear can run this check frequently for your site, informing you when SEO-related problems arise. Our check may suggest optimizing images or minifying JavaScript to improve performance.

Our DNS check can now monitor hidden CNAME records

Besides monitoring your site's uptime, Oh Dear offers many other checks to monitor all kinds of aspects of your web app. One of those checks is our DNS check. Whenever we detect problems with your DNS records or when one of the DNS records changes, we can notify you. By default, we only monitor the DNS records of the domain you are monitoring. So when you're monitoring example.com, we'll only monitor the records of that hostname. A CNAME record is a special kind of DNS record.

Our uptime check can now verify the absence of a string

The most popular check that Oh Dear offers is, without a doubt, our uptime check. It's enabled for almost every site we monitor. By default, this check will notify you when your site returns a non-2xx response, but you can greatly customize that behavior. You can check if the response has certain headers, if the response contains a particular string, and more! Some of our users requested a new behavior: checking the absence of a string on the response.

Better handling of bounced emails

Whenever we detects something wrong with your site it can send you a notification. We have multiple channels available: Slack, Telegram, webhooks, and many more. The most popular channel our users use is just a simple mail. Behind the scenes, Oh Dear uses Postmark to send out mails. Postmark will inform us whenever a notification mail results in a hard bounce. A hard bounce means that the mail won't be delivered. The most common reason for this is that the mailbox doesn't exist (anymore).

You can now log in faster using Google and GitHub

Since Oh Dear was launched, we offered a traditional login using the familiar email and password combination. Today, we've launched our social login. This feature allows you to use your Google or GitHub account to log into Oh Dear. You'll see these two new buttons on the registration and login page. When clicking one, we'll use your Google or GitHub account to log in. When logging in, we'll search for an Oh Dear account whose email matches the email used for your Google / GitHub account.