Craftmind Bloggers: November 2011

Monday 28 November 2011

Configure Dream weaver in to access MySQL database via FTP - cPanel - Access database via remote connection

How to access MySQL database via Dream weaver?

I am using cPanel for my domain. How to configure Dream-weaver to access MySQL database via FTP.

Kindly follow the steps below to enable "Remote MySQL" connection.

=============

1. Login to your cPanel

2. Go to Database

3. Select on "Remote MySQL"

4. Enter the "Host name"

Note: Host name should be ipaddress or DOMAINNAME.COM. (e.g. if the IP address is 203.56.23.45 then enter 203.56.23.% or backtoflowers.com.sg). You can find the IP address of your local machine from "http://www.whatiswmyip.com/"

=============

Now try to connect your DreamWeaver. Follow the steps below.

=============

MySql-Front

Open MySql-Front and follow the instructions below:

1. File > Connection

2. Click New

3. Enter the name of the connection (e,g, domain name)

4. Go to the “Connection” tab

5. Enter the Hostname

6. Go to the “Login” tab

7. Enter your Username and Password (Optional: select save password)

Note: You should be able to click on the icon for “Database” and find the one you are looking for, or enter this information. However this is optional and should work without this. Once you’ve entered the required information press “OK” and you should connect and see your MySQL tables.

Site Setup:

1. Open the site manager

2. Go to “Testing Server”

3. Server Model = “PHP MySQL”

4. Access = “FTP”

5. FTP Host = ftp..com

6. Host Directory = Folder where the site is (e.g. public_html, public_html/dir)

7. Login = Username for the domain (not the MySQL username)

8. Password = Password for the domain (not the MySQL username)

9. !Important URL Prefix = Domain name (e.g. http://domainname.com)

Note: If you have a .htaccess file on the part of your server you have set as the “HTTP Address” you will need to disable it in order for Dreamweaver to access that address.

Database Setup:

1. Go to the “Application” section and go to “Databases” (Window > Databases)

2. Click the “+” followed by “MySQL Connection”

3. Enter the name of the connection (e.g. domain name)

4. For MySQL server enter “localhost” (without the quotes)

5. Enter the Username and Password

6. For “Database” enter the Table Name you want to connect to

7. Press “OK”

=============

After the setup, if you are receive 'An unidentified error has occurred' error when attempting to connect to your database, or other troubles when connecting, follow these steps:

=============

1. Open your ftp program

2. Go into the root folder of your site (the "Host directory" set in dreamweaver)

3. Look for a folder named _mmServerScripts

If it's there

1. Delete _mmServerScripts

2. Attempt to connect with dreamweaver again

3. Dreamweaver should now create the new directory and it's contents

If it's not there

1. Create _mmServerScripts directory

2. Go to your dreamweaver install directory and then Configuration\Connections\Scripts\PHP_MySQL\_mmDBS cripts

3. Upload MMHTTPDB.php and mysql.php to the _mmServerScripts directory on your server

=============

Enable name based hosting for SSL -SNI module - without dedicated IP for SSL

How to install SSL certificate without IP dedicated IP address in shared hosting.

SSL-enabled Name-based Apache Virtual Hosts with mod_gnutls

This article describes how to implement SSL-enabled name-based vhosts – that is secure virtual hosts which share the same IP address and port – with the SNI-capable mod_gnutls module for Apache’s httpd web server.

Server Name Indication (SNI), as described in section 3.1 of the RFC3546, is a TLS extension which makes the configuration of SSL-enabled name-based virtual hosts possible. This extention eliminates the need for the assignment of one IP address per secure virtual host, therefore the cost for secure web hosting is greatly reduced, as all secure virtual hosts can share the same IP address and port combination. SNI is a huge step forward as it promotes security by making secure web services easier and cheaper to implement. The current version of OpenSSL – 0.98 at the time of writing – does not support SNI yet, but this is planned for the upcoming 0.99 release. On the other hand, mod_gnutls, an experimental module for Apache’s httpd which has been around for 2+ years, includes support for SNI.

Introduction
Searching the web for mod_gnutls binary distribution packages or information on how to set it up returned very few relevant results. This was a surprise, as, at this moment, the only implementation that supports SNI is mod_gnutls. So, I decided to write a tutorial on how to set things up for a test. I hope you find it useful.

The test that is described in this guide includes:
The compilation of the mod_gnutls module.
The generation of SSL certificates.
The configuration of the SSL-enabled name-based virtual hosts.
This test was performed on a server that runs Fedora 7.

Installation
In order to compile mod_gnutls, you will need the development tools for Fedora:
# yum groupinstall "Development Tools"
Install the mod_gnutls dependencies:
# yum install httpd-devel gnutls-devel

As an unprivileged user, download the mod_gnutls distribution and compile it.
$ wget http://www.outoforder.cc/downloads/mod_gnutls/mod_gnutls-0.2.0.tar.bz2
$ tar -xjvf mod_gnutls-0.2.0.tar.bz2
$ cd mod_gnutls-0.2.0
$ ./configure --prefix=/usr
$ make

Do not use the ‘make install‘ script, but perform the installation manually – it is only one library.

As root, copy libmod_gnutls.so to the directory that holds the Apache modules (usually /usr/lib/httpd/modules) and rename it to mod_gnutls.so for consistency:
# cp mod_gnutls-0.2.0/src/.libs/libmod_gnutls.so /usr/lib/httpd/modules/mod_gnutls.so

During the compilation, two keys, dhfile and rsafile, have been generated in the mod_gnutls-0.2.0/data/ directory. It is absolutely important to copy these files in httpd’s configuration directory (usually /etc/httpd/conf/), otherwise mod_gnutls will never work. This is undocumented, and I found out about it after some trial&error.

As root:
# cp mod_gnutls-0.2.0/data/{dh,rsa}file /etc/httpd/conf/
Installation is complete.

SSL certificates
In this test installation, two virtual hosts will be used. Thus, two SSL certificates will be required. Please read my article on how to generate SSL certificates for your servers, as this information is beyond the scope of this document. Alternatively, you may use a ready-made script which will create those certificates for you quickly. Such scripts are shipped will almost all Linux distributions. Please consult your distribution’s documentation for more information.

HTTPd Configuration
The configuration of the Apache web server includes two phases:
The configuration of the main server.
The configuration of the virtual hosts.
In the following instructions, some brief notes about what each directive does is included. For more detailed information, please consult the mod_gnutls documentation.

Main Server Configuration
This includes setting some general mod_gnutls options, which will be inherited by all virtual hosts.

But, first of all, httpd needs to be set to listen on port 443 (in addition to port 80). Instead of specifying the SSL port only (Listen 443) which will lead httpd to listen to all the available network interfaces, you may specify the exact network interface on which the server will listen. For example:
Listen 192.168.0.1:443
Next, load mod_gnutls:
LoadModule gnutls_module modules/mod_gnutls.so

Add some MIME-types for downloading Certificates and CRLs from your web sites (taken from the mod_ssl configuration):
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

It is suggested that you use a session cache for mod_gnutls. This will increase its performance. In this example, the dbm cache type is used. This cache type requires a directory where mod_gnutls will actually save SSL session data. So, creating a directory for this purpose and giving ownership to the user that runs Apache (usually apache or www-data) is needed. Assuming that the Apache user is apache, as root issue the commands:
# mkdir -m 0700 /var/cache/mod_gnutls_cache
# chown apache:apache /var/cache/mod_gnutls_cache

Now, back to the Apache configuration. The following directive sets the dbm SSL Session Cache for mod_gnutls:
GnuTLSCache dbm "/var/cache/mod_gnutls_cache"

Set a timeout for the SSL Session Cache entries. Usually, this is set to 300 seconds:
GnuTLSCacheTimeout 300

Finally, specify that on the 192.168.0.1:443 interface and port there will be name-based virtual hosts; that is vhosts that share the specified interface and port:
NameVirtualHost 192.168.0.1:443

Virtual Host Configuration
The example virtual hosts are: v1.example.org and v2.example.org. It is assumed that two SSL certificates with the canonical name (CN) correctly set to each of the aforementioned vhost domains have been generated.

In the following vhost configs, only the absolutely required directives have been used. The rest of the options are inherited from the main server.

ServerName v1.example.org:443
GnuTLSEnable on
GnuTLSCertificateFile /etc/pki_custom/certs/v1.example.org.crt
GnuTLSKeyFile /etc/pki_custom/private/v1.example.org.key
DocumentRoot "/var/www/v1/public_html"

ServerName v2.example.org:443
GnuTLSEnable on
GnuTLSCertificateFile /etc/pki_custom/certs/v2.example.org.crt
GnuTLSKeyFile /etc/pki_custom/private/v2.example.org.key
DocumentRoot "/var/www/v2/public_html"

Testing the setup
Having finished with the configuration, review the changes, restart the server and check the error logs for any errors.

Use a web browser to visit each of the virtual hosts by using the HTTPS protocol:
https://v1.example.org/
https://v2.example.org/

Until now, the web server did not support the SNI TLS extension. Therefore, when visiting the v2.example.org virtual host, you would see two warnings in your browser. The first one would be because the vhost’s certificate has not been issued by a trusted Certificate Authority – this is normal as it was you who issued that certificate – and the other one because on a server without SNI support it is actually the V1 vhost’s certificate that is used when visiting V2 vhost over https. Remember the limitation with SSL and name-based virtual hosts?
With mod_gnutls, the server supports the SNI TLS extension. Although the virtual hosts are name-based, no matter which one you visit, the relevant certificate for each vhost is used and the only warning you see is the one about the certificates being self-signed. You can get rid of these by purchasing a certificate that is issued by a trusted Certificate Authority.

Conclusion
mod_gnutls works. Actually, it was a real pleasure to see SNI work!
It is important to note though that mod_gnutls is still in experimental phase. Therefore, performance issues should be considered as normal when using it.
At the moment of writing, my server uses Fedora 7 as an operating system. As I haven’t upgraded my desktop to F7 yet and my server does not have any development tools installed, I compiled mod_gnutls on a Fedora 6 system and used it on Fedora 7. I do not know if that was the reason – and I did not have the necessary free time to investigate – or anything else, but, during the use of mod_gnutls, my server’s load average increased significantly.

I will test mod_gnutls again soon and post the new results, if they are different than the ones I present in this article. I highly recommend that you try it, as it is currently the only way to easily achieve SSL-enabled name-based virtual hosts using the SNI TLS extension. Note, that this extension will be supported by openssl 0.99, so the moment that SNI goes mainstream and such a setup becomes easy and cheap to implement with any Linux distribution is close.
One last thing that has not been mentioned at all is about SNI support in web browsers. Currently, with the exception of Safari (this is unconfirmed, please correct me if I am wrong), the latest versions of all major web browsers, Firefox and other Mozilla-based browsers, Internet Explorer, Opera, support SNI.

Hack Plesk email and FTP password - How to decrypt it.

This script allows us to gather all the username and password information on the server to let us troubleshoot faster. Just copy paste this script in a file. Change the file to executable mode and run the script. I works. We can get the Plesk password via this.

#!/usr/bin/env bash
#**********************************************
# Plesk Quick Info Script v0.0.1
# Written by Patrick Burns
#  SQL Queries provided by Christopher Haynie
#  Special Thanks to Tim G. for the help
#
#   This script simply queries mysql to give all email addresses, ftp users, and passwords
#   associated with both
#
#       Features:
#         1.  No password required
#         2.  No mysql CLI knowledge required
#         3.  OS Detection, works on both FreeBSD and Linux (only redhat right now)
#
#
#
#     last modified: 2/24/2009
#**********************************************
 
#The following function determines if the machine is FreeBSD or Linux
 
function detect_os {
        OS=$(uname)
        if [ "${OS}" == "FreeBSD" ]; then
                echo
                #freebsd stuff
        elif [ "${OS}" == "Linux" ]; then
                DIST=$(lsb_release -si)
                VER=$(lsb_release -sr)
                ARCH=$(uname -i)
        fi
}
 
#The following function is the Linux Version, scroll down for the FreeBSD function
 
function linux_run {
 
echo $OS
 
    clear
 
    echo "                                          "
    echo "                                          "
    echo "##########################################"
    echo "#                                        #"
    echo "# Quick Plesk Info Troubleshooting Script#"
    echo "#                                        #"
    echo "#    Below are the email addresses       #"
    echo "#            on this server              #"
    echo "#                                        #"
    echo "##########################################"
    echo "                                          "
    echo "                                          "
 
mysql -u admin -p`cat /etc/psa/.psa.shadow` psa -e "SELECT accounts.id, mail.mail_name, accounts.password, domains.name FROM domains LEFT JOIN mail ON domains.id = mail.dom_id LEFT JOIN accounts ON mail.account_id = accounts.id"
 
    echo "                                          "
    echo "                                          "
    echo "##########################################"
    echo "#                                        #"
    echo "#      Below are the ftp users           #"
    echo "#           on this server               #"
    echo "#                                        #"
    echo "##########################################"
    echo "                                          "
    echo "                                          "
 
mysql -u admin -p`cat /etc/psa/.psa.shadow` psa -e "select s.login,s.home,a.password from sys_users s,accounts a where a.id=s.account_id"
}  #END linux portion
 
#the following function is for FreeBSD
 
function freebsd_run {
 
    clear
 
    echo "                                          "
    echo "                                          "
    echo "##########################################"
    echo "#                                        #"
    echo "# Quick Plesk Info Troubleshooting Script#"
    echo "#                                        #"
    echo "#    Below are the email addresses       #"
    echo "#            on this server              #"
    echo "#                                        #"
    echo "##########################################"
    echo "                                          "
    echo "                                          "
 
mysql -u admin -p`cat /etc/psa/.psa.shadow` psa -e "SELECT accounts.id, mail.mail_name, accounts.password, domains.name FROM domains LEFT JOIN mail ON domains.id = mail.dom_id LEFT JOIN accounts ON mail.account_id = accounts.id"
 
    echo "                                          "
    echo "                                          "
    echo "##########################################"
    echo "#                                        #"
    echo "#      Below are the ftp users           #"
    echo "#           on this server               #"
    echo "#                                        #"
    echo "##########################################"
    echo "                                          "
    echo "                                          "
 
mysql -u admin -p`cat /etc/psa/.psa.shadow` psa -e "select s.login,s.home,a.password from sys_users s,accounts a where a.id=s.account_id"
} #END freebsd portion
 
#Main Program:
 
detect_os
 
if [ "$OS" = "Linux" ]; then
 linux_run
else
 freebsd_run
fi
echo "Done..."

Enabling Signature in Horde Webmail

Easy Steps to enable Signature in Horde Webmail:

1. Login to Horde webmail
2. On left side menu >> Options >> Mail
3. Inside General Options click Personal Information
4. You can add the signature there.

Plesk password decrypt - Plesk password hack - from MySQL database.

How to get Plesk password from MySQL database. Plesk Password decrypt or hack the Plesk password.

1. Getting all the domain account information from Plesk
------------------------------------------------------------------------

mysql -uadmin -p`cat /etc/psa/.psa.shadow` -D psa -e "select
login,password,home from sys_users INNER JOIN accounts on
accounts.id=sys_users.account_id;"

2. Get client login details from Plesk.
-----------------------------------------------

mysql -uadmin -p`cat /etc/psa/.psa.shadow` -D psa -e "select
login,password from clients INNER JOIN accounts on
accounts.id=clients.account_id;"

3. Getting all mail account login information
--------------------------------------------------------

mysql -uadmin -p`cat /etc/psa/.psa.shadow` -D psa -e "SELECT
CONCAT_WS('@',mail.mail_name,domains.name) as email ,accounts.password
FROM domains,mail,accounts WHERE domains.id=mail.dom_id AND
accounts.id=mail.account_id ORDER BY domains.name ASC,mail.mail_name ASC;"

4. Creating/deleting/updating mail accounts using command line
---------------------------------------------------------------------------------

create mail account

/usr/local/psa/bin/mail -c USER@DOMAIN.COM -passwd PASSWORD -mailbox
true -cp-access true

update mail account

/usr/local/psa/bin/mail -u USER@DOMAIN.COM -passwd NEWPASS

remove mail account

/usr/local/psa/bin/mail --remove USER@DOMAIN.COM

5. Mailing list management
----------------------------------

creating mailing list

/usr/local/psa/bin/maillist --create MYLIST -domain DOMAIN.COM
-passwd_type plain -passwd PASS -notify false -email LISTADMIN@DOMAIN.COM

Adding/removing members to the mailing list.

/usr/local/psa/bin/maillist -u MYLIST -domain DOMAIN.COM -members
add:NEW@DOMAIN.COM

/usr/local/psa/bin/maillist -u MYLIST -domain DOMAIN.COM -members
del:NEW@DOMAIN.COM

Getting list members

/usr/local/psa/bin/maillist -i MYLIST -domain DOMAIN.COM

Removing list

/usr/local/psa/bin/maillist -r MYLIST -domain DOMAIN.COM

6. Managing databases.
------------------------------

create database

/usr/local/psa/bin/database --create DBNAME -domain DOMAIN.COM -server
localhost:3306 -add_user DBUSER -passwd PASS

remove database

/usr/local/psa/bin/database -r DBNAME

allow_url_include -- Makes the remote url's active

How to access remote url's via PHP

When the website is throwing an error message without loading the contents which refers to the remote url's (in general news feeds), you need to enable the following PHP parameter.

============
allow_url_include
============

You can enable this PHP parameter by adding the following line in the php.ini file.

============
allow_url_include = On
============

You can also enable by adding the following line in the .htaccess file.

============
php_flag allow_url_include On
============

Sunday 27 November 2011

How to Reset Joomla Password

You can reset the Joomla password by executing this command in MySQL.

=============

update jos_users set password=MD5("testpass") where username="testuser";

=============

Have a Nice Day :)

Saturday 26 November 2011

mod_security disable - how to disable mod_security for a user.

I found information about an optional Apache module called mod_security. This is a very nice module that acts as an Apache firewall – it blocks a lot of the usual routes that people use to hack websites. In particular it scans POST requests (sent when you ‘save’ something on a website’), and displays a 406 error for anything controversial.

The solution was very simple. The following lines were added to the .htaccess file to disable mod_security:

<ifmodule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

In case if this didn't work, then create a conf file and disable mod_security for the domain. Follow the steps below



You have to create a individual rule for that domain. You can see the conf via Apache.



-----------

 Include "/usr/local/apache/conf/userdata/*.conf" Include "/usr/local/apache/conf/userdata/*.owner-root" Include "/usr/local/apache/conf/userdata/std/*.conf" Include "/usr/local/apache/conf/userdata/std/*.owner-root" Include "/usr/local/apache/conf/userdata/std/2/*.conf" Include "/usr/local/apache/conf/userdata/std/2/*.owner-root"

-----------  



Now create a customized file to disable mod_security for that domain alone.



# cd /usr/local/apache/conf/userdata/std/2/ # mkdir USERNAME (e.g domain name is google.com and the username is goog then create a directory as goog)



# cd goog/ # mkdir google.com # cd google.com # touch mod_security2.conf # vi mod_security2.conf   Now, add these lines in that file



<ifmodule mod_security2.c>
SecRuleEngine Off
</IfModule>

save and exit

Then restart apache
/etc/init.d/httpd restart

mod_security - how to compile mod_security in Apache 1.3 or 2.x

How to compile Apache with mod_security.

First we will download and unzip mod_security.

-----command-----
wget http://www.modsecurity.org/download/modsecurity-apache_1.9.4.tar.gz
tar -zxf modsecurity-apache_1.9.4.tar.gz
-----command-----

If you are using Apache 1.3.x you need to go into the apache1 directory as shown below.

-----command-----
cd modsecurity-apache_1.9.4/apache1
-----command-----

If you are using Apache 2.x you need to go into the apache 2 directory as shown below. Plesk uses apache 2.x and may require the httpd-devel rpm to be installed to get mod_security working.
-----command-----
cd modsecurity_1.9.4/apache2
-----command-----

Next compile mod_security at a module. One of the lines below should work to compile it.
-----command-----
/etc/httpd/bin/apxs -cia mod_security.c
-----command-----

If you get a file not found install httpd-devel using up2date then try to compile it again. This will work fine on Plesk and the newer versions of Ensim that do not use "ensimized" httpd rpms. If you are running below Ensim 4.0 you should not continue unless you are certain of what you are doing.
-----command-----
up2date -i httpd-devel
/usr/sbin/apxs -cia mod_security.c
-----command-----

Make a backup of your httpd.conf before touching anything so you have something to go back to if it does not work.
-----command-----
cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf-mod_sec
-----command-----

Now edit the httpd.conf , even though Ensim has multiple httpd.conf files you can put it in the primary config.
-----command-----
pico -w /etc/httpd/conf/httpd.conf
-----command-----

If you are running Apache 1.3.x
Scroll down below the following line: AddModule mod_security.c

If you do not have the addmodule line find where the rest of them are located and put it right below the others.

If you are running Apache 2.x
Scroll down below the following line at which point you can continue on and paste the rule-set.
LoadModule security_module modules/mod_security.so

Now you are going to paste in this ruleset. Please feel free to modify it as you see fit. I think that it is a very non-agreesive ruleset that will work fine on just about any server. Please post any problems you have with it below!

----Ruleset----

# Turn the filtering engine On or Off
SecFilterEngine On

# Change Server: string
SecServerSignature "Apache"

# This setting should be set to On only if the Web site is
# using the Unicode encoding. Otherwise it may interfere with
# the normal Web site operation.
SecFilterCheckUnicodeEncoding Off

# The audit engine works independently and
# can be turned On of Off on the per-server or
# on the per-directory basis. "On" will log everything,
# "DynamicOrRelevant" will log dynamic requests or violations,
# and "RelevantOnly" will only log policy violations
SecAuditEngine RelevantOnly

# The name of the audit log file
SecAuditLog logs/audit_log

# Should mod_security inspect POST payloads
SecFilterScanPOST On

# Action to take by default
SecFilterDefaultAction "deny,log,status:403"

## ## ## ## ## ## ## ## ## ##
## ## ## ## ## ## ## ## ## ##
# Require HTTP_USER_AGENT and HTTP_HOST in all requests
# SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
# Require Content-Length to be provided with
# every POST request
SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"

# Don't accept transfer encodings we know we don't handle
# (and you don't need it anyway)
SecFilterSelective HTTP_Transfer-Encoding "!^$"

# Protecting from XSS attacks through the PHP session cookie
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
SecFilter "viewtopic\.php\?" chain
SecFilter "chr$([0-9]{1,3})$" "deny,log"

# Block various methods of downloading files to a server
SecFilterSelective THE_REQUEST "wget "
SecFilterSelective THE_REQUEST "lynx "
SecFilterSelective THE_REQUEST "scp "
SecFilterSelective THE_REQUEST "ftp "
SecFilterSelective THE_REQUEST "cvs "
SecFilterSelective THE_REQUEST "rcp "
SecFilterSelective THE_REQUEST "curl "
SecFilterSelective THE_REQUEST "telnet "
SecFilterSelective THE_REQUEST "ssh "
SecFilterSelective THE_REQUEST "echo "
SecFilterSelective THE_REQUEST "links -dump "
SecFilterSelective THE_REQUEST "links -dump-charset "
SecFilterSelective THE_REQUEST "links -dump-width "
SecFilterSelective THE_REQUEST "links http:// "
SecFilterSelective THE_REQUEST "links ftp:// "
SecFilterSelective THE_REQUEST "links -source "
SecFilterSelective THE_REQUEST "mkdir "
SecFilterSelective THE_REQUEST "cd /tmp "
SecFilterSelective THE_REQUEST "cd /var/tmp "
SecFilterSelective THE_REQUEST "cd /etc/httpd/proxy "
SecFilterSelective THE_REQUEST "/config.php?v=1&DIR "
SecFilterSelective THE_REQUEST "&highlight=%2527%252E "
SecFilterSelective THE_REQUEST "changedir=%2Ftmp%2F.php "
SecFilterSelective THE_REQUEST "arta\.zip "
SecFilterSelective THE_REQUEST "cmd=cd\x20/var "
SecFilterSelective THE_REQUEST "HCL_path=http "
SecFilterSelective THE_REQUEST "clamav-partial "
SecFilterSelective THE_REQUEST "vi\.recover "
SecFilterSelective THE_REQUEST "netenberg "
SecFilterSelective THE_REQUEST "psybnc "
SecFilterSelective THE_REQUEST "fantastico_de_luxe "

SecFilter "bcc:"
SecFilter "bcc\x3a"
SecFilter "cc:"
SecFilter "cc\x3a"
SecFilter "bcc:|Bcc:|BCC:" chain
SecFilter "[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,4}\,\x20[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,4}"
SecFilterSelective POST_PAYLOAD "Bcc:"
SecFilterSelective POST_PAYLOAD "Bcc:\x20"
SecFilterSelective POST_PAYLOAD "cc:"
SecFilterSelective POST_PAYLOAD "cc:\x20"
SecFilterSelective POST_PAYLOAD "bcc:"
SecFilterSelective POST_PAYLOAD "bcc:\x20"
SecFilterSelective POST_PAYLOAD "bcc: "
SecFilterSelective THE_REQUEST "Bcc:"
SecFilterSelective THE_REQUEST "Bcc:\x20"
SecFilterSelective THE_REQUEST "cc:"
SecFilterSelective THE_REQUEST "cc:\x20"
SecFilterSelective THE_REQUEST "bcc:"
SecFilterSelective THE_REQUEST "bcc:\x20"
SecFilterSelective THE_REQUEST "bcc: "

# WEB-PHP phpbb quick-reply.php arbitrary command attempt
SecFilterSelective THE_REQUEST "/quick-reply\.php" chain
SecFilter "phpbb_root_path="

---/Ruleset---

Now simply restart apache to enable mod_security.

-----command-----
service httpd restart
-----command-----

If sites start to have problems look at error log.
/etc/httpd/logs/audit_log
If you need or want to remove mod_security at any time simply comment out (put a # in front of) the AddModule mod_security.c line and restart apache. This will disable all of the rules and not allow it to load into apache.

Ok mod_security is all setup. I would tail the audit log occasionally to see if it is causing any trouble with legit traffic. The ruleset above should not cause many problems though. Thanks to all that have helped with the rules for this especially ryan at rfxnetworks and err0r. I have also adapted some rules from suggestions on the netberg forums by HostMerit.

Check your site with temporaty DNS method

1. Using temporary URL.

-----------
http://111.118.173.210/~buy13340
-----------

But checking sites using this method has some limitations. Often sites won't be
displayed properly & sometimes database connection won't be established.

2. Using temporary DNS

We recommend this method as it is the best way to check your sites.

To check whether your sites will load fine from the new server, you can follow
the below mentioned steps.

Basically, you need to add following line in a file named "hosts".

===========================
111.118.173.210 buynsave.com.au www.buynsave.com.au
===========================

Here 111.118.173.210 is the IP address of the new server .

This file is located in different places in different operating systems.

1. In Linux/UNIX
================

/etc/hosts

2. In Windows
=============

C:WINDOWSsystem32driversetchosts

3. In MAC
==========

/private/etc/hosts

After doing this, please load the site 'http://buynsave.com.au' in your browser
and check whether it is loading fine or not. After setting the temporary DNS,
to confirm whether site is loading indeed from the new server and not from your
old server where it is hosted now, just ping the domain from your local PC. If
it is pinging to 111.118.173.210 , then the site is loading from our server
itself. You can repeat the same procedure for all your domains.

If everything is fine, please contact your domain registrar to register your
domains with the following nameservers at a convenient time.

================
nsdal01.crucial.com.au - 67.208.112.62
nssyd01.crucial.com.au - 203.98.84.18
nssyd02.crucial.com.au - 182.160.129.2
================

Please access the new server WHM using the following URL:

-------
https://111.118.173.210:2083/
-------

The login details are the same as in the old server.

Configuring Thunderbird Email Client

Thunderbird Configuration Steps:

1. To set up a new e-mail account with Thunderbird, click Tools, Account Settings... (or Edit, Account Settings... if you are using Linux)

2. Click Add Account...

3. Select E-mail account as account type and click Next.

4. Enter the name to be displayed in your return address as well as your e-mail address into the relevant fields and click Next.

5. Select POP as your incoming mail server and enter mail.domainname.com into the mail server field. Click Next.

6. Enter your user name for the incoming mail server and click Next.

7. Enter a name for your new e-mail account and click Next.

8. Double-check your entries and click Finish.

9. Please make sure that the server mail.domainname.com has been entered as the outgoing mail server.

LVM - How to configure LVM in the server

LVM

Formatting the new Disk
Suppose the Disk is /dev/sdb, the second scsi disk,
fdisk /dev/sdb

create as many partitions as you need using command n

Label them with command t as 8e for making it Linux LVM

Write and Exit with the command w.

Format the partitions you require using mkfs command
mkfs -t ext3 -c /dev/sdb1

LVM commands
pvcreate /dev/sdb1

vgextend VolGroup00 /dev/sdb1

lvextend -L 15G /dev/VolGroup00/LogVol01 ;for extending LogVol to 15GB

lvextend -L+1G /dev/VolGroup00/LogVol01 ;for adding one more GB to Logical Volume LogVol01

ext2online /dev/VolGroup00/LogVol01 ;for resizing the Logical Volumes

Thats it finished

Extra Instructions
Creating Physical Volumes for LVM
Since LVM requires entire Physical Volumes to be assigned to Volume Groups, you must have a few empty partitions ready to be used by LVM. Install the OS on a few partitions and leave a bit of empty space. Use fdisk under Linux to create a number of empty partitions of equal size. You must mark them with fdisk as type 0xFE. We created five 256MB partitions, /dev/hda5 through /dev/hda9.

Registering Physical Volumes
The first thing necessary to get LVM running is to register the physical volumes with LVM. This is done with the pvcreate command. Simply run pvcreate /dev/hdxx for each hdxx device you created above. In our example, we ran pvcreate /dev/hda5 and so on.

Creating a Volume Group
Next, create a Volume Group. You can set certain parameters with this command, like physical extent size, but the defaults are probably fine. We'll call the new Volume Group vg01. Just type vgcreate vg01 /dev/hda5.
When this is done, take a look at the Volume Group with the vgdisplay command. Type vgdisplay -v vg01. Note that you can create up to 256 LVs, can add up to 256 PVs, and each LV can be up to 255.99GBs! More important, note the Free PE line. This tells you how many Physical Extents we have to work with when creating LVs. For a 256MB disk, this reads 63 because there is an unused remainder smaller than the 4MB PE size.

Creating a Logical Volume
Next, let's create a Logical Volume called lv01 in VG vg01. Again, there are some settings that may be changed when creating an LV, but the defaults work fine. The important choice to make is how many Logical Extents to allocate to this LV. We'll start with 4 for a total size of 16MB. Just type lvcreate -l4 -nlv01 vg01. You may also specify the size in MBs by using -L instead of -l, and LVM will round off the result to the nearest multiple of the LE size.
Take a look at your LV with the lvdisplay command by typing lvdisplay -v /dev/vg01/lv01. You can ignore the page of Logical extents for now, and page up to see the more interesting data.

Adding a disk to the Volume Group
Next, we'll add /dev/hda6 to the Volume Group. Just type vgextend vg01 /dev/hda6 and you're done! You can check this out by using vgdisplay -v vg01. Note that there are now a lot more PEs available!

Moving Creating a striped Logical Volume
Note that LVM created your whole Logical Volume on one Physical Volume within the Volume Group. You can also stripe an LV across two Physical Volumes with the -i flag in lvcreate. We'll create a new LV, lv02, striped across hda5 and hda6. Type lvcreate -l4 -nlv02 -i2 vg01 /dev/hda5 /dev/hda6. Specifying the PV on the command line tells LVM which PEs to use, while the -i2 command tells it to stripe it across the two.
You now have an LV striped across two PVs!

Moving data within a Volume Group
Up to now, PEs and LEs were pretty much interchangable. They are the same size and are mapped automatically by LVM. This does not have to be the case, though. In fact, you can move an entire LV from one PV to another, even while the disk is mounted and in use! This will impact your performance, but it can prove useful.
Let's move lv01 to hda6 from hda5. Type pvmove -n/dev/vg01/lv01 /dev/hda5 /dev/hda6. This will move all LEs used by lv01 mapped to PEs on /dev/hda5 to new PEs on /dev/hda6. Effectively, this migrates data from hda5 to hda6. It takes a while, but when it's done, take a look with lvdisplay -v /dev/vg01/lv01 and notice that it now resides entirely on /dev/hda6!

Removing a Logical Volume from a Volume Group
Let's say we no longer need lv02. We can remove it and place its PEs back in the empty pool for the Volume Group. First, unmounting its filesystem. Next, deactivate it with lvchange -a n /dev/vg01/lv02. Finally, delete it by typing lvremove /dev/vg01/lv02. Look at the Volume Group and notice that the PEs are now unused.

Removing a disk from the Volume Group
You can also remove a disk from a volume group. We aren't using hda5 anymore, so we can remove it from the Volume Group. Just type vgreduce vg01 /dev/hda5 and it's gone!

>>> On Ubuntu Intrepid 8.10 you need to use resize2fs to resize the lvm.

>>> resize2fs /dev/VolGroupXX/LogVolXX"

Uploading Files using Dreamweaver

You can upload the files through FTP using your Dreamweaver.

---
1. Open Dreamweaver CS5. Click on Site and choose New Site.
2. For site name, enter a phrase that describes your site.
3. Click Servers from the left hand side.
4. Click the + button to add a server.
5. Enter a server name
6. Connect using FTP Then enter your FTP Host which is your domain name (example: mysite.com) or the IP address of your server.
7. Host or Root Directory should be public_html if this is your main site.
8. Enter your login name and password.(FTP Login credentials)
9. Click more options.
10. Click use passive FTP.
11. Save this information and try to connect.

Post fix Hardening - configure postfix with anti spam blacklisting.

Postfix is free and powerful MTA. You can easily configure Postfix to block spam. You need to add
following directives to /etc/postfix/main.cf file:

=> disable_vrfy_command = yes : Disable the SMTP VRFY command. This stops some techniques used to harvest email addresses.

=> smtpd_delay_reject = yes
It allows Postfix to log recipient address information when rejecting a client name/address or sender address, so that it is possible to find out whose mail is being rejected.

=> smtpd_helo_required = yes
Require that a remote SMTP client introduces itself at the beginning of an SMTP session with the HELO or EHLO command. Many spam bot ignores HELO/EHLO command and you save yourself from spam. Following lines further restrictions on HELO command:
smtpd_helo_restrictions = permit_mynetworks,
reject_non_fqdn_hostname, Reject email if remote hostname is not in fully-qualified domain form. Usually bots sending email don't have FQDN names. reject_invalid_hostname, Reject all bots sending email from computers connected via DSL/ADSL computers. They don't have valid internet hostname.
permit

You can put the following access restrictions that the Postfix SMTP server applies in the context of the RCPT TO command.
=> smtpd_recipient_restrictions =
reject_invalid_hostname, - Reject email if it not valid hostname
reject_non_fqdn_hostname, - Reject email if it not valid FQDN
reject_non_fqdn_sender, - Reject the request when the MAIL FROM address is not in fully-qualified domain form. For example email send from xyz or abc is rejected.
reject_non_fqdn_recipient, - Reject the request when the RCPT TO address is not in fully-qualified domain form
reject_unknown_sender_domain, - Reject email, if sender domain does not exists
reject_unknown_recipient_domain, Reject email, if recipient domain does not exists
permit_mynetworks,
reject_rbl_client list.dsbl.org, Configure spam black lists
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
permit

Open /etc/postfix/main.cf file :
# vi /etc/postfix/main.cf

Set/modify configuration as follows

disable_vrfy_command = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
reject_non_fqdn_hostname,
reject_invalid_hostname,
permit
smtpd_recipient_restrictions =
permit_sasl_authenticated,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
permit
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20

Save and close the file. Restart postfix:
# /etc/init.d/postfix restart

Watch out maillog file. Now you should see lots of spam email blocked by above configuration directive:
# tail -f /var/log/maillog
Output:

Jan 9 06:07:22 server postfix/smtpd[10308]: NOQUEUE: reject: RCPT from 183-12-81.ip.adsl.hu[81.183.12.81]: 554 Service unavailable; Client host [81.183.12.81] blocked using dul.dnsbl.sorbs.net; Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?81.183.12.81; from= to= proto=ESMTP helo=<183-12-230.ip.adsl.hu>
Jan 9 06:07:23 server postfix/smtpd[10308]: lost connection after RCPT from 183-12-81.ip.adsl.hu[81.183.12.81]
Jan 9 06:07:23 server postfix/smtpd[10308]: disconnect from 183-12-81.ip.adsl.hu[81.183.12.81]
Jan 9 06:10:43 server postfix/anvil[10310]: statistics: max connection rate 1/60s for (smtp:81.183.12.81) at Jan 9 06:07:17
Jan 9 06:10:43 server postfix/anvil[10310]: statistics: max connection count 1 for (smtp:81.183.12.81) at Jan 9 06:07:17
Jan 9 06:10:43 server postfix/anvil[10310]: statistics: max cache size 1 at Jan 9 06:07:17
Jan 9 06:16:58 server postfix/smtpd[10358]: warning: 81.92.197.249: address not listed for hostname unassigned.or.unconfigured.reverse.nfsi-telecom.net
Jan 9 06:16:58 server postfix/smtpd[10358]: connect from unknown[81.92.197.249]
Jan 9 06:17:00 server postfix/smtpd[10358]: NOQUEUE: reject: RCPT from unknown[81.92.197.249]: 550 : Recipient address rejected: User unknown in virtual alias table; from=<> to= proto=ESMTP helo=
Jan 9 06:17:00 server postfix/smtpd[10358]: disconnect from unknown[81.92.197.249]

VPS inode value increase - How to increase Inode value in VPS

In many VPS containers we can see that the disk space will be 90% free but still you will get a error message disk quota exceeded. This issue happens mostly in VPS servers.

root@server [~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 263G 212G 38G 86% /
/dev/sda1 433M 31M 380M 8% /boot
/dev/hda1 1.4T 645G 662G 50% /backup

The reason is simple your Inode value may have increased and it could have reached 100%.

root@s456 [~]# df -i
Filesystem Inodes IUsed IFree IUse% Mounted on
/dev/sda3 1008256 1008256 1008256 100% /
/dev/sda1 114688 52 114636 10% /boot
/dev/hda1 183156736 18873262 164283474 11% /backup

In this case you have to increase the Inode value from your main hardware node. Kindly follow steps below.

To check the quota available in the main hardware node.
#/var/vzquota/quota.vpsid
diskinodes

Here 101 is the VPS container number.
#/etc/sysconfig/vz
#etc/sysconfig/vz-scripts/101.conf
#vzctl exec 101 df

This is the command to increase the Inode value. You can the binary value to any particular value.
#vzctl set 101 --diskspace 1000000:1100000 --save
(or)
#vzctl set 101 --diskinodes 90000:91000 --save

To verify the stat of VPS container 101
#vzquota stat 101 –t

Horde mail issue

If you cannot login to Horde of any mail account of the domain with right password and username, then please check the following:

=====
1. Check the domain entry(domain.com) in the file "/etc/userdomains".
2. If the domain entry(domain.com) is missing manually add the domain in this file.
3. Now try logging in to the Horde of the mail account and this will work.
=====

We have another problem now we can access Horde but if we send any mail, we will get the following error.

=====
Error
=====

+++++++++++++++++++++++++++++++++++++++++++++
There was an error sending your message: Failed to add recipient: user@domain.com [SMTP: Invalid response code received from server (code: 451, response: Temporary local problem - please try later)]
+++++++++++++++++++++++++++++++++++++++++++++

This is due to the missing domain entry in the file "/etc/localdomains". Add the domain entry(domain.com) in the file "/etc/localdomains" and then try sending mail. It will work.

The issue is fixed.

Have a nice day :)

RDP logs

You can set the audit policy as follows.

=====
1. "Start -> Run".
2. Type 'gpedit.msc' (without the quotes).
3. Navigate to "Local Computer Policy -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit Policies -> Audit logon events".
4. Highlight and right-click and select properties.
5. Configure as desired.
=====

Note: Logging in without a password counts as a "failure". This results in the security log filling up very fast if you log failures and have a user without a password. The result is you cannot login normally. Also note, not having a password is a potential and probable security risk.

The event log can be viewed by going to
-----
1. "Start -> Control Panel -> Performance and Maintenance -> Administrative Tools".
2. Click on "Event Viewer".
3. Look in the Event Log (Security) for a Logon/Logoff Event 528. It should have a Logon Type 10.
-----

R1soft Error : "not enough data in sum file to read BlockSum"

CDP returns error when creating backup of a server:

Error:

--------------------------------------------
not enough data in sum file to read BlockSum.
--------------------------------------------

Cause:

This error generally means the file system or volume has been resized.

Resolution:

You will have to create a new Disk Safe.

Steps to create new disk safe:
------------------------------

1. CDP Server -> Hosts -> [ipaddressofhost added].
2. Click 'Disk safes' on the menu.
3. Select 'New Disk safe' in the right corner of the page.
4. We will get 'Continue starting new Disk Safe for 10.5.1.124?'. Give 'continue' and create the 'new disk safe'. (Leave all default)

Then initiate the backup again. This will fix the issue :)

Have a nice day :)

Steps to reset the wordpress admin login in database

Login to the server and get into the "public_html" folder of the server.
Then execute the following commands :

> vi wp-config.php

See what is the database used by the wordpress and quit that ":q!".

> mysql
> use "database"; ( database = name of the database )
> show tables;
> desc wp_users;
> select ID,user_login,user_pass from wp_users;

For changing the username :

> update wp_users set user_login='username' where ID=1;

For changing the Password :

> update wp_users set user_pass=md5('password') where user_login='username'

Have a nice day :)

Sending mail via telnet

We can send mail via telnet using the following steps.

1. Telnet to hostname on port 25.
   220 (then identifies itself - possibly with several lines of 220 + text)

2. HELO your_domain_name or whatever
   250 (followed by human readable message)

3. MAIL FROM:you@hostname.com (ie, your email address)
   250 is syntactically correct (or similar)

4. RCPT TO:them@someplace_else.com (email address you want to send to)
   250 is syntactically correct

5. DATA
   Tells you to send data then CRLF period CRLF at end

6. You type your message then CRLF period CRLF (ie, type a period on a line by itself then hit ENTER)
   250

7. QUIT
   Signoff message

Have a nice day :)

Opening a port in Windows Firewall

How to open a port in Windows Firewall?

1. Click start button
2. Click control panel
3. Type 'Firewall' in the search tab
4. Click "windows firewall"
5. In left Panel click "Advance Settings" (If you're prompted for an administrator password or confirmation, type the password or provide confirmation.)
6. "Windows Firewall with Advanced Security" dialog box will pop out
7. In the left panel you can see "Inbound rules" and "Outbound rules"
8. Right Click on the link "Inbound rules" and then click "New Rules"
9. Then follow the 5 steps which it ask to complete the setting
        * Rule type > Port
        * Protocol and ports > Specify local ports (give the port number)
        * Action > Select based on your requirement
        * Profile > Select Domain/Private/Public (Based on requirement)
        * Name > Give a Name and Description(optional)
10. Click Finish

Have a happy day ahead :)

Error while sending mail using PHP scripts

Problem: Got the following error while sending mail using php scripts.

--------------------------------------------------------------------------------
T=remote_smtp defer (-1): smtp transport process returned non-zero status 0x000b:
terminated by signal 11
--------------------------------------------------------------------------------

Then you can fix the issue by editing your /etc/exim.conf, and changing the following code:

----------------------
remote_smtp:
driver = smtp
----------------------

To be,

----------------------
remote_smtp:
driver = smtp
hosts_avoid_tls=*
----------------------

Save exim.conf and restart exim.

If Exim is built with TLS support, and TLS is advertised by a server, the smtp transport always tries to start a TLS session. However, this can be prevented by setting hosts_avoid_tls (an option of the transport) to a list of server hosts for which TLS should not be used.

That's all.. :)

Debian 5 apt-get issue

We may get the following error when we install/upgrade any packages through "apt-get" in Debian 5.

======
Error:
======
.
.
.
dpkg: error processing linux-image-2.6.26-2-amd64 (--configure):
subprocess post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of linux-image-2.6-amd64:
linux-image-2.6-amd64 depends on linux-image-2.6.26-2-amd64; however:
Package linux-image-2.6.26-2-amd64 is not configured yet.
dpkg: error processing linux-image-2.6-amd64 (--configure):
dependency problems - leaving unconfigured
Errors were encountered while processing:
linux-image-2.6.26-1-amd64
linux-image-2.6.26-2-amd64
linux-image-2.6-amd64
E: Sub-process /usr/bin/dpkg returned an error code (1)
============================================================

This error is due to the reason that the following packages will not be successfully installed/removed.

======
linux-image-2.6.26-1-amd64
linux-image-2.6.26-2-amd64
linux-image-2.6-amd64
======

We can fix this issue by removing the packages using "apt-get" as follows:

=====
# apt-get remove linux-image-*
=====

Thus the issue is fixed and we wont get the above error in 'apt-get'.

Have a nice day :)

Query to Restore a database from backup in MSSQL

Hello friends,

I had an issue in restoring a database from backup in MSSQL. Finally after a long struggle i fixed the issue by executing the following query.

----------
Use Master

Alter Database databasename
SET SINGLE_USER With ROLLBACK IMMEDIATE

RESTORE DATABASE databasename
FROM DISK = 'backup location'
WITH REPLACE;

Alter database databasename
SET MULTI_USER;
-----------

If you have any similar issue, try this.

Thank you.

Regards,
Nivas.B.

Friday 25 November 2011

Updating ionCube PHP loader to the latest version on cPanel

You can know the current version of the ionCube PHP loader by executing the following command.

=========
php-v
=========

You can get the latest version of ionCube PHP loader in the following url:

=========
http://www.ioncube.com/loaders.php
=========

You can know your OS platform version by executing the following command.

=========
uname -i
=========

The following commands can be executed in 32 bit OS for updating ionCube PHP loader.

=========
cd /usr/local/src

wget http://downloads2.ioncube.com/loader_downloads /iocube_loaders_lin_x.86.tar.gz

tar -xvzf iocube_loaders_lin_x.86.tar.gz

mv /usr/local/Ioncube /usr/local/Ioncube_old

cp -r /usr/local/src/ioncube /usr/local/Ioncube

service httpd restart or you can use "/etc/init.d/httpd restart"

Thursday 24 November 2011

Unable to remove add-on domain from cPanel - Error from Park wrapper: Sorry, you do not control the domain

When you receive the error "Error from park wrapper: Sorry, you do not control the domain" while removing the add-on domain, follow the steps below.

1. Remove the entries for the domain from the following files.
====================
/var/cpanel/users/username
Run Script -- /scripts/updateuserdomains
/var/named/domain.db
/etc/named.conf
/usr/local/apache/conf/httpd.conf
/etc/localdomains
/etc/userdomains
/etc/trueuserdomains
/etc/trueuserowners
/etc/valiases/domain.com
/etc/vdomainaliases/domain.com
/etc/vfilters/domain.com
/var/cpanel/userdata/username - Remove the parked domain folders
====================

2. Set Always use authoritative (registered) nameservers when creating a new DNS zone to off in WHM >> Main >> Server Configuration >> Tweak Settings 3. Removed the parked domain. 4. Set Always use authoritative (registered) nameservers when creating a new DNS zone back to on in WHM >> Main >> Server Configuration >> Tweak Settings Execute the following commands on the server:

====================
/scripts/checkperlmodules --full --force
/etc/init.d/cpanel restart
/scripts/upcp
====================

Working of Nagios - Basic

* Nagios gives the detailed information about the services running in the server. For example, Number of

processes, Number of Users, Disk capacity, etc. These Services are configured by us.

* We have setup Nagios to show the Unknown, Critical and warning errors of various services.

* The Errors are shown based on the Configuration in the Nagios Set up file.

* In the event of a failure of any services, Nagios can alert us the problem, allowing us to begin remediation processes before outages affect our business processes, end-users, or customers.

To Check the Nagios file,

1) SSH to the server.

2) The Nagios Set up file will be located in the following path in all the servers /usr/local/nagios/etc/nrpe.cfg

vi /usr/local/nagios/etc/nrpe.cfg

3) The Various Services that are configured using Nagios are available in this nrpe.cfg file. It also contains location of the coding files of various services.

The Snippet below is an example:

================================================

command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10

command[check_load]=/usr/local/nagios/libexec/check_load -w 2,4,8 -c 4,6,8

command[check_disk]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/sda

command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs -w 5 -c 10 -s Z

command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 380 -c 430

command[check_smart_sda]=/usr/local/nagios/libexec/check_ide_smart -d /dev/sda -n

command[check_smart_sdb]=/usr/local/nagios/libexec/check_ide_smart -d /dev/sdb -n

command[check_var]=/usr/local/nagios/libexec/check_disk -w 10% -c 5% -p /dev/sda2

command[check_tmp]=/usr/local/nagios/libexec/check_disk -w 10% -c 5% -p /dev/sda5

command[check_root]=/usr/local/nagios/libexec/check_disk -w 10% -c 5% -p /dev/sda1

=================================================

These are the example services that we have running on our Server. The location of the Script for that particular command is also given.

Note:

-w - indicate warnings when the given limit is reached

-c - indicate critical when the given limit is reached

Let us see the explanation for a command.

[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10

This command shows that Nagios will check for the number of Users on the Server.

If the number of users reaches 5 it will show warning.

If the number of users reaches 10 it will show critical.

The Command check_users will act based in the script available in /usr/local/nagios/libexec/check_users.

The script can be edited according to our requirment.

Steps to check the opened ports in IP tables

To view the ports that are already opened in the server, execute the following command.

netstat -plan |grep LISTEN

Steps to open a new port in IP tables

Before opening a port, you should be aware of why are you opening the port and what is the port being used for.

Save the existing IP tables.

root@server [~]# /etc/init.d/iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]

To open a port, execute the commands below.

iptables -A allowed -p tcp --dport portno -s IPaddress -j ACCEPT
iptables -A allowed -p udp --dport portno -s IPaddress -j ACCEPT

To allow all IP address,

iptables -A INPUT -i eth0 -p tcp -m tcp --dport portno -j ACCEPT

Check whether the Port is allowed.

root@server [~]# iptables -nL | grep :3306
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306

Check the domain propagation via temporary URL and DNS method

wget + ftp download syntax

You can download in any ways. I used ftp download
- Syntax: wget -r ftp://USERNAME:PASSWORD@IPADDRESS/.rvsitebuilder
- wget -r ftp://hemanth:qweqwe@1.1.1.1/.rvsitebuilder
- All the rvsitebuilder files will be downloaded.

Telnet to secured port or SSL port 465 or 933 or 995

How to check if the SSL port is working or not

openssl s_client -quiet -connect mail.thespirals.com:465
openssl s_client -quiet -connect mail.thespirals.com:993
openssl s_client -quiet -connect mail.thespirals.com:995

cPanel + exim + Forward outgoing mail to another mail

Do you want blind CC all incoming and outgoing emails from any domain to user@domain.com account? If that is the case, then I can tell you how to do it on a per domain basis:

1. To create a blind carbon copy, go to /etc/ and create a new file:

Code:
cp cpanel_exim_system_filter cpanel_exim_system_filter2
2. Add the following at the bottom of the new file (/etc/cpanel_exim_system_filter2):

Code:
if ("$h_to:, $h_cc:, $h_bcc" contains "domain.com")
then
unseen deliver "user@domain.com"
endif

if $sender_address: contains "domain.com"
then
unseen deliver "user@domain.com"
endif
Now, go to WHM > Exim Configuration Editor and change the system filter to the new path (/etc/cpanel_exim_system_filter2).

Above, please replace domain.com with the domain name you want to have all emails incoming and outgoing sent to the blind carbon copied address. Please ensure the receiving address for the incoming and outgoing emails is not on the same domain as those you are using for the forwarding, since you might end up creating some type of loop otherwise.

exim_tidyb

There is no mention of cleaning up the Exim db, not on the cPanel site or in any of their documentation. Most of you, like it did, will find lots and lots of junk e-mail messages sitting around in your Exim db that cannot be delivered to the recipient for some reason or another. The end result is a bunch of messages in the your exim_mainlog showing as RETRY, UNDELIVERABLE, SMTP TIMEOUT etc. But you can cleanup that junk by following the instructions below;

First you should execute the following commands from your command line, as root before you add the cron entries below. This cleans up your db now, and free's up the junk in your db's.

Copy and paste these commands, one line at a time, to the command line, then press enter. Watch the junk dissappear. You will see loads of junk being deleted. A good thing! If you cPanel installation is relativly new you will see a few messages being removed. If your cPanel installation is more mature you may see hundreds of messages being removed.

/usr/sbin/exim_tidydb -t 1d /var/spool/exim retry
/usr/sbin/exim_tidydb -t 1d /var/spool/exim reject
/usr/sbin/exim_tidydb -t 1d /var/spool/exim wait-remote_smtp

After you have cleaned up your db, place these commands in a cron, that runs at say 5:30am everyday. Thats a good time to do it since email usage is probably at the lowest. Find out what time email usage is at the lowest on your server and change it from 5:30am to whatever time you want. Execute once per day is fine.

The following cron entry removes all junk msgs if they are more than 1day old.

pico /etc/crontab and add these entries;

# Clean up the Exim retry database at the quietest time of day.
25 5 * * * root /usr/sbin/exim_tidydb -t 1d /var/spool/exim retry
30 5 * * * root /usr/sbin/exim_tidydb -t 1d /var/spool/exim reject
35 5 * * * root /usr/sbin/exim_tidydb -t 1d /var/spool/exim wait-remote_smtp

If you are running MailScanner place these entries in your crontab instead. Do not add these entries if you are not using MailScanner.

# Clean up the Exim retry database at the quietest time of day.
25 5 * * * root /usr/sbin/exim_tidydb -t 1d /var/spool/exim_incoming retry
30 5 * * * root /usr/sbin/exim_tidydb -t 1d /var/spool/exim_incoming reject
35 5 * * * root /usr/sbin/exim_tidydb -t 1d /var/spool/exim_incoming wait-remote_smtp

Report back with how much junk was deleted

Thats it!

qmail - how to detect spamming in qmail.

To get rid of spam on your Qmail mail server:

Make sure that all domains have the Mail to nonexistent user option set to Reject.This option is available since Parallels Plesk Panel 7.5.3 and can be changed for all the domains using group operations: select the domains, click Modify Selected, in the Preferences section select Switch on for the Mail to nonexistent user option and select the Reject value for it.

Make sure that there are no untrusted IP addresses or networks in the white list.To do this, go to Home > Mail Server Settings > White List tab. To remove untrusted IP addresses or networks, select them in the list and click Remove Selected.
Check how many messages there are in the Qmail queue with:

# /var/qmail/bin/qmail-qstat
messages in queue: 27645
messages in queue but not yet preprocessed: 82

If there are too many messages in the queue, try to find out where the spam is coming from. If the mail is being sent by an authorized user, but not from a PHP script, you can find out which user sent most of the messages with the following command:
# cat /usr/local/psa/var/log/maillog |grep -I smtp_auth |grep -I user |awk '{print $11}' |sort |uniq -c |sort -n

Note that the SMTP authorization option should be enabled on the server to see these records. The path to maillog may be different depending the OS you use.
Use the qmail-qread utility to read the messages headers

:# /var/qmail/bin/qmail-qread
18 Jul 2005 15:03:07 GMT #2996948 9073 bouncing
done remote user1@domain1.com
done remote user2@domain2.com
done remote user3@domain3.com

The qmail-qread utility shows messages’ senders and recipients. If a message has too many recipients, then it is most probably spam.
Try to find the message in the queue by it’s ID (for example, the message ID is #1234567)

:# find /var/qmail/queue/mess/ -name 1234567
Look into the message and find the first from the end Received line. It is where the message was initially sent from.

If you find something like:Received:
(qmail 19514 invoked by uid 12345); 10 Sep 2008 17:48:22 +0700
it means that this message was sent via a CGI script by user with UID 12345.

Use this UID to find a corresponding domain:

# grep 12345 /etc/passwd

Received lines like:Received: (qmail 19622 invoked from network); 10 Sep 2008 17:52:36 +0700
Received: from external_domain.com (192.168.0.1)
mean that the message was accepted for delivery via SMTP and the sender is an authorized mail user.

If Received line contains an UID of an apache user (for example invoked by uid 48), it means that the spam was sent via an PHP script. In this case you can try to find the spammer using information from the spam e-mails (from/to addresses, subjects, etc). But usually to find the spam source is very hard in this case. If you are sure that some script is sending spam at the current moment (the queue grows very fast), you can use this little script to find out what PHP scripts are running in real-time:

# lsof +r 1 -p `ps axww | grep httpd | grep -v grep | awk ‘ { if(!str) { str=$1 } else { str=str”,”$1}}END{print str}’` | grep vhosts | grep php

To try to find out from what folder the PHP script that sends mail was run, create /var/qmail/bin/sendmail-wrapper script with the following content:

#!/bin/sh
(echo X-Additional-Header: $PWD ;cat) | tee -a /var/tmp/mail.send|/var/qmail/bin/sendmail-qmail “$@”

Note, the paths can slightly differ depending on your OS and Parallels Plesk Panel version.

Create a log file /var/tmp/mail.send and grant it a+rw rights, make the wrapper executable, rename old sendmail and link it to the new wrapper:

# touch /var/tmp/mail.send
# chmod a+rw /var/tmp/mail.send
# chmod a+x /var/qmail/bin/sendmail-wrapper
# mv /var/qmail/bin/sendmail /var/qmail/bin/sendmail-qmail
# ln -s /var/qmail/bin/sendmail-wrapper /var/qmail/bin/sendmail
Wait for about an hour and revert sendmail back:
# rm -f /var/qmail/bin/sendmail
# ln -s /var/qmail/bin/sendmail-qmail /var/qmail/bin/sendmail

Examine the /var/tmp/mail.send file. There should be lines starting with X-Additional-Header pointing out to domains’ folders where the script that sends the mail is located.

You can see all the folders where mail PHP scripts were run from with the following command:

# grep X-Additional /var/tmp/mail.send | grep `cat /etc/psa/psa.conf | grep HTTPD_VHOSTS_D | sed -e ‘s/HTTPD_VHOSTS_D//’ `

Page

Monday 28 November 2011

Sunday 27 November 2011

Saturday 26 November 2011

Friday 25 November 2011

Thursday 24 November 2011