Wired Gorilla

MD5 password generator

Wed, 30 Nov -0001 00:00:00 +0000

MD5 password generator

$pw is:
";
echo "
" . strtoupper(md5($pw)) . "";
}
?>

Recover broken systems with SystemRescueCD

Wed, 30 Nov -0001 00:00:00 +0000

SystemRescueCD is a powerful, expansive live cd which is useful for recovering broken systems. This tutorial will guide you through how to get it up and running and how to perform some basic recovery procedures.

First of all, download the latest disc image from the SystemRescueCD website:

http://www.sysresccd.org/Main_Page

Burn it to disc, pop it in the CD drive of the server and boot. Check in BIOS to make sure the cdrom drive has boot priority. Then reboot and the server should boot into SystemRescueCD.

You can pass a number of options to the operating system before it boots; I find the following the most useful:

docache – Load the entire OS into RAM, freeing up the CD drive
rootpass – Define the root password, useful for SSH
dodhcp – Try to enable networking via DHCP

These parameters are passed like so:

rescuecd rootpass=password docache

More options can be viewed by pressing the F keys.

Once you have entered the options you want (always remember to put rescuecd first), press enter to boot. Once the system has booted, you will be presented with a standard root command prompt. If you did not choose DHCP at the boot prompt, you can either do it now by typing:

dhcpcd eth0 (replace eth0 with another network device if necessary)

Alternatively, you can set up the network manually by using this command:

net-setup eth0

Once the network is setup, you can SSH into the server; SSH is started automatically on boot.

Probably the most useful aspect of a live cd is copying files from a partition on the server hard disk, which is otherwise inaccessible. To mount a partition, first of all get a list of existing partitions:

fdisk -l

Here is an example output:

Disk /dev/sda: 150.0 GB, 150039945216 bytes
255 heads, 63 sectors/track, 18241 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x0009e255

   Device Boot      Start         End      Blocks   Id System
/dev/sda1   *           1          64      514048+ 83 Linux
/dev/sda2              65         586     4192965   82 Linux swap / Solaris
/dev/sda3             587        1108     4192965   83 Linux
/dev/sda4            1109       18241   137620822+   5 Extended
/dev/sda5            1109       18241   137620791   83 Linux

In this case, we will mount the partition sda5. Navigate to the mnt directory:

cd /mnt

Create a directory with the same name as the partition:

mkdir sda5

Now mount the partition with the following command:

mount /dev/sda5 /mnt/sda5

This command should work for most Linux filesystems (ext2, ext3 etc). NTFS filesystems must be mounted by using the NTFS-3g driver; here is an example:

mount -t ntfs-3g /dev/sda5 /mnt/sda5

Once the disk is mounted, you can perform all the usual filesystem operations e.g. read, copy, write, delete. An example scenario would be if a web server had died due to hardware failure and you need to recover a specific home directory. A fast way of doing this is to simply plug in a USB stick using the instructions above and transfer the directory across to that.

Once the USB stick is mounted, browse to the home folder and locate the folder you want to transfer. Then, use the following command:

cp -v -R examplefolder /mnt/sdc1/

Replace examplefolder with the folder name, and sdc1 with the partition name. The -v switch enables verbose mode (so it tells you what its doing in a detail), and -R enables recursive mode, so it goes into the directory and copies all files within it.

There are a number of partitioning tools included in SystemRescueCD such as cfdisk and parted.

There is also a full graphical environment including tools like gparted for graphical manipulation of partitions. To start the graphical system, just type wizard at the command line.

10 Tips for making cPanel / WHM servers more secure

Wed, 30 Nov -0001 00:00:00 +0000

Please note that these tips are suggestions only and cPanel takes no responsibility for modifications to individual servers, or the security practices of individual servers. Server security is a collection of compromises, as any server that allows connections could be insecure. These tips are to be followed at your own risk.

1) Use secure passwords!

Insecure passwords are the most common security vulnerability for most servers. If an account password is insecure and is compromised, client sites can be defaced, infected, or used to spread viruses. Having secure passwords is paramount to having a secure server.

You can edit /etc/login.defs to configure many password options on your system. It is well do*****ented.

Generally, a password utilizing at least 8 characters including alphanumeric and grammatical symbols is sufficient. Never use passwords based upon dictionary words or significant dates. If you are uncertain about the security of a password, then you can test it using JTR cracker. If a password can be broken in a few hours, then it is probably too insecure and should not be used. You can also install tools like pam_passwdqc to check the strength of passwords.

2) Secure SSH

Enable public key authentication for SSH and disable password authentication read more >>

Move SSH access to a different port. People are looking for port 22 as a possible way to access your servers. Moving SSH to a different port will add a simple way to deter those without specific knowledge of your server from easily discovering your SSH port.

You can modify the port that SSH runs on within /etc/ssh/sshd_config. Change the line that says #Port 22 to a different port such as: Port 1653. Make sure to keep your current SSH session open when testing the new port so you can change back to port 22 if the new port doesn’t work.

You should always use SSHv2 only as SSHv1 is not secure. Make sure to change the line in /etc/ssh/sshd_config that says #Protocol 2,1 to Protocol 2.

You may also wish to set Shell Resource Limits for you users to prevent applications and scripts from using all up your resources and taking down your server. You can configure shell resource limits in /etc/security/limits.conf on most Linux systems.

3) Secure Apache

The most readily available way to access a web server, is of course, the web server application. It is important to take steps to secure your Apache installation.

One of the best tools for preventing malicious Apache use is mod_security. This can be installed in Addon Modules in the cPanel section of WebHost Manager. You can find information about mod_security at http://www.modsecurity.org/.

When compiling Apache, you should include suexec to ensure that CGI applications and scripts run as the user that owns / executes them. This will help identify where malicious scripts are and who is running them. It will also enforce permission and environment controls.

We also recommend compiling Apache + PHP with PHPsuexec. PHPsuexec forces all PHP scripts to run as the user who owns the script. This means that you will be able to identify the owner of all PHP scripts running on your server. If one is malicious, you will be able to find it’s owner quickly and resolve the issue. To compile Apache + PHP with PHPsuexec, select the PHPSuexec option in the Apache Upgrade interface in WHM or when running /scripts/easyapache from the command line.

You should enable PHP’s open_basedir protection. This protection will prevent users from open files outside of their home directory with PHP. This can be enabled in Tweak Security within WebHost Manager.

You may also wish to include safe_mode for PHP 5.x and below. Safe_mode ensures that the owner of a PHP script matches the owner of any files to be operated on. You can enable safe_mode by changing the safe_mode = line in php.ini to safe_mode = On.

4) Secure your /tmp partition

We recommend that you use a separate partition for /tmp that is mounted with nosetuid. Nosetuid will force a process to run with the privileges of it’s executor. You may also wish to mount /tmp with noexec after installing cPanel. Check the mount man page for more information.

Also, Running /scripts/securetmp will mount your /tmp partition to a temporary file for extra security.

5) Upgrade your mail to maildir format

Maildir format adds extra security and speed to your mail system. Newer installs use maildir by default. If you’re running an older copy of cPanel, you’ll probably want to upgrade using /scripts/convert2maildir. Make sure to back up your current mail before converting to maildir, this can be done within /scripts/convert2maildir. If you see maildir is enabled when running /scripts/convert2maildir, you are already using maildir, and will not need to convert.

6) Lock down your system’s compilers

Most users do not require the use of C and C++ compilers. You can use the Compilers Tweak within Tweak Security in WebHost Manager to turn off use of the compilers for all unprivileged users, or to disable them for specific users only. Many pre-packaged exploits require working compilers. Disabling compilers will help protect against many exploits.

7) Turn off unused services and daemons

Any service or daemon that allows a connection to be established to your server is away for hackers to gain access. To reduce security risks, you should disable all services and daemons that are not being used.

For Daemons on Linux:

Check /etc/xinetd.conf for services you are not using. For example, cupsd (printing daemon) and nfs/statd (network file system daemons) are not used on many systems.

For Services:

Go to the Service Manager in the Service Configuration section of WHM and disable any services that you are not using.

Monitor your system

It is important to be up to date on what is going on with your system. Make sure that you know when accounts are being created, what software is being installed, when software needs updates, etc.

Check your system frequently to ensure it is functioning in the way you expect. Make sure to check things like:

netstat -anp : Look for programs attached to ports that you did not install / authorize

find / ( -perm -a+w ) ! -type l >> world_writable.txt : Look at world_writable.txt to see all world writable files and directories. This will reveal locations where an attacker can store files on your system. NOTE: Fixing permissions on some PHP/CGI scripts that are not properly coded will break them.

find / -nouser -o -nogroup >> no_owner.txt : Look at no_owner for all files that do not have a user or group associated with them. All files should be owned by a specific user or group to restrict access to them.

ls /var/log/: There are many different logs on your system which can be valuable resources. Check your system logs, apache logs, mail logs, and other logs frequently to make sure your system is functioning as expected.

There are many readily available utilities to monitor your system and to detect rootkits, backdoors, etc. Here are some commonly available utilities:

Tripwire – Monitors checksums of files and reports changes.
http://tripwire.com or http://sourceforge.net/projects/tripwire
Chrookit – Scans for common rootkits, backdoors, etc.
http://www.chkrootkit.org
Rkhunter – Scans for common rootkits, backdoors, etc.
http://www.rootkit.nl/projects/rootkit_hunter.html
Logwatch – Monitors and reports on daily system activity.
http://logwatch.org

9) Enable a Firewall

Installing a firewall to limit access to your server is useful. Removing all unused software on your system is more useful. Before you have the chance to remove all unused services and daemons, or the chance to figure out which services / daemons are unused, you can enable a firewall to prevent unwanted access.

The following will show the ports cPanel and WHM need open to function properly and what the port is used for:

http://faq.cpanel.net/show.cgi?qa=104689180407630

If you are using APF, see:

http://faq.cpanel.net/show.cgi?qa=108499296901804

Please note that these ports are for all services that can be used by cPanel and WHM, you may or may not be using all of these services or other services and should adjust your rules accordingly.

Remember to set a cron job to disable your firewall every 5 minutes when testing your rules, or you may be locked out of your server.

10) Stay up to date

It is important to make sure that you are running the latest stable versions of the software on your system to ensure that it has been patched of any security issues that past versions may be susceptible to. Make sure to keep on top of updates for:

Kernel
cPanel and WHM*
User Applications (bulletin boards, CMS, blog engines, etc)**
System Software*

*These can be set to automatically update in WebHost Manager under Update Config in the Server Configuration section.

**You can upgrade all cPAddon installations through Manage cPAddons in the cPanel section of WebHost Manager.

http://www.cpanel.net/security/commontips.htm

HostGator: cPanel Security Hole Exploited in Mass Hack

Wed, 30 Nov -0001 00:00:00 +0000

HostGator says hackers compromised its servers using a previously unknown security hole in cPanel, the control panel software that is widely used by hosting providers. "I can tell you with all accuracy that this is definitely due to a cPanel exploit that provides root access and all cPanel servers are affected," said HostGator system administrator Tim Greer. "This issue affects all versions of cPanel, from what I can tell, from years ago to the current releases, including Stable, Release, Current and Edge."

cPanel has just released a fix. "Running /scripts/upcp will fix the vulnerability in all builds," cPanel said in a message on its user forums. "Please note that this is a local exploit which requires access to a cPanel account. … If you believe you have been exploited through this vulnerability, you are welcome to submit a support request for assistance."

Hackers gained access to HostGator’s servers late Thursday and began redirecting customer sites to outside web pages that exploit an unpatched VML security hole in Internet Explorer to infect web surfers with trojans. The existence of the new "0-day" exploit of cPanel leaves a large number of hosting companies vulnerable to similar attacks until they install the patch. The riusk is mitigated somewhat by the fact that it is a local exploit, meaning any attack on a host must be launched from an existing account with cPanel access.

HostGator site owners said iframe code inserted into their web pages was redirecting users to the malware-laden pages. Company staff made several efforts to reconfigure servers on Friday, only to have the exploits recur. Since the attacker controlled a cPanel account at HostGator, the exploit could be repeated after each cleanup of the malicious code. By early Saturday morning, HostGator managers were assuring users that the cause of the redirections had been isolated, and was due to a new exploit targeting cPanel.

OSCommerce Security Upgrades

Wed, 30 Nov -0001 00:00:00 +0000

An update to the osCommerce 2.2 Milestone 2 version has been released that addresses security related issues and bug reports that exist in the released version.

It is recommended for osCommerce 2.2 Milestone 2 store owners to apply the changes to their installations due to the security issues and bug reports that have been fixed. The changes involved are minimal, do not break compatibility with contributions, and further strengthens the security of the shop installation.

This update release focuses solely on security related issues and bug reports, and does not introduce any new features that have been made for the next development milestone release.

This release is a full release package containing updated source files (including the updates from the 051113 Update release), documentation, and information on what changes have been made to easily apply to existing installations.

This update release includes the following changes:

* Magic Quotes Compatibility Layer Fix
* Parse GET Variables In Cache Functions
* PHP 3 Session ID XSS Issue
* Product Attributes SQL Injection
* Resize Images To Round Numbers
* Use The Correct Country Name Value When Formatting Addresses
* Prevent The Session ID Being Passed In Tell-A-Friend E-Mails
* Properly Remove Deleted Products That Exist In Shopping Carts

The documented changes found inside the download package can be seen here:

http://www.oscommerce.com/ext/update-20060817.html

The 2.2 Milestone 2 060817 Update release involves the following file changes for the security and bug fixes made:

catalog/admin/includes/functions/compatibility.php (2 diffs)
catalog/admin/includes/functions/general.php (1 diff)

catalog/includes/classes/sessions.php (1 diff)
catalog/includes/classes/shopping_cart.php (2 diffs)
catalog/includes/functions/cache.php (4 diffs)
catalog/includes/functions/compatibility.php (2 diffs)
catalog/includes/functions/general.php (2 diffs)
catalog/includes/functions/html_output.php (1 diff)
catalog/shopping_cart.php (1 diff)
catalog/tell_a_friend.php (2 diffs)

This is a list of insecure Joomla modules , please delete or upgrade

Wed, 30 Nov -0001 00:00:00 +0000

This is a list of 3rd party Joomla components with known vulnerabilities that will allow hackers access to your site. If you are using any of the following compnents please upgrade or remove the component as listed under fix. It is also very important to make sure you are using the latest version of Joomla, currently 1.0.11, as earlier versions have several High Level vulnerabilities. These vulnerabilities dont just effects your website it effects other clients and the entire server as a whole.http://forum.joomla.org/index.php/topic,79477.0.html

Full Name: A6MamboCredits
Short Name: com_a6mambocredits
Version: All Versions
Fix: Abandoned. Remove completely.
References: http://secunia.com/advisories/21540/
http://forum.joomla.org/index.php/topic,86978.0.html

Full Name: A6MamboHelpDesk
Short Name: com_a6mambohelpdesk
Version: All Versions
Fix: Abandoned. Remove completely.
References: http://forum.joomla.org/index.php/topic,80890.0.html
http://secunia.com/advisories/21227/

Full Name: Advanced Poll
Short Name: com_advancedpoll (?)
Version: <= 2.2.0.
Fix: Abandoned. Remove completely.
References: http://forum.joomla.org/index.php/topic,76621.0.html

Full Name: ArtLinks
Short Name: com_artlinks
Version: All Versions.
Fix: Abandoned. Remove completely.
References: http://forum.joomla.org/index.php/topic,76328.0.html

Full Name: Bayesian Naive Filter
Short Name: com_bayesiannaivefilter
Version: <= 1.1
Fix: No Fix Available. Please disable or remove this component until a fix can be made available.
References: http://forum.joomla.org/index.php/topic,81594.0.html

Full Name: BigApe Backup
Short Name: com_babackup
Version: All Versions.
Fix: No Fix Available. Please disable or remove this component until a fix can be made available.
References: http://secunia.com/advisories/21574/
http://forum.joomla.org/index.php/topic,87736.0.html

Full Name: BSQ Site Stats
Short Name: com_bsqsitestats
Version: <= 2.1.0
Fix: Upgrade to version 2.1.1. Download it here.
References: http://forum.joomla.org/index.php/topic,77899.0.html

Full Name: Classifieds
Short Name: com_classifieds
Version: <= 1.3
Fix: Upgrade to version 1.4. Download it here.
References: http://forum.joomla.org/index.php/topic,82457.0.html

Full Name: Colophon
Short Name: com_colophon
Version: <= 1.2
Fix: Upgrade to 1.3.1. Download it here.
References: http://secunia.com/advisories/21288/
http://forum.joomla.org/index.php/topic,81587.0.html

Full Name: Community Builder (comprofiler)
Short Name: com_profiler
Version: <= 1.0.0
Fix: Upgrade to version 1.0.1. Download it here.
References: http://www.joomlapolis.com/content/view/1538/37/
http://forum.joomla.org/index.php/topic,84436.0.html
See here for a fix for register_globals = off

Full Name: Events
Short Name: com_events
Version: <= 1.3 Beta
Fix: Upgrade to version 1.3 Beta2. Download it here.
References: http://forum.joomla.org/index.php/topic,80411.0.html

Full Name: ExtCalendar
Short Name: com_extcalendar
Version: <= 0.9.1
Fix: Upgrade to version 0.9.2. See this post for details.
References: http://secunia.com/advisories/19321/
http://forum.joomla.org/index.php/topic,75390.0.html
http://forum.joomla.org/index.php/topic,79050.0.html
http://forum.joomla.org/index.php/topic,78268.0.html

Full Name: SEF404x
Short Name: com_sef
Version: All Versions.
Fix: No Fix Available. Remove completely.

Full Name: Galleria
Short Name: com_galleria
Version: All Versions.
Fix: Abandoned. Remove completely.
References: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3396
http://forum.joomla.org/index.php/topic,77706.0.html

Full Name: Hash Cash
Short Name: com_hashcash
Version: All Versions.
Fix: Abandoned. Remove completely.
References: http://secunia.com/product/11046/
http://forum.joomla.org/index.php/topic,76322.0.html

Full Name: Hot Properties
Short Name: com_hotproperties (?)
Version: <= 0.97
Fix: Upgrade to 0.98 Download it here.
References: No references available at this time.

Full Name: JD-Wiki
Short Name: com_jd-wiki
Version: <= 1.0.2
Fix: Upgrade to version 1.0.3. Download it here.
References: http://forum.joomla.org/index.php/topic,80188.msg427986.html#msg427986

Full Name: JD-WordPress
Short Name: com_jd-wp
Version: <= 2.0-1.0 RC2
Fix: Patch Available. See this post.
References: http://forum.joomla.org/index.php/topic,81064.0.html

Full Name: JIM 1.0.1. (PMS)
Short Name: com_jim
Version: 1.0.1. (possibly lower versions as well)
Fix: Not available Remove completely.
References: http://secunia.com/advisories/21545/

Full Name: JoomlaBoard
Short Name: com_joomlaboard
Version: <= 1.1.1
Fix: Upgrade to version 1.1.2. Download it here.
References: http://secunia.com/advisories/21059/
http://forum.joomla.org/index.php/topic,76852.0.html
Fix, compatible with register globals off as set in globals.php

Full Name: JoomlaLib
Short Name: com_joomlalib
Version: <= 1.2.1
Fix: Upgrade to version 1.2.2. Download it here.
References: http://forum.joomla.org/index.php/topic,77899.0.html

Full Name: LoudMouth
Short Name: com_loudmouth
Version: <= 4.0j
Fix: Upgrade to version 4.1 then apply Security Patch 1. Download upgrade and security patch here.
References: http://forum.joomla.org/index.php/topic,76337.0.html
http://mamboxchange.com/forum/forum.php?forum_id=7638

Full Name: LMO
Short Name: com_lmo
Version: <= 1.0b2
Fix: Upgrade to version 1.0b3. Download it here.
References: http://www.frsirt.com/english/advisories/2006/3063
http://forum.joomla.org/index.php/topic,81590.0.html

Full Name: MambelFish 1.x
Short Name: com_mambelfish
Version: <= 1.x
Fix: Upgrade to 1.5 (or to Joom!Fish) Mambelfish 1.5 Joom!Fish 1.7
References: http://secunia.com/advisories/21544/

Full Name: Mambo Gallery Manager
Short Name: com_mgm
Version: All Versions.
Fix: Abandoned. Remove completely.
References: http://forum.joomla.org/index.php/topic,81616.0.html
http://www.frsirt.com/english/advisories/2006/3054

Full Name: MiniBB
Short Name: com_minibb
Version: <= 1.5a
Fix: Abandoned. Remove completely.
References: http://securityreason.com/exploitalert/846
http://forum.joomla.org/index.php/topic,76898.0.html

Full Name: MamCom (?)
Short Name: com_trade
Version: All Versions.
Fix: Abandoned. Remove completely.
References: http://forum.joomla.org/index.php/topic,79062.0.html

Full Name: MosMedia
Short Name: com_mosmedia
Version: <= 1.0.8
Fix: Temporary Fix Available. See this thread for details.
References: http://forum.joomla.org/index.php/topic,78533.0.html

Full Name: MoSpray
Short Name: com_mospray
Version: <= 1.8 RC1
Fix: Abandoned. Remove completely.
References: http://forum.joomla.org/index.php/topic,76331.0.html

Full Name: Mos Tree
Short Name: com_mtree
Version: <= 1.5.8
Fix: Upgrade to version 1.5.9. Download it here.
References: http://forum.joomla.org/index.php/topic,78298.0.html

Full Name: Multibanners
Short Name: com_multibanners *Note: Not the same as the Multibanners Module.*
Version: All Versions.
Fix: Abandoned. Remove completely.
References: http://secunia.com/advisories/21168/
http://forum.joomla.org/index.php/topic,77977.0.html

Full Name: OpenSEF
Short Name: com_sef
Version: <= 2.0.0 RC5 Unpatched
Fix: Patch Available. Download it here.
References: http://forum.joomla.org/index.php/topic,77301.0.html

Full Name: PC Cook Book
Short Name: com_pccookbook
Version: <= 1.3.1
Fix: No Fix Available. Please disable or remove this component until a fix can be made available.
References: http://www.frsirt.com/english/advisories/2006/2739
http://forum.joomla.org/index.php/topic,76009.0.html

Full Name: People Book
Short Name: com_peoplebook
Version: <= 1.1.5
Fix: Upgrade to version 1.1.6. Download it here.
References: http://forge.joomla.org/sf/go/artf5410?nav=1

Full Name: Prince Clan Chess
Short Name: com_pcchess
Version: <= 0.8
Fix: Abandoned. Remove completely.

Full Name: Per Forms
Short Name: com_performs
Version: <= v1_beta
Fix: Upgrade to version v2_beta. Download it here.
References: http://secunia.com/advisories/21044/
http://forum.joomla.org/index.php/topic,76654.0.html
http://forum.joomla.org/index.php/topic,76862.0.html

Full Name: PollXT
Short Name: com_pollxt
Version: <= 1.22.07
Fix: Upgrade to version 1.22.08. Download it here.
References: http://secunia.com/advisories/21068/
http://forum.joomla.org/index.php/topic,77975.0.html

Full Name: RS Gallery2
Short Name: com_rsgallery2
Version: <= 1.11.3
Fix: Upgrade to version 1.11.4. Download it here.
References: http://forum.joomla.org/index.php/topic,73453.0.html

Full Name: Security Images
Short Name: com_securityimages
Version: <= 3.0.5
Fix: Upgrade to version 3.0.6. Download it here.
References: http://secunia.com/advisories/21260/
http://forum.joomla.org/index.php/topic,81589.0.html

Full Name: SimpleBoard
Short Name: com_simpleboard
Version: All Versions.
Fix: Upgrade to JoomlaBoard 1.1.2. JoomlaBoard is compatible with SimpleBoard. Download it here.
References: http://secunia.com/advisories/20981/
http://secunia.com/advisories/20409/
http://forum.joomla.org/index.php/topic,75668.0.html

Full Name: Site Map
Short Name: com_sitemap
Version: All Versions.
Fix: Abandoned. Remove completely.
References: http://secunia.com/advisories/21055/
http://forum.joomla.org/index.php/topic,76326.0.html

Full Name: SMF Bridge
Short Name: com_smf
Version: <= 1.1.4
Fix: For SMF version 1.1RC2 only. Upgrade available. See this thread.
References: http://secunia.com/advisories/21079/
http://www.simplemachines.org/community/index.php?topic=100140.0
http://forum.joomla.org/index.php/topic,78313.0.html
http://forum.joomla.org/index.php/topic,77716.0.html
http://forum.joomla.org/index.php/topic,78359.0.html
http://forum.joomla.org/index.php/topic,76609.0.html

Full Name: User Home Pages 1 and 2
Short Name: com_uhp and com_uhp2
Version: <= 1.1.1 (?)
Fix: Upgrade to 1.1.2. Download it here.
References: http://forum.joomla.org/index.php/topic,81308.msg416865.html#msg416865
http://secunia.com/advisories/21305/

Securing your Joomla Website

Wed, 30 Nov -0001 00:00:00 +0000

In addition to understanding the threats, and implementing general defensive strategies, it is important to know more specific details about security in Joomla, as well some specific examples of how to implement security strategies.

The developers of Joomla are constantly striving to improve the overall security of the system by employing good programming techniques and addressing security issues as they arise. It is therefore important to try to keep up with the latest version of Joomla – ‘patches’ (collections of replacement files) are released periodically to address bugs and security holes as they are discovered (click here to subscribe to the official Joomla announcements forum)

Input boxes
There are various input boxes that can appear in a ‘vanilla’ Joomla website – for example, search boxes, filters, etc., and the data entered in such features is always validated to ensure it does not contain quote marks – thus protecting against SQL injection attacks.

HTML Editors
It is also possible with Joomla to allow your website’s end users to submit news articles etc., and this opens up the possibility of cross-site-scripting injection where the data is allowed to be entered as HTML. Most HTML editors will not allow javascript or certain other tags to be entered though – for this very reason.

A problem arises here, because with Joomla, the same HTML editor is used both in the back end administrator and in the front end website. So if you, as an administrator, want to add some javascript or other ‘forbidden’ tag, you’re stuck. Some editors (eg. JCE) will allow you to specify which tags are allowed, and therefore give you the flexibility to add javascript etc., if you need to do so – but if you use these options, you must ensure that you don’t allow end users to use that HTML editor.

You can do this either by just not allowing user-submissions at all (which is the safest option), or by using 2 different HTML editors – the default one being restrictive, and an extra one which is assigned to your user record only (definable in Joomla’s User Manager) which can be less restrictive.

User Login
The login features of Joomla – both for the back end administrator and the front end website – make use of one-way password encryption. When you type in your password, Joomla applies an ‘md5 hash algorithm’ to turn your password into a 40-character jumble of unintelligible text – the same 40-character jumble every time. It never actually decrypts this, it just compares the jumbled up version of what you type in with the jumbled up version that is stored in the database against your user record to see if they match.

In order to determine whether or not you are logged in at any given time, Joomla uses a ‘cookie’ – a small text file which is stored on your computer. This cookie does not contain your user name and password – it just contains a session id (or reference number), which Joomla can look up to find out who you are and whether you are logged in. So even if someone could steal the cookie from your computer, all they would get is a reference number – they couldn’t do much with it.

Release Notes
The text files that ship with a standard Joomla installation include release notes such as a ‘change log’ – a list of changes made to the program since the last release. Such information can give away valuable clues about possible weaknesses that hackers can exploit. However, the text files are protected from casual viewing by being named as PHP files and by programatically preventing browsing over HTTP. Even so, it is quite safe to delete such files from your server – that way you can be absolutely sure that nobody can see them. At the time of writing, the release note files that can be safely deleted are: CHANGELOG.php, COPYRIGHT.php, INSTALL.php, and LICENSE.php.

.htaccess File
There is a file which is supplied with Joomla called htaccess.txt. As long as the file is called htaccess.txt, it has absolutely no effect on your site. Once you rename the file to .htaccess ("dot htaccess" instead of "htaccess dot txt"), it influences every request that is made of your site (note: this applies to sites running on an Apache web server, not IIS – if you’re not sure whether your site is running on Apache or IIS, it is probably running on Apache! 99.99% of Joomla sites run on Apache web servers. Apache is the name of the web server software, not the operating system – Apache can be run on Windows or Unix or Linux or FreeBSD, etc. etc. IIS only runs on Windows).

Typically, you would only rename the file to .htaccess if you wanted to use search engine friendly URLs (or SEF URLs) – the instructions in that file allow meaningful page names to be translated internally (or ‘rewritten’) into a format that Joomla can understand. There are many other uses for an .htaccess file though, including setting password protection on a directory, to block users based on their IP address, and various other things. This little file can be very powerful! It is therefore important to ensure no unauthorised person can view it, or worse still, edit it.

In addition to setting the file permissions (see below), you can add the following directive to the top of your .htaccess file to prevent others from being able to read it:

order allow,deny
deny from all

Version 1.0.8 of Joomla introduced significant changes to the supplied htaccess file, but even so it does not include the above directive for some reason. Maybe a future version will. In the meantime, adding the above at the very top of the file will provide an additional layer of protection against abuse.

It is also a good idea to protect your site against HTTP tracking and tracing, and if you use a shared server, the easiest way to do this is to add the following to your .htaccess file (somewhere after the "RewriteEngine On" command):

RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* – [F]

Please note, that making these changes to your .htaccess file is not supported by all server configurations. Always backup your .htaccess file before making changes to it, and if your website starts reporting errors, you may have to undo your changes.

Server Settings
Joomla specifies certain settings that are recommended for proper functioning of the system. A list of the recommended and actual settings is displayed when you install Joomla. One of the recommended settings is to have ‘Display Errors’ switched on. This is not safe for a production website. It is very useful when developing and debugging a site, but there is a security vulnerability in PHP (not Joomla, but the language in which Joomla was written) which allows cross-site-scripting attacks when the display errors option is enabled.

Thankfully, as of Joomla 1.0.8, you can suppress error messages by going to Site->Global Configuration, and clicking on the ‘Server’ tab. Set the ‘Error Reporting’ option to ‘None’. If you are not using the very latest version of Joomla, it would be a very good idea to upgrade!

Otherwise, to turn off display of errors, you need to change some settings in a file called php.ini – you might not have access to this file if you use shared hosting, but it might be possible to add your own php.ini file to the root folder of your website which will only affect your site and nobody elses (or you might need to add it to every folder that contains php files). Alternatively, depending on the configuration settings on your server, you might be able to override individual php.ini settings in your .htaccess file.

The settings that need to be specified in php.ini are:

display_errors = Off
html_errors = Off
display_startup_errors = Off
log_errors = On

For additional security it may be worthwhile disabling certain PHP functions. The following 2 lines, when added to php.ini will prevent the listed functions from working. If you have a third party script that relies on one or more of these functions, it will break when you turn them off like this. Joomla does not use these functions, but some third party components might do. Disabling these functions will help to protect your site from hackers though.

allow_url_fopen = Off
disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, tempnam

If you don’t have access to the global php.ini file, you might be able to add your own. More information about doing this can be found here: http://www.washington.edu/computing/web/publishing/php-ini.html. You might need to ask your host to restart the Apache web server before your overridden settings will take effect (this does not mean rebooting the server, just restarting Apache – which only takes a few seconds). Note: If you encode your PHP files with Zend Optimizer, adding your own local php.ini file can cause PHP to think that Zend Optimizer is not installed even if it is.

If your server configuration allows it, you may be able to just add the following lines to your .htaccess file to override the settings without needing your own php.ini file. Try adding the following to the end of your .htaccess file (if your server does not recognise the directives, you will get an error message when you try to access your site):

php_flag display_errors "0"
php_flag html_errors "0"
php_flag display_startup_errors "0"
php_flag log_errors "1"
php_flag_allow_url_fopen "0"

These settings will cause any PHP errors to be logged in a text file instead of being displayed in the user’s browser window. You could also write a custom error handler in PHP to display a user-friendly message when an error occurs, but that is a task for a developer and is beyond the scope of this article.

File Permissions
Every folder and every file that your website contains has a set of properties called ‘permissions’. These properties define who is allowed to do what with the file or folder. On Unix-based operating systems (including Linux, FreeBSD, etc.), there are 3 actions that can be performed on a file: read, write, and execute; and there are 3 types of user that can perform these actions: owner, group, and other (things are a bit different on Windows, but most production Joomla sites are hosted on servers running a Unix-based operating system).

Typically, the permissions for a file are set using a 3-digit number: 000 being the most restrictive (nobody can do anything with the file – pretty pointless having a file with that level of restriction!), and 777 being the most liberal (anybody can read, write, or execute the file – that is, execute as in run a program, not execute as in chop someone’s head off). The first digit represents what the ‘owner’ of the file is allowed to do (that is, the specific ‘user’ who created the file); the second specifies what other authorised users are allowed to do, and the third says what the world at large is allowed to do. The command used by the operating system to set the permissions of a file is called ‘chmod’ which means ‘change mode’.

To get the balance between security and usability, all folders should be set to 755, and all files should be set to 644 unless a folder or file specifically requires a different setting in order to function properly. Joomla has the ability to set these permissions for you (you can tell it to do this while installing, and through the Site->Global Configuration option in Joomla administrator) when it creates new files. Using 755 and 644 for folders and files respectively generally means that the files cannot be edited – not even by Joomla (unless your server has PHP configured to use SUExec – highly recommended!).

So if you want to install a new component, module, template, or whatever, you are going to need to make sure the relevant folders are writeable (775 and 774 for folders/files respectively, or if that doesn’t work on your server, 777 for both) – otherwise Joomla will not be able to create the necessary files. To see which folders need to be writeable, go into Joomla Administrator, click on the ‘Help’ menu item, then click on the ‘System Info’ link at the top right, then click on the ‘Permissions’ tab. There is a list there of folders that need to be writeable for Joomla to function, as well as an indication of whether or not they are currently writeable on your server.

It is safest to keep files and folders unwriteable most of the time and only make them writeable when you need to – especially with reference to the configuration.php file, which stores your settings from Site->Global Configuration (keep that unwriteable [ie. 644] except when you need to make configuration changes – and make it unwriteable again as soon as you’ve finished making changes). If your website allows for users to upload files though, you will need to make the relevant folders writeable all the time, otherwise the uploads will fail.

You can change the permissions of files and folders using an FTP client, or a hosting control panel such as cPanel or Plesk.

Mambo 4.5.4 Security Patch 2 Released

Wed, 30 Nov -0001 00:00:00 +0000

Team Mambo has just released Security Patch 2 for Mambo version 4.5.4. This patch fixes a number of security vulnerabilities and provides some additional hardening of the application. It is recommended that everyone apply this patch as soon as possible.

These vulnerabilities affect all recent versions of Mambo so those still running versions of Mambo older than 4.5.4, (ex) 4.5.3h, are recommended to patch up to Mambo 4.5.4 first and then apply security patches 1 & 2. We have also built a version of 4.5.4 with both security patches already applied, MamboV4.5.4_wSP2, which should be used for brand new installs.

The new files can be found on Mamboxchange. The team will now refocus its attention on Mambo 4.6 and we will apply the same security changes as needed to 4.6 prior to the official release.

Running OSCommerce with register_global=OFF and Safe_mode=ON

Wed, 30 Nov -0001 00:00:00 +0000

How to modify your osCommerce master file in Fantastico to make it work server default with php Safe_Mode = ON and register_global = OFF

As the World-Wide-Web is turning more and more into the Wild-Wild-Web you might haverealize that you need to implement tighter security measures for PHP on your Linux server.
Having register globals enabled is a very serious security issue; it allows an attacker to inject
variables into the running PHP code. Just in case you don’t realise, this is a VERY BAD THING.

The changes to your php.ini file you would want to do is :

PHP SafeMode = ON
Register_global = OFF
And allow_url_fopen = OFF

And so after this security upgrade you probably would experience a lot of problems with your osCommerce shopping carts.

osCommerce will run with safe_mode on but you may get errors displaying on the screen, if you do, you need to make the following change

The patch for oscommerce to run with register_globals off can be downloaded from http://www.oscommerce.com/community/contributions,2097

For ALL new installs of osCommerce you can hack your osCommerce master file in Fantastico to make it work server default with php Safe_Mode=ON and register_global=OFF by following the below steps.

Firstly log into shell and find your netenberg install

locate netenberg

Mine is located in the home directory but if you have chosen a different directory, when you initially installed fantastico, then the locate command will give you the correct info where to find it Double check the correctness of the path cd /home/netenberg/archives/fantastico_de_luxe/
and

Copy netenbergs/osCommerce master package into your root directory

cp /home/netenberg/archives/fantastico_de_luxe/OS_Commerce.tgz /

Go to the root directory

cd /

Double check the copy has been successful ls Unzipping osCommerce for editing

tar -zxvf OS_Commerce.tgz

So now the whole install-files are there for the taking , actually editing I simply downloaded the patch file from http://www.oscommerce.com/community/contributions,2097 , unzipped it and uploaded the patch files to the osCommerce directory called OS_Commerce/ (PS , the upload was done via FileZilla , with the root shell access)

One thing you just need to be aware of is that all the files in the the "admin" folder go to "admin" and only the "includes" files of catalog/includes go into your "includes" root folder

Now go back to your shell window cd / We’ll need to repackage the files so firstly copy a backup of your OS_Commerce.tgz (in case something is going wrong

cp OS_Commerce.tgz OS_Commerce.tgz.bak double check you created the backup by doing ls Now we’ll delete the old OS_Commerce.tgz package

rm -f OS_Commerce.tgz

And then repackage the edited version of OS_Commerce with this command

tar -czvf OS_Commerce.tgz OS_Commerce/

Now you just need to copy this over and replace it with your OS_Commerce.tgz Fantastico Master file (please make sure again to be using your individual path to netenberg)

cp OS_Commerce.tgz /home/netenberg/archives/fantastico_de_luxe/OS_Commerce.tgz

It will ask you if you wanna overwrite it just press Y and enter So now you did the edit to your fantastico master file for OSCommerce

Better go and test it with a fresh test install. With this guide you can actually do a lot of edits for your preinstalled scripts like edit the footer to reflect your hosting company or others !

How to upgrade the embedded phpBB forum within phpNuke

Wed, 30 Nov -0001 00:00:00 +0000

If you've recently installed phpNuke with Fantistico (it's at the bottom of your Control Panel – if you haven't seen it – go look), you may have noticed that the phpBB version is about 5 releases out of date.
The most recent version of phpBB is 2.0.21, but the version within the phpNuke 7.8 Release is 2.0.15. However, before you run out and download the standalone updates/patches for phpBB, please keep reading.

This is a special version of phpBB that is designed to run inside and with phpNuke, so DO NOT simply patch phpBB with the "official version" from phpbb.com. This WILL break some of the functionality of the embedded version. Your gonna have to do a little bit of work, but it'll be worth it. You will be required to download some files, unzip them, upload to your webspace, and then run 4 URLs from your browser. Please note that this is a file-by-file update – and you cannot patch all in one fell swoop. It still will probably only take 10 minutes – and you'll have a much more secure version of phpBB.

Here are the steps:

Go to http://www.nukeresources.com/download-search-.html , enter "BBtoNuke" in the search box. (I don't think you can hotlink directly to the files, hence the required search).

Then look for the following files:

BBtoNuke 2.0.16
BBtoNuke 2.0.17
BBtoNuke 2.0.18
BBtoNuke 2.0.19
BBtoNuke 2.0.20
BBtoNuke 2.0.21

(do not get the files with the NP extension)

Save these files to your local PC. Unzip them one at a time (I'd do each one in a seperate temporary directory), fire up your FTP program and upload the files to the root directory on your AUSWEB hosting account (assuming that you have installed phpNuke to the root directory).

Make sure to keep the directory structures intact. Now, from your browser, run the various updater files. The URLs will look like this…

http://yourDOMAIN-phpnukeinstall.com/update15-16.php
http://yourDOMAIN-phpnukeinstall.com/update16-17.php
http://yourDOMAIN-phpnukeinstall.com/update17-18.php
http://yourDOMAIN-phpnukeinstall.com/update18-19.php
http://yourDOMAIN-phpnukeinstall.com/update19-20.php
http://yourDOMAIN-phpnukeinstall.com/update20-21.php

Note that you'll have to update in the order as show above and it's an incremental, file-by-file update.
So you'll be updating to verion 2.0.16, then 2.0.17, then 2.0.18, then 2.0.19, the 2.0.20 and 2.0.21 (if you choose).

Now, you have the latest version of phpBB running with your PHP-Nuke install and you haven't broken anything!

Dont forget to delete the update php files after you are finished (update16-17.php – update20-21.php)

Here's a few extra links to some phpNuke resources:

http://nukecops.com/forums.html
http://www.nukeresources.com/

New Skype Phone Doesnt Need PC or Wi-Fi

Wed, 30 Nov -0001 00:00:00 +0000

Skype announced a new cordless phone on Thursday that sends and receives Skype calls just like a landline, but without the need for a computer.

Typically, Skype phones work through a computer or a laptop. The new Philips VOIP841 plugs into a standard RJ-11 home phone jack, as well as into an RJ-45 broadband connection jack. It can send and receive Skype calls as well as calls from a regular home phone number.

"So now in order to have Skype, you don’t have to have a PC," said Manrique Brenes, director of hardware business development for Skype. But you do have to have a broadband connection.

"If someone calls on the regular phone, it will ring. If someone calls you on your Skype, it will ring. It’s similar to the experience you have on the laptop, but it’s a lot easier to use. We’ve had a lot of success with the regular USB phones, and we think this is taking it a step further."

Skype partnered with Philips to make the new cordless phone, but they expect to partner with other manufacturers in the near future. The phone will debut at the Internationale Funkausstellung, a consumer electronics show in Berlin, on Thursday. It will be available to consumers during the holiday buying season for around $150.

The Philips VOIP841 has a screen with an interface that looks like Skype’s program where users can log in with their password so that the phone automatically downloads the users’ Skype contacts. Users can also search for Skype contacts directly on the phone and add them to an integrated contact list for both Skype contacts and traditional phone numbers.

Although a cordless Skype phone could in theory replace a home phone, Brenes was careful to point out that replacing landlines is not the company’s intention.

"Ultimately, we don’t intend to be a landline replacement service," Brenes said. "Landlines provide services that we don’t provide, like emergency calling services. We see this as an extension of our Skype plan, that provides video and file transfer that the landlines don’t do. This is essentially a bridge between your traditional landline and the Skype experience."

Brenes said that a cordless Skype phone is ideal for consumers who make a lot of international and long-distance calls, but aren’t necessarily computer savvy.

"My parents for example are really not computer centric people," Brenes said. "So I can get one of these devices for them, hook it up to their broadband connection and suddenly you don’t need a computer. My parents have children that are still teenagers and they have a PC with a broadband connection, but my father never sits in front of it."

With the success of Skype, telephony vendors seem eager to bring the service to business and home lines as quickly as possible. On Tuesday, Actiontec announced a Skype-approved private branch exchange (PBX) product that allows every phone extension in an office to make and receive Skype calls without changing existing phone equipment.

Designed for businesses of 10 to 300 employees, the VoSKY Exchange is a videocassette-sized device that plugs into the PBX on one end and a Windows XP computer on the other. It adds up to four outgoing Skype lines to the PBX, with rollover capabilities in the event that one line is busy. It is available now for $799.

News Source By Natali T. Del Conte @ PCMag

Keeping phpBB up-to-date closes security holes

Wed, 30 Nov -0001 00:00:00 +0000

With the continued development of cPanel/WHM, there are bound to be changes in the way things are handled via the control panel. More recently, one of those is how add-on scripts are handled both in installation and management/updating.

"Addon Scripts" has been replaced within WHM with "Install cPAddon Scripts" (in your WHM, you might even see a link named "Addon Scripts (Deprecated)."

The Addon Script Manager previously utilized to update scripts cPanel can install has been replaced with "Manage cPAddon Scripts."

Installs of scripts, like phpBB, can only be "managed" or mass upgraded automatically by the script manager that installed it. That is to say, if you previously installed phpBB via "Addon Scripts" you will not be able to update it via "Managed cPAddon Scripts." In this case, you will need to use the "Addon Script Manager"

NOTE: Since Addon Scripts have been deprecated, updates for the scripts via the addon scripts manager are not up to date!!! That means you will need to manually update these installations to the latest version.

At the time of this writing, the Addon Script manager considered phpBB 2.0.17 up to date, while cPAddon Scripts was installing 2.0.21.

Remember that no matter what cPanel script manager you utilize, it will update the installs of phpBB that were installed via cpanel only.

Manuall installations of phpBB will NOT be updated via this method and must be updated manually. http://www.phpbb.com/downloads.php has more information on the latest version available.

http://www.phpbb.com/security/ provides a listing of known security vulnerabilities.

Microsoft Security Bulletin Summary for July 2006

Wed, 30 Nov -0001 00:00:00 +0000

Summary: This advisory contains information about all security updates
released this month. It is broken down by security bulletin severity.

Critical Security Bulletins
===========================

MS06-035 – Vulnerability in Server Service Could Allow Remote Code
Execution
(917159)

– Affected Software:
    – Windows Server 2003 Service Pack 1
    – Windows Server 2003
    – Windows Server 2003 with SP1 for Itanium-based Systems
    – Windows Server 2003 for Itanium-based Systems
    – Windows Server 2003 x64 Edition
    – Windows XP Professional Service Pack 2
    – Windows XP Professional Service Pack 1
    – Windows XP Professional x64 Edition
    – Windows XP Home Service Pack 2
    – Windows XP Home Service Pack 1
    – Windows 2000 Service Pack 4

– Impact: Remote Code Execution
– Version Number: 1.0

MS06-036 – Vulnerability in DHCP Client Service Could Allow Remote
Code
Execution (914388)

– Impact: Remote Code Execution
– Version Number: 1.0

MS06-037 – Vulnerabilities in Microsoft Excel Could Allow Remote Code
Execution
(917285)

– Affected Software:
    – Excel 2003
    – Excel Viewer 2003
    – Excel 2002
    – Excel 2000
    – Excel v.X for Mac
    – Excel 2004 for Mac

– Impact: Remote Code Execution
– Version Number: 1.0

MS06-038 – Vulnerabilities in Microsoft Office Could Allow Remote
Code Execution
(917284)

– Affected Software:
    – Office 2003 Service Pack 2
    – Office 2003 Service Pack 1
    – Office XP Service Pack 3
    – Office 2000 Service Pack 3
    – Office v.X for Mac
    – Office 2004 for Mac
    – Project 2002
    – Project 2000
    – Visio 2002
    – Works Suite 2006
    – Works Suite 2005
    – Works Suite 2004

– Impact: Remote Code Execution
– Version Number: 1.0

MS06-039 – Vulnerabilities in Microsoft Office Filters Could Allow
Remote Code
Execution (915384)

– Affected Software:
    – Office 2003 Service Pack 2
    – Office 2003 Service Pack 1
    – Office XP Service Pack 3
    – Office 2000 Service Pack 3
    – Project 2002
    – Project 2000
    – Works Suite 2006
    – Works Suite 2005
    – Works Suite 2004

– Impact: Remote Code Execution
– Version Number: 1.0

Important Security Bulletins
============================

MS06-033 – Vulnerability in ASP.NET Could Allow Information
Disclosure (917283)

– Impact: Information Disclosure
– Version Number: 1.0

MS06-034 – Vulnerability in Microsoft Internet Information Services
using Active
Server Pages Could Allow Remote Code Execution (917537)

– Impact: Remote Code Execution
– Version Number: 1.0

Update Availability:
===================
Updates are available to address these issues.
For additional information, including Technical Details,
Workarounds, answers to Frequently Asked Questions,
and Update Deployment Information please read
the Microsoft Security Bulletin Summary for this
month at: http://go.microsoft.com/fwlink/?LinkId=69768

Zidane Headbutt Game

Wed, 30 Nov -0001 00:00:00 +0000

Digital presents us with another refreshing way to win the worldcup!
http://www.thoseforums.com/forum/viewtopic.php?t=1414
Maybe the aussies should have done the same ?

Linux Terminal Servers for Any Business

Wed, 30 Nov -0001 00:00:00 +0000

A Linux Terminal Server offers any business an elegant and cost-effective way to integrate the power of open source. In this article, I review some basics of network topology and offer suggestions about how to install a prototype server. I top it off with some tips for business-specific installations and configuration…

A Linux Terminal Server allows almost any business to gain the benefits of open source and the power of Linux immediately. What makes an LTS distinct is that it integrates well, without burden to infrastructure or people. Moreover, the performance of an LTS dramatically showcases Linux power. One LTS can serve graphics and applications to many desktop PCs simultaneously.

By placing the LTS into an existing subnet, colleagues can access the many useful applications and features with almost no effort-and at their convenience.

A great deal of effort has been put into the Linux Terminal Server Project (LTSP) to make it seamless. LTS simplifies installation by isolating the integration work exclusively on the server.

With an LTS, even the most hesitant users experience the benefits of open source in their organizational context. No re-installs are required. No major licensing or policy changes. And most important of all, the financial costs are negligible.

As an illustration, I recently found that a local real-estate company had needs that perfectly matched with an LTS. Among the many available applications, I demonstrated the ease of The GIMP to alter photos downloaded from the agents’ cameras. Then I included simple bash scripts to automate the uploading of the enhanced images to their Web site. The GIMP exemplifies the many outstanding open-source programs they could access easily through the LTS.

This simple example demonstrates how a business that never considered Linux or open source could quickly gain access to applications with very little cost in time or money. Above all, the agents could access the LTS from their own desktops without any alterations.

Now, let me share some of the basics of integrating an LTS into your business.

First, choose your network topology and server based on your specific business context. Next, choose your method of installation and follow the on-line instructions. Finally, configure your server to support thin-client connections. You’ll find that most installations work smoothly and quickly. To help guide your steps, I include tips for some of the more essential configurations.

Go here to read the complete article for Linux Terminal Servers

Upgrading your centOS kernel

Wed, 30 Nov -0001 00:00:00 +0000

If you are having issues with your present linux kernel or just want to upgrade to kernel-smp-2.6.9-39.1 then here is the step by step guide.

uname -a

the output should be something like

Linux your.host.name 2.6.9-37.ELsmp #1 SMP Fri May 19 18:07:42 EDT 2006 i686 i686 i386 GNU/Linux

the "2.6.9-37.ELsmp" is the current kernel on your server.
That’s what i have now.

You probably have 22 or 34, instead of my 37.

If so, while logged into your server,

wget http://people.redhat.com/~jbaron/rhel4/RPMS.kernel/kernel-smp-2.6.9-39.1.EL.i686.rpm

and after the download has completed, install the kernel

rpm -ivh kernel-smp-2.6.9-39.1.EL.i686.rpm

Check to see if the new kernel is installed by default in grub.conf

cat /boot/grub/grub.conf

Default should be 0
And the kernel you’ve just installed should be the first one

title CentOS (2.6.9-39.ELsmp)
root (hd0,0)
kernel /vmlinuz-2.6.9-39.ELsmp ro root=/dev/sda6
initrd /initrd-2.6.9-39.ELsmp.img

After that, wait until your server is not that busy(night time) and reboot the server.

After it comes back online, check what kernel your system is using again (uname -a)

45 Minutes to a Moodle Education Server

Wed, 30 Nov -0001 00:00:00 +0000

This beginner article provides step-by-step instructions for installing Moodle, a Learning Management System, on to a Fedora Linux server.
It provides the steps necessary to setup a full powered intranet web-server that can support course listings, event calendars, student/teacher communication and… Complete article.

Searching for Spammers

Wed, 30 Nov -0001 00:00:00 +0000

Chirpy brought us another great tutorial :

There are two aspects to dealing with spam for a server administrator:
1/ Inbound spam to users
2/ Outbound spam from compromised scripts

Both need very different approaches to help detect, remove and resolve.

Inbound spam to users

Inbound spam is the scourge of the modern internet and, the inconvenience to users aside, can cause serious performance and resource issues on the server. These can affect both the server overall and the timely deliver of clean email in particular.

The best way to tackle inbound spam is at the entry point into the server – the MTA, i.e. exim the SMTP server of choice for cPanel. By blocking spam before it has even entered the server you save both on server resources used when delivering the email in addition to 3rd party tools to help detect spam further along the email relay process.

To do this you need to do work at the RCPT stage of the SMTP protocol. This occurs during the transaction between the sender and recipient SMTP servers and comes before the actual body of an email arrives on a server. The primary form of spam attack is the Dictionary Attack:

A common technique for spammers to use is what is known as a dictionary attack on a domain. A dictionary attack, in our context, is a single SMTP connection that attempts to send email from a spam source to a random set of names on our domain, e.g. bob@ourdomain.com fred@ourdomain.com harry@ourdomain.com, in the hope that one of the many hundreds that we try will get a hit and deliver our spam.

This technique is used by spammers mainly because most people don’t advertise their email addresses (due to spam!) and they want to access this untapped market.

To prevent this type of spam getting through, it is essential that you do not use the Default Address (catchall) feature within cPanel to receive emails wherever possible. You should always setup specific Forwarders (aliases) for any email addresses you use and set the Default Address to :fail: for each domain.

By using :fail: exim will automatically reject email at the SMTP RCPT stage and make dictionary attacks redundant. Additionally, you can use exim ACLs to block such spammers who repeatedly perform dictionary attacks to further relieve the server of the load from dealing with them. See:
http://www.configserver.com/free/eximdeny.html

From a server performance perspective, it is essential that you use :fail: and not :blackhole: with email addresses or the Default Address to block such spam. Mor information about the reasoning for this is presented here.

Another preventative measure is to enable the WHM options:

WHM > Exim Configuration Editor > Verify the existance of email senders.
WHM > Exim Configuration Editor > Use callouts to verify the existance of email senders.

These two options have exim check that any server that attempts to relay email to your server can actually receive email in reply. This is part of the RFC requirements of an SMTP server and the inability of a server to do so indicates a likely spammer.

There are numerous other checks that you can also perform at the SMTP RCPT stage in exim ACLs. Examples are using RBL checks to reject email from IP addresses that originate from IP addresses that are know to harbour spammers, e.g.:

deny message = Message rejected – $sender_fullhost is in an RBL, see $dnslist_text
     !hosts = +relay_hosts
     !authenticated = *
     dnslists = bl.spamcop.net : sbl-xbl.spamhaus.org

You can also check the format of email headers to ensure that they’re RFC compliant, which many spam servers are not. A typical example is checking the SMTP HELO/EHLO protocol command to ensure it’s correctly structured, e.g.:

deny message = HELO/EHLO set to my IP address
condition = ${if match {$sender_helo_name}{11.22.33.44} {yes}{no}}

(where 11.22.33.44 is your servers main IP address)

deny message = EHLO/HELO does not contain a dotted address
condition = ${if match{$sender_helo_name}{\.}{no}{yes}}

Finally, once the email has passed through these hoops, you can implement a 3rd party application to scan emails and tag them as likely spam. cPanel has an inbuilt solution that uses SpamAssassin to score email likely to be spam. You can then have such emails filtered to a special account or the client can filter such emails based on the email header record modifications made by SpamAssassin.

An alternative is to use a more thorough tool such as MailScanner which can be very effective at scoring spam emails.

However, a cPanel server using such a tool is not supported by cPanel and would have to be removed/disabled before cPanel would investigate any email related issues should you need support.

Outbound spam from compromised scripts

Outgoing spam is likely to come from two sources:

Indirectly from a compromised web script in a clients account
Directly from a client

The starting point for both will be the exim mainlog:

/var/log/exim_mainlog (Linux)
/var/log/exim/mainlog (FreeBSD)

For the purpose of this document I am going to assume a Linux OS.

The most laborious way to track messages down is to trawl the exim mainlog and to look for anomalous behaviour. This is actually very difficult to do and you really need to narrow down exactly what you are looking for.

Tracking down spammers is a difficult affair, but can be made easier with some preparation of your servers environment. I would strongly advise that you add the following to the exim configuration to enable some extended logging that greatly improves the ease in tracking down on-server spammers:

In WHM > Exim Configuration Editor > Switch to Advanced Mode > in the first textbox add the following line and then Save:

log_selector = +arguments +subject

This tells exim to log the path on disk from where the email was executed and the subject of the email. You can then interrogate the exim mainlog more easily.

The best way to do this is to obtain the original email header from the spam originating from your server. This you should receive either from the person reporting the spam, or from remnants of a spam attack in the exim mail queue.

The part required in the email is the exim message id in the Received: header line within the email header of the spam.

As an example, take the following email header:

Return-path:
Received: from [11.22.33.44] (helo=barfoo.com)
     by foobar.com with esmtps (TLSv1:AES256-SHA:256)
     (Exim 4.52)
     id 1FZ8z3-0006M4-Do
     for fred@foobar.com; Thu, 27 Apr 2006 17:04:49 +0100
Received: from forums by barfoo.com with local (Exim 4.43)
     id 1FZ8zt-0005lz-E7
     for fred@foobar.com; Thu, 27 Apr 2006 12:05:41 -0400
To: fred@foobar.com
Subject: Buy Me!
From: bob@barfoo.com

The Received: header lines are added to the email header, so the original Received: line that we’re interested in is:

Received: from forums by barfoo.com with local (Exim 4.43)
id 1FZ8zt-0005lz-E7
for fred@foobar.com; Thu, 27 Apr 2006 12:05:41 -0400

And the id we want is 1FZ8zt-0005lz-E7

This is the unique identifier for this email that has originated from the server. With this, we can follow the exim transaction on the server to see how it was processed using:

grep 1FZ8zt-0005lz-E7 /var/log/exim_mainlog

(be aware that the exim_mainlog files may have been rotated so you may have to expand compressed archives and search them instead)

This transaction may look something like this:

2006-04-27 17:43:41 1FZ8zt-0005lz-E7 <= bob@barfoo.com U=nobody P=local S=4001 T="Buy Me!"
2006-04-27 17:43:50 cwd=/home/ClientX/public_html/phpBB/ 5 args: /usr/sbin/exim -Mc 1FZ8zt-0005lz-E7
2006-04-27 17:43:53 1FZ8zt-0005lz-E7 => fred@foobar.com R=lookuphost T=remote_smtp H=foobar.com [44.33.22.11] X=TLSv1:AES256-SHA:256
2006-04-27 17:43:53 1FZ8zt-0005lz-E7 Completed

In this example, we can see that the email originated from the nobody user locally on the server. This means that the likely spam was sent from a script on the server. The nobody user is used to run the Apache web server and is the default username and group that Apache will execute web scripts as. Two things can affect this:

suexec, if enabled, will run CGI scripts as the owner of the script file, typically the cPanel account name
phpsuexec, if enabled, will run PHP scripts in the same manner as CGI scripts

suexec is typically always enabled on web servers and phpsuexec may or may not be. If phpsuexec is not enabled, then in all likelihood, the script run under the nobody account will be a PHP script.

From the example above we can see that a script was run from with the /home/ClientX/public_html/phpBB/ directory on the server, which would suggest a compromised PHP script within that directory.

Here’s another example of a spam originating from a client instead of a script. This can happen either with malicious intent, or if the clients PC has been compromised by a virus or worm:

2006-04-27 17:54:51 1FZ9lT-000707-O2 <= bob@barfoo.com H=someisp.com ([192.168.254.2]) [11.22.33.44] P=esmtpa A=fixed_plain:bob@barfoo.com S=715 id=ABCDEFG T="Buy Me!"
2006-04-27 17:54:51 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1FZ9lT-000707-O2
2006-04-27 17:54:51 1FZ9lT-000707-O2 => fred@foobar.com R=boxtraper_autowhitelist T=boxtrapper_autowhitelist
2006-04-27 17:54:52 1FZ9lT-000707-O2 => fred@foobar.com R=lookuphost T=remote_smtp H=foobar.com [44.33.22.11] X=TLSv1:AES256-SHA:256
2006-04-27 17:54:52 1FZ9lT-000707-O2 Completed

In this example, the key part is:

A=fixed_plain:bob@barfoo.com

This shows that the email was authenticated for relaying using SMTP AUTH (i.e. fixed_plain) and the username bob@barfoo.com from that clients PC.

As you can see, there is a great depth to the amount of work needed to track down spammers on a server, plus there’s the additional work of closing holes in insecure scripts if they are the cause. Some instances can be much more complex and require trawling through the Apache logs for domains in /usr/local/apache/domlogs/* which is not a trivial matter.

The best security from such exploitation is to keep your server secure and to be aware of who and what you allow on your server.

Chirpy does of course offer a service to perform this type of work

EV1 and The Planet Announce Merger

Wed, 30 Nov -0001 00:00:00 +0000

Combination Creates Industry-leading Dedicated Hosting Company; Combined Company Will Continue to Deliver Industry-leading Client Experience

DALLAS, TX — Everyones Internet (EV1) and The Planet, two leading providers of dedicated hosting, announced today that they have merged.

Clients of both EV1 and The Planet will continue to enjoy the same industry-leading products and services they have come to expect. The combined entity will further develop both the EV1 and The Planet brands, supporting over 20,000 clients and 50,000 dedicated servers. This combination creates the largest dedicated hosting provider in the market, which has the scope, scale and financial strength to deliver superior service levels and innovative product offerings to existing and new clients.

The merger between EV1 and The Planet follows controlling investments recently made in each by GI Partners, a leading private equity firm with deep experience in technology infrastructure.

"The merger is exciting news for all stakeholders," said Robert Marsh, Headsurfer and founder of EV1. "It will be seamless from a client perspective and will result in a host of benefits for our clients."

"The opportunities created by this merger are extremely exciting, and we look forward to combining our resources for the benefit of our clients," commented Peter Pathos, founder of The Planet.

"We are very pleased to have this opportunity to invest in further building upon the strong foundations at EV1 and The Planet," said Howard Park, Managing Director of GI Partners. "Our aim is to provide the additional access to financial and other resources that will enable the combined company to continue growing profitably while further improving service levels, expanding product offerings, and enhancing the total client experience."

About EV1

EV1, based in Houston, Texas, provides dedicated internet technology services to small and mid-sized companies, including sole proprietors and technically sophisticated individuals.

About GI Partners

With offices in Menlo Park and London, GI Partners is a leading private equity firm with $2 billion of capital under management. The firm invests in companies with recurring revenue and asset-intensive business models in North America and Western Europe.

About The Planet

With over 10 years experience, The Planet delivers enterprise level hosting solutions that are readily available, affordable, and scalable. The Planet offers dedicated servers, co-location, Internet access, email and business continuance. Customers receive extreme value through offerings such as advanced security, proactive monitoring, database administration, data storage, load balancing, and virtual private networks, all managed through Orbit^SM, The Planet’s customer portal.

New internet media star…. – mistaken interview identity

Wed, 30 Nov -0001 00:00:00 +0000

Digital reports: He is the BBC’s latest star – the cab driver who a leading presenter believed was a world expert on the internet music business.
The man stepped unwittingly into the national spotlight when he was interviewed by mistake on the corporation’s News 24 channel.

With the seconds ticking down to a studio discussion about a court case involving Apple Computer and The Beatles’ record label, a floor manager had run to reception and grabbed the man, thinking he was Guy Kewney, editor of Newswireless.net, a specialist internet publication.

Actually, he was a minicab driver who had been waiting to drive Mr Kewney home.

Baffled, but compliant, the driver was fitted with a microphone and allowed himself to be marched in to the studio. Cameras rolled, and he was quizzed live on air by consumer affairs correspondent Karen Bowerman – who missed the cabbie’s panic-stricken expression when he realised he was being interviewed.

Despite knowing nothing about the case – a judge ruled that the computer company could continue to use the Apple symbol for its iTunes download service – the man gamely attempted to bluff his way through and, speaking in a strong French accent, sustained a (somewhat illogical) form of conversation. Meanwhile, the real Mr Kewney watched indignantly on a monitor in reception.

A tape of the exchange, broadcast on Monday morning, has become a classic among BBC workers.

It starts with the mystery man’s horrified expression as Ms Bowerman introduces him as a technology expert, followed by his plucky attempt to answer her question on whether he was surprised by the verdict.

Yes, he says with feeling. It was a ‘big surprise’. After an increasingly confusing exchange, the presenter cut with relief to the BBC’s equally puzzled reporter outside the court, while the taxi driver was hurried out of the studio.

The BBC apologised, saying the mistake occurred because the man was wearing Mr Kewney’s name tag. Mr Kewney said: "Everyone seems to think he was a taxi driver waiting in reception to take me home. But no one knows for sure."

He added: "There were several surprising things about ‘my’ interview. Judging by my performance, English wasn’t my first language and I didn’t seem to know much about Apple, online music or The Beatles."

He said the taxi driver "seemed as baffled as I felt". Last night, the driver’s identity remained a mystery. None of the taxi firms regularly used by the BBC would admit to employing him.

CLICK HERE TO WATCH THE WMV VIDEO STREAM

News Source: http://www.thoseforums.com/forum/viewtopic.php?t=1359