Wired Gorilla

Mambo 4.5.4 Security Patch 2 Released

Wed, 30 Nov -0001 00:00:00 +0000

Team Mambo has just released Security Patch 2 for Mambo version 4.5.4. This patch fixes a number of security vulnerabilities and provides some additional hardening of the application. It is recommended that everyone apply this patch as soon as possible.

These vulnerabilities affect all recent versions of Mambo so those still running versions of Mambo older than 4.5.4, (ex) 4.5.3h, are recommended to patch up to Mambo 4.5.4 first and then apply security patches 1 & 2. We have also built a version of 4.5.4 with both security patches already applied, MamboV4.5.4_wSP2, which should be used for brand new installs.

The new files can be found on Mamboxchange. The team will now refocus its attention on Mambo 4.6 and we will apply the same security changes as needed to 4.6 prior to the official release.

Running OSCommerce with register_global=OFF and Safe_mode=ON

Wed, 30 Nov -0001 00:00:00 +0000

How to modify your osCommerce master file in Fantastico to make it work server default with php Safe_Mode = ON and register_global = OFF

As the World-Wide-Web is turning more and more into the Wild-Wild-Web you might haverealize that you need to implement tighter security measures for PHP on your Linux server.
Having register globals enabled is a very serious security issue; it allows an attacker to inject
variables into the running PHP code. Just in case you don’t realise, this is a VERY BAD THING.

The changes to your php.ini file you would want to do is :

PHP SafeMode = ON
Register_global = OFF
And allow_url_fopen = OFF

And so after this security upgrade you probably would experience a lot of problems with your osCommerce shopping carts.

osCommerce will run with safe_mode on but you may get errors displaying on the screen, if you do, you need to make the following change

The patch for oscommerce to run with register_globals off can be downloaded from http://www.oscommerce.com/community/contributions,2097

For ALL new installs of osCommerce you can hack your osCommerce master file in Fantastico to make it work server default with php Safe_Mode=ON and register_global=OFF by following the below steps.

Firstly log into shell and find your netenberg install

locate netenberg

Mine is located in the home directory but if you have chosen a different directory, when you initially installed fantastico, then the locate command will give you the correct info where to find it Double check the correctness of the path cd /home/netenberg/archives/fantastico_de_luxe/
and

Copy netenbergs/osCommerce master package into your root directory

cp /home/netenberg/archives/fantastico_de_luxe/OS_Commerce.tgz /

Go to the root directory

cd /

Double check the copy has been successful ls Unzipping osCommerce for editing

tar -zxvf OS_Commerce.tgz

So now the whole install-files are there for the taking , actually editing I simply downloaded the patch file from http://www.oscommerce.com/community/contributions,2097 , unzipped it and uploaded the patch files to the osCommerce directory called OS_Commerce/ (PS , the upload was done via FileZilla , with the root shell access)

One thing you just need to be aware of is that all the files in the the "admin" folder go to "admin" and only the "includes" files of catalog/includes go into your "includes" root folder

Now go back to your shell window cd / We’ll need to repackage the files so firstly copy a backup of your OS_Commerce.tgz (in case something is going wrong

cp OS_Commerce.tgz OS_Commerce.tgz.bak double check you created the backup by doing ls Now we’ll delete the old OS_Commerce.tgz package

rm -f OS_Commerce.tgz

And then repackage the edited version of OS_Commerce with this command

tar -czvf OS_Commerce.tgz OS_Commerce/

Now you just need to copy this over and replace it with your OS_Commerce.tgz Fantastico Master file (please make sure again to be using your individual path to netenberg)

cp OS_Commerce.tgz /home/netenberg/archives/fantastico_de_luxe/OS_Commerce.tgz

It will ask you if you wanna overwrite it just press Y and enter So now you did the edit to your fantastico master file for OSCommerce

Better go and test it with a fresh test install. With this guide you can actually do a lot of edits for your preinstalled scripts like edit the footer to reflect your hosting company or others !

How to upgrade the embedded phpBB forum within phpNuke

Wed, 30 Nov -0001 00:00:00 +0000

If you've recently installed phpNuke with Fantistico (it's at the bottom of your Control Panel – if you haven't seen it – go look), you may have noticed that the phpBB version is about 5 releases out of date.
The most recent version of phpBB is 2.0.21, but the version within the phpNuke 7.8 Release is 2.0.15. However, before you run out and download the standalone updates/patches for phpBB, please keep reading.

This is a special version of phpBB that is designed to run inside and with phpNuke, so DO NOT simply patch phpBB with the "official version" from phpbb.com. This WILL break some of the functionality of the embedded version. Your gonna have to do a little bit of work, but it'll be worth it. You will be required to download some files, unzip them, upload to your webspace, and then run 4 URLs from your browser. Please note that this is a file-by-file update – and you cannot patch all in one fell swoop. It still will probably only take 10 minutes – and you'll have a much more secure version of phpBB.

Here are the steps:

Go to http://www.nukeresources.com/download-search-.html , enter "BBtoNuke" in the search box. (I don't think you can hotlink directly to the files, hence the required search).

Then look for the following files:

BBtoNuke 2.0.16
BBtoNuke 2.0.17
BBtoNuke 2.0.18
BBtoNuke 2.0.19
BBtoNuke 2.0.20
BBtoNuke 2.0.21

(do not get the files with the NP extension)

Save these files to your local PC. Unzip them one at a time (I'd do each one in a seperate temporary directory), fire up your FTP program and upload the files to the root directory on your AUSWEB hosting account (assuming that you have installed phpNuke to the root directory).

Make sure to keep the directory structures intact. Now, from your browser, run the various updater files. The URLs will look like this…

http://yourDOMAIN-phpnukeinstall.com/update15-16.php
http://yourDOMAIN-phpnukeinstall.com/update16-17.php
http://yourDOMAIN-phpnukeinstall.com/update17-18.php
http://yourDOMAIN-phpnukeinstall.com/update18-19.php
http://yourDOMAIN-phpnukeinstall.com/update19-20.php
http://yourDOMAIN-phpnukeinstall.com/update20-21.php

Note that you'll have to update in the order as show above and it's an incremental, file-by-file update.
So you'll be updating to verion 2.0.16, then 2.0.17, then 2.0.18, then 2.0.19, the 2.0.20 and 2.0.21 (if you choose).

Now, you have the latest version of phpBB running with your PHP-Nuke install and you haven't broken anything!

Dont forget to delete the update php files after you are finished (update16-17.php – update20-21.php)

Here's a few extra links to some phpNuke resources:

http://nukecops.com/forums.html
http://www.nukeresources.com/

New Skype Phone Doesnt Need PC or Wi-Fi

Wed, 30 Nov -0001 00:00:00 +0000

Skype announced a new cordless phone on Thursday that sends and receives Skype calls just like a landline, but without the need for a computer.

Typically, Skype phones work through a computer or a laptop. The new Philips VOIP841 plugs into a standard RJ-11 home phone jack, as well as into an RJ-45 broadband connection jack. It can send and receive Skype calls as well as calls from a regular home phone number.

"So now in order to have Skype, you don’t have to have a PC," said Manrique Brenes, director of hardware business development for Skype. But you do have to have a broadband connection.

"If someone calls on the regular phone, it will ring. If someone calls you on your Skype, it will ring. It’s similar to the experience you have on the laptop, but it’s a lot easier to use. We’ve had a lot of success with the regular USB phones, and we think this is taking it a step further."

Skype partnered with Philips to make the new cordless phone, but they expect to partner with other manufacturers in the near future. The phone will debut at the Internationale Funkausstellung, a consumer electronics show in Berlin, on Thursday. It will be available to consumers during the holiday buying season for around $150.

The Philips VOIP841 has a screen with an interface that looks like Skype’s program where users can log in with their password so that the phone automatically downloads the users’ Skype contacts. Users can also search for Skype contacts directly on the phone and add them to an integrated contact list for both Skype contacts and traditional phone numbers.

Although a cordless Skype phone could in theory replace a home phone, Brenes was careful to point out that replacing landlines is not the company’s intention.

"Ultimately, we don’t intend to be a landline replacement service," Brenes said. "Landlines provide services that we don’t provide, like emergency calling services. We see this as an extension of our Skype plan, that provides video and file transfer that the landlines don’t do. This is essentially a bridge between your traditional landline and the Skype experience."

Brenes said that a cordless Skype phone is ideal for consumers who make a lot of international and long-distance calls, but aren’t necessarily computer savvy.

"My parents for example are really not computer centric people," Brenes said. "So I can get one of these devices for them, hook it up to their broadband connection and suddenly you don’t need a computer. My parents have children that are still teenagers and they have a PC with a broadband connection, but my father never sits in front of it."

With the success of Skype, telephony vendors seem eager to bring the service to business and home lines as quickly as possible. On Tuesday, Actiontec announced a Skype-approved private branch exchange (PBX) product that allows every phone extension in an office to make and receive Skype calls without changing existing phone equipment.

Designed for businesses of 10 to 300 employees, the VoSKY Exchange is a videocassette-sized device that plugs into the PBX on one end and a Windows XP computer on the other. It adds up to four outgoing Skype lines to the PBX, with rollover capabilities in the event that one line is busy. It is available now for $799.

News Source By Natali T. Del Conte @ PCMag

Keeping phpBB up-to-date closes security holes

Wed, 30 Nov -0001 00:00:00 +0000

With the continued development of cPanel/WHM, there are bound to be changes in the way things are handled via the control panel. More recently, one of those is how add-on scripts are handled both in installation and management/updating.

"Addon Scripts" has been replaced within WHM with "Install cPAddon Scripts" (in your WHM, you might even see a link named "Addon Scripts (Deprecated)."

The Addon Script Manager previously utilized to update scripts cPanel can install has been replaced with "Manage cPAddon Scripts."

Installs of scripts, like phpBB, can only be "managed" or mass upgraded automatically by the script manager that installed it. That is to say, if you previously installed phpBB via "Addon Scripts" you will not be able to update it via "Managed cPAddon Scripts." In this case, you will need to use the "Addon Script Manager"

NOTE: Since Addon Scripts have been deprecated, updates for the scripts via the addon scripts manager are not up to date!!! That means you will need to manually update these installations to the latest version.

At the time of this writing, the Addon Script manager considered phpBB 2.0.17 up to date, while cPAddon Scripts was installing 2.0.21.

Remember that no matter what cPanel script manager you utilize, it will update the installs of phpBB that were installed via cpanel only.

Manuall installations of phpBB will NOT be updated via this method and must be updated manually. http://www.phpbb.com/downloads.php has more information on the latest version available.

http://www.phpbb.com/security/ provides a listing of known security vulnerabilities.

Microsoft Security Bulletin Summary for July 2006

Wed, 30 Nov -0001 00:00:00 +0000

Summary: This advisory contains information about all security updates
released this month. It is broken down by security bulletin severity.

Critical Security Bulletins
===========================

MS06-035 – Vulnerability in Server Service Could Allow Remote Code
Execution
(917159)

– Affected Software:
    – Windows Server 2003 Service Pack 1
    – Windows Server 2003
    – Windows Server 2003 with SP1 for Itanium-based Systems
    – Windows Server 2003 for Itanium-based Systems
    – Windows Server 2003 x64 Edition
    – Windows XP Professional Service Pack 2
    – Windows XP Professional Service Pack 1
    – Windows XP Professional x64 Edition
    – Windows XP Home Service Pack 2
    – Windows XP Home Service Pack 1
    – Windows 2000 Service Pack 4

– Impact: Remote Code Execution
– Version Number: 1.0

MS06-036 – Vulnerability in DHCP Client Service Could Allow Remote
Code
Execution (914388)

– Impact: Remote Code Execution
– Version Number: 1.0

MS06-037 – Vulnerabilities in Microsoft Excel Could Allow Remote Code
Execution
(917285)

– Affected Software:
    – Excel 2003
    – Excel Viewer 2003
    – Excel 2002
    – Excel 2000
    – Excel v.X for Mac
    – Excel 2004 for Mac

– Impact: Remote Code Execution
– Version Number: 1.0

MS06-038 – Vulnerabilities in Microsoft Office Could Allow Remote
Code Execution
(917284)

– Affected Software:
    – Office 2003 Service Pack 2
    – Office 2003 Service Pack 1
    – Office XP Service Pack 3
    – Office 2000 Service Pack 3
    – Office v.X for Mac
    – Office 2004 for Mac
    – Project 2002
    – Project 2000
    – Visio 2002
    – Works Suite 2006
    – Works Suite 2005
    – Works Suite 2004

– Impact: Remote Code Execution
– Version Number: 1.0

MS06-039 – Vulnerabilities in Microsoft Office Filters Could Allow
Remote Code
Execution (915384)

– Affected Software:
    – Office 2003 Service Pack 2
    – Office 2003 Service Pack 1
    – Office XP Service Pack 3
    – Office 2000 Service Pack 3
    – Project 2002
    – Project 2000
    – Works Suite 2006
    – Works Suite 2005
    – Works Suite 2004

– Impact: Remote Code Execution
– Version Number: 1.0

Important Security Bulletins
============================

MS06-033 – Vulnerability in ASP.NET Could Allow Information
Disclosure (917283)

– Impact: Information Disclosure
– Version Number: 1.0

MS06-034 – Vulnerability in Microsoft Internet Information Services
using Active
Server Pages Could Allow Remote Code Execution (917537)

– Impact: Remote Code Execution
– Version Number: 1.0

Update Availability:
===================
Updates are available to address these issues.
For additional information, including Technical Details,
Workarounds, answers to Frequently Asked Questions,
and Update Deployment Information please read
the Microsoft Security Bulletin Summary for this
month at: http://go.microsoft.com/fwlink/?LinkId=69768

Zidane Headbutt Game

Wed, 30 Nov -0001 00:00:00 +0000

Digital presents us with another refreshing way to win the worldcup!
http://www.thoseforums.com/forum/viewtopic.php?t=1414
Maybe the aussies should have done the same ?

Linux Terminal Servers for Any Business

Wed, 30 Nov -0001 00:00:00 +0000

A Linux Terminal Server offers any business an elegant and cost-effective way to integrate the power of open source. In this article, I review some basics of network topology and offer suggestions about how to install a prototype server. I top it off with some tips for business-specific installations and configuration…

A Linux Terminal Server allows almost any business to gain the benefits of open source and the power of Linux immediately. What makes an LTS distinct is that it integrates well, without burden to infrastructure or people. Moreover, the performance of an LTS dramatically showcases Linux power. One LTS can serve graphics and applications to many desktop PCs simultaneously.

By placing the LTS into an existing subnet, colleagues can access the many useful applications and features with almost no effort-and at their convenience.

A great deal of effort has been put into the Linux Terminal Server Project (LTSP) to make it seamless. LTS simplifies installation by isolating the integration work exclusively on the server.

With an LTS, even the most hesitant users experience the benefits of open source in their organizational context. No re-installs are required. No major licensing or policy changes. And most important of all, the financial costs are negligible.

As an illustration, I recently found that a local real-estate company had needs that perfectly matched with an LTS. Among the many available applications, I demonstrated the ease of The GIMP to alter photos downloaded from the agents’ cameras. Then I included simple bash scripts to automate the uploading of the enhanced images to their Web site. The GIMP exemplifies the many outstanding open-source programs they could access easily through the LTS.

This simple example demonstrates how a business that never considered Linux or open source could quickly gain access to applications with very little cost in time or money. Above all, the agents could access the LTS from their own desktops without any alterations.

Now, let me share some of the basics of integrating an LTS into your business.

First, choose your network topology and server based on your specific business context. Next, choose your method of installation and follow the on-line instructions. Finally, configure your server to support thin-client connections. You’ll find that most installations work smoothly and quickly. To help guide your steps, I include tips for some of the more essential configurations.

Go here to read the complete article for Linux Terminal Servers

Upgrading your centOS kernel

Wed, 30 Nov -0001 00:00:00 +0000

If you are having issues with your present linux kernel or just want to upgrade to kernel-smp-2.6.9-39.1 then here is the step by step guide.

uname -a

the output should be something like

Linux your.host.name 2.6.9-37.ELsmp #1 SMP Fri May 19 18:07:42 EDT 2006 i686 i686 i386 GNU/Linux

the "2.6.9-37.ELsmp" is the current kernel on your server.
That’s what i have now.

You probably have 22 or 34, instead of my 37.

If so, while logged into your server,

wget http://people.redhat.com/~jbaron/rhel4/RPMS.kernel/kernel-smp-2.6.9-39.1.EL.i686.rpm

and after the download has completed, install the kernel

rpm -ivh kernel-smp-2.6.9-39.1.EL.i686.rpm

Check to see if the new kernel is installed by default in grub.conf

cat /boot/grub/grub.conf

Default should be 0
And the kernel you’ve just installed should be the first one

title CentOS (2.6.9-39.ELsmp)
root (hd0,0)
kernel /vmlinuz-2.6.9-39.ELsmp ro root=/dev/sda6
initrd /initrd-2.6.9-39.ELsmp.img

After that, wait until your server is not that busy(night time) and reboot the server.

After it comes back online, check what kernel your system is using again (uname -a)

45 Minutes to a Moodle Education Server

Wed, 30 Nov -0001 00:00:00 +0000

This beginner article provides step-by-step instructions for installing Moodle, a Learning Management System, on to a Fedora Linux server.
It provides the steps necessary to setup a full powered intranet web-server that can support course listings, event calendars, student/teacher communication and… Complete article.

Searching for Spammers

Wed, 30 Nov -0001 00:00:00 +0000

Chirpy brought us another great tutorial :

There are two aspects to dealing with spam for a server administrator:
1/ Inbound spam to users
2/ Outbound spam from compromised scripts

Both need very different approaches to help detect, remove and resolve.

Inbound spam to users

Inbound spam is the scourge of the modern internet and, the inconvenience to users aside, can cause serious performance and resource issues on the server. These can affect both the server overall and the timely deliver of clean email in particular.

The best way to tackle inbound spam is at the entry point into the server – the MTA, i.e. exim the SMTP server of choice for cPanel. By blocking spam before it has even entered the server you save both on server resources used when delivering the email in addition to 3rd party tools to help detect spam further along the email relay process.

To do this you need to do work at the RCPT stage of the SMTP protocol. This occurs during the transaction between the sender and recipient SMTP servers and comes before the actual body of an email arrives on a server. The primary form of spam attack is the Dictionary Attack:

A common technique for spammers to use is what is known as a dictionary attack on a domain. A dictionary attack, in our context, is a single SMTP connection that attempts to send email from a spam source to a random set of names on our domain, e.g. bob@ourdomain.com fred@ourdomain.com harry@ourdomain.com, in the hope that one of the many hundreds that we try will get a hit and deliver our spam.

This technique is used by spammers mainly because most people don’t advertise their email addresses (due to spam!) and they want to access this untapped market.

To prevent this type of spam getting through, it is essential that you do not use the Default Address (catchall) feature within cPanel to receive emails wherever possible. You should always setup specific Forwarders (aliases) for any email addresses you use and set the Default Address to :fail: for each domain.

By using :fail: exim will automatically reject email at the SMTP RCPT stage and make dictionary attacks redundant. Additionally, you can use exim ACLs to block such spammers who repeatedly perform dictionary attacks to further relieve the server of the load from dealing with them. See:
http://www.configserver.com/free/eximdeny.html

From a server performance perspective, it is essential that you use :fail: and not :blackhole: with email addresses or the Default Address to block such spam. Mor information about the reasoning for this is presented here.

Another preventative measure is to enable the WHM options:

WHM > Exim Configuration Editor > Verify the existance of email senders.
WHM > Exim Configuration Editor > Use callouts to verify the existance of email senders.

These two options have exim check that any server that attempts to relay email to your server can actually receive email in reply. This is part of the RFC requirements of an SMTP server and the inability of a server to do so indicates a likely spammer.

There are numerous other checks that you can also perform at the SMTP RCPT stage in exim ACLs. Examples are using RBL checks to reject email from IP addresses that originate from IP addresses that are know to harbour spammers, e.g.:

deny message = Message rejected – $sender_fullhost is in an RBL, see $dnslist_text
     !hosts = +relay_hosts
     !authenticated = *
     dnslists = bl.spamcop.net : sbl-xbl.spamhaus.org

You can also check the format of email headers to ensure that they’re RFC compliant, which many spam servers are not. A typical example is checking the SMTP HELO/EHLO protocol command to ensure it’s correctly structured, e.g.:

deny message = HELO/EHLO set to my IP address
condition = ${if match {$sender_helo_name}{11.22.33.44} {yes}{no}}

(where 11.22.33.44 is your servers main IP address)

deny message = EHLO/HELO does not contain a dotted address
condition = ${if match{$sender_helo_name}{\.}{no}{yes}}

Finally, once the email has passed through these hoops, you can implement a 3rd party application to scan emails and tag them as likely spam. cPanel has an inbuilt solution that uses SpamAssassin to score email likely to be spam. You can then have such emails filtered to a special account or the client can filter such emails based on the email header record modifications made by SpamAssassin.

An alternative is to use a more thorough tool such as MailScanner which can be very effective at scoring spam emails.

However, a cPanel server using such a tool is not supported by cPanel and would have to be removed/disabled before cPanel would investigate any email related issues should you need support.

Outbound spam from compromised scripts

Outgoing spam is likely to come from two sources:

Indirectly from a compromised web script in a clients account
Directly from a client

The starting point for both will be the exim mainlog:

/var/log/exim_mainlog (Linux)
/var/log/exim/mainlog (FreeBSD)

For the purpose of this document I am going to assume a Linux OS.

The most laborious way to track messages down is to trawl the exim mainlog and to look for anomalous behaviour. This is actually very difficult to do and you really need to narrow down exactly what you are looking for.

Tracking down spammers is a difficult affair, but can be made easier with some preparation of your servers environment. I would strongly advise that you add the following to the exim configuration to enable some extended logging that greatly improves the ease in tracking down on-server spammers:

In WHM > Exim Configuration Editor > Switch to Advanced Mode > in the first textbox add the following line and then Save:

log_selector = +arguments +subject

This tells exim to log the path on disk from where the email was executed and the subject of the email. You can then interrogate the exim mainlog more easily.

The best way to do this is to obtain the original email header from the spam originating from your server. This you should receive either from the person reporting the spam, or from remnants of a spam attack in the exim mail queue.

The part required in the email is the exim message id in the Received: header line within the email header of the spam.

As an example, take the following email header:

Return-path:
Received: from [11.22.33.44] (helo=barfoo.com)
     by foobar.com with esmtps (TLSv1:AES256-SHA:256)
     (Exim 4.52)
     id 1FZ8z3-0006M4-Do
     for fred@foobar.com; Thu, 27 Apr 2006 17:04:49 +0100
Received: from forums by barfoo.com with local (Exim 4.43)
     id 1FZ8zt-0005lz-E7
     for fred@foobar.com; Thu, 27 Apr 2006 12:05:41 -0400
To: fred@foobar.com
Subject: Buy Me!
From: bob@barfoo.com

The Received: header lines are added to the email header, so the original Received: line that we’re interested in is:

Received: from forums by barfoo.com with local (Exim 4.43)
id 1FZ8zt-0005lz-E7
for fred@foobar.com; Thu, 27 Apr 2006 12:05:41 -0400

And the id we want is 1FZ8zt-0005lz-E7

This is the unique identifier for this email that has originated from the server. With this, we can follow the exim transaction on the server to see how it was processed using:

grep 1FZ8zt-0005lz-E7 /var/log/exim_mainlog

(be aware that the exim_mainlog files may have been rotated so you may have to expand compressed archives and search them instead)

This transaction may look something like this:

2006-04-27 17:43:41 1FZ8zt-0005lz-E7 <= bob@barfoo.com U=nobody P=local S=4001 T="Buy Me!"
2006-04-27 17:43:50 cwd=/home/ClientX/public_html/phpBB/ 5 args: /usr/sbin/exim -Mc 1FZ8zt-0005lz-E7
2006-04-27 17:43:53 1FZ8zt-0005lz-E7 => fred@foobar.com R=lookuphost T=remote_smtp H=foobar.com [44.33.22.11] X=TLSv1:AES256-SHA:256
2006-04-27 17:43:53 1FZ8zt-0005lz-E7 Completed

In this example, we can see that the email originated from the nobody user locally on the server. This means that the likely spam was sent from a script on the server. The nobody user is used to run the Apache web server and is the default username and group that Apache will execute web scripts as. Two things can affect this:

suexec, if enabled, will run CGI scripts as the owner of the script file, typically the cPanel account name
phpsuexec, if enabled, will run PHP scripts in the same manner as CGI scripts

suexec is typically always enabled on web servers and phpsuexec may or may not be. If phpsuexec is not enabled, then in all likelihood, the script run under the nobody account will be a PHP script.

From the example above we can see that a script was run from with the /home/ClientX/public_html/phpBB/ directory on the server, which would suggest a compromised PHP script within that directory.

Here’s another example of a spam originating from a client instead of a script. This can happen either with malicious intent, or if the clients PC has been compromised by a virus or worm:

2006-04-27 17:54:51 1FZ9lT-000707-O2 <= bob@barfoo.com H=someisp.com ([192.168.254.2]) [11.22.33.44] P=esmtpa A=fixed_plain:bob@barfoo.com S=715 id=ABCDEFG T="Buy Me!"
2006-04-27 17:54:51 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1FZ9lT-000707-O2
2006-04-27 17:54:51 1FZ9lT-000707-O2 => fred@foobar.com R=boxtraper_autowhitelist T=boxtrapper_autowhitelist
2006-04-27 17:54:52 1FZ9lT-000707-O2 => fred@foobar.com R=lookuphost T=remote_smtp H=foobar.com [44.33.22.11] X=TLSv1:AES256-SHA:256
2006-04-27 17:54:52 1FZ9lT-000707-O2 Completed

In this example, the key part is:

A=fixed_plain:bob@barfoo.com

This shows that the email was authenticated for relaying using SMTP AUTH (i.e. fixed_plain) and the username bob@barfoo.com from that clients PC.

As you can see, there is a great depth to the amount of work needed to track down spammers on a server, plus there’s the additional work of closing holes in insecure scripts if they are the cause. Some instances can be much more complex and require trawling through the Apache logs for domains in /usr/local/apache/domlogs/* which is not a trivial matter.

The best security from such exploitation is to keep your server secure and to be aware of who and what you allow on your server.

Chirpy does of course offer a service to perform this type of work

EV1 and The Planet Announce Merger

Wed, 30 Nov -0001 00:00:00 +0000

Combination Creates Industry-leading Dedicated Hosting Company; Combined Company Will Continue to Deliver Industry-leading Client Experience

DALLAS, TX — Everyones Internet (EV1) and The Planet, two leading providers of dedicated hosting, announced today that they have merged.

Clients of both EV1 and The Planet will continue to enjoy the same industry-leading products and services they have come to expect. The combined entity will further develop both the EV1 and The Planet brands, supporting over 20,000 clients and 50,000 dedicated servers. This combination creates the largest dedicated hosting provider in the market, which has the scope, scale and financial strength to deliver superior service levels and innovative product offerings to existing and new clients.

The merger between EV1 and The Planet follows controlling investments recently made in each by GI Partners, a leading private equity firm with deep experience in technology infrastructure.

"The merger is exciting news for all stakeholders," said Robert Marsh, Headsurfer and founder of EV1. "It will be seamless from a client perspective and will result in a host of benefits for our clients."

"The opportunities created by this merger are extremely exciting, and we look forward to combining our resources for the benefit of our clients," commented Peter Pathos, founder of The Planet.

"We are very pleased to have this opportunity to invest in further building upon the strong foundations at EV1 and The Planet," said Howard Park, Managing Director of GI Partners. "Our aim is to provide the additional access to financial and other resources that will enable the combined company to continue growing profitably while further improving service levels, expanding product offerings, and enhancing the total client experience."

About EV1

EV1, based in Houston, Texas, provides dedicated internet technology services to small and mid-sized companies, including sole proprietors and technically sophisticated individuals.

About GI Partners

With offices in Menlo Park and London, GI Partners is a leading private equity firm with $2 billion of capital under management. The firm invests in companies with recurring revenue and asset-intensive business models in North America and Western Europe.

About The Planet

With over 10 years experience, The Planet delivers enterprise level hosting solutions that are readily available, affordable, and scalable. The Planet offers dedicated servers, co-location, Internet access, email and business continuance. Customers receive extreme value through offerings such as advanced security, proactive monitoring, database administration, data storage, load balancing, and virtual private networks, all managed through Orbit^SM, The Planet’s customer portal.

New internet media star…. – mistaken interview identity

Wed, 30 Nov -0001 00:00:00 +0000

Digital reports: He is the BBC’s latest star – the cab driver who a leading presenter believed was a world expert on the internet music business.
The man stepped unwittingly into the national spotlight when he was interviewed by mistake on the corporation’s News 24 channel.

With the seconds ticking down to a studio discussion about a court case involving Apple Computer and The Beatles’ record label, a floor manager had run to reception and grabbed the man, thinking he was Guy Kewney, editor of Newswireless.net, a specialist internet publication.

Actually, he was a minicab driver who had been waiting to drive Mr Kewney home.

Baffled, but compliant, the driver was fitted with a microphone and allowed himself to be marched in to the studio. Cameras rolled, and he was quizzed live on air by consumer affairs correspondent Karen Bowerman – who missed the cabbie’s panic-stricken expression when he realised he was being interviewed.

Despite knowing nothing about the case – a judge ruled that the computer company could continue to use the Apple symbol for its iTunes download service – the man gamely attempted to bluff his way through and, speaking in a strong French accent, sustained a (somewhat illogical) form of conversation. Meanwhile, the real Mr Kewney watched indignantly on a monitor in reception.

A tape of the exchange, broadcast on Monday morning, has become a classic among BBC workers.

It starts with the mystery man’s horrified expression as Ms Bowerman introduces him as a technology expert, followed by his plucky attempt to answer her question on whether he was surprised by the verdict.

Yes, he says with feeling. It was a ‘big surprise’. After an increasingly confusing exchange, the presenter cut with relief to the BBC’s equally puzzled reporter outside the court, while the taxi driver was hurried out of the studio.

The BBC apologised, saying the mistake occurred because the man was wearing Mr Kewney’s name tag. Mr Kewney said: "Everyone seems to think he was a taxi driver waiting in reception to take me home. But no one knows for sure."

He added: "There were several surprising things about ‘my’ interview. Judging by my performance, English wasn’t my first language and I didn’t seem to know much about Apple, online music or The Beatles."

He said the taxi driver "seemed as baffled as I felt". Last night, the driver’s identity remained a mystery. None of the taxi firms regularly used by the BBC would admit to employing him.

CLICK HERE TO WATCH THE WMV VIDEO STREAM

News Source: http://www.thoseforums.com/forum/viewtopic.php?t=1359

Microsoft and the looming storm over virtualization

Wed, 30 Nov -0001 00:00:00 +0000

The gathering consensus among the tech cognoscenti is that virtualization, a technology born on mainframes, is inevitably going to sweep the IT world. But they also assume that Microsoft will be content to watch this trend unfold with arms akimbo.

Virtualization allows multiple operating systems to run virtually on a single machine. I hate the term, but it gets to the meat of the matter. So it is that you can have several "virtual machines" carrying out separate tasks on a single computer, thus reducing the amount of space a business needs to run its daily computing jobs.

VMware is by far the No. 1 virtualization software seller. Meanwhile, an open-source virtualization project called Xen, which began at England’s Cambridge University, has picked up several big-name endorsements. (And Microsoft offers its own Virtual Server and Virtual PC products as well.)

Grudgingly or not, Microsoft has accounted for this nascent change in IT tastes by modifying its licensing agreements. Windows Server 2003 Enterprise Edition lets users pay for one license to run four copies of Windows. Also, the Longhorn (now Vista) Server Datacenter Edition will allow users to run as many as they want–and Microsoft might well debut that pricing option sooner with Windows Server 2003.

Good as far as that goes, but IT managers have enough on their plates without also needing to count how many copies of Windows run on each server. Also, there’s the price issue. Unless you opt for one of the enterprise packages, Microsoft still requires a license for each copy of Windows. And tracking Windows licenses summons up an even uglier prospect when you imagine new virtual machines popping in and out of existence as administrators (or even computers themselves!) respond to changing demands.

My libertarian friends out there will argue that software companies can do anything they want with their licensing and pricing policies. As long as customers see the licensing rules as logical, fair, not arbitrary, what’s there to complain about? But we’re not talking about just any software company. A key difference here is that Microsoft has been found by a court to be a predatory monopolist. Does its insistence on charging for each and every virtual window constitute a violation of the antitrust laws?

As far as I know this has never been challenged in a court. But could it?

The last time Silicon Valley went down this road, it came away with nothing to show. Sure, David Boies, the government’s lead prosecutor, made mincemeat of every Microsoft big shot dumb enough to testify. But the most serious charges in the antitrust case got overturned on appeal.

Zip it. Now, pay me
Microsoft wants to get paid by VMware (or other virtualization software product) users for each copy of Windows that runs on each Virtual VMware machine. Fair enough–since that’s written in black and white on the company’s end user license agreement (though details of Microsoft licensing in these scenarios reportedly vary).

But customers will argue that one license per computer is enough–or at least it was before we entered the virtual age. Chafing under the current restrictions, the virtualization crowd naturally believes they should be able to pay for one copy of Windows, thus freeing customers to subdivide it into as many partitions as they like. One industry executive believes Microsoft would immeasurably help its own self-interest by reversing course.

"It would open new usage scenarios and actually increase license revenues to Microsoft, while decreasing cost per used/useful computing unit for the customers," said the executive, who asked to remain unidentified. "If they try to charge for each (virtual environment), customers will resist and push more strongly to the Red Hat and Suse platforms, which will be far less expensive."

Maybe but it sounds like wishful thinking. Last time I checked Microsoft was not in the philanthropy racket. Any company that tries to get out of paying for the full costs of virtualization will find itself on the receiving end of a sweet lawsuit, courtesy of Bill Gates & Co.

Written by Charles Cooper who is the executive editor of commentary at CNET News.com.

Small Business Podcasting explained and demysitfied

Wed, 30 Nov -0001 00:00:00 +0000

Much has been written lately about the subject of podcasting. Podcasting is a very powerful small business tool but, some are kept away because it all sounds so technical.

In this article we will attempt to simplify the subject.

Let’s start with the Podcast definition from the growing resource Wikipedia: What is a podcast – http://en.wikipedia.org/wiki/Podcast.

The definition provided by Wikipedia is a good place for you to start, but let me just add my take. A podcast is little more than an audio file (usually an mp3) placed on a website and combined with an RSS file that allows people to subscribe and automatically download any new content recordings.

From a technical standpoint, there’s nothing really too complicated about podcasting so don’t think this is some geeky tech stuff. From a marketing standpoint, I didn’t get too excited about the concept until Apple decided to make a podcast directory a primary component of iTunes. When that happened the market for podcasting on any subject imaginable was born.

Podcast Basics

Podcasts are typically published with a blogging tool like Blogger, TypePad, or MovableType. If you already use one of these blog services, creating your podcast is as simple as linking to your audio files and using a service like FeedBurner to automatically convert it into a podcast friendly feed. (More on that in a minute)

Create Content

Most podcasts are formatted much like radio shows. Hosts will interview guests or simply decide to talk about a subject that they feel is of interest to someone. From a business standpoint it can be a very powerful way to produce content that will make your website more interactive.

The plumber that records simple how to fix it podcasts will own the world! (Videocasts are just around the corner too.) There are a couple other very good reasons to host a podcast that may not directly have to do with content per se. Think about interviewing your clients on the benefits of using your service and posting those interviews as a podcast. Think that might make your best client even more loyal?

What about referral partners? What if you identified business owners that also serve your target market and invited them to be guests on your podcast. My guess is that you could instantly build a network of leading businesses with you as the hub. When you publish a podcast, whether you have a local or national audience, you become a member of the media. The tables are suddenly turned when you approach prospects and influential individuals. When you are the publisher of a podcast you have the opportunïty to gain access to the decision makers inside your biggest prospects � by simply requesting an interview. Do you see the potential in that?

Record

As I wrote earlier, a podcast is a digital recording so one of the steps you must complete for each session is to record your podcast. There are many ways to accomplish this task. You can use a portable mp3 recorder, use a service to record a telephone interview, record an interview using any number of VoIP services or create a recording set-up for your computer. (Obviously, you can go into a professional recording studio too.)

This article is not meant to explain in great detail every element of working with digital audio files but there are many ways to accomplish this step when you determine what your podcast needs are.

A great set-up for recording you own voice is to use a professional mic and a frëe software program called Audacity (Audacity has some very useful editing functions as well)

For telephone interviews you can use a service such as Conference Calls Unlimïted. CCU offers a telephone bridge line, recording, editing and host?ng of your mp3 file.

VoIP is a PC to PC or PC to telephone service led by a service called Skype. This is a particularly good option for International calls. A host of add-ons are cropping up to build even greater functionality into Skype.

Evoca
Gabcast
Skype VoIP calling
Conference Calls Unlimïted
Audacity free audio recorder and editor
Skype recording that interfaces with Outlook

Edit

You may find that after you conduct an interview you want to add some music or cut out segments. Again, look no further than Audacity (It’s frëe and works very well).

File Host

Once you record your podcast you must upload the file to a server. There are services that offer recording and hosting options but, all you really need is enough space with your current web host to upload your mp3 files. Either way, you will simply link to the mp3 file from a blog post or web page. Below are some other options.

Podblaze
OurMedia
Audioblog
Liberated Syndication

RSS Feed

One of things that makes a podcast something more than an mp3 file is the addition of a podcast format RSS feed. This is simply a file that is updated every time you add an mp3 file so that subscribers through iTunes or some other Podcast service can automatically download your new content.

Podcasts do require a specific kind of RSS feed but, the only thing you need to do is go to a frëe service called FeedBurner and allow them to convert your blog feed or other RSS feed to work for podcasting. They can also set your feed up the way that iTunes and Yahoo Podcast want it set-up.

FeedBurner – Enhance a blog feed
Feed for all – Create a feed

Submit

Just like websites and blogs, podcasting has its own set of directories. You need to make a point of submitting your podcast or podcast feed (the one you formatted with FeedBurner) to the major podcast directories and engines.

ODEO
iTunes
Podcast.net
Singing Fish
Podcast Alley
Podcast News
Yahoo Podcast
Digital Podcast

Apple’s Podcasting FAQs
Apple’s Podcast technical specifications

Music and Intros

Maybe you want a cool music beat to kick off your show or a big radio voice type intro.

Royalty free music
Professional intros and outros

Listening and Searching

You should subscribe to and listen to podcasts to get a good idea of some of the ways people are using this tool for business. You will need what is sometimes referred to as a podcatcher to subscribe. If you have iTunes you already have one. (Most of the time you can visit a podcast site and simply listen to the mp3 file if you have an mp3 player like Windows Media Player or RealPlayer installed on your computer.)

iTunes
Juice
Doppler

Misc. Podcast Gear
Search audio files

Podcast Tutorials and Forums

Podstrigs
About.com
Podcast Alley
Podcasting News
FeedBurner’s Podcast Guide

The State of Linux: Substantial Growth in New Zealand

Wed, 30 Nov -0001 00:00:00 +0000

Much of the continued explosive growth of Linux adoption in Australia & New Zealand remains unseen, unannounced and often behind the scenes. Although Linux deployments are occurring en-mass, they are often not at all emphasized. This makes gaging the true breadth of Linux growth in the region… > Complete article

cPanel update via shell

Wed, 30 Nov -0001 00:00:00 +0000

So you cant log into WHM/cPanel to change your upgrade version from stable to release/current or edge?

Thats not a problem , just log into root via shell and edit

nano /etc/cpupdate.conf

and just change

CPANEL=stable

to

CPANEL=manual-edge

and now when you run

/scripts/upcp — force

it will upgrade you to bleeding edge install

Changing your default IP of your exim mail server

Wed, 30 Nov -0001 00:00:00 +0000

If you are in the danger of getting your main server IP block by SpamCop because you had a few anoying spamers abusing your server then you could simply change your exim mailserver IP to avoid the effect of your main IP beeing blacklisted.
Below are some simple steps of changing your exim IP

Inside both incoming and outgoing exim mail server you will need to add an interface :
so just edit

pico /etc/exim_outgoing.conf

and

pico /etc/exim.conf

find
remote_smtp:
driver = smtp

and add interface = ip.you.want.to.use

example as shown below:

________________________
remote_smtp:
driver = smtp
interface = 22.22.22.22
_________________________

IP needs to be on server in order for this to work, hopefully this will help
BTW: Just a reminder – If there is an exim update when you upgrade your cpanel server you will need to re-enter the interface again.

Joomla 1.0.8 install error

Wed, 30 Nov -0001 00:00:00 +0000

morfargekko reports:
The new upgrade in Fantastico to Joomla 1.08 has introduced a little bug which can be easily fixed:

For new or upgrade installs of joomla it seems to come up with a 403 error which is the result of an incorrect .htaccess file line.
To fix this just log into cPanel> filemanager (or use FTP) and go to the .htaccess file and commented out the "Options FollowSymLinks" line in the default Joomla .htaccess file .

Hopefully the Joomla and Fantastico Dev Team while introduce a fix for this little bug soon, in the meanwhile this little hack will do the trick for you.

Will Googles Writely dethrone Microsoft?

Wed, 30 Nov -0001 00:00:00 +0000

With Google’s acquisition of Writely, I really find it hard to swallow that Microsoft is just going to bite the dust in a matter of months like everyone seems to be predicting. Microsoft has a death grip on the Office market, just like Apple does with the iPod market, and it will take an awful lot of kicking and screaming to get the entire world to switch over to Google’s Writely. It’s not even who has the better product that is the key factor here, it is more a matter of familiarity and entrenchment. If you ask anyone in my office, or most offices in the country, regardless of if they use mac or PC, and they will tell you they use word, and secondly "what is Writely?" Even if Google outsmarts Microsoft in some key arenas like search and click-driven marketing, they will mostly likely never be able to throw down the current king of the hill. Unless corporate America grows some organic tech-savvy in jars and downloads it to all their people overnight, I just don’t see it.

Google acquires Writely.com
Correspondents in San Francisco
MARCH 13, 2006

GOOGLE has acquired the privately held website Writely.com, which enables users to create and store documents online, in what is seen as a potential challenge to Microsoft’s Office software.

The internet giant confirmed the acquisition of the site and its five- month-old parent company Upstartle in its Google blog.

"As of Monday, I’m happy to say that I, and the rest of the Writely team, are now part of Google," Writely.com spokeswoman Jen Mazzon said.

The website enables users to create, edit and store documents online, including those created in the Microsoft Word format.

It comes amid speculation that Google is trying to create a system for storage that competes with those offered by rivals, and as Microsoft is moving to set up an online version of its Office suite of software.

But Joe Wilcox at Jupiter Research said he did not see Google moving to compete directly with Microsoft Word and its so-called office productivity suite.

"Speculation is that Google will take on Microsoft in the productivity suite market with a hosted product. I suppose Google could do this, but why?," he said.

"Microsoft has so many other word processing competitors already, at least in the consumer market … If Google is smart, Writely technology will bolster products Blogger, GMail and Google Talk (instant messaging)."

http://australianit.news.com.au/articles/0,7204,18444754%5E15317%5E%5Enbv%5E15306,00.html