Add PHP to HTML files with .htacess

Jul, 1 -- Categories: Linux, Mac

For web servers using PHP as apache module:

AddType application/x-httpd-php .html .htm

For web servers running PHP as CGI:

AddHandler application/x-httpd-php .html .htm

In case you wish to do the ASP mimick:

For PHP as module:

AddType application/x-httpd-php .asp

OR

For PHP as CGI:

AddHandler application/x-httpd-php .asp

Use htaccess to “hide” word press admin stuff

Jun, 23 -- Categories: Linux

# BEGIN WordPress

RewriteEngine On
RewriteBase /

# replace ITSME with your own string
# and yourdomain.com with well….

# Is this a request for wp-login?
RewriteCond %{REQUEST_URI} ^/wp\-login\..*

# Check for the secret word
RewriteCond %{QUERY_STRING} .*ITSME=.*

# Set a cookie, so that all future requests will be auto-authenticated
RewriteRule ^.* /wp-admin/ [cookie=ITSME:true:.yourdomain.com:3600:/,R,L]

# Is this a request to the admin?
# comment out this line and you will be able to reach wp-login.php, but not anything in /wp-admin/ until you authenticate
RewriteCond %{REQUEST_URI} ^/wp\-login\..* [OR]
RewriteCond %{REQUEST_URI} ^/wp\-admin/.*
RewriteCond %{HTTP_COOKIE} !\bITSME\b

# Unathenticated, redirect to homepage with a disallowed indicator
RewriteRule ^.* /404.php [R,L]

log in using:
#http://www.yourdomain.com/wp-login.php?ITSME=true

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

see: http://www.mawhorter.net/web-development/securing-wordpress-a-passive-method-for-preventing-unauthorized-requests-to-wp-admin-and-wp-login-php for complete instructions.

Remove/Delete files based on mod date

Jun, 22 -- Categories: Linux

find /your/directory/here -mtime +90 -type f -exec rm -rf {} \;

This command will do a search in /var/log for all files that were last modified 90 or more days ago and executes a recursive forced (-rf) remove (rm).

The “{}” (curly braces) is the place holder for exec to use where it will put the name of the file, and the “\;” tells exec that’s the end of the statement. A a test replace the “rm -rf” with “ls -la” to get a list of all the files that would be removed.

But what if there is a directory you want to exclude from the search path?

find /your/directory/here -mtime +90 -type f ! -iwholename “*/Yo*” -exec rm -rf {} \;

In this case this I had a bunch of directories that were named Yo Bob, Yo Susie etc etc that needed to be skipped. That did it.

sftp for wordpress

Jun, 15 -- Categories: Linux

wget http://surfnet.dl.sourceforge.net/sourceforge/libssh2/libssh2-1.0.tar.gz
tar -zxvf libssh2-1.0.tar.gz
cd libssh2-1.0/
(./configure, make all install)

After you install libssh, remember to install the PECL module:

pecl install -f ssh2
and modify your php.ini to include the following beneath Dynamic Extensions

extension=ssh2.so
You’ll probably need to restart Apache afterwards:

/etc/init.d/apache2 restart

Checking Your BIND Config

Jun, 9 -- Categories: Linux

There are several small programs that are in the BIND package that allow integrity checking of the named configuration and zone files. These are great tools to maintain your sanity for testing purposes, as named can be quite particular about problems in the configuration and zone files.

[bash]# named-checkconf /etc/

The most common errors for misconfiguration in the named file are missing semicolons “;” after parameter settings.
The zone file should be checked for format consistency, and should resemble the above example.com zone file (substitutions should be made for the domain and hosts being configured).

[bash]# named-checkzone -d example.com /var/named/data/master-example.com
loading “example.com” from “/var/named/master-example.com” class “IN”
zone example.com/IN: loaded serial 10
OK

The reverse zone file should also be checked for any errors.
[bash]# named-checkzone -d 1.168.192.in-addr.arpa /var/named/data/reverse-192.168.1
loading “1.168.192.in-addr.arpa” from “/var/named/data/reverse-192.168.1″ class “IN”
zone 1.168.192.in-addr.arpa/IN: loaded serial 10

taken from:

http://www.brennan.id.au/08-Domain_Name_System_BIND.html

PERL umask – get your 0777

Jun, 7 -- Categories: Linux

If perl is making your directories as 0755 even tho you’ve seriously told it 0777. Your umask is set to 0022.

Change it to 0 to get perl to obey…

my $umask = umask 0;

mkpath(“$home/$FORM{userDir}”, 0, 0777) unless -d “$home/$FORM{userDir}”;

Change mod date with touch

Jun, 2 -- Categories: Linux

touch -t 05070915 somefile.txt

The first four digits stand for May 7 (0507) and the last four (0915) the time, 9:15 in the morning.

use htaccess to prevent hotlinked images

May, 29 -- Categories: Apache, Linux

RewriteEngine on

RewriteCond %{HTTP_REFERER} !^http://yoursite.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://yoursite.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|js|css)$ – [F,NC]

Enable remote connections to mysql

May, 20 -- Categories: Linux, MySQL

THIS IS FOR MYSQL ONLY! NOT YOUR FIREWALL! NOT YOUR IPTABLES! NOTHIN BUT MYSQL!

Find your my.cnf
Debian/Ubuntu -> /etc/mysql/my.cnf
Red Hat Linux/Fedora/Centos -> /etc/my.cnf

sudo vi /etc/mysql/my.cnf

Make sure bind-address set to your server IP address, (the ip address of that machine, it will probably say 127.0.0.1)

bind-address = 192.158.5.1
Also make sure line skip-networking is removed or commented out
# skip-external-networking

sudo /etc/init.d/mysql restart

Let us assume that you are always making connection from remote IP called 202.54.10.20 for database called webdb for user webadmin then you need to grant access to this IP address.
At mysql> prompt type following command for existing database:

Code:
update db set Host='202.54.10.20' where Db='webdb';
update user set Host='202.54.10.20' where user='webadmin';

no more dot underscore ._ files on the network

May, 14 -- Categories: Linux, Mac

Open the Terminal and type:

defaults write com.apple.desktopservices DSDontWriteNetworkStores true

It may be necessary to log out and back in, or even to restart the computer (which is what the article states), for the change to take effect.

Ubuntu Apache2 image fail

May, 13 -- Categories: Linux

If like me you install apache/mysql/php etc etc and apache fails to server images by putting a blob of crap in the file head try adding this to your /etc/apache2/apache2.conf

EnableMMAP off
EnableSendfile off

and restart apache. I had to kill apache2 before it would show up.

Install Samba on Ubuntu

May, 8 -- Categories: Linux

yes open the terminal and paste in…
sudo apt-get install samba smbfs

sudo gedit /etc/samba/smb.conf

####### Authentication #######

# “security = user” is always a good idea. This will require a Unix account
# in this server for every user accessing the server. See
# /usr/share/doc/samba-doc/htmldocs/Samba-HOWTO-Collection/ServerType.html
# in the samba-doc package for details.
; security = user

Uncomment the security line, and add another line to make it look like this:

security = user
username map = /etc/samba/smbusers

Create a Samba User

There are two steps to creating a user. First we’ll run the smbpasswd utility to create a samba password for the user.

sudo smbpasswd -a

Next, we’ll add that username to the smbusers file.

sudo gedit /etc/samba/smbusers

Add in the following line, substituting the username with the one you want to give access to. The format is = ““.

= “

To share users home directories change these values to match something approximating this. This is from my conf file but look at the key = values pairs becuase it will likely be different on your distro or version.

#======================= Share Definitions =======================
# Un-comment the following (and tweak the other settings below to suit)
# to enable the default home directory shares. This will share each
# user’s home directory as \\server\username
[homes]
comment = Home Directories
browseable = yes

# By default, the home directories are exported read-only. Change the
# next parameter to ‘no’ if you want to be able to write to them.
read only = yes

# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
; create mask = 0700

# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
; directory mask = 0700

# By default, \\server\username shares can be connected to by anyone
# with access to the samba server. Un-comment the following parameter
# to make sure that only “username” can connect to \\server\username
# This might need tweaking when using external authentication schemes
valid users = %S

mysql_secure_installation

May, 8 -- Categories: Linux, Mac, MySQL

if you install mysql run this command please…

mysql_secure_installation

what does it do?

asks you set a password for root account
remove root accounts that are accessible from outside the local host.
remove anonymous-user accounts.
remove the test database, which by default can be accessed by anonymous users.

see… it’s important

here’s what happens

me@ubuntop:~$ mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MySQL to secure it, we’ll need the current
password for the root user. If you’ve just installed MySQL, and
you haven’t set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on…

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

You already have a root password set, so you can safely answer ‘n’.

Change the root password? [Y/n] n
… skipping.

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y
… Success!

Normally, root should only be allowed to connect from ‘localhost’. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
… Success!

By default, MySQL comes with a database named ‘test’ that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
– Dropping test database…
ERROR 1008 (HY000) at line 1: Can’t drop database ‘test’; database doesn’t exist
… Failed! Not critical, keep moving…
– Removing privileges on test database…
… Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
… Success!

Cleaning up…

All done! If you’ve completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

Reset Mysql Password

Apr, 19 -- Categories: Linux

Centos Version

Step # 1 : Stop mysql service
# /etc/init.d/mysqld stop

Output:
Stopping MySQL database server: mysqld.

Step # 2: Start to MySQL server w/o password:

# mysqld_safe –skip-grant-tables &

Output:
[1] 5988
Starting mysqld daemon with databases from /var/lib/mysql
mysqld_safe[6025]: started

Step # 3: Connect to mysql server using mysql client:

# mysqld -u root

Output:
Welcome to the MySQL monitor. Commands end with ; or \g.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.

mysql>

Step # 4: Setup new MySQL root user password

mysql> use mysql;
mysql> update user set password=PASSWORD(“NEW-ROOT-PASSWORD”) where User=’root’;
mysql> flush privileges;
mysql> quit
Step # 5: Stop MySQL Server:

# /etc/init.d/mysql stop

Output:
Stopping MySQL database server: mysqld
STOPPING server from pid file /var/run/mysqld/mysqld.pid
mysqld_safe[6186]: ended

[1]+ Done mysqld_safe –skip-grant-tables

Step # 6: Start MySQL server and test it

# /etc/init.d/mysql start
# mysql -u root -p

terminal – wav to mp3

Mar, 23 -- Categories: Linux

lame -V2 inputfile.wav outputfile.mp3

Block access via htaccess

Mar, 11 -- Categories: Linux

order allow,deny
deny from 127.0.0.1
allow from all

This will refuse all GET and POST requests made by IP address 127.0.0.1, an error message is shown instead.

To block multiple IP addresses, list them one per line.

order allow,deny
deny from 127.0.0.1
deny from 127.0.0.2
deny from 127.0.0.3
allow from all

You can also block an entire IP block/range. Here we will not specify the last octet in the .htaccess file.

deny from 127.0.0

This will refuse access for any user with an address in the 127.0.0.0 to 127.0.0.255 range.

Instead of using numeric addresses, domain names (and subdomain names) can be used to ban users.

deny from isp_name.com

It bans users with a remote hostname ending in isp_name.com. This would stop all users connected to the internet via isp_name.com from viewing your site.

Using .htaccess to block an entire range or name is likely to lock out innocent users. Use with caution.

free an ip/host from fail2ban

Mar, 7 -- Categories: Linux

Check your rules
iptables -L

iptables -D your_jail -s your_ip_address -j DROP

iptables -D fail2ban-SSH -s 192.168.1.1 -j DROP

fail2ban – webmin filter

Mar, 6 -- Categories: Linux

[webmin-iptables]
enabled = true
filter = webmin-auth
action = iptables[name=webmin, port=10000, protocol=tcp]
sendmail-whois[name=WEBMIN, dest=example@example.com, sender=example@example.com]
logpath = /var/log/secure

Modify the two instances of example@example.com with the destination and sender email address. This jail will monitor attempted logins to the Webmin user interface, which runs on port 10000, and if there are to many, issue a ban on the IP address. The email address supplied in dest= will receive an email saying the ban as been issued. If you moved your install of Webmin to run on something other than port 10000, change the port= value as appropriate.

network install create/mount iso

Feb, 14 -- Categories: Linux

create iso from dvd:
dd if=/dev/dvd of=/var/www/html/centos/CENTOS5.iso

mount iso “into” an accessible directory
mount -o loop /var/www/html/centos/CENTOS5.iso /var/www/html/centos/src/

make an iso from a directory
mkisofs -o /path/to/directory.iso /path/to/directory/

Shell scripting to archive local content and get remote content

Feb, 8 -- Categories: Linux

NOW=$(date +”%b-%d-%y-%H-%M”)

#back everything up
tar -czvf /home/user/archives/$NOW.tgz /home/user/htdocs
mysqldump –user=user –password=XXXXX –opt some_database > /home/user/archives/some_database.$NOW.sql

#get the new content
scp -r user@example.com:/home/vhosts/user/htdocs/* /home/remotefiles/htdocs
mysqldump -h remotedata.com –user=user –password=XXXXX somedatabase | mysql -h localhost –user=user –password=XXXXX some_database

set up a home caching-nameserver (centos 5)

Feb, 5 -- Categories: Linux

yum install bind bind-utils bind-libs bind-chroot caching-nameserver system-config-bind

Open the file /var/named/chroot/etc/named.conf and add the following lines to the global options section:

forwarders { xxx.xxx.xxx.xxx; xxx.xxx.xxx.xxx; }; #IP of upstream ISP nameserver(s)
forward only; #rely completely on our upstream nameservers

if named.conf doesn’t exist and it didn’t on mine run system-config-bind it will create it.

chmod 644 named.conf

Check the syntax using the named-checkconf utility provided by the bind RPM:
named-checkconf named.conf

Modify the /etc/resolv.conf file to the following:
nameserver 127.0.0.1

If you are running a DHCP server on your router make sure your /etc/resolv.conf file does not get overwritten whenever your DHCP lease is renewed. To prevent this from happening, modify /etc/sysconfig/network-scripts/ifcfg-eth0 (replace eth0 with your network interface if different) and make sure the following settings are set:

BOOTPROTO=dhcp
PEERDNS=no
TYPE=Ethernet

Go ahead and start the nameserver as root and configure to start in runlevels 2-5:
service named start
chkconfig named on

If you are running a firewall on the nameserver system, make sure clients have access to port 53. An example iptables rule for the 192.168.15.0/24 subnet would be:

iptables -A INPUT -s 192.168.15.0/24 -p udp –dport 53 -j ACCEPT

service iptables save

iptables example configuration script

Feb, 2 -- Categories: Linux

#!/bin/bash
#
# iptables example configuration script
#
# Flush all current rules from iptables
#
iptables -F
#
# Allow SSH connections on tcp port 22
# This is essential when working on remote servers via SSH to prevent locking yourself out of
the system
#
iptables -A INPUT -p tcp –dport 22 -j ACCEPT
#
# Set default policies for INPUT, FORWARD and OUTPUT chains
#
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
#
# Set access for localhost
#
iptables -A INPUT -i lo -j ACCEPT
#
# Accept packets belonging to established and related connections
#
iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
#
# Save settings
#
/sbin/service iptables save
#
# List rules
#
iptables -L -v

Eclipse/Aptana bug fix on Ubuntu 9.1

Jan, 18 -- Categories: Linux

Create a file in your home folder (or wherever you want) called eclipsefix.sh – open it and add the following lines:

export GDK_NATIVE_WINDOWS=true
/opt/eclipse/eclipse

then

chmod +x ~/eclipsefix.sh

got this from

http://mou.me.uk/2009/10/31/fixing-eclipse-in-ubuntu-9-10-karmic-koala/

How do I ftp a file from a shell script every 10 minutes?

Jan, 7 -- Categories: Linux

Actually the real question would be why would you want to do that? Well it a long story and I didn’t have many other options but here’s how I did it.

First a shell script that looks something like this:

#!/bin/bash

filename="needed.xml"
pathto="userdirectory/datadirectory/"
hostname="123.123.123.123"
username="username"
password="password"

cd /directory/where/the/file/goes/
ftp -n $hostname < quote USER $username
quote PASS $password

binary
cd $pathto
get $filename
quit
EOF

cool... then a cron job that calls that code every 10 minutes:

*/10 * * * * /home/user/diectory/mygetfile.sh

Yes to Mercurial

Dec, 29 -- Categories: Linux, Mac

Mercurial is a very nice alternative to svn. I have several projects in it now and I’m pretty happy with it. Here are some starter commands. These should be executed from the command line in the directory that you want to control.

$ hg init # creates .hg

$ hg add # add those ‘unknown’ files
$ hg commit # commit all changes into a new changeset, edit changelog entry
hg commit -m ‘updated bad links to style sheet and changed directory name’

$ hg parents # see the currently checked out revision (or changeset)

$ hg status # show all non-ignored files

$ hg help

# export your current repo via HTTP with browsable interface on port 8000
$ hg serve -n “My repo”

hg revert –all -r 268033ec7859
Backing out changes

Reverting the whole tree to a known-good revision
It’s easy, like using a sledgehammer is easy. But this is usually overkill.

$ hg pull -u
$ hg revert –all -r a0193d83c208 # use your known-good revision id here
$ hg commit # be kind, include the revision id in your commit message
$ hg push

There’s a more precise alternative:
Backing out a single changeset
Suppose changeset f8f4360bf155 broke something.
$ hg pull -u
$ hg backout f8f4360bf155 # use the revision id of the bad change here
This creates and commits a new changeset that reverts all the changes in that revision.