Using WordPress is nice and many websites use it. The advantage of course that there are many tips, additional plugins etc. are available. But on the other hand there is a big disadvantage. Hackers attack WordPress sitse due to many many sites use it. I found an article and video from Matt Cutts an employee from Google.
He recommends to protect your wp-admin area using the Apache .htaccess file. Here in detail access is only allowed from IP addresses from where you are logging in. It’s definitely a good way to protect you blog, but often people don’t have a fixed IP address. The DSL provider assigns a different IP address on every dial in. Unfortunately there is no easy way to obtain the network addresses of your DSL provider which can be entered in your .htaccess file.
Another important recommendation: Always keep your server software and WordPress software up to date!
Also remove the following line from your header.php which will show hackers your WordPress version:
<meta name=”generator” content=”WordPress <?php bloginfo(’version’); ?>” /> <!-– leave this for stats please -->
So let’s concentrate on the restricted access in the wp-admin area. It’s a little bit tricky to get the address list of your DSL provider. I’ll explain and show an example script below. First let’s have a look at the video from Matt Cutts.
As step one you have to find out your own IP address. Let’s assume your IP address assigned from your provider is 213.168.95.20 (this is just an example!). Next do a whois lookup:
Have a look at the netname NC-DIAL-IN-POOL. Usually provider assign a common name for all DSL dynamic address. But we want to add all IP addresses or better all network ranges into our .htaccess file. Ok now we need to get all address ranges with this netname. This can be achieved using the Linux whois tool:
Fine we get a list with all network ranges from our provider now, but still not the correct netmask format and a lot of other output which we don’t need. Basically it’s possible to manually generate the .htaccess file now. Not big fun… So I’ve created a small perl script which does the job. As small bonus it creates the needed format for .htaccess file which means you are able to directly add the output to your .htaccess file in the wp-admin folder.
Important: Before usage you have to add the netname of the dial-in pool of your provider. How to find it out is described above. Below is only an example. The output will look like:
server:~# ./gethtaccessranges.sh
allow from 194.8.209.0/24
allow from 194.8.205.0/24
allow from 195.14.226.0/24
Finally generate a .htaccess file in your wp-admin/ folder with the content:
order deny,allow
deny from all
and add the output of the script gethtaccessranges.sh below the two lines. That’s it! Now access to wp-admin is only allowed from dynamic IP address from your provider. Sure it’s not the perfect solution but I’ll prevent you from many other hack attempts from all over the world.
At the end of the script there is also an example in case providers use number in their netnames.
#!/usr/bin/perl -w
# gethtaccessranges.sh
# Harald Kraemer 08.08.2010
# www.technnitip.net
#
# NET::CIDR and NET::Whois is need to run this script.
# On debian you can install using apt-get:
# apt-get install libnet-cidr-perl libnet-whois-perl
#
# Important: Replace the netname "NC-DIAL-IN-POOL" at the end of the
# script with the dial-in netname of your provider! Use the command
# whois <my-ip-address> to find out the netname.
use Net::CIDR;
use Net::CIDR ':all';
use Net::Whois::Raw;
use strict;
sub getRanges
{
my($netname) = @_;
my $whois;
my @whois_array;
my @ranges;
$whois = whois( $netname, 'whois.ripe.net' );
@whois_array = split( "\n", $whois );
@ranges = grep( /inetnum:/, @whois_array );
foreach ( @ranges )
{
s/inetnum://g;
s/ //g;
s/ - /-/g;
foreach my $item ( Net::CIDR::range2cidr( $_ ) )
{
print "allow from " . $item . "\n";
}
}
}
getRanges('NC-DIAL-IN-POOL');
#for( my $i=1; $i <= 30; $i++)
#{
# getRanges('DTAG-DIAL' . $i);
#}
You might want to check the rebuild status of your Linux software RAID e.g. after a disc failure or a hard server crash. As you know this might take several hours, depending on the disc size.
In my case mdadm is used to configure the software RAID and mdadm –detail /dev/md1 can be used to show the rebuild status:
[root@hxxxxxxx ~]# mdadm --detail /dev/md1
/dev/md1:
Version : 00.90
Creation Time : Thu Nov 9 18:57:15 2006
Raid Level : raid1
Array Size : 159726144 (152.33 GiB 163.56 GB)
Used Dev Size : 159726144 (152.33 GiB 163.56 GB)
Raid Devices : 2
Total Devices : 2
Preferred Minor : 1
Persistence : Superblock is persistent
Update Time : Sun Feb 14 19:45:21 2010
State : active, resyncing
Active Devices : 2
Working Devices : 2
Failed Devices : 0
Spare Devices : 0
Rebuild Status : 31% complete
UUID : be29700c:083d0c62:67a9c130:e044323b
Events : 0.3626065
Number Major Minor RaidDevice State
0 8 3 0 active sync /dev/sda3
1 8 19 1 active sync /dev/sdb3
In my case 31% of the rebuilt process are finished. We still have to wait a little bit..
People often using Putty, xterm or any other Linux test based console will probably now this annoying issue:
Changing into a deeper directory structure will create an incredible long bash prompt
For me it was quite annoying to have the prompt sometimes wider than the terminal window. In Debian standard configuration this is the case. So I decided to shorten the prompt.
I kept my prompt very simple, the only thing you have to do is to add the following lines to your ~/.bashrc
export PS1="[\u@\h \W]\\$ "
export PS2="> "
Make sure to add it at the end of your .bashrc file in your home directory. Otherwise it may be overwritten by other prompt definitions in your .bashrc.
Received from a friend while he was on a holiday trip in Toronto. A Linuxcaffe pretty cool I think. Nowadays Linux seems to be everywhere! Thank you Bogi for this nice shot.
Nowadays there are several virtualization products like VMWare and Virtual PC available. Searching the Internet I came across coLinux and andLinux. This free and open source tools allow you to run Linux natively on your Windows PC.
coLinux is the base – a port of the Linux kernel which allows you to run Linux cooperatively on your Windows PC. andLinux is a complete Ubuntu Linux system which uses coLinux, Xming as X server and PulseAudio as sound server.
I’ve tried andLinux on my Windows XP notebook, installation was easy. Quite nice if you also want to have Linux running on your PC without purchasing other products. You can start Linux applications and they appear like a regular Windows application on your desktop.
andLinux offers some more features:
Access from Linux applications to Windows filesystem
Quick start of Linux applications from Quicklaunch bar
Your desktop is running with Windows and you often need to connect remote servers using SSH then you will already know PuTTY. You will also know that it’s getting frustrating to enter the passoword every time. There is a simple way to login to remote machines using RSA/DAS keys.
What is needed?
First of all you will need to download the PuTTY.exe. And to generate the keys on your Windows desktop you’ll need to download PuTTYgen.exe as well.
Key Generation
Start PuTTYgen.exe after download and press the Generate button. Now follow the instruction and move the mouse cursor over the desired area. I’ve used the default parameter [x] SSH-2 RSA with a key length of 1024 bits.
I leave the Key passphrase empty because I don’t want to enter any passwords during login.
To have the key later available for other servers use the “Save public key” and “Save private key” button. My private key is saved as haifisch.ppk and my public key as haifisch. By the way, haifisch is German and means shark.
Now mark the generated public key, copy it to the clip board and paste it into ~/.ssh/authorized_keys file on the remote server of the user you want to login as.
PuTTY Configuration
Keys have been generated and stored on the remote server, therefore PuTTYgen can be closed now and the PuTTY.exe is needed now.
In PuTTY under the item “Session” enter the host name of the remote server and connection type SSH. Next choose “Connection/Data” and enter the remote user name. Also the previously defined private key is needed, it is given in “Connection/SSH/Auth” using the “Browse” button. In my case it’s haifisch.ppk.
When all settings are done go back to “Session”, enter a name for this session and press “Save”.
That’s it. Try it by double clicking on the saved session.
Login via Desktop Icon
If you want to have a desktop icon which opens putty and logs into a remote server generate a file e.g. www.myserver.com.bat with the content:
start C:\temp\putty\putty.exe -load "Session Name in PuTTY"
Now generate a link to this batch file on your desktop and login in by double clicking.
Finally after 2 years running Debian “Etech” 4.0 the new version Debian 5.0 codename “Lenny” has been released. The new release is dedicated to Thiemo Seufer, a Debian Developer who dies on December 26th, 2008 in a tragic car accident. Read more information about “Lenny” on the Debian homepage.
As you know only the early bird catches the worm, I immediately decided to update one server to Lenny. Sure, sometimes the worm isn’t delicious but if you are dealing with IT stuff you will know this kind of bad tasting worms already.
Okay the good news are: The worm wasn’t bad tasting in this case. Find my upgrade report below.
Upgrade Procedure
First I started with:
apt-get update
And received the error message:
There are no public key available for the following key IDs: 4D270D06F42584E6
Fine, next apt-get update was done again and several packages have been updated. It was prompted if a new /etc/mysql/my.cnf should be installed or my old one should be kept. I decided to keep my old one.
Afterwards I upgraded the distribution with apt-get dist-upgrade and many packages have been downloaded and installed.
For several config files it is again prompted if the old one should be kept or overwritten. I decided to backup to old configuration files and overwrite them with the new ones from the current distribution. I wanted to make sure that I don’t run into conflicts. Using this way the upgrade is performed very quick.
In the next step I adapted all my changes from backuped config files into the new ones. In my case mainly the Apache2 and MySQL configurations.
Apache2
After doing this Apache2 started with the message “NameVirtualHost *:80 has no VirtualHosts” and no one of my virtual hosts was recognized. I resolved this issue by changing the file /etc/apache2/sites-enabled/000-default and /etc/apache2/ports.conf. Within both files I’ve changed declarations “*:80″ to “*”:
/etc/apache2/sites-enabled/000-default
<VirtualHost *>
/etc/apache2/ports.conf
NameVirtualHost *
Note that all your virtual host configurations also have to be defined with “<VirtualHost * >”.
APT
To receive the updates for “Lenny” edit the file /etc/apt/sources.conf and change the line:
deb http://security.debian.org/ etch/updates main contrib non-free
to
deb http://security.debian.org/ lenny/updates main contrib non-free
Grub
One special thing on my server here (Strato root server) is the Grub configuration. The server is configured with SATA RAID 1, therefore partitions are mounted on /dev/md0 and /dev/md1. After every kernel update I manually change the /boot/grub/menu.lst file. Here I copy the two parts for the latest running kernel and simply adjust the kernel versions:
Linux users usually know the text editor called “vi”. For beginners it’s tough to use and the look and feel is not very nice. “vim” which means vi-improved brings many improvements. To make vim more nice looking I’ve put my settings for your .vimrc together. I personally like the following settings:
Syntax highlighting
Different color scheme
Disable indenting when copy and pasting a text from clip board
Replace tabs with blanks
Use 2 spaces as tabs instead of 4 spaces
Improve the search
Display cursor position
Open the .vimrc in your home directory and add the following settings:
" enable syntax highlightning
syntax enable
" set a different color scheme
colorscheme desert
" avoid identing when pasting a text
set paste
" enable auto indent
set autoindent
" expand tabs to spaces
set expandtab
" set the tab stop to 2 spaces and soft tab stop to 2 spaces
set tabstop=2 sts=2
set shiftwidth=2
" immediately search and display the typed search pattern
set incsearch
" highlighting of search matches
set hlsearch
" show cursor position
set ruler
Much better now! Try the search (e.g. ESC /high) and you will recognize that the search pattern will be immediately highlighted when you enter it.
Note: If you want to replace all tabs within an existing file you can now use the vi command “:retab” and all tabs will be removed according the settings done in your .vimrc.
Building and installing from source is done using a few commands:
tar xvfz iperf-2.0.4.tar.gz
cd iperf-2.0.4
./configure
make
make install
Once installed iperf the server is started on machine 1:
machine1:~# iperf -s
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
------------------------------------------------------------
Next the client is started on machine 2:
machine2:~# iperf -c machine1.mydomain.de
------------------------------------------------------------
Client connecting to machine1.mydomain.de, TCP port 5001
TCP window size: 16.0 KByte (default)
------------------------------------------------------------
[ 3] local xx.xx.xx.xx port 45325 connected with yy.yy.yy.yyport 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-10.0 sec 96.6 MBytes 80.9 Mbits/sec
Tested on two servers connected with 100 MBit/s located at two different providers in Germany we get a result of 80.9 MBits/sec.
This result is slightly higher compared to the result from our measurement done with NETIO in the article Network Throughput Measurement. So we start the test again with addtional parameters:
machine2:~# iperf -c machine1.mydomain.de -w 512k -l 512k
------------------------------------------------------------
Client connecting to machine1.mydomain.de, TCP port 5001
TCP window size: 256 KByte (WARNING: requested 512 KByte)
------------------------------------------------------------
[ 3] local xx.xx.xx.xx port 40987 connected with yy.yy.yy.yyport 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-10.0 sec 72.0 MBytes 60.3 Mbits/sec
Now using modified read/write buffer size and TCP windows size we get almost the same result as in our test with netio.
Definitely a tool which can be recommended to check your network throughput!
