Sysadmins be welcome!
Sysadmins of the North is just another technical blog, like so many others out there. Most posts are written in English, some in Dutch. For the most part, I write as it comes; posts may seem incoherently written sometimes (my apologies). Here on Saotn.org you’ll find all kinds of computer, server, web, sysadmin, database and security related stuff. Browse the latest posts per category here, search for posts, or make a selection from the categories menu.
Prepare your Umbraco website for high performance web garden or web farm, and load balancing environments: Store your sessions out-of-process (OutProc). As opposed to the default in-process (inProc) sessions, where sessions are saved in the worker process.
$mysqli->multi_query($query) to optimize all database tables in a single statement. This boosts MySQL and PHP performance.
The PHP MySQLi extension supports multiple queries which are concatenated by a semicolon. We can use this to optimize all MySQL tables in one single multi_query() statement.
Add custom headers to System.Net.Mail
When sending an email using the MailMessage class (System.Net.Mail namespace) in an ASP.NET website, certain email headers like Message-ID are not always set.
If a Message-ID header is missing, email might be blocked by the recipients SMTP server. Therefor it is necessary to set such headers…
The following PHP code fix goes for nearly all PHP Call-time pass-by-reference errors:
The WordPress plugin In Over Your Archives is a plugin to display your archive page in a nice way, just like on inoveryourhead.net. The plugin hasn’t been updated in quite some time and breaks with PHP version 5.4:
If you run a WordPress blog where you display (parts of) source code, syntax highlighting is a must! It prettifies the code which makes it easier to read and it distinguishes code from text. However, most syntax highlighting is made available through plugins, and we all know too many plugins bring a lot of overhead to your blog.
Too many plugins and much overhead results in a slower blog. We don’t want a slow blog, so here is how to fix that.
Information about HeartBleed and IIS
Via Erez’s IIS Blog:
The Heartbleed vulnerability in OpenSSL (CVE-2014-0160) has received a significant amount of attention recently. While the discovered issue is specific to OpenSSL, many customers are wondering whether this affects Microsoft’s offerings, specifically Windows and IIS. Microsoft Account and Microsoft Azure, along with most Microsoft Services, were not impacted by the OpenSSL vulnerability. Windows’ implementation of SSL/TLS was also not impacted.
We also want to assure our customers that default configurations of Windows do not include OpenSSL, and are not impacted by this vulnerability. Windows comes with its own encryption component called Secure Channel (a.k.a. SChannel), which is not susceptible to the Heartbleed vulnerability.
WordPress 3.8.2 is now available. This is an important security release for all previous versions and we strongly encourage you to update your sites immediately.
This releases fixes a weakness that could let an attacker force their way into your site by forging authentication cookies. This was discovered and fixed by Jon Cave of the WordPress security team.
How to install Node.js on IIS web server
This post describes the steps necessary to install the Ghost Publishing platform on Windows Server 2012 with IIS 8.0. As you already know, Ghost is a Node.js web application, specific for just blogging. To run Node.js applications in IIS, we need a module called iisnode, created by Tomasz Janczuk.
Ssh shorthand name for hostnames. How to use shorthand names for hostnames with ssh?
You don’t always want to typ in complete hostnames when using ssh to remote hosts. Here is how to configure and use shorthand hostnames with ssh.
When administering an IIS web server you frequently have to use AppCmd.exe to make configuration changes. Whether it is for a specific web site or server wide. Some might think AppCmd has it limitations. If they don’t know the options to use they might think you can only address the x64 .NET Framework version or only x86, or you can only target the current active .NET Framework version. Fortunately this is not true, you can address both x86 and x64 versions of .NET with AppCmd. Read how…
how to redirect a HTTP VirtualHost to HTTPS
The last few day’s I’ve been toying with Nagios, setting up a monitoring system. One of the tasks I wanted to accomplish, is to redirect the Nagios website from HTTP to HTTPS. Using an Apache 2.4.6 VirtualHost configuration.
Such easy HTTP to HTTP redirect tasks are better accomplished in the Apache configuration, if you have access to those files, rather than by using a .htaccess file.
Optimize images and lossless compressing images is one of those items that always pops up when analyzing your website with Google PageSpeed Insights. Images have to be lossless compressed to save many bytes of data and thus bandwidth. This speeds up the download time of your website. But, how do we optimize images for the web? Or, what if I have hundreds of images that needs optimization? We optimize and lossless compress images in bulk.
Open-Xchange is an all-in-one Groupware solution, providing not only email, but also a CalDAV calendar, tasks, file- or InfoStore and an online document editor. All shareable with other users. The InfoStore is used to save documents online, in the cloud.
This article is about accessing and mounting your Open-Xchange remote WebDAV InfoStore file share, on Linux with mount.davfs or Dolphin GUI file manager.
The Forfiles command selects and executes a command on a file or set of files. This command is ideal for batch processing through scripts. For instance on Windows Server systems. With
Forfiles, you can run a command on or pass arguments to multiple files. For example, you could run the
type command on all files in a tree with the
.txt extension. Or you could execute every batch file (*.bat) on drive C, with the file name “Myinput.txt” as the first argument.
“The less spammers hit your WordPress blog, the better your blog performs,” is one of my opinions. A second is, “the less unnecessary plugins you use on your WordPress blog, the better”.
So a little while ago I decided to remove plugins like Stop Spammer Registration Plugin and do its work myself. As long as Akismet catches the spam, I can block the IP addresses myself. Plus, I might be able to see some trends like IP ranges that spam a lot, new IP ranges, new spam templates being used, and so on. I like that :).
Fix Joomla HTTP 500.0 error after Joomla! update to version 3.2
Over the last week we, at Vevida, received quite a lot problem reports by customers who updated Joomla! to Joomla! version 3.2.0. After logging on to their administrator back-end, they received an HTTP 500.0 error.
Unfortunately this HTTP 500.0 has nothing important to tell, except Internal Server Error, The data is invalid. (0x8007000d). So, nothing much. This basically means that somewhere the output breaks fastCgi and PHP output.
Let’s investigate and resolve this Joomla! Administrator log in HTTP 500 error.
How to use PowerShell to add websites and application pools in IIS
A client of the company I work for wanted to quickly add 60 subdomains to his website. But, the subdomains had to be created as self contained IIS websites, and running in their own application pools. Luckily, the client wanted 60 consecutive subdomain names, e.g. “sub01.example.com”, “sub02.example.com”, …, … up till “sub60.example.com”. This made our task a bit easier, because we could easily script this in PowerShell.
This post provides links to some articles I found last week. The posts might be interesting in various fields of expertise, for either system administrators or developers (DevOps). Topics include: web security, WordPress performance, ASP.NET MVC caching, partial trust, view state MAC, and fixing IIS website hangs.
After not using Windows Live Mail for quite some time, it gave me an error code 0x80041161. This error code can have several different reasons, like corrupt files or services which aren’t started. Read on to learn how to fix this Windows Live Mail error 0x80041161.
team Hack.ERS first, Pruts.ERS second and KPN SectorC third
The Global Cyberlympics is an international online cyber security (ethical hacking) competition, dedicated to finding the top computer network defense teams. It tests the skills of information assurance professionals, in teams of 4 to 6 people in the areas of ethical hacking, computer network defense and computer forensics. Each round serves as an elimination round until only winning teams remain. The top winning teams from every continent get invited to play the game live in person at the world finals.
The other day I was searching for a particular e-mail in a Maildir on one of our mail servers. Knowing only the From address, I thought I’d use grep. Unfortunately it failed and gave me an error: /bin/grep: Argument list too long
How to overcome the Bash error ‘/bin/grep: Argument list too long’? How to grep through a large number of files?
I just found a nifty Linux RAM disk mini-howto, created by Van Emery. Might be fun to try sometime.
RAM disk introduction
What is a RAM disk? A RAM disk is a portion of RAM which is being used as if it were a disk drive. RAM disks have fixed sizes, and act like regular disk partitions. Access time is much faster for a RAM disk than for a real, physical disk. However, any data stored on a RAM disk is lost when the system is shut down or powered off. RAM disks can be a great place to store temporary data.
The Linux kernel version 2.4 has built-in support for ramdisks. Ramdisks are useful for a number of things, including:
Working with the unencrypted data from encrypted documents
Serving certain types of web content
Mounting Loopback file systems (such as run-from-floppy/CD distributions)
Why did I write this document? Because I needed to setup a 16 MB ramdisk for viewing and creating encrypted documents. I did not want the unencrypted documents to be written to any physical media on my workstation. I also found it amazing that I could easily create a “virtual disk” in RAM that is larger than my first hard drive, a 20 MB Winchester disk. At the time, that disk was so large that I never even considered filling it up, and I never did!
This document should take you step-by-step through the process of creating and using RAM disks.
Update your Joomla site… yet again
“If you run a site powered by the Joomla content management system and haven’t yet applied a critical update for this software released less than two weeks ago, please take a moment to do that: A trivial exploit could let users inject malicious content into your site, turning it into a phishing or malware trap for visitors.”, Says Brian Krebs
If you’ve lost or forgotten your WordPress admin password, you can use the following MySQL query’s (commands) to reset it. Use either phpMyAdmin or mysql’s command-line.
ZDNet writes: Canonical, the company behind the Ubuntu operating system, has suffered a massive data breach on its forums. All usernames, passwords, and email addresses were stolen.
Ubuntu Forums suffered a massive data breach, the company behind the Linux open-source based operating system said on Saturday.
Protect your privacy, reduce your online footprint with Tor
I already mentioned the Tor Project in my post encrypt your email with PGP. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers. Now there is Tortilla to route all TCP/IP and DNS traffic through Tor.
TL;DR: go to http://sources.debian.net and enjoy.
Stefano Zacchiroli’s post on introducing sources.debian.net is copied verbatim to Bits from Debian by Ana Guerrero:
Debsources is a new toy I’ve been working on at IRILL together with Matthieu Caneill. In essence, debsources is a simple web application that allows to publish an unpacked Debian source mirror on the Web.
You can deploy Debsources where you please, but there is a main instance at http://sources.debian.net (sources.d.n for short) that you will probably find interesting. sources.d.n follows closely the Debian archive in two ways:
- it is updated 4 times a day to reflect the content of the Debian archive
- it contains sources coming from official Debian suites: the usual ones (from oldstable to experimental), *-updates (ex volatile), *-proposed-updates, and *-backports (from Wheezy on)
Via sources.d.n you can therefore browse the content of Debian source packages with usual code viewing features like syntax highlighting. More interestingly, you can search through the source code (of unstable only, though) via integration with http://codesearch.debian.net. You can also use sources.d.n programmatically to query available versions or link to specific lines, with the possibility of adding contextual pop-up messages (example).
In fact, you might have stumbled upon sources.d.n already in the past few days, via other popular Debian services where it has already been integrated. In particular: codesearch.d.n now defaults to show results via sources.d.n, and the PTS has grown new “browse source code” hyperlinks that point to it. If you’ve ideas of other Debian services where sources.d.n should be integrated, please let me know.
(ASP).NET programmers have to keep certain rules in mind when developing high performance ASP.NET applications, and/or optimizing your existing ASP.NET website. A lot of information is available on this subject. In this post I’ll share some valuable posts, and I continue to update this post when I find something new. Posts about ASP.NET performance I frequently pass on to customers so they can improve their ASP.NET web applications.
HD Moore wrote an excellent article on penetration testing IPMI and BMC’s. The article is based on various work of Dan Farmer and provides Metasploit penetration testing examples.
Dan Farmer is known for his groundbreaking work on security tools and processes. Over the last year, Dan has identified some serious security issues with the Intelligent Platform Management Interface (IPMI) protocol and the Baseboard Management Controllers (BMCs) that speak it. This post goes into detail on how to identify and test for each of the issues that Dan identified, using a handful of free security tools. If you are looking for a quick overview of the issues discussed in this post, please review the FAQ. Dan has also put together an excellent best practices document that is a must-read for anyone working on the remediation side.
Please view the entire article here:
cURL throws error messages like “routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed” or “SSL certificate problem, verify that the CA cert is OK” if it can’t validate a certificate CA. One advice much heard is to turn off CURLOPT_SSL_VERIFYPEER, but this error is mostly caused by no, or a too old, bundle of CA root certificates in the PHP configuration. In this article you’ll find two possible solutions to fix the CA validation in cURL.