Sysadmins of the North is just another technical blog, like so many others out there. Most posts are written in English, some in Dutch. For the most part, I write as it comes; posts may seem incoherently written sometimes (my apologies). Here on Saotn.org you’ll find all kinds of computer, server, web, sysadmin, database and security related stuff. Browse the latest posts per category here, search for posts, or make a selection from the categories menu.
TheCartPress eCommerce Shopping Cart – a popular WordPress e-commerce plugin that is actively used on over 5,000 websites – contains high-risk vulnerabilities that can be exploited to compromise customers’ data, execute arbitrary PHP code, and perform Cross-Site Scripting attacks against users of WordPress installations, claim High-Tech Bridge researchers. Users are advised to disable or remove the plugin.
Remote Desktop through SSH/PuTTY
In a situation where you need to perform remote administration on a Windows Server, and the RDP port 3389 is blocked on a firewall, you can tunnel Remote Desktop through SSH with PuTTY. This particulary comes in handy when there is no VPN available to the remote network…
Zen Cart is an open source shopping cart software. Unfortunately, Zen Cart has some difficulties sending email from a website. Here is how to let Zen Cart send email over an encrypted TLS connection, when the following condition is met: StartTLS is required. Upon investigating why Zen Cart couldn’t send authenticated SMTP over a TLS secured connection using StartTLS, I noticed two problems: …
Where the Vevida Optimizer WordPress plugin kept plugins on all my WordPress sites up-2-date
Sucuri reports that multiple WordPress plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of the
remove_query_arg() functions. These are popular functions used by developers to modify and add query strings to URLs within WordPress. If you haven’t configured automatic updates for WordPress plugins, please update NOW!
In many hacked WordPress sites, a PHP backdoor is found within the
WP_CONTENT_DIR/uploads directory. Often because this is the location where uploads are placed automatically. From the backdoor within
wp-content/uploads other backdoors are uploaded to various locations, and scripts are injected with malware.
The following PHP function will disable the execution of PHP scripts in wp-content/uploads, on IIS web servers.
Think like a hacker and ask yourself how fast your passwords might be able to be cracked based on their structure.
Easily configure automatic updates from the WordPress Dashboard, and modernize your MySQL database.
Installing WordPress is one thing, keeping it up to date is something else. Each week brings new bugs or potential attack scenarios that will make a WordPress website vulnerable to hacks. Enabling automatic updates for all or at least most parts of WordPress solves a large number of problems with irregularly maintained WordPress websites.
Start, stop, restart and monitor services with PowerShell Get-Service and Start-Service cmdlets
As a Windows Server and IIS administrator, you’ll want your Windows services to run at all times. One can monitor Windows services in many, many, ways. Some of our customers websites may depend on certain services, which may be hard to monitor externally. For those Windows services that need local monitoring, I like to schedule a PowerShell script. Here is one…
To get and set File Server Resource Manager NTFS quota, you now have to use PowerShell’s FileServerResourceManager cmdlets. In the past, I used to get and set NTFS directory quota with the
dirquota command, which is deprecated…
By default, an IIS application pool (an “AppPool” hereinafter) recycles on a regular time interval of 1740 minutes, or 29 hours. One reason for this time interval is that application pool don’t recycle at the same moment every day (every day at 07.00 for example). However, sometimes you may want to change this regular time interval to specific times. And when you try to confingure this in IIS Manager, it gives you an error. Luckily, appcmd comes to the rescue!
A quick note for everyone who is upgrading from PHP 5.4 and PHP 5.5, to PHP 5.6: the
default_charset php.ini setting changed from empty to UTF-8. This may break HTML output if you try to set a different charset in your HTML head. It may also break functions like
htmlspecialchars. For instance: …
turn off swap in Linux
Not every Linux server I administer needs to have a swap partition and to start swapping. For instance, the MySQL servers I maintain all have more than enough RAM on board to do their work. Yet, when a swap partition is enabled Linux starts swapping, which may degrade MySQL database performance…
Years ago, I noticed that PHP connections to MySQL were significantly slower over IPV6 (where a hostname has an IPv6 address or AAAA record), when no MySQL service is listening on that address. The connection is refused, and PHP has to fallback to IPv4. The fallback takes a significant amount of time. Too much time if you’d asked me. Unfortunately this fallback to IPv4 is still slow today…
On IIS or Apache, a HTTP to HTTPS redirect is better left to the web server, with a simple redirection, than to a resource expensive Rewrite. A common use for IIS URL Rewrite is to redirect all HTTP requests to HTTPS. This situation is often better handled off by the IIS
Install software packages during a Windows Deployment Services (WDS) deployment, without Microsoft Deployment Workbench (available in the Microsoft Deployment Toolkit, or MDT).
In my environment, I had to set up a new Windows Deployment Services (WDS) configuration for Windows 8.1 Enterprise. To roll out in our office (some 20+ workstations). I wanted to install some additional software at the same time, without using Microsoft Deployment Workbench, because I find the interface too slow. The solution? Read on…
Monitor websites and services with Monit on Ubuntu 14.04 LTS on Hyper-V, on either Windows Server 2012 R2 or Windows 8.1.
This post is about setting up a monitoring service using Monit. Monit is a free and open source service monitoring application which can perform various event-based actions. Monit can send email notifications, restart a service or application, or take other responsive actions. We set Monit up on a Ubuntu 14.04 VM, built on Hyper-V. And we use Monit to monitor several websites, and send out notifications on downtime.
Converting to MySQLi from ext/mysql
This post will show you how to convert your old PHP mysql extension functions to PHP MySQLi extension. Migrating away from ext/mysql to MySQLi – or PHP Data Object (PDO) – is important, because the ext/mysql functions are deprecated as of PHP 5.5.0. If you do not update your PHP code, your website will fail soon!