I’m using rsync via ssh on my Linux NAS, it works nice. But I was wondering what could cause the message:
socket: Address family not supported by protocol
The message appears every time rsync or just ssh is called. In my case the reason is that ssh tries to connect via IPv6 first and afterwards with IPv4. Since I’ve not setup IPv6 on my NAS the connect fails and the message above appears. It’s not a big harm but it’s nicer to remove this message.
Removing the message is esay, just add -4 as command line parameter to ssh:
Using WordPress is nice and many websites use it. The advantage of course that there are many tips, additional plugins etc. are available. But on the other hand there is a big disadvantage. Hackers attack WordPress sitse due to many many sites use it. I found an article and video from Matt Cutts an employee from Google.
He recommends to protect your wp-admin area using the Apache .htaccess file. Here in detail access is only allowed from IP addresses from where you are logging in. It’s definitely a good way to protect you blog, but often people don’t have a fixed IP address. The DSL provider assigns a different IP address on every dial in. Unfortunately there is no easy way to obtain the network addresses of your DSL provider which can be entered in your .htaccess file.
Another important recommendation: Always keep your server software and WordPress software up to date!
Also remove the following line from your header.php which will show hackers your WordPress version:
<meta name=”generator” content=”WordPress <?php bloginfo(’version’); ?>” /> <!-– leave this for stats please -->
So let’s concentrate on the restricted access in the wp-admin area. It’s a little bit tricky to get the address list of your DSL provider. I’ll explain and show an example script below. First let’s have a look at the video from Matt Cutts.
As step one you have to find out your own IP address. Let’s assume your IP address assigned from your provider is 213.168.95.20 (this is just an example!). Next do a whois lookup:
Have a look at the netname NC-DIAL-IN-POOL. Usually provider assign a common name for all DSL dynamic address. But we want to add all IP addresses or better all network ranges into our .htaccess file. Ok now we need to get all address ranges with this netname. This can be achieved using the Linux whois tool:
Fine we get a list with all network ranges from our provider now, but still not the correct netmask format and a lot of other output which we don’t need. Basically it’s possible to manually generate the .htaccess file now. Not big fun… So I’ve created a small perl script which does the job. As small bonus it creates the needed format for .htaccess file which means you are able to directly add the output to your .htaccess file in the wp-admin folder.
Important: Before usage you have to add the netname of the dial-in pool of your provider. How to find it out is described above. Below is only an example. The output will look like:
server:~# ./gethtaccessranges.sh
allow from 194.8.209.0/24
allow from 194.8.205.0/24
allow from 195.14.226.0/24
Finally generate a .htaccess file in your wp-admin/ folder with the content:
order deny,allow
deny from all
and add the output of the script gethtaccessranges.sh below the two lines. That’s it! Now access to wp-admin is only allowed from dynamic IP address from your provider. Sure it’s not the perfect solution but I’ll prevent you from many other hack attempts from all over the world.
At the end of the script there is also an example in case providers use number in their netnames.
#!/usr/bin/perl -w
# gethtaccessranges.sh
# Harald Kraemer 08.08.2010
# www.technnitip.net
#
# NET::CIDR and NET::Whois is need to run this script.
# On debian you can install using apt-get:
# apt-get install libnet-cidr-perl libnet-whois-perl
#
# Important: Replace the netname "NC-DIAL-IN-POOL" at the end of the
# script with the dial-in netname of your provider! Use the command
# whois <my-ip-address> to find out the netname.
use Net::CIDR;
use Net::CIDR ':all';
use Net::Whois::Raw;
use strict;
sub getRanges
{
my($netname) = @_;
my $whois;
my @whois_array;
my @ranges;
$whois = whois( $netname, 'whois.ripe.net' );
@whois_array = split( "\n", $whois );
@ranges = grep( /inetnum:/, @whois_array );
foreach ( @ranges )
{
s/inetnum://g;
s/ //g;
s/ - /-/g;
foreach my $item ( Net::CIDR::range2cidr( $_ ) )
{
print "allow from " . $item . "\n";
}
}
}
getRanges('NC-DIAL-IN-POOL');
#for( my $i=1; $i <= 30; $i++)
#{
# getRanges('DTAG-DIAL' . $i);
#}
You might want to check the rebuild status of your Linux software RAID e.g. after a disc failure or a hard server crash. As you know this might take several hours, depending on the disc size.
In my case mdadm is used to configure the software RAID and mdadm –detail /dev/md1 can be used to show the rebuild status:
[root@hxxxxxxx ~]# mdadm --detail /dev/md1
/dev/md1:
Version : 00.90
Creation Time : Thu Nov 9 18:57:15 2006
Raid Level : raid1
Array Size : 159726144 (152.33 GiB 163.56 GB)
Used Dev Size : 159726144 (152.33 GiB 163.56 GB)
Raid Devices : 2
Total Devices : 2
Preferred Minor : 1
Persistence : Superblock is persistent
Update Time : Sun Feb 14 19:45:21 2010
State : active, resyncing
Active Devices : 2
Working Devices : 2
Failed Devices : 0
Spare Devices : 0
Rebuild Status : 31% complete
UUID : be29700c:083d0c62:67a9c130:e044323b
Events : 0.3626065
Number Major Minor RaidDevice State
0 8 3 0 active sync /dev/sda3
1 8 19 1 active sync /dev/sdb3
In my case 31% of the rebuilt process are finished. We still have to wait a little bit..
People often using Putty, xterm or any other Linux test based console will probably now this annoying issue:
Changing into a deeper directory structure will create an incredible long bash prompt
For me it was quite annoying to have the prompt sometimes wider than the terminal window. In Debian standard configuration this is the case. So I decided to shorten the prompt.
I kept my prompt very simple, the only thing you have to do is to add the following lines to your ~/.bashrc
export PS1="[\u@\h \W]\\$ "
export PS2="> "
Make sure to add it at the end of your .bashrc file in your home directory. Otherwise it may be overwritten by other prompt definitions in your .bashrc.
Received from a friend while he was on a holiday trip in Toronto. A Linuxcaffe pretty cool I think. Nowadays Linux seems to be everywhere! Thank you Bogi for this nice shot.
