Sysadmins be welcome!

Sysadmins of the North is just another technical blog, like so many others out there. Most posts are written in English, some in Dutch. For the most part, I write as it comes; posts may seem incoherently written sometimes (my apologies). Here on Saotn.org you’ll find all kinds of computer, server, web, sysadmin, database and security related stuff. Browse the latest posts per category here, search for posts, or make a selection from the categories menu.

Drop me a comment somewhere to say hi, or discuss about security, website or WordPress, MySQL optimization and performance, Windows Server and IIS web server topics.

 

DOSBox, play old games

Play really old games on Windows 7, 8, 8.1 with DOSBox

PC retrogaming how-to for 64-bit Windows

We all love old games. It’s a nostalgia thing from when we played those really old games on our 286 (or older, like an MSX) computer, either using floppy disks or cassettes/cartridges. There is nothing much sysadmin about this, it’s all about FUN! You all remember Airborne Ranger, Operation Wolf, Blues Brothers, Gunboat and The Lost Vikings, right? …

Read more

Disable WordPress comments (how-to)

The WordPress comment system can be a bless for your blog, because of the user interaction. However, when the WordPress comment option is abused by spammers, it becomes a real pain in the “@ss”. With tens- or hundreds of thousands spam reactions, disabling and removing comments is the only way to go. Here is how to disable WordPress comments in both the WordPress Dashboard interface and in your MySQL database.

Read more

Implement a highly available private cloud to host virtual machines

This document explains how to implement a highly available private cloud to host virtual machines from scratch.

Microsoft Partner Romain Serre published a document that describes how to implement a highly available private cloud to host virtual machines from scratch. For that he uses technologies such as Hyper-V, Scale-Out File Server, SQL Always On, Virtual Machine Manager, RD Gateways, Service Provider Foundation and Windows Azure Pack.

Read more

logo Sysadmins of the North

Like, Share, Follow & +1 Saotn.org

Did you know Sysadmins of the North is active on a number of social platforms? Social platforms include Twitter, Facebook, Google+ and Pinterest. Either as this website or on a more personal title. This post is to persuade you to follow Saotn.org and/or share posts with your friends, family, coworkers and other interested parties. So, if you read a post you found interesting, or a post that solved a problem you were facing, please share! :)

Read more

Explicit Congestion Notification (ECN) slows down outbound connections

Windows Server 2012 is the first Windows Server version to enable Explicit Congestion Notification, or ECN, in the TCP stack. This is also known as ECN Capability. Explicit Congestion Notification is an extension to the Internet Protocol and to the Transmission Control Protocol and is defined in RFC 3168. ECN allows end-to-end notification of network congestion without dropping packets. ECN is an optional feature that may be used between two ECN-enabled endpoints when the underlying network infrastructure also supports it.

Read more

Microsoft out-of-band security update MS14-068 (3011780)

and MS14-066 reissued, fixing TLS 1.2 cipher suites issues with Google Chrome

Yesterday evening, Microsoft released an out-of-band security notification MS14-068: Vulnerability in Kerberos Could Allow Elevation of Privilege (KB 3011780). This one is severe, and I recommend everyone to install this patch asap! It allows oridinary Domain Users to become Domain Admins, wh00ps…

Read more

Denial of Service (DoS) Attack

Joomla! websites abused as open proxy for Denial-of-Service attacks

Joomla websites using the Googlemaps plugin for Joomla are actively abused as open proxy -or launchepad- for launching Denial-of-Service (DoS) attacks. Even though the vulnerability details in Googlemaps plugin file plugin_googlemap2_proxy.php were released over one and a half (1,5) years ago, I still see this abuse and DoS-attacks happening on a regular basis…

Read more

Convert decimal to hex in bash?

A quicky for my archive, hexadecimal to decimal and decimal to hexadecimal in bash:

In mathematics and computing, hexadecimal (also base 16, or hex) is a positional numeral system with a radix, or base, of 16. It uses sixteen distinct symbols, most often the symbols 0-9 to represent values zero to nine, and A, B, C, D, E, F (or alternatively a–f) to represent values ten to fifteen. If you want to convert hexadecimal values to decimal and decimal values to hexadecimal, here’s how. All on the bash prompt…

Read more

Saotn.org global DNS load-balancing

Sysadmins of the North goes global!

Geolocation DNS load balancing with chrooted Bind9 + geoip-database, and Varnish Cache CDN back-end on DigitalOcean (sign up here and get $10 in credit!) Debian Wheezy droplets

I felt it was time to take Sysadmins of the North to the next level, it was time to expand with a global DNS load balancing and Varnish Cache (CDN) service. Here is how I set up my geo load balancing Varnish Cache HTTP reverse proxy CDN. It’s all for the fun, various configs are not advanced and may not be optimized. Never copy/paste anything to put into production without testing. Read on to learn how to set up a global presense …

Read more

Microsoft warns for PowerPoint OLE 0-day

Security Advisory 3010060 provides additional protections regarding limited, targeted attacks directed at Microsoft Windows customers.

A cyberattacker could cause remote code execution if someone is tricked into opening a maliciously-crafted PowerPoint document that contains an infected Object Linking and Embedding (OLE) file.
Read more

String replace on all WordPress posts in MySQL

String replace content on all WordPress posts in a MySQL database

Sometimes it’s useful to know how to replace some content in your MySQL database in bulk using REPLACE(). MySQL’s string function REPLACE returns the string str with all occurrences of the string from_str replaced by the string to_str. REPLACE() performs a case-sensitive match when searching for from_str: REPLACE(str,from_str,to_str).

Replacing strings in MySQL is useful, for instance a use case: on a WordPress blog there were some bad href’s in the WordPress content (MySQL table wp_posts). This can be fixed by executing a MySQL UPDATE search&replace on all posts:

Read more

Conditionally start Application Pools on remote IIS web servers

In my routine, I occasionally have to start multiple website application pools when they are in a stopped state. On more than one web server. Being a lazy system administrator, I find it too much work to log on every server. Therefor I start those application pools in a loop. A condition for me to start application pools is that the application pool autostart parameter is set to true. This is because I set autostart to false when I disable hacked websites, and those application pools may not be started until all problems are resolved of course. To start application pools, I use the AppCmd command.

Read more

Change WordPress stylesheet_uri with add_filter()

Just a quicky: To alter or change WordPress’ stylesheet URI, to offload some static content, place in your Theme functions.php file:

add_filter('stylesheet_uri', 'change_css');
function change_css() {
  return "http://css.example.com/wp-content/themes/[theme_name]/style.css";
}

Now your theme’s style.css will be loaded from a subdomain or hostheader called css.example.com. This can improve overall website performance.

PHP cURL to check website availability

The following PHP function checks whether a website is online available or not. Because: website uptime and availability is important and you want your website to be always online available. When your website is down, you want to be informed about the downtime.

The PHP code snippets uses PHP cURL (Client URL Library). This function takes a domain name as input parameter and outputs TRUE or FALSE (for available or unavailable), depending on the returned HTTP status code.
Read more

1900/UDP (SSDP) Scanning and DDOS

SSDP amplified reflective DDoS attacks

The Internet Storm Center (ISC) InfoSec Handlers Diary Blog writes about a recent -significant- increase in both scanning for 1900/UDP and a huge increase of 1900/UDP being used for amplified reflective DDOS attacks: 1900/UDP (SSDP) Scanning and DDOS

1900/UDP is the Simple Service Discovery Protocol (SSDP) which is a part of Universal Plug and Play (UPnP). The limited information available to me indicates that the majority of the devices that are being used in these DDOS attacks are DLink routers, and some other devices, most likely unpatched or unpatchable and vulnerable to the UPnP flaws announced by HD Moore in January of 2013.

WordPress Plugin Vulnerability Dump - Part 1

This post contains information on vulnerabilities for 7 (at least somewhat) popular WordPress plugins. All of these vulnerabilities were trivial to discover (and are trivial to fix). The state of WordPress plugin security is very sad indeed. None of the developers were contacted in advance of this post (except where otherwise noted). Additional vulnerabilities will be posted as time permits.

WordPress Plugin Vulnerability Dump – Part 1

E-Book Gallery for Microsoft Technologies

E-Book Gallery for Microsoft Technologies, free content for Azure, ASP.NET, Office, SQL Server, SharePoint Server and other Microsoft technologies in e-book formats. Reference, guide, and step-by-step information are all available. All the e-books are free. New books will be posted as they become available.

E-Book Gallery for Microsoft Technologies

More quality sysadmin & DevOps IT books selected for you. Categories include:

Enjoy!

phpinfo() Type Confusion Infoleak Vulnerability and SSL Private Keys

A vulnerability in PHP’s phpinfo() function allows PHP scripts to read arbitrary strings from memory.

This is a somewhat older article by Stefan Esser, which I didn’t want to keep from you. During the development of a new Suhosin version, he and his team found a phpinfo() type confusion vulnerability. The information leak even allows a PHP script to steal the private SSL key.

Read more

Back To The Future: Unix Wildcards Gone Wild

Back To The Future: Unix Wildcards Gone Wild: DefenseCode‘s Leon Juranic released an article explaining an old-school hacking technique: Unix wildcard poisoning attacks. No ASLR bypass, ROP exploits or 0day remote kernel exploits, but if you wonder how basic Unix tools like ‘tar’, ‘chmod’ or ‘chown’ can lead to full system compromise, keep on reading.

Back To The Future: Unix Wildcards Gone Wild

Custom PHP/fastCgi on IIS Express and WebMatrix 3

How to install custom PHP 5.5 with OPCache in IIS Express for WebMatrix 3. Or PHP 5.4, or PHP 6.0

Currently, the default PHP version for Microsoft’s IIS Express and WebMatrix 3 is PHP 5.5.11. Which is good because it is 5.5.x. Sometimes you may need to upgrade or even downgrade the PHP version available in IIS Express and WebMatrix 3. If you have to match your development environment to your web hosting production environment for example. Or if you want to use OPCache and/or WinCache. The PHP modules OPCache and WinCache are PHP accelerators, used to cache PHP bytecode (the compiled version of the PHP script) and decrease CPU usage.
Read more

WordPress 3.9.2 Security Release fixes XML-RPC DoS

WordPress 3.9.2 is now available as a security release for all previous versions. We strongly encourage you to update your sites immediately. This release fixes a possible denial of service issue in PHP’s XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team. It was fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team. This is the first time our two projects have coordinated on joint security releases.

Read more

MySQL sleep() attacks

How not validating your PHP input can lead to Denial of Service attacks against websites and backend database-servers. Simply by putting AND sleep(3) in the address bar…

The other day I noticed several hung queries (SELECT statements) on one of the MySQL database servers I administer. All hung queries had in common they were running for a very long time, and mysqladmin processlist -v showed a sleep() command in the query. Given the casing of the command (“SLeeP”) this was obviously done by a sql injection tool of some kind. I could simply kill the MySQL queries and threads and be done with it, but I also wanted to be sure this MySQL sleep() attack couldn’t happen again.
Read more

WordPress: Send authenticated SMTP email over TLS

How to send SMTP email in WordPress, by overriding the function wp-mail() and utilizing the PHPMailer class. Send email over TLS.

I was suprised WordPress is not able to send email using an SMTP server out-of-the-box. Not to mention using TLS transport for security. A quick Google search showed me multiple plugins to handle this. Hence, everything is handled through plugins in WordPress… Need to optimize your website? Use plugin x. Want a more secure WordPress? Use plugin y.

Read more

IIS Magento maintenance script

Clear Magento cache and MySQL log tables, perform regular Magento maintenance on IIS web servers for better performance

Now for Windows IIS web servers too: optimize the speed and performance of your Magento ecommerce webshop by carrying out important maintenance; remove old MySQL database log files and Magento cache data on a regular basis.

Magento Community Edition is a very popular ecommerce and webshop solution. And very bloated as we all know. Anywhere you run your Magento webshop, it’s important to perform maintenance. Carrying out maintenance on a regular basis optimizes Magento performance.
Read more

Mod_evasive on IIS

Website DDoS protection with mod_evasive on Windows IIS.

Mod_evasive is a module for Apache and Windows/IIS (with Helicon Ape), to provide protection and evasive action in the event of an HTTP DoS-, DDoS or bruteforce attack. Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denies an IP address access to a website if it’s requesting the same page more than 10 times a second. This is configurable. Properly configured and tested, mod_evasive can provide great security and protection against Denial of Service (DoS)- or Distributed Denial of Service (DDoS), and bruteforce attacks.

Read more