Updates from April, 2014 Toggle Comment Threads | Keyboard Shortcuts

  • Howard 4:37 pm on April 9, 2014 Permalink | Reply  

    How to Patch Your Server for the Heartbleed Bug 

    Yes you! Patch your vulnerable server running SSL/https and stop letting the bad guys access my supposedly  protected data.  And if you don’t know what I’m talking about, you can read all about it here: http://heartbleed.com/

    Enough for today’s rant.

    I have to admit, I’m just a guilty.

    I do have a few servers running https, and haven’t applied patches recently. One server running the Ubuntu 10.04 distro already contained the update and the 12.04 didn’t.  To run a quick test,  you can enter your server’s address here: http://filippo.io/Heartbleed/

    A third server running 12.04 (installed a few weeks ago) was updated and installed a new OpenSSL package.

    Confirmed fixes in Ubuntu LTS 10.04 and LTS 12.04

    apt-get update

    apt-get upgrade

    Unconfirmed in Centos 6.5

    yum update

     

    Advertisements
     
  • Howard 8:55 pm on October 22, 2013 Permalink | Reply  

    if gccmakedep is missing 

    gccmakedep is found here:

    • sudo apt-get install xutils-dev
     
    • HOY 5:57 pm on March 19, 2014 Permalink | Reply

      I’m such an ass. I just spent 5 minutes trying to find this stupid command when I already figured it out 4 months ago. Note to self: use evernote.com

  • Howard 5:19 pm on May 20, 2013 Permalink | Reply  

    3 Ways to Prevent wp-login.php Brute Force Password Hacks 

    One of our virtual servers experienced a brute force password hack where a bot net of 1000’s of compromised computers attempted at guessing the admin|root password to gain access to our WordPress site.

    Of course, if you are using WordPress.com as your blog, you don’t have to worry about it too much since the hack is trying to break into the admin user name.  Regardless, you should use a strong password in the event that they start using your user name which is basically the same as the subdomain-name.wordpress.com.

    There is no excuse for having breakable user names and passwords anymore especially when you can use tools such as RoboForm or EverNote to remember that stuff for you.

    Disable all access to wp-login.php

    So if you happen to manage your own server, you can do something like this:

    Apache conf command to prevent access to wp-login during brute force attackswhere you change the Apache conf file for the site. Since 3doxies.com is no longer published using the WP platform, it is safe to block it this.

    But what if you still want to login to WP

    Then you need to block everyone out but your IP. What to do then is modify your .htaccess file.

    
    #terminate brute force attack traffic with 403 for-bot-gone
    RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
    RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
    RewriteCond %{REMOTE_ADDR} !^aaa\.bbb\.ccc\.ddd$
    RewriteRule ^(.*)$ - [R=403,L]
    

    Change the aaa.bbb.ccc.ddd with your IP address.

    Change your user name to something other than admin or root

    The easiest way to change your user name is to use phpmyadmin or HeidiSQL. The table you want to modify is wp_users. Change “admin”  in user_login column to something else.  I don’t believe you need to change the user_nicename to the same thing, but I did for consistency.

    If you have a WP Multisite, Change that too

    After you change your admin user name, you will not be a super administrator to your multisite WordPress platform. To fix that you need to change the “site_admins” meta_key in the wp_sitemeta table to the same thing. The data is a serialized php object containing something like { … s:5:”admin” … }.  Change the “admin” to the new value and change the “5” to the number of characters in the new user name.

     

     
  • Howard 2:52 am on May 1, 2013 Permalink | Reply  

    Dude, remember this command: rsync –daemon 

    Apache killed the server again by running out of memory causing the company site to go down.

    Now, if I can only remember this command: rsync –daemon to restart the rsync server for automated backups to the ReadyNAS

    For some reason I always want to sudo /etc/init.d/rsync start, but it never works and I’m too lazy to enable it in a startup script so it’s been a manual step to log into the sever and start up the daemon. If I only had more time …

     
  • Howard 7:53 pm on November 4, 2012 Permalink | Reply  

    Resyncing ReadyNAS Duo Drives 

    RAID drive 1 is being resynced for use

    I’ve been getting those annoying emails from my ReadyNAS Duo saying it’s time to swap out the drive for a new one. Persistent S.M.A.R.T errors that were growing one or two every week to 10 a day, and finally leaping several by several hundred.

    The drive with errors was the one purchased with the RAID started getting errors a few months later which resulted in buying several drives which enabled the X-RAID capability.   (The first drive was a Western Digital and not on the recommended drive list and now resides in my workstation.

    I purchased a pair of 1TB Seagate ST31000524AS to obtain the RAID capability and a spare for the eventual demise of this failing drive.

    Replacing the drive is real easy.  Just shut down the NAS  — I believe that the drives are hot swappable, but I couldn’t remember so power of to be save — then yank out the old drive, unscrew the mounting hardware and then put it on the new drive.  Shove the sucker back in and power back on.  The NAS resyncs automatically.

     

     
  • Howard 11:56 pm on November 23, 2011 Permalink | Reply
    Tags: adobe introduces, cloud, company, creative, sf chronicle   

    Adobe moving platforms to the cloud 

    Until Adobe resolves latency issues with their real time and graphic intensive programs, I doubt that designers will adopt the SaaS model.

    According to this story in the SF Chronicle, by 2015, the company says half its revenue will come from subscriptions – representing 800,000 users. Over time, the company expects 100 percent of revenues from its digital media division to come from subscriptions.
    This is also shows how rich cloud application functionality has become. Adobe products are highly advanced, expert level software tools that you would think would be almost out of reach for cloud because of basic functionality and responsiveness limitations. While it appears they have a collaboration component to their vision (which is very much cloud), they want to move away from boxes to services. Adobe wants the recurring revenue, will the design community want the monthly fees? Should be interesting to watch.

    Read more at visibilityondemand.wordpress.com

     
  • Howard 11:23 pm on November 23, 2011 Permalink | Reply
    Tags: adapters, broadcom corp, converged, fastest, network   

    Broadcom FCoE 

    What competitor offers 10GbE with 1.36M IOPS? Perhaps CISCO?

    World’s Fastest Converged Network Adapters from Broadcom Earn FCoE NetApp Ethernet Advantage Validation

    World’s fastest FCoE performance – 80 percent faster than nearest competitor(1)

    “Server virtualization, cloud computing, and the need to contain costs and complexity are all major factors driving the need for 10GbE converged network adapters (CNAs). Broadcom is meeting that demand with the world’s fastest CNAs and is proud that its fully offloaded FCoE solutions have earned NetApp’s certification.

    Read more at http://www.marketwatch.com

     

     
  • Howard 3:07 pm on July 27, 2011 Permalink | Reply
    Tags: backup, readynas, rsync, xinetd   

    How to solve xinetd rsync problems 

    Yesterday was a very perplexing day trying.  Perhaps a complete waste of time setting up my ReadyNAS Duo backup jobs to rsync files from my vmware Ubuntu directly to the NAS.  Never mind that I already was running backups to the ReadyNAS using simple backup.  But no, I had to try it the hard way, I had to learn how to solve xinetd rsync problems.

    I use vmware to experiment prior to going live and of course the whole point of rsyncd was to backup my Dachshund website and the multisite blogs that are living in the Rackspace cloud.  Get it to work here and apply it to the cloud server.  In theory, that should have be five minutes worth of work:

    1. Configure the /etc/rsyncd.conf file
    2. Configure the /etc/rsyncd.secrets file
    3. Add a /etc/xinetd.d/rsync service
    4. Restart xinetd

    A simple test from bash: rsync me@localhost::share and it works just fine.

    Next I configure the backup job from the ReadyNAS admin:

    ReadyNAS rsync

    ReadyNAS backup job configuration to rsync a remote server

    Press the “Test Connection” and the connection hangs.

    So I double check the files and everything looks good to go.  Try it again and still no good.

    Now it’s time to add a log file by simply inserting “log file = /var/log/rsyncd.log” into /etc/rsyncd.conf.  Restarted the xinetd process then retest locally.  The log file shows:

    2011/07/26 21:10:14 [24820] connect from localhost (::1)
    2011/07/27 04:10:26 [24820] rsync on share/ from hyoung@localhost (::1)
    2011/07/27 04:10:26 [24820] building file list
    2011/07/27 04:10:26 [24820] sent 138 bytes  received 58 bytes  total size 0
    2011/07/26 21:13:18 [24884] connect from localhost (::1)
    2011/07/26 21:13:20 [24884] auth failed on module share from localhost (::1): password mismatch

    Try it again from ReadyNAS.  Nothing.

    Okay, I skip xinetd altogether and run rsync as a daemon.  Local test okay, ReadyNAS fail.  Spend a half a day trying to see if anyone else had this problem and apparently not.   Perhaps you have?

    The whole point of the exercise was to get an automated backup of website -> ReadyNAS.  So you can also use FTP to run as the backup job protocol.  I got this to work on the first try.

    After wasting my afternoon not getting this to work, I install the same configuration files onto the Cloud server.   Run rsync –daemon and test the connection from ReadyNAS.  What do you know, it works!  It’s gotta be something blocking the connection to the guest OS.  I’ll let you know once I figured out how to solve xinetd rsync problems.

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel