You are here: Home > linux
Archive | linux RSS feed for this section

htaccess being hacked and detecting malware on Linux

By on February 19, 2012 in linux, open source

Unfortunately, I’ve had to learn a thing or two about server intrusion, .htaccess being hacked, backdoors and more in the last days. Well, one could say it is a good education… In any case, one of the major issues I was confronted with, is that on one PHP based server (with WordPress) the .htaccess file was manipulated. The hack wasn’t obvious, since it was targeted to any user coming to the site from a search engine and then being redirected to some (random) russian site.

Now, removing the .htaccess file, editing it or changing the file permission did not help, as the file itself was being reset to the hacked version every 30 minutes or so. It was obvious that someone was able to upload a backdoor to the server and calling the file remotely. The question was now, how to find the infected file or uploaded on in order to close the hole?

Luckily, the people at R-FX Network made the malware script available (under the GPL open source license), that lets you scan your server for any malware and infected files. It uses many different scans to find any malware. I especially like, that users can send their infected files to them and they then update the scanner engine. Very effective method to keep your server secure.

In my case, the malware script quickly found the file in question, which was then quarantined. Since then, the WordPress blog worked again. Needless to say, just running this script wont secure your server. You need to have a firewall in place, update your server regularly, read your logs and so on.

If you want to read more about the difference way of hack and how to protect the server I’ve found this blog post from Unmask Parasites very valuable. Also, they have a video of Matt Cutts talking about malware.

 

Comments { 0 }

Your PHP installation appears to be missing the MySQL extension which is required by WordPress and some other PHP strangeness

By on February 17, 2012 in Development, linux, open source

I just went trough some issues with a PHP5 installation on some of our WordPress servers. To spare you of the details, why I had to do that, I simply post the solutions here (strange enough searching for these issues online gives you “trillions” of results, but no solution…).

1. Removing PHP5 and re-installing

When you are in need to remove and re-install PHP5, you should use the “–purge” parameter like; “apt-get –purge remove php5″. Now, while this seams to work and when you re-install PHP5 it strangely gives you feedback of “Not replacing deleted config file /etc/php5/apache2/php.ini” during re-installation.

In short, the re-installation does NOT install a php.ini file. While this might not be a issue for some, it was in my case. Luckily, there are some default php.ini files that one can copy. Depending on your server they might be in different places (mine were at /usr/share/php5). So, all there was to do is to copy the file with: “cp /usr/share/php5/php.ini-production /etc/php5/apache2/php.ini”.

2. Your PHP installation appears to be missing the MySQL extension which is required by WordPress

While the above might not be major issue, the message I received from our WordPress installation of “Your PHP installation appears to be missing the MySQL extension which is required by WordPress” was worrying. Nothing that I tried, re-installing PHP5, enabling modules, checking Apache and MySQL solved it. Also, searching for this online, did not help at all, since almost every entry simply tells you to re-install php5.

Ok, so how did I get it solved? After hours of hours the solution is too simple. All I had to do, was to explicitly, enable the extension in the php.ini file with:

extension=mysql.so
extension=mysqli.so

Saved the file, restarted Apache and finally I got the MySQL parameters in the PHP Info page and all blogs worked again. One would think that the apt-get installation routine would do this automatically since I was using “apt-get install php5-mysql”, but alas as I found out the hard way, this is not so.

Hope this helps someone out there.

Comments { 0 }

CFML and Cannot run program “chmod”: java.io.IOException: error=24, Too many open files

By on December 31, 2011 in CFML, Development, linux, open source

Migrating one of my customers the other day, bought up an ugly error when I had to create 2000 directories on one go. The error was:

Cannot run program "chmod": java.io.IOException: error=24, Too many open files

While, “too many open files” usually means one can raise the limit of open files under Linux (check out ulimit -a) it unfortunately did not help in this situation. I even rebooted the whole server and made sure that no other service was running, except Java that is. Still no success.

I then looked at my code in the CFML (Coldfusion) template. In order to create the directories I used a simply:

<cfinclude action="create" directory="..." mode="775">

Normal code, right? Well, as it turns out, I simply had to remove the “mode” part in order to overcome this error. Not sure, why this caused a “too many open files” error, but it worked in my situation. I can only imagine that the server tried to put all 2000 directories into memory and then write them in one go (I have a high value for the open files limit set and 12GB RAM).

In any case, hope this helps someone out here.

Comments { 0 }

Ubuntu 10.04 LTS server always selecting older kernel despite updates

By on July 17, 2011 in Development, linux, open source

I hit a really strange issue for some time now with one of my Ubuntu 10.04 LTS servers where, despite doing recent kernel updates (the latest is 2.6.32-33) it always booted into the kernel 2.6.32-28. No matter what I did (update-grub, etc.), the server was sticked to 2.6.32-28.

After searching and reading a lot of posts and wiki pages I still couldn’t find a solution for it (most blogs and wiki pages talk about compiling a new kernel or installing a new one, but none talked about selecting the proper kernel or fixing it manually).

But since I had some other server, that booted into the correct kernel issue, I luckily had some config files to compare. The one that I was after is the “menu.lst” which is a GRUB file and is located at “/boot/grub”. Looking at the menu.lst from the working server and comparing it to the “not working” one, revealed that the “non working” one had UUID’s declared for each server while the working one not UUID but “root (hd0,0)” and hard coded root paths of “/dev/sda3″.

Working config:
[code]]czoxODE6XCJ0aXRsZSAgIFVidW50dSAxMC4wNC4yIExUUywga2VybmVsIDIuNi4zMi0zMy1zZXJ2ZXINCnJvb3QgICAgKGhkMCwwKQ17WyYqJl19Cmtlcm5lbCAgL3ZtbGludXotMi42LjMyLTMzLXNlcnZlciByb290PS9kZXYvc2RhMyBybyBxdWlldCBzcGxhc2gNCmluaXRyZCAgL3tbJiomXX1pbml0cmQuaW1nLTIuNi4zMi0zMy1zZXJ2ZXINCnF1aWV0DQpcIjt7WyYqJl19[[/code]

Not-Working config:
[code]]czoyMzg6XCJ0aXRsZSAgIFVidW50dSAxMC4wNC4yIExUUywga2VybmVsIDIuNi4zMi0zMy1zZXJ2ZXINCnV1aWQJOTgyM2Q1NDAtNmJ7WyYqJl19ZjAtNDY3YS04NjQwLTM5ZDMzYzc1NDRmYg0Ka2VybmVsCS92bWxpbnV6LTIuNi4zMi0zMy1zZXJ2ZXIgcm9vdD1VVUlEPWQ5ZTc5YXtbJiomXX1kOS02ZDUzLTRjYjUtODVkNi1lOWYxZWVhNzEyZjIgcm8gcXVpZXQgc3BsYXNoIA0KaW5pdHJkCS9pbml0cmQuaW1nLTIuNi4zMi0ze1smKiZdfTMtc2VydmVyDQpxdWlldA0KXCI7e1smKiZdfQ==[[/code]

As you can see from the this, the UUID and the root are quite different. I can’t actually explain why this configuration took place on this particular server. This is even more surprising since both servers are being “kept in sync” (with updates and such).

In any case, the resolution (for me at least) was to copy certain parameters over to the “not-working” menu.lst. Those were, the root path (/devsda3), the “root (hd0,0)”, the “groot=(hd0,0)” plus the “kopt=root=/dev/sda3 ro” lines.

It took a long time to fix this issue and and I hope this helps someone else.

Comments { 0 }

svn: warning: cannot set LC_CTYPE locale

By on July 17, 2011 in Development, linux, open source

Somehow with the recent Ubuntu 10.04 LTS updates or maybe with a subversion update, I received some errors message of the type “locale…”. To be more precise the errors are;

svn: warning: cannot set LC_CTYPE locale
svn: warning: environment variable LC_CTYPE is UTF-8
svn: warning: please check that your locale name is correct

While all SVN commands still worked, it was something I didn’t tackle with immediately. But today, I set out to fix it. Well, it only took a minute or so :)

So, if you want to fix this all you have to do is to set the “LC_ALL” variable manually. To make it permanent just edit the file “/etc/environment” and add the line:

LC_ALL=C

Save the file and exit the editor. In order for it to apply you have to logout of the current shell session. The next time you log in, the issue with SVN will be gone.

 

Comments { 0 }

Seamless server access from MacOS X to Ubuntu with SSH public keys

By on June 18, 2011 in Apple, linux, open source

When you access a server over SSH you usually get asked for a password that you trustfully type into the terminal window. But doing so is insecure for many different reasons (I’m sure there are many people who wrote about this before and describe it better then I ever could). So, what is a better way to log into your server then? The best way so far is a method called “public key authentication”.

So, since we want to add security to our belt, we can simply use this technique for our SSH access as well. On MacOS X it is actually very easy to setup.

First up, you need to create your own keys. Doing so, is straight forward, all you have to do is to open up a Terminal window and type “ssh-keygen”. This will then prompt you some questions, where to put the keys (use default) and for the passphrase (I would suggest you use a good password). In the end, it will save your keys (your private one and a public one) to your .ssh directory.

Now what you got your public key, all there is left to do is to copy your public key to your server. In case you have root access to your server, it is simply a manner of doing it with “scp”, like:

“scp ~/.ssh/id_rsa.pub root@{yourserverdomain}:.ssh/authorized_keys”

This will copy your public key to the “authorized_keys” of the server.

Once done, you can now simply log into your server with ssh root@{yourserverdomain} without the need to enter a password since your server and you exchange keys for authentication.

Troubleshooting

When you copy your key to server you might get a error that the file “authorized_keys” is not found. If so, then simply create the file on the server and issue the copy command again.

 

Comments { 0 }

MySQL: Failed to open the relay log

By on May 28, 2011 in linux

If you happen to see the message “Failed to open the relay log…” in your MySQL error log file (sometimes it is good to look into it once in a while) then you either have your replication setup incorrectly or you forgot to remove the salve information in the master.

If the later is the case all you have to do is to login to the MySQL server and issue:

Stop Slave;
Reset Slave;

There is no need to restart MySQL. But if you want to see that it actually works now, then restart MySQL and look into the mysql.log file. You will now see that the error message is gone.

Comments { 0 }

Installing memcached on Ubuntu for wordpress and phpbb

By on April 18, 2011 in CFML, Development, efficiency, linux, open source

As an application maintainer you always look for the best performance in your application and website. At one point in your quest for the best performance you will undoubtedly trip over memcached.

In short memcached is (quote); Free & open source, high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Memcached is an in-memory key-value store for small chunks of arbitrary data (strings, objects) from results of database calls, API calls, or page rendering.

That said, installing is a no brainer as well. On Ubuntu you simply need to do the following:

[code]]czo1NjpcImFwdC1nZXQgaW5zdGFsbCBtZW1jYWNoZQ0KYXB0LWdldCBpbnN0YWxsIHBocDUtbWVtY2FjaGVkXCI7e1smKiZdfQ==[[/code]

That’s it. Your system takes care of the rest and you will have your first memcached server up and running. Of course, the final step will be to restart apache in order for php to pick up the changes.

Now, memcached alone is of no good use, if your code/application can’t work with it. Thus here I’ll outline 2 examples.

WordPress: Memcached with the W3C total cache plugin

First off, if you aren’t using the awesome W3C Total Cache plugin you should now run install the plugin immediately (just search for w3 cache in the plugin section of the wordpress administration). Even if you are not using memcached it will boost the performance of your WordPress site manifold.

Now, to enable memcached for your WordPress site is as simple as selecting the memcached option for the cache. with the plugin you can even select what you want to place into the memcached cache. Quit slick.

 

Configuring phpBB to use memcached

Actually it took some time to figure this out, since the setting were not so apparent, so I’m hopping this helps others also. phpBB by default used the local disk for caching. This can be chanced in the config.php file in phpBB folder. Open it and ADD or change the following lines:

[code]]czoyNzM6XCIkYWNtX3R5cGUgPSBcJ21lbWNhY2hlXCc7DQpAZGVmaW5lKFwnUEhQQkJfQUNNX01FTUNBQ0hFX0hPU1RcJywgXCdsb2NhbGhvc3tbJiomXX10XCcpOyAvLyBNZW1jYWNoZSBzZXJ2ZXIgaG9zdG5hbWUNCkBkZWZpbmUoXCdQSFBCQl9BQ01fTUVNQ0FDSEVfUE9SVFwnLCAxMTIxMSk7e1smKiZdfSAvLyBNZW1jYWNoZSBzZXJ2ZXIgcG9ydA0KQGRlZmluZShcJ1BIUEJCX0FDTV9NRU1DQUNIRV9DT01QUkVTU1wnLCBmYWxzZSk7IC8vIHtbJiomXX1Db21wcmVzcyBzdG9yZWQgZGF0YQ0KJGxvYWRfZXh0ZW5zaW9ucyA9IFwnbWVtY2FjaGVcJztcIjt7WyYqJl19[[/code]

Especially the last line with “load_extensions” is important. Save the file and restart apache. Now phpBB will use the memcached server(s). Alone on a board with 800 users I have seen a massive speed improvement.

That’s it. Next up is to get all my CFML apps to work with memcached :-)

Comments { 0 }

Celebrating 20 years of Linux

By on April 8, 2011 in linux, open source

I remember when I installed Linux the first time (many many moons ago) and it was all cryptic for me. All that starred at me, was a black screen with some strange symbols and a pointer blinking.

So, this is Linux, I thought and tried to get my way around it. To be honest, it took a couple of re-installs and some learnings to come to the level I’m at now. Nowadays, all of my applications run on Linux servers (my favorite one is Ubuntu server) and I have to say that I’m more then happy how Linux performs.

Actually, my next step is to adopt Linux (Ubuntu) on my laptop, but to move to Linux on my desktop, I really need to have a application like Aperture of Adobe Lightroom. Apart from that, I think Linux on the desktop has a big chance to succeed. Especially, Ubuntu 11 with Unity will probably make this move apparent for a lot of users.

In any case, if you run Linux on your servers or thinking of migrating to Linux, you own it to yourself to watch the below anniversary video and head over to the dedicated “20 years of Linux” site.

Comments { 0 }

Changing the default search engine in Firefox

By on March 17, 2011 in linux, open source

On a Windows machine I came upon the other day (forcefully and not intentional:-) ) I saw that the default engine was “search-results.com”. This URL was called whenever the user entered a keyword in the URL bar (you do know that Google Chrome and Firefox 4 will automatically search for the words you enter in the URL field, don’t you?). Key was, that I wanted to change this URL.

Easy right? Well, as it turned out, it took some small effort to find the right value.

First off, I entered the “about:config” and searched for “browser.search.defaultenginename”. Double clicked on it and changed it to “Google”. Immediately, I restarted Firefox, but unfortunately the search still was being directed to the other site.

Ok, hitting again the “about:config” and this time searching for “search” only revealed that there was another setting called “browser.search.defaultengine” which also pointed to another search engine. Changing it to “Google” also did not help.

Finally, after looking for some more, I find out that the config value “keyword.url” is the one setting that needs to be changed. Low and behold, Firefox even has a nice page on this topic (you just need to know what you need to be looking for, right…).

In short changing the value back to the default value (or any other you want) “http://www.google.com/search?ie=UTF-8&oe=utf-8&q=” fixed it.

Hope this helps.

Comments { 0 }