I have started using Windows again for the last few days, and its been a new experience for me, after get used to most of Mac wonderful features. One of thousands of the unique features is viewing PSD thumbnails right before you open the files.
Eventhough there might be some glitches to some system, its a good start for me to have a preview before opening the files. I have problem where some of the files preview didn’t appear. Its a good work though. Thanks!
This is the URL:
http://www.josh.biz/technical-notes/view-thumbnail-images-for-photoshop-psd-files-in-windows/
Purging in varnish.
0 Comments Published October 20th, 2011 in linux, monitoring, Open Source, performance, PHP.You might already know varnish. Its a so called website accelerator. It will sit in front of your web server as a reverse proxy, listening on port 80, handling static contents based on the configuration files, and pass all dynamic requests to the main web server behind it.
varnish will help alot to reduce request made to web server, for each static files such as images, css, javascript files, which can be handled by varnish through cache. Once you installed it, you will be grateful. The cache will be built up, and you can see significant reduction in number of request to your web server.
You might update your content, and you need the cached content to be reloaded. We call it “purge”. You might not want to restart varnish, as the whole cache database will be reloaded, and need to be built up again. You can just purge a specific content.
For this, you need your varnish to be able to handle purge request.
put these lines into your main varnish config file.
acl purgeable {
"localhost";
"
}
sub vcl_hit {
if (req.request == "PURGE") {
#set obj.ttl = 0s;
error 200 "Purged.";
}
}
sub vcl_miss {
if (req.request == "PURGE") {
#set obj.ttl = 0s;
error 404 "Not in cache.";
}
}
sub vcl_deliver {
if (obj.hits > 0) {
set resp.http.X-Cache = "HIT";
} else {
set resp.http.X-Cache = "MISS";
}
return (deliver);
}
The vcl_deliver part is just additional code for debugging, where it will add additional header in http response, to tell the content caching states, either HIT or MISS. You can verify with “Age: ” info as well, which tell how long it has been in cache.
For purging, Alain Kelder wrote an article, Exploring methods to purge varnish cache, using varnishadm, telnet and http request through telnet. Its quite good article, which gives you options to use which method, and a sample PHP code to make it easy to purge.
For my own notes,
#telnet localhost 80
Response:
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Request:
PURGE /path/file HTTP/1.0
Host: hostname.com
Thanks
http://giantdorks.org/alain/exploring-methods-to-purge-varnish-cache/
sync svnserv passwd and trac htaccess file.
0 Comments Published October 19th, 2011 in bash, linux, Open Source.I have problem configuring trac to read svnserv password. So, I wrote a script which will convert the plaintext password of svnserv to htaccess password for trac to read.
svnserv password format is as below
[users]
repoman = repomanpass
This is the script to convert the file format into a htaccess file.
#!/bin/bash
path=/path/to/trac
new_passwd_file=htpasswdnew
tmp_file=/tmp/commands
svnserv_pass_file=/home/svn/project1/conf/passwd
cd $path
sed -ne "s/\(.*[^ ]\) *\= *\([^ ].*\)/htpasswd -b $new_passwd_file \"\1\" \"\2\"/p" < $svnserv_pass_file > $tmp_file
sh $tmp_file
rm -rf $tmp_file
But, before you can start using the script, you need to create the password file using htpasswd tool, with -c argument.
htpasswd -c /path/to/trac/htpasswdnew repoman
Enter the password, and you’re done. Try running the code in your command line, and you will see, the password will be updated. If you have many users in svnserv password file, you just need to do this once, using any of the user that you have. All the other users will be added. You might want to run this script regularly to keep it updated. Remember, this is only one way convert, from plain-text svnserv file to htpasswd file (hashed).
The main tips to remain protected is to make sure all software you have are updated and always keep to the latest version. This is the main issue, patch management. It becomes a global problem for any IT department or organization, to maintain this versions to the latest.
For home user, you will find this tools is helpful enough to make sure your popular softwares are updated, and ninite will does this for you, automatically. With the tagline, “The Easiest, Fastest Way to Update or Install Software”, I guess you easily grab the idea. You can find it at ninite.com
cPanel log-viewer plugin
0 Comments Published May 12th, 2011 in linux, monitoring, Open Source, Security.I found this cool plugin for cPanel, which will provide additional feature for cPanel, for you to monitor certain log files located in /var/log/. However, this is just a very simple tool to view latest enrty in the log file, and to rotate those files individually.
Please refer to their official page at http://www.logview.org/. They also provided instructions to install it. Its pretty straight forward, just run these few commands, and you will see it installed in cPanel.
Login to your server as a root user
wget http://www.logview.org/logview-install
chmod +x logview-install
./logview-install
Wait for install complete message
rm -f logview-install
And I got it from here : http://www.saher-team.com/saher/showthread.php?t=517
Saher-team provided a good tips on how to alert you by email, on any occurrence of ssh login for certain user. It is simple, by utilizing .bashrc file which is there by default in bash environment.
Edit the .bashrc file in the intended user’s home directory to be monitored.
vim /root/.bashrc.
And add the following code after the last line of the file.
echo 'ALERT - Root Shell Access (YourserverName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" [email protected]
Afterwards, you will get an email for each login made to that particular user.
Original post : http://www.saher-team.com/saher/showthread.php?t=523
I met a new friend today, ELS (Easy Linux Security), which will help you in securing your linux host installation in certain aspect. These are the list of features of ELS, how it can help you. (Retrieved from their original page, http://servermonkeys.com/els.php)
Install RKHunter
Install RKHunter Cronjob which emails a user-set email address nightly
Install/update APF
Add SM/TP monitoring IPs (view information on these in Orbit)
Install/update BFD
Install CHKROOTKIT
Install CHKROOTKIT Cronjob which emails a user-set email address nightly
Disable Telnet
Force SSH Protocol 2
Secure /tmp
Secure /var/tmp
Secure /dev/shm
Install/update Zend Optimizer
Install/update eAccelerator
MySQL 4.0 and 4.1 Configuration Optimization (cPanel only)
Upgrade MySQL to 4.1 (cPanel only)
Tweak WHM Settings for security and stability
Configure RNDC if not already done (cPanel only)
Change SSH port (also configure APF as necessary)
Add wheel user and disable direct root login over SSH
Optimize MySQL tables
Install/update Libsafe
Install/update ImageMagick (from latest source)
Uninstall LAuS
Harden sysctl.conf
Install Chirpy's Free Exim Dictionary Attack ACL
And more!
Its pretty easy to install, just copy and paste this whole command, and you will have els installed in your machine.
wget --output-document=installer.sh http://servermonkeys.com/projects/els/installer.sh; chmod +x installer.sh; sh installer.sh
In my particular case, I use it to optimize mysql configuration in my server. Just run the command below, ELS will backup your mysql my.cnf configuration file, and create a new my.cnf file. Just restart mysql, and your mysql will be running with new my.cnf file.
els - optimizemysqlconf
Original post from : http://www.saher-team.com/saher/showthread.php?t=547
Found a webshell in your server account? It might not be the only one
0 Comments Published March 4th, 2011 in bash, monitoring, Open Source, PHP, plugins, Security.Have you ever encounter your site have been compromised, and you found some weird file being uploaded into your hosting account? Thats what the first thing the attacker would want to do on a web attack, to upload a webshell. Webshell is some kind of web-based backdoor, usually protected by a password, and allow the attacker to have control over your account, might be the whole system, if the system were configured wrongly.
Webshell usually being developed by hacker itself, and its equipped with a lot of useful tools (in hackers perspective), such as md5 cracker, file browser, initiate a listener, self-destruct function, php-mailer, and many more. Its usually being constructed in a single file, and usually encoded using base64 algorithm combined with some other algorithm for obfuscation.
The hacker will try to avoid detection, by using code obfuscation, and renaming the file name to a similar filename to your valid filenames, such as header.jpg.php. And ya, it’s a PHP file. How the file could be there in your account? Maybe you lost your password to them by malware with keylogger, and maybe by vulnerable apps in your site. So make sure, all your CMS and their respective plugins or components are updated to the latest version.
There is a wordpress plugin, called Exploit Scanner, which allow you to scan your wordpress installation for code injection on your filesystems and database. It’s a memory consuming process, but it may save your site. Do it regularly, and make sure you keep your plugin updated.
I also tried to find potential webshell using this command. And bear in mind, this is just a test search string to be applied here. You may have experience in webshell code, and know better keyword to search for these web-shells.
find . -type f -exec grep -l -E 'str_rot13|set_magic_quotes_runtime\(0\)|milw0rm' {} \; -print
If you found 1 webshell in your hosting account, you might have more webshells planted in your account. Assuming the same hacker will upload the same webshell to different places, those files will have the same MD5 values. For that, I wrote a bash script to search files with specific MD5 value.
#!/bin/bash
MD5=`which md5`
MD5SUM=`which md5sum`
if [ -z $MD5SUM ]; then
MD5BINARY=`which md5`
else
MD5BINARY=`which md5sum`
fi
if [ -z $1 ]; then
echo "Usage : $0
exit 0
fi
echo "\n----------- FILES FOUND WITH the MD5 value -------------"
find ./ -type f | xargs $MD5BINARY 2>&1 /dev/null | grep $1
echo ""
And how about this, even better, RussW wrote a bash script, sploitFinder, which will search for files with certain pattern in your filesystem. He has laid out various keyword to search for, specific to searching web-shells. You should give it a try. And bear in mind, its a bash script. You can only use it if you have shell access to your account.
As for now, here are the tips to help you going. Those scripts are there, and it might help you with something else later on. Who knows 
lowest numbered MX record points to local host
0 Comments Published March 4th, 2011 in linux, spam fighting.I encountered a problem when exim could not receive email to a specific domain name, with an error message like below
2011-03-04 03:10:45 H=mail-gy0-f178.google.com [209.85.160.178] F=
A simple search lead me to a forum post on WebHostingTalk, exactly the same problem like mine. It appears there was a missing entry in
/etc/localdomains
A simple manual entry of mydomainname.com into the file fix the problem, the email delivered successfully. Here’s the log for the transaction.
2011-03-04 03:17:00 1PvE1D-0000fW-HD H=mail-gy0-f178.google.com [209.85.160.178] Warning: "SpamAssassin as localuser detected message as NOT spam (0.5)"
2011-03-04 03:17:00 1PvE1D-0000fW-HD <= [email protected] H=mail-gy0-f178.google.com [209.85.160.178] P=esmtps X=TLSv1:RC4-SHA:128 S=5365 id=AANLkTikkZEhcc2ZLXjMbXoBLVG_HGORQvW65+=[email protected]
2011-03-04 03:17:03 1PvE1D-0000fW-HD => [email protected]
2011-03-04 03:17:03 1PvE1D-0000fW-HD Completed
http://www.webhostingtalk.com/archive/index.php/t-114505.html
Unable to locate wp-content folder
1 Comment Published November 26th, 2010 in Open Source, PHP, plugins, themes, Wordpress.I had a few encounters with this problem. I’m thinking of placing it here. I always forget where I got the solutions. This happens when you want to install plugin or themes, or upgrading them. Given that you have the FTP credentials correct, there some glitch where you might encounter this problem.
One way, it to make sure you’re pointing wordpress to exact folder when handling uploaded documents. Please check it at Settings –> Media. You should have something default, as suggested by wordpress, which is wp-content/uploads. Most of the time, this will just fix the problem.
Another way, you could refer to this site, http://tecnologia.simpleyclaro.com.ar/solucion-a-los-problemas-ftp-en-wordpress-2-8/. Ya, I do not understand it too. But Hui Wang have made a new english version of it, here, where you have to add a few lines of codes in you wp-config.php file.
if(is_admin()) {
add_filter('filesystem_method', create_function('$a', 'return "direct";' ));
define( 'FS_CHMOD_DIR', 0751 );
}
Just add them at the bottom of the file (append). The cool thing is, it will enable you to install/upgrade plugin and themes without entering your ftp credentials.
Hope this would benefit others with similar problem as well. Adios..
