If you happen to have installed Joomla based website and setup a contact form and everything worked fine until recently but suddenly your server starts mysteriously acting as a spam relay – even though email server is perfectly secured against spam.
You probably have some issue with a website email contact form hacked or some vulnerability which allowed hackers to upload spammer php script.
I have a website based on Joomla and just until recently everything was okay until I noticed there are tons of spam flying out from my Qmail mail server (which is configured to check spam with Spamassassin has Bayesian Filtering, Distributed Checksum Claring House, Python Razor and plenty of custom anti-spam rules.
It was just yesterday I ended into that situation, then after evaluating all the hosted website, I've realized Spam issues are caused by an Old Joomla Website Contact form!
There were two issues in the form
in the contact form you have the field with a tick:
1. Well Known Joomla Form Vulnerability
Currently all Joomla (including 1.5.22 and 1.6 versions) are vulnerable to a serious spam relay problem as described in theofficial Joomla site.
There is a quick dirty workaround fix to contact form vulnerability – disable a Joomla Comonent in ../joomla/components/com_mailto/
To disable it I had to:
cd /var/www/joomla/components mvcom_mailto com_mailtoNOT_USED
Above solution was described under a post resolve joomla spam relay earlier by Anatoliy Dimitrov (after checking closely the website it happened he is a colleague at HP 🙂 )
2. Second issue causing high amount of spam sent over the emailserver
was: "E-mail a copy of this message to your own address." contact form tick, which was practically enabling any Spammer with a list to inect emails and spam via the form sending copies to any email out on the internet!
You would definitely want to disable "E-mail a copy of this message to your own address."
I wonder why ever any Joomla developer came up with this "spam form"??
Here is the solution to this:
1.Login to Joomla Admin with admin account
2. GotoComponents -> Contacts -> Contacts
3. Click on the relevant Contact form
4. Under Contact Parameters go to Email Parameters
5. Change field E-mail Copy from Show to Hide and click Apply button
And Hooray the E-mail a copy of this message to your own address will be gone from contact form! 🙂
I've seen already plenty of problematic hacked servers and scripts before with Joomla in my last job in International University College – where joomla was heavy used, but I never experienced Joomla Security issues myself 'till know, in future I'm planning to never ever use joomla. Though it is an easy CMS system to setup a website its quite complicated to learn the menus – I remember when creating the problematic website it took me days until I properly setup all the menus and find all joomla components … besides these there is no easy way to migrate between different versions major releases in Joomla like in Wordperss, I guess this Mail Security Issue absolutely convinced me to quit using that piece of crap in future.
In mean Time another very serious Apache security flaw leaked on the Internet just few days ago – The OpenSSL Hearbleed Bug. Thanksfully I'm not running SSL anywhere on my website but many systems are affecting making most of your SSL communication with your Internet banking, E-mail etc. in danger. If you're running Apache with SSL make sure you test it for this vulnerability. Here is description of Heartbleed SSL Critical Vulnerability.
"The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users."
Here is an interesting video talking about the origin of modern telephone communication.
In short first was the telegraph, then came the morse code. Then a way was found by bell to transmit voice on a short distances. Then Edisson's advancements make possible the telephone to exist to a primordial wall stick form of a modern telephone.
Its interesting to see the many woman which were used as a phone call operators in the rise of telephone. Then a little by little the phone operators were substituted by technology. Up to the point that now it is only computers that makes the phone communication reality.
Finally after a few stages of developments came the raise of modern telephone as we know it. And a little bit later the mobile phone. Nowdays we've become totally dependent on phones and often this little communicator devices we have to carry all around makes our life bitter and unrelaxed.
Secret Life Of Machines – The Telephone (Short History of the Telephone) [ Full Length ]
I've been thinking about our modern day progression and what our "progressed" society looks like in reality.
We think we have progressed, we have built machines that serves us well (computers). We plan for a bright painless easy future day by day. This bright "perfect" society future is nothing more than the dream of communism in its complete form.
But in what sense we have actually progressed ?? Everyone who really sees what happens around us notice the big changes we experience. On the surface it looks like our life has become much easier with all this technology surrounding us. The number of computers which is said to help us to leap towards this bright future increases day by day. With this however increases the need to support technology. Suddenly it happens that the old believe that computers are just a tool to make our life earier becomes a modern day slavery. Most of the developed or under development countries people are nowdays almost full time spending in front of the computer screen on the internet. We put our lifes in the mercy of man-created computers and it has become impossible that we live or exist independetly without them.
Computers are everywhere around us starting from the work Desk, at hand with a notebook, ipad, mobile phones, cars, airplanes. There is rarely to see any technology we use which works with not some kind of primitive or advanced computer embedded ,,,
In the rise of computers as we know it computer was just a tool to help us along with the other overall thought and inventions development. Now from just being a tool to help us progress Computers become the common ground on which almost everything in life works.
I'm sure many people who started learning computer technology 15-20 years ago (like me) never imagined computers will integrate so heavily in our daily activities as they eventually did.
We use computers for the sake of planning which in "spiritual language" is predicting the future or prophecise what is about to come in the short future. In reality what we do mostly even not realizingly is to try to predict and modify the future through technology.
This concept is also existing in most sci-fi movies, made in last 60 years. Mobile phones revolution give the humanity a tool through which telepathy we've seen in so many SCI-FI is reality. The mobile phone is just a platform through which (phone calls) or better said voice telepathy has become possible. In that manner of thoughts it is obvious that Video phone calls is a voice + visual telepathy. The Skype revolution and Video and voice conferences is brought was just until recently seen on the sci-fi movies where spaceship crews communicated with other spaceship crews by using a Visual conferences like skype.
It is really hard to believe that for just few years now everyone can speak with ease with everyone else on the planet in the same way just like we've seen in the movies as some foreign abstract concept!
Now suddenly most people on earth are equipped with technology with gives them the power to do everything but it is my firm believe people are not ready to wisely use this power. Therefore instead of using this higher technology wisely technology is used mostly senseless and the more technological advancement grows and becomes more accessible to the masses the more the tendency to use the technology for shit grows.
I'm sure people who have a good knowledge on programming and how computer works are already seriously aware of this enormous problem.
Another severe problem with the raise of technology is the language slang it introduces. This tech-slang is adopted quickly all around the society and suddenly as a result the human language as we know it is seriously substituted by a vague tech words mambo-jambo words. Actually the adoption of tech buzz words in modern day society language makes a great harm for the reason communication between people becomes less descriptive and therefore harder.
In short the result of this tech slang language inside our national languages is inability for people to communicate properly. This tendency is well seen if you for example try to make a comparison between old and newer movies. The newer the movie the less meaningful it is. It is true newer ones has much more as a visual adds than the predecessor but when talking about consistency the newer films are missing this point seriously.
As newer generations are born and raised up with this newer movies and "advanced" TV and computers this people doesn't even have most of the time the opportunity to see older human taped knowledge.
Even for youngesters who have somehow a wise parents enough to teach them in a religious way or just have the "luck" to have parents with old world mindset it will be extremely hard if not impossible for this kids to understand the old knowledge, as most of their same age school / university fellows will only talk about the newer things.
Besides all this, computers as they grow needs more and more support "nurturing" so day by day more and more people has to be busy with managing and supporting tech stuff. Suddenly it is no longer clear if computers serve us or we serve them, this tendency is already somehow evident but not so clearly as it will be in the short 5 to 10 years.
Therefore we slowly but surely are moving to a society which might become "enslaved by technology". Why I say here enslaved, because if we spend our time on fixing computers and technology and working with one virtual reality (which is non-reality) in essence this means we no longer have a physical freedom in the sense it was God given.
There is no doubt computers at present appears to do us a big good, but if you think a bit strategically it is obvious this good has it's price. By adopting all this technology without questioning ourselves on how this will impact our human freedom, we build a computerized jail around us. At first this jail appears to be so wide that it seems it does not interfere with our freedom, but with the introduction of newer and newer computer technology this jail becomes narrower as to the point where it could threat our physical existence freedom.
For those who could argue my thoughs I will ask two simple questions to show you how dependent we've become on technology;;;
What was the last time you switched off your mobile for a week ?
What was the last time you didn't used computers and the internet for a week time ?
Obviously rarely we can find someone that will answer positively to this question or even the thought of switching off from this so globalized society by dropping off tech stuff for a week seems scary.
This constant connectiodness that we're day-by-day heavily exposed to is scary, because it steals little-by-little our natural freedom for seclusion / pravicy / solitude.
This freedoms, were essential and especially for Christian saints and many of the people in the Holy Bible if we read closely we will find out they have used this freedom in parts of their lives especially the seclusion to hear and understand God's will for their life.
Since technology is stealing us the freedom to seclude ourselves this means it steals our basic natural freedom to communicate with God and our natural self ,,,
The consequence of this separation from God and unification with "the world" surely will lead to spiritual blindness and lack of good foundation or higher life purpose, in other words lost path in life.
This is happening all along right in front our eyes now.
Maybe the worst thing of globalization is it doesn't unite people on a soul level but rather separates them. The unification that tech boom gives to people is in the "virtual reality" but this is not a real unification as it is unification in a media which is not real.
Yes Virtual Reality is not real, that's why it is called Virtual isn't it?
I've been thinking over all this problems more and more and I'm starting to come to conclusion that people who wish to keep their essential physical freedom need to GET OUT from this tech lie, we have lived in.
For this however more people need to first realize that;;;
1. TECHNOLOGY LEADS US NOWHERE!
2. People who want to live without technology need to organize in groups – (and get used to a natural living growing food, being near to a natural springing water, taking care for each other, living in a Christian commune like – like in the old days)
Actually if we read the old testament's story of Moses escaping the upcoming flood, I believe what is about to come to us as a consequence of this out of boundaries technologization is pretty much like the old testamental flood (this should happen sooner or later).
Moses was wise enough to make himself an Ark and prepare himself for the storm. Today most people are so busy that they don't see the storm coming. I'll be glad to hear from people who has the same thinking as me and want to organize in a groups and live an old humble way of life without technology.
I'm convinced people who have realized all this tech short future bad consequences on humanity, need to have a common communication media and share their knowledge on how we can find a way to live tech free in this age. I'm curious am I the only one with such thoughts or other get into this insight too. If you have come to conclusions I did please contact me in comments. Thank you.
Predictive programming is a subtle form of psychological conditioning provided by the media to acquaint the public with planned societal changes to be implemented. If and when these changes are put through, the public will already be familiarized with them and will accept them as 'natural progressions'; thus lessening any possible public resistance and commotion. Predictive programming therefore may be considered as a veiled form of preemptive mass manipulation or mind control.
Here are few youtube videos pretty well showing some major all main stream youth culture know movies like the Matrix, Fight Club and Star Trek that has a rich predictive programming embedded:
Predictive Programming of Mind Control by Media
Hollywood's Agenda 1 – Predictive Programing and Hidden in Plain Sight
The propaganda in the movies is clear:
New World Order, dictatorship, an upcoming human saviour Messiah and everything we know prophecies in the Holy Bible by the elders and the saints and the saint Living Orthodox Christian books.
Predictive programming is not only in the hollywood produced high budget movies, its also widely used in the TV news and games like X Factor and many many more …
There is plenty of interesting info on the subject, but be careful as it is very addictive. At the end nomatter what kind of secret agenda lays in all this mass medias to imply us ideas on possible future events or possible future gadgets economic systems or whatever it is still up to God to allow any of the agendas to come to reality.
One major methodology used in almost all brainwashing pre-conditoning, predictive programming is the so called Hegelian Dialectics claiming the foruma ( A + B = C)
– Thesis + Antithesis = Synthesis
The scenarios in most movie or news is like that.
First they show you something making a Thesis (Let's say – The Dolly ship first cloned animal), then they show develop an Anti-Thesis (Big money are paid for people to criticize on the dangers of mass animal cloning), then after a while there is synthesis = (The mass animal cloning is dangerous but necessery and therefore OKAY so we will clone.). The same scenario is repeated again and again myriad of times. For the unknowing observer, all the 'trial' looks perfectly legid…
Communism was one good example of a Regime that people thought will continue forever and every country sooner or later could become communist. The facts years after is clear Communism is pure Utopia and even though the regime was so strong it failed 🙂 So we should not worry too much and 'we should not our hearts be troubled' by this unwalful stuff being around, but we should be aware of it and next time we're told this in school or university and claimed as being okay we should oppose it as TRUE CHRISTIANS. At the end God is in control as we read in the Holy Bible, so nomatter happens if we trust God and pray for his mercies, he will never forsake us.
Before I explain how netstat and whois commands can be used to check information about a remote skype user – e.g. (skype msg is send or receved) in Skype. I will say in a a few words ( abstract level ), how skype P2P protocol is designed.
Many hard core hackers, certainly know how skype operates, so if this is the case just skip the boring few lines of explanation on how skype proto works.
In short skype transfers its message data as most people know in Peer-to-Peer "mode" (P2P) – p2p is unique with this that it doesn't require a a server to transfer data from one peer to another. Most classical use of p2p networks in the free software realm are the bittorrents.
Skype way of connecting to peer client to other peer client is done via a so called "transport points". To make a P-to-P connection skype wents through a number of middle point destinations. This transport points (peers) are actually other users logged in Skype and the data between point A and point B is transferred via this other logged users in encrypted form. If a skype messages has to be transferred from Peer A (point A) to Peer B (Point B) or (the other way around), the data flows in a way similar to:
A -> D -> F -> B
or
B -> F -> D -> A
(where D and F are simply other people running skype on their PCs).
The communication from a person A to person B chat in Skype hence, always passes by at least few other IP addresses which are owned by some skype users who happen to be located in the middle geographically between the real geographic location of A (the skype peer sender) and B (The skype peer receiver)..
The exact way skypes communicate is way more complex, this basics however should be enough to grasp the basic skype proto concept for most ppl …
In order to find the IP address to a certain skype contact – one needs to check all ESTABLISHED connections of type skype protocol with netsat within the kernel network stack (connection) queue.
netstat displays few IPs, when skype proto established connections are grepped:
Now, as few IPs are displayed, one needs to find out which exactly from the list of the ESTABLISHED IPs is the the Skype Contact from whom are received or to whom are sent the messages in question.
The blue colored IP address:port is the local IP address of my host running the Skype client. The red one is the IP address of the remote skype host (Skype Name) to which messages are transferred (in the the exact time the netstat command was ran.
The easiest way to find exactly which, from all the listed IP is the IP address of the remote person is to send multiple messages in a low time interval (let's say 10 secs / 10 messages to the remote Skype contact).
It is a hard task to write 10 msgs for 10 seconds and run 10 times a netstat in separate terminal (simultaneously). Therefore it is a good practice instead of trying your reflex, to run a tiny loop to delay 1 sec its execution and run the prior netstat cmd.
To do so open a new terminal window and type:
noah:~# for i in $(seq 1 10); do \
sleep 1; echo '-------'; \
netstat -tupan|grep -i skype | grep -i established| grep -v '0.0.0.0'; \
done
-------
tcp 0 0 192.168.2.134:55119 87.126.71.94:26309 ESTABLISHED 3606/skype
-------
tcp 0 0 192.168.2.134:49096 213.199.179.161:40029 ESTABLISHED 3606/skype
tcp 0 0 192.168.2.134:55119 87.126.71.94:26309 ESTABLISHED 3606/skype
-------
tcp 0 0 192.168.2.134:49096 213.199.179.161:40029 ESTABLISHED 3606/skype
tcp 0 0 192.168.2.134:55119 87.126.71.94:26309 ESTABLISHED 3606/skype
...
You see on the first netstat (sequence) exec, there is only 1 IP address to which a skype connection is established, once I sent some new messages to my remote skype friend, another IP immediatelly appeared. This other IP is actually the IP of the person to whom, I'm sending the "probe" skype messages.
Hence, its most likely the skype chat at hand is with a person who has an IP address of the newly appeared 213.199.179.161
Later to get exact information on who owns 213.199.179.161 and administrative contact info as well as address of the ISP or person owning the IP, do a RIPE whois
noah:~# whois 213.199.179.161
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '87.126.0.0 - 87.126.127.255'
inetnum: 87.126.0.0 - 87.126.127.255
netname: BTC-BROADBAND-NET-2
descr: BTC Broadband Service
country: BG
admin-c: LG700-RIPE
tech-c: LG700-RIPE
tech-c: SS4127-RIPE
status: ASSIGNED PA
mnt-by: BT95-ADM
mnt-domains: BT95-ADM
mnt-lower: BT95-ADM
source: RIPE # Filteredperson: Lyubomir Georgiev
.....
Note that this method of finding out the remote Skype Name IP to whom a skype chat is running is not always precise.
If for instance you tend to chat to many people simultaneously in skype, finding the exact IPs of each of the multiple Skype contacts will be a very hard not to say impossible task.
Often also by using netstat to capture a Skype Name you're in chat with, there might be plenty of "false positive" IPs..
For instance, Skype might show a remote Skype contact IP correct but still this might not be the IP from which the remote skype user is chatting, as the remote skype side might not have a unique assigned internet IP address but might use his NET connection over a NAT or DMZ.
The remote skype user might be hard or impossible to track also if skype client is run over skype tor proxy for the sake of anonymity
Though it can't be taken as granted that the IP address obtained would be 100% correct with the netstat + whois method, in most cases it is enough to give (at least approximate) info on a Country and City origin of the person you're skyping with.
I'm running WordPress for already 3 years or so now. Since some very long time. The first wordpress install, I can hardly remember but it something like wordpress 2.5 or wordpress 2.4
Since quite a long time my wordpress blog is powered by a number of plugins, which I regularly update, whenever new plugins pops up …
I haven't noticed most of the time problems during major WordPress platform updates or the update of the installed extensions. However, today while I tried to reply back to one of my blog comments, I've been shocked that, I couldn't.
Pointing at the the Comment Reply box and typing inside was impossible and a null message was stayed filled in the form:
To catch what was causing this weird misbehaving with the reply comments functionality, I grepped through my /var/www/blog/wp-content/plugins/* for the movecfm(null,0,1,null):
# cd /var/www/blog/wp-content/plugins
# grep -rli 'movecfm(null,0,1,null)' */*.php
wordpress-thread-comment/wp-thread-comment.php
I've taken the string movecfm(null,0,1,null) from the browser page source in in my Firefox by pressing – Ctrl+U).
Once I knew of the problem, I first tried commenting the occurances of the null fields in wp-thread-comment.php, but as there, were other troubles in commenting this and I was lazy to read the whole code, checked online if some other fellows experienced the same shitty null void javascript error and already someone pointed at a solution. In the few minutes search I was unable to find anyone who reported for this bug, but what I found is some user threads on wordpress.org mentioning since WordPress 2.7+ the wordpress-threaded-comments is obsolete and the functionality provided by the plugin is already provided by default in newer WPinstalls.
Hence in order to enable the threaded comments WordPress (embedded) reply functionality from within the wp-admin panel used:
You see there is also an option to define how many nested comments subcomments, can be placed per comment, the default was 5, but I thought 5 is a bit low so increased it to 10 comments reply possible per comment.
Finally, to prevent the default threaded comments to interfere with the WordPress Threaded Comments plugin, disabled the plugin through menus:
Plugins -> Active -> WordPress Thread Comments (Deactivate)
This solved the weird javascript null "bug" caused by wordpress-threaded-comments once and for all.
Hopefully onwards, my blog readers will not have issues with threaded Reply Comments.
Some long time ago, I've created one user called newuser, on my home FreeBSD router and added him to be a member of wheel group.I've completely forgot about the users existing, just until yesterday when I saw the user still hanging around in my wheel group.For those unfamiliar with the wheel group on FreeBSD, wheel is the same like root group on Linux and some other *nices.
Before proceed with the reason fot this post to show the proper way of adding and removing user to a group on BSD, I will first explain a bit few things concerning BSD password files, where they are and why are they so many 🙂
On the first glimpse, people unfamiliar with BSD will be shocked / (confused) to find out there are 5 files, which has something to do to password authentication.
1. Some short explanation on /etc/passwd /etc/master.passwd, /etc/pwd.db, /etc/spwd.db, /etc/group and login.conf.db BSD auth and login filesFreeBSD and rest of the BSD family has 5 files which deal with username and password authentication, group ids, default shell configs etc.:
The 5 ones are:
/etc/passwd
/etc/master.passwd
/etc/group
/etc/pwd.db
/etc/spwd.db
/etc/passwd is readable by all the users on the system whether /etc/master.passwd is only readable by root and toor administrative users. In that numbers members to wheel group have access for reading to all of the five.
Just like on Linux /etc/passwd contains all kind of system existing users … everything except the stored user passwords strings. /etc/master.passwd is actually the BSD equivalent of Linux's /etc/shadow file. It stores md5 encrypted user passwords (by default) in a form of encrypted hashes. For tightened security one can, however choose to use a blowfish password hash encryption instead.
Since my newuser was a member to group, the user had read access to my /etc/master.passwd and hence this was a potential potential security hole on my system.
To close the whole I decided to remove newuser's membership to wheel group.
Before I say how I actually did it. I will sawy few more words on BSD systems authentication files structure.
The file /etc/master.passwd is actually the BSD equivalent of Linux's /etc/shadow.
Besides /etc/password and /etc/master.passwd, on BSD there are also two other separate binary database files storing authentication user credentials:
freebsd# ls -l /etc/pwd.db /etc/spwd.db
-rw-r--r-- 1 root wheel 90112 Mar 13 23:56 /etc/pwd.db
-rw------- 1 root wheel 90112 Mar 13 23:56 /etc/spwd.db
In case if you're wondering what are this two *pwd.db files for: /etc/pwd.db contains in database format /etc/passwd content /etc/spwd.db contains in database format /etc/master.password
, spwd.db stands for (shadow) pwd.db.
Near the end of the man page for pwd_mkdb, pwd.db is described as "insecure password database file and spwd.db as secure password database file.
The exact database type can be displayed with file command which is alawys helpful in (determining a file types).
I use file almost daily to check the (MIME) type of most of the "weird" file type extensions I have on my system. If not yet familiar with file cmd, be sure to try it on few various file extensions and see how it works. freebsd# file /etc/pwd.db
/etc/pwd.db: Berkeley DB 1.85 (Hash, version 2, native byte-order)
freebsd# file /etc/spwd.db
/etc/spwd.db: Berkeley DB 1.85 (Hash, version 2, native byte-order)
You see, files are stored in format of Berkley DB Hash version 2.
The two files got updated every time with command pwd_mkdb whether a change in /etc/master.passwd occurs through use of lets say pw or vipw.
Btw, one common way to initiate changes to /etc/master.passwd (lets say modify a user shell) is possible through vipw command. vipw is a wrapper command that launch instance of vi editor over /etc/master.passwd, once changes are saved in the file, pwd_mkdb is run to regenerate the /etc/pwd.db and /etc/spwd.db. With this in mind vipw on BSD is the equivalent of manually editting /etc/shadow with vi /etc/shadow on G / Linux.
Whether talking about user credentials and /etc/pwd.db and /etc/spwd.db, its worthy to mention there is one more db file – /etc/login.conf.db. /etc/login.conf.db is red everytime a user logs in the system. It is is generated from the plain text /etc/login.conf. Just in case if wondering why this .db files are used on FreeBSD at all, the reason is efficiency.
Reading binary database (structured data) as we all know is way faster than plain text file look ups
The performance advantage of the BSD's use of .db stored credentials is not so-"visible" in normal BSD systems with less than lets say 100 users.
Anyways on systems with few thousands of users that login and logout frequently the speed difference will surely be clear.
Manual generation of /etc/pwd.db and /etc/spwd.db or /etc/login.conf.db is possible via pwd_mkdb and cap_mkdb commands.
After explaining shortly the basic auth files, I'll proceed with my specific case and will explain how I removed my newuser from membership in wheel group.
2. "BSD way" to remove or add existing user to member a group
The record for my user newuser in /etc/group, looked like so:
I was curious if /etc/group was possible to manually edit like on Linux with vi or mcedit.I thought this might be a problem since I thought the /etc/group info might be stored somewhere along in /etc/pwd.db or /etc/spwd.db. My hypothesis, however was wrong.
Straight use of vim /etc/group and deletion of the newuser record was enough to remove the user from wheel.
Anyways this is not a standard way and especially if it has to be scripted it is unnecessery hassel, hence below is the 'BSD way' via pw:
freebsd# pw groupmod wheel -d newuser
There is no output returned, therefore the command executed succesfully.
pw can be used for plenty of user management operations. Lets say I want to add back the newuser to be a member of wheel some time in the future, I could use:
freebsd# pw groupmod wheel -m newuser
To later check if newuser is succesfully removed from /etc/group:
Generally it is better, to stick to one way to do everything related to user and group management with pw and use it to show group permissions for wheel instead:
One of the companies, where I'm doing a part time job, as an IT Consultant, System Administrator and Web developer, a e-marketing specialist and business consultant (the list goes on ;)) … planned to integrate a Newsletter support in their WordPress based websites.
As this fits my "job description" ,I took the task and implemented a simple but functional Newsletter support to their 4 WP based sites. In this article I will in short describe, my experience with placing the Newsletter subscription.:
Earlier I've done something similar as, I've added a subscipriotion (form) box to WordPress to use Google Feedburner RSS . What I needed this time, however was a bit different. The company required the newsletter to be a separate one and don't relay on Google Feedburner (RSS) to deal with the subscriptions .
It took me a while until I came with a working version of a Newsletter and I actually tested all in all 4 newsletter wordpress plugins before, I had a well working one. Here in short, In this article I will shortly take a look at the 4 WP newsletter plugins:
1. A wordpress plugin called simply Newsletter
As of time of writting this is the most popular wordpress plugin, when I looked through:
http://wordpress.org/extend/plugins/
Wordpress Newsletter plugin can be obtained via http://wordpress.org/extend/plugins/newsletter/ Its really Advanced, probably the best free newsletter for WP available as of time of writting. The plugin supports email subscriber user confirmation (double opt-in), as well as can be accustomized to work with single opt-in.
For all those who don't know Double Opt-In is the technical term for a once requested user email (single opt-in), for subscription which is later confirmed by following an email box sent link pointing to confirmation URL.
Double Opt-In is almost a standard and "must" as otherwise, many spam bots will fill in randomly email addresses and your subscribers list will be mostly containing spammer email addresses.
1. Install WordPress Newsletter Plugin To install Newsletter plugin;
a) download and put into wp-content/plugins/ and unzip
server:~# cd /var/www/blog/wp-content/plugins
server:/var/www/blog/wp-content/plugins# wget -q http://downloads.wordpress.org/plugin/newsletter.zip
server:/var/www/blog/wp-content/plugins# unzip newsletter.zip
b) Enable in Plugins:
Plugins -> Newsletter (Activate)
c) Configure Newsletter
A new menu will appear in the left WP control panel, like you see in below screenshot:
Newsletter plugin is very configurable but it takes a bit of longer time until it is confingured to work well. So be patient with it.
d) Make Newsletter field appear on a wordpress home page.
In order to enable just configure Newsletter plugin (text and subscription form) to appear on the wordpress pages, you need to add the plugin as a widget. To do so go to:
Appearance -> Widgets
Drag and drop the Newsletter plugin widget to the widget right pane. Put it on the exact place you would like it to appear.
Once the widget is placed, you will see it appear to the respective location on WP pages, you should have something like:
I've experienced, this caching problems and it was quite a riddle, until I found out that the Newsletter plugin is not appearing on the WP pages because of the old cache. I've checked bacicly everything (error.log , apache php_error.log) etc.. Therein, there was no error or anything, so after a long 1 hour or so poundering I figured out this kind of caching done by W3 Cache.
My guess is, the same newsletter "not working" issue is probably observable also on WP installs with other caching plugins like WP Hyper Cache or WP Db Cache
2. ALO EasyMail Newsletter WordPress plugin
I don't know, why but this plugin didn't work properly on the wordpress install, I've tested it. Its true the wordpress version where I give it a try was not running, the latest stable wordpress so I assume this might be the reason for the empty pages returned when I enabled the plugin.
According to wordpress's plugin – http://wordpress.org/extend/plugins/alo-easymail/, the plugin is marked as Works, however in my case it didn't.
3. Adding WordPress Newsletter through Email newsletter
This plugin was a real piece of cake, compared to all of the rest, tested this one was the easiest one to install and configure on WordPress.
Just like with Newsletter and ALO EasyMail Newsletter once the user is subscribed, from the admin there is possibility to sent crafted messages to all subscribers.
The plugin is a great, choice for anyone who is looking for quick install of Newsletter on WordPress without extra "config" complications.
Below is a quote describing email newsletter, taken from the plugin author webpage;
Advantage of this plugin
Simple no coding required.
Easy installation .
Using this plug-in we can send email to all registered folks.
Using this plug-in we can send email to all comment posted folks.
Email subscribe box for front end
Check box option available to select/unselect emails from the send mail list.
Integrated the email newsletter plugin & simple contact form plugin
– Enabling the plugin is done via admin menus:
Plugins -> Inactive -> Email Newsletter (enable)
Afterwards, the plugin requires a quick configuration from wp-admin:
Email Newsletter -> Subscriber form setting
You see in the screenshot, the config where to place the plugin is trivial.
To make Email Newsletter appear on the pages, you will have to add the Email Newsletter widget from:
Appearance -> Widgets
The widget looks like the one in below screenshot:
Drag and drop the widget to the widgets pane. Onwards on the wordpress pages, should appear an email subsciption box:
Though Email Newsletter is great, it has one serious drawback, as it doesn't support Double Opt-In. Therefore people subscribing through it are not mailed with a request to confirm their email subscription request.
As a result, its very likely many spam-bots submit fake emails in the newsletter subscribe form and in 1 year time your newsletter email list might get full with tens of thousands unexistent emails. If you end up with this bad scenario, once newsletter emails are sent to (regular) exitent subscribers, many of the bulk emails in the list will never reach their senders, but will just fill-up the mail server queue and take up server resources for nothing for one week or so (depending on the email configuration keep undelivered mail setting).
Anyways, since the basis of this plugin works fine, I'm sure if the author modifies it to include a simple Captcha instead of double-opt functionality, the plugin can become top plugin.
All the old school raptor addicts will be interested to hear Kazzmir (Jon Rafkind) a free software devotee developer has created a small game resembling many aspects of the original Raptor arcade game.
The game is called Rafkill and is aimed to be a sort of Raptor like fork/clone.
Originally the game was also named Raptor like the DOS game, however in year 2006 it was changed to current Rafkill in order to avoid legal issues with Apogee's Raptor.
The game is not anymore in active development, the latest Rafkill release is from January 2007, anyhow even for the 2012 it is pretty entertaining. The sound and music are on a good level for a Linux / BSD shoot'em'up free software game . The graphics are not of a top quality and are too childish, but this is normal, since the game is just one man masterpiece.
Rafkill is developed in C/C++ programming language, the game music engine it uses is called DUMB (Dynamic Universal Bibliotheque). By the way DUMB library is used for music engine in many Linux arcade games. DUMB allows the Linux game developer to develop his game and play a music files within different game levels in "tracked" formats like mod, s3m, xm etc.
The game is available in compiled form for almost all existent GNU/Linux distributions, as well as one can easily port it as it is open source.
To install Rafkill on Debian, Ubuntu, Xubuntu and Linux Mint en other Debian based distros
root@debian:~# apt-get install rafkill
Installing on Fedora and other rpm based is with yum
debian:~# apt-get install rafkill
...
Once rafkill is installed, in order to start it on Debian the only way is using the rafkill (/usr/bin/rafkill) command. It appears the deb package maintainer did not wrote a gnome launcher file like for example /usr/share/applications/rafkill.desktop
Just to explain for all the GNOME noobs, the .desktop files are a description file GNOME reads in order to understand where exactly to place certain application in the (Gnome Applications, Places, System …) menu panel.
Even though it miss the .desktop, it is launchable via Applications menu under the Debian section e.g. to open it from the GNOME menus you will have to navigate to:
Applications -> Debian -> Games -> Action -> Rafkill
This "shortcut" to launch the game is quite long and hard to remember thus it is handy to directly launch it via xterm:
hipo@debian:~$ rafkill
or by pressing ALT+F2 and typing rafkill :
Starting the game I got some really ugly choppy music / sound issues.
My guess was the fizzling sounds were caused by some bug with the sound portions streamed through pulseaudiosound system.
To test if my presume is correct, stopped pulseaudio and launched rafkill once again:
This way the game was counting on ALSA to process sound en the sound was playing perfectly fine.
I solved this problem through small wrapper shell script. The script did kill pulseaudio before launching rafkill and that way solve gchoppy sound issues, once the game execution is over the script starts pulseaudio again in order to prevent all other applications working with pulseaudio.
Finally, I've placed the executable script in /usr/bin/rafkill :
Interesting in Ubuntu Linux, rafkill music is okay and I suppose the bug is also solved in newer Linux distributions based on Ubuntu. Probably the Debian Squeeze pulseaudio (0.9.21-4) package version has a bug or smth..
After the change the game music will be playing fine and the game experience is cooler. The game is hard to play. Its really nice the game has game Saves, so once you die you don't have to start from level 1.
I've seen rafkill rolling around on freebsd.org ftps under the ubuntu packages pool, which means rafkill could probably be played easily on FreeBSD and other BSDs.
On 6th of January in our Bulgarian Orthodox Church just like in the most Christian realm, we celebrate the great feast of Theophany / Epiphany (Baptizm of our Saviour Jesus Christ in Jordan).
What exactly we celebrate is the Baptizm of our Saviour Jesus Christ in Jordan by st. John the Baptist (John the Forerunner as we call him in the church). This day is very important for us as Christians and this is why the holy fathers in the church has ordered this feast to be among the 12 most important feasts in our Church, the so called (Lords feasts).
On Theophany's day it is a rule in orthodox Church that the Great Blessing of Water is performed. The Blessing of the water and the preceding holy water from the priests blessing is taken by Church layman and we bring a little of this water to our homes to bless through that our homes.
In our Church belief the Holy Water from the Theophany feast is considered the most powerful in spiritual sense holy water as this water is the same water with which our sinless Saviour and lamb (Son) of God Jesus Christ was baptized in Jordan.
The reason why we call the feast Theophany is because God in his essence of Holy Trinity appeared clearly to mankind for a first time in Human history. Our Holy Trinity (3 essence God in one indistructable and insaparatable God – one God as God said for himself in the beginning of writtings) has revealed himself in front of all the people gathered along John the Baptist in Jordan waiting to be baptized in his three essences:
1. God the Father spoke from heaven manifesting and testifying about Jesus Christ being his beloved and only son and saviour of mankdin
,br />2. God the Son (Jesus Christ), has physically appeared to receive the baptizm to fulfill all righteousness and (the old testemential prophecies) and to begin his 3 years mission on earth.
3. God Holy Spirit) has descended from heaven on Jesus Christ in a publicly observable form of a dove
Theophany's feast is called by some english speaking orthodox christians Epiphany, but this is a term less used in orthodox christendom and much more spread in Roman Catholic one.
The Gospel readings in the church tell of the Lord's baptism by John in the Jordan River. The epistle reading of the Divine Liturgy tells of the consequences of the Lord's appearing which is the divine epiphany.
After the end of the st. Basil the Great Holy Liturgy served, the Great Blessing of Water is performed by one or more priests (depending on the number of present priests). The meaning of the blessing of the waters meaning is to show that mankind and all of God's creation, were created to be blessed and filled with the sanctifying of God's presence.
A very local unique bulgarian tradition on this number is that if the great blessings of water is performed by a priest near a river or a sea shore the cross be thrown in the water in order to bless the waters.
Then a number of brave man jump in and do a race swimming aiming to pull out the crucifixion of the water. It is believed that the one who could pull out the cross will get God's great blessings through the upcoming church year.
Let us pray trust and hope on God to also appear to us who seek him, and show us his Holy Trinity wholeness mercies just like he did himself to the people waiting for Baptizm from John the Baptist by the holy prayes of the Theotokos and his holy saints and all heavinly hosts. Amen
Restrict user to Run one remote Server command only via SSH authorized key passwordless authentication on Linux / UNIX / BSD - ☩ Walking in Light with Christ - Faith, Computing, Diary ☩ Walking in Light with Christ – Faith, Computing, Diary on Make daily Linux MySQL database backups with shell script
Fix Null error in WordPress comment reply with wordpress-threaded-comments plugin enabled
Friday, April 6th, 2012I'm running WordPress for already 3 years or so now. Since some very long time. The first wordpress install, I can hardly remember but it something like wordpress 2.5 or wordpress 2.4
Since quite a long time my wordpress blog is powered by a number of plugins, which I regularly update, whenever new plugins pops up …
I haven't noticed most of the time problems during major WordPress platform updates or the update of the installed extensions. However, today while I tried to reply back to one of my blog comments, I've been shocked that, I couldn't.
Pointing at the the Comment Reply box and typing inside was impossible and a null message was stayed filled in the form:
To catch what was causing this weird misbehaving with the reply comments functionality, I grepped through my /var/www/blog/wp-content/plugins/* for the movecfm(null,0,1,null):
# cd /var/www/blog/wp-content/plugins
# grep -rli 'movecfm(null,0,1,null)' */*.php
wordpress-thread-comment/wp-thread-comment.php
I've taken the string movecfm(null,0,1,null) from the browser page source in in my Firefox by pressing – Ctrl+U).
Once I knew of the problem, I first tried commenting the occurances of the null fields in wp-thread-comment.php, but as there, were other troubles in commenting this and I was lazy to read the whole code, checked online if some other fellows experienced the same shitty null void javascript error and already someone pointed at a solution. In the few minutes search I was unable to find anyone who reported for this bug, but what I found is some user threads on wordpress.org mentioning since WordPress 2.7+ the wordpress-threaded-comments is obsolete and the functionality provided by the plugin is already provided by default in newer WPinstalls.
Hence in order to enable the threaded comments WordPress (embedded) reply functionality from within the wp-admin panel used:
Settings -> Discussions -> Enable Threaded (nested) comments (Tick)
You see there is also an option to define how many nested comments subcomments, can be placed per comment, the default was 5, but I thought 5 is a bit low so increased it to 10 comments reply possible per comment.
Finally, to prevent the default threaded comments to interfere with the WordPress Threaded Comments plugin, disabled the plugin through menus:
Plugins -> Active -> WordPress Thread Comments (Deactivate)This solved the weird javascript null "bug" caused by wordpress-threaded-comments once and for all.
Hopefully onwards, my blog readers will not have issues with threaded Reply Comments.
Tags: admin panel, Auto, code, Comment, Ctrl, Draft, fellows, few minutes, Firefox, form, grep, long time, misbehaving, movecfm, null fields, null message, number, occurances, option, page, page source, php, phpI, platform, plugin, Plugins, quot, reply comments, rli, someone, something, thread, threads, tick, time, time problems, Wordpress, wordpress blog, wp
Posted in Web and CMS, Wordpress | 1 Comment »