Posts Tagged ‘make’

Windows unable to delete file, file locked unlocking with Unlocker tiny tool

Wednesday, April 13th, 2016

Windows-Unlocker-program-show-what-program-or-software-is-locking-your-file-why-file-cant-be-deleted-file-locked

If you want to delete some file on a Windows server or Desktop but you get the a dialog with an error saying:

"This action can't be completed because the folder or a file in it is open in another program"

windows-unable-to-delete-file-file-locked-get-what-is-locking-it-and-unlock-the-file-with-Unlocker-tiny-desktop-graphic-tool-0

Then you need to find out which Program is preventing the file from deletion / locking the file, I've earlier blogged on how to check which process locks file with tasklist or wmic Windows commands

However some users might prefer to not bother with command line check what is locking a file and then killing the Process manually with taskmanager (taskmgr.exe) but do both file unlocking from one single gui interface, that's especially for lazy novice users, gamers and most of Desktop Windows users.

If you're one of those lazy users you will appriace

Unlocker – a useful utility for unlocking files, it will help you figure out which file is using a file what program is using the file you're prevented to delete.
Unlocker is the tool for you if you get any of below error messages, when you try to delete a file:

 

  • Cannot delete folder: It is being used by another person or program
  • Cannot delete file: Access is denied
  • There has been a sharing violation.
  • The source or destination file may be in use.
  • The file is in use by another program or user.
  • Make sure the disk is not full or write-protected and that the file is not currently in use.
     

windows-unable-to-delete-file-file-locked-get-what-is-locking-it-and-unlock-the-file-with-Unlocker-tiny-desktop-graphic-tool-1

If you stumble unto an locked file once you download and install Unlocker tool and launch the tool ( in case it disappers in future a mirror of Unlocker tool here ).
Once installed if you click properties over the file which is refused to be deleted you will get a new menu such as in below screenshot:

NB! Beware while installing Unlocker you might be offered to install a bunch of malware (make sure you deselect it). Also Unlocker's site is made in a way so the Download button could easily be confused with some Google Adsense

unlocker-windows-menu-added-to-properties-options-screenshot

Click on the file that is being locked and choose the Unlocker button, for example if you have a bunch of Videos installed and the video is being locked by VLC clicking on the file you will be shown VLC like in below screenshot

 

Unlocker-screenshot-locked-file-because-movie-opened-in-VLC

As you see you're shown the Process PID that is being used by the file the full path to the locking program and you have the option to quickly kill the process or unlock the file. Note that at some cases unlocking a file used by some critical program lets say Microsoft Word / Excel or OneNote could cause you a data loss, so before unlocking a file make sure you know what you're doing.

For more advanced users that still prefer GUI to find out what is Locking a file you can also check out Microsoft Process Explorer (advabced task manager) like tool.
If you haven't tried Process Explorer be sure to take a look at it as its a great tool for Win SysAdmins:

Process Explorer is very handy if you want to explore which .DLL (Windows Libraries) are used by a Process / Program

Windows-process-explorer-an-advanced-task-manager-for-windows-and-handy-tool-to-see-what-external-libraries-and-files-a-program-is-using.png

Windows-process-explorer-an-advanced-task-manager-for-windows-and-handy-tool-to-see-what-external-libraries-and-files-a-program-is-using-1

 

Share this on

Remove string line from file on Linux and BSD – Delete entire line with string from file

Tuesday, March 15th, 2016

linux-remove-lines-containing-string-with-sed

If you're already used too using grep -v "sometring" filename to print everything from a file without the certain grepped string output and you want to do the same to delete lines based on strings without having to output the grepped string to a file and then overwritting the original file:
 

grep -v 'whatever' filename > filename1
mv filename1 filename


A much better way to delete an whole line containing a string match from a file is to use sed
sed
should be the tool of choice especially if you're scripting because sed is especially made for such batch edittings.

Here is how to do delete an entire line based on a given string:

 

sed –in-place '/some string to search and delete/d' myfilename


It might be a good idea to also create backups just to make sure something doesn't get deleted incidently to do use:

sed –in-place=.bak '/some string to search and delete/d' myfilename

If you need to wipe out an exact string from all files within a folder you might use a for loop or perl (some good examples check my previous article here)

In short to use bash's for loop here is how to backup and remove all lines with a string match within all files within a Linux directory:

 

for f in *.txt; do sed –in-place '/some string/d'
"$f"; done
find -name '*.txt' -exec sed –in-place=.bak '/some
string/d' "{}" ';'

 

BTW SED is really rich editor and some people got so much into it that there is even a sed written text (console) version of arkanoid 🙂

sed-text-editor-written-arkanoid-game-linux-bsd

If you want to break the ice and get some fun in your boring sysadmin life get sed arkanoid code from here.
I have it installed under pc-freak.net free ASCII Games entertainment service, so if you want to give it a try just login and give a try.

Enjoy 🙂

Share this on

Use mac PC built-in camera to make / take pictures on Mac OS X macbookair notebook with Photo Booth

Friday, February 26th, 2016

take-picture-or-video-with-built-in-camera-on-MacOSX-PhotoboothLOGO

It seems we lost our Good high quality Digital Camera somewhere and I was in need urgently to make a good quality photo (my ZTE Phone) has a very bad camera, so I got the idea to use Macbookair's camera as it has better
resolution to picture my present a  Tank Tort 🙂 hand made by my wife as a present for the Day of the Defender of the Fatherland which is a major feast in Russia, Belarus and many of the ex-Soviet Union members communist countries.

Actually using build in camare in MacBookAir is a handy thing for people mising at the moment a good high quality digital camera as it is thin and light and build in MacBook cam can be used to make Videos and Pictures exactly the same way
as an ordinary Tablet Computer is used so commonly nowadays by many:

In other words I needed for the Mac OS X equivalent to Cheese's (Photo and Video) capturer program for Linux.

Luckily for people interested in using their Mac OS notebook as a amateur camera this is easy by using default shipped Mac Application called:

Photo Booth app

To Launch Photo Booth app it just look it up in Finder and double click it:

PhotoBooth-how-to-take-photos-on-macosx

Clicking the large red button underneath the preview area will take a picture after an optional countdown.

Tort Tank of Svetka

Besides being able to capture Video and Pictures from Mac's camera it could add also some nice effects to taken pictures and videos (supports a basic video editing) features and effects.

The effects you can choose are are: Sepia, Black and White, Glow, Comic Book, Normal, Colored Pencil, Thermal Camera, X-Ray, and Pop Art. There are also effects that change the person in the picture using these effects: Bulge, Dent, Twirl, Squeeze, Mirror, Light Tunnel, Fish Eye, and Stretch. Actually  photographic filters of Photo Booth are very similar to Adobe Photoshop.

make-picture-on-mac-photobooth-effects-screenshot
By default Photo Booth will create picture, howver

Photo Booth saves your photos as JPEG files in a folder named Photo Booth, located in your home folder.

Choose File > Reveal in Finder

to see your picture files.

A much better way to be able to easily see and access all taken Pictures and Videos with Photo Booth is to

 

open Terminal

 

and type:

——-
 

 

$ cd Pictures
$ ln -s Photo\ Booth\ Library/Pictures/ PhotoBoothPics


This will make Link to pictures be easily accessible from your Finder -> Pictures folder
 
Applying custom photo backgrounds

A very useful feature of Photo Booth is that the user can apply backdrops to provide an effect similar to a green screen. When a backdrop is selected, a message appears telling the user to step away from the camera. Once the background is analyzed, the user steps back in front of the camera and is shown in front of the chosen backdrop.

For people who prefer to take photos using a console program on Mac OS I guess you should take a look at ffpeg
Here is one more snapshot of the Tort Tank snapshot made with the Macbookair of Svetlana 🙂

Tort Tank


P.S. If you like the Tort Tank and you happen to live in Sofia Bulgaria, you can order it  by dropping me a comment with request 🙂

Enjoy ! 🙂

Share this on

Change Skype for Business UI to Lync – Skype for Business Lync Theme / Remove Skype for Business coloroful UI and Switch to Lync simple interface

Wednesday, February 17th, 2016

Revert-skype-for-business-Lync-User-Interface-change-skype-for-business-theme-skin

If you are working in a large corporation such as (HP or HPE – Hewlett Packard Enterprise (HPE is the new splitted company brand name for the Software and Servers division of ex-HP) / IBM / Dell or any other company with the size of top fortune companies and you Computer Domain admistrator has forced your work PC to already use Skype for Business instead of the good tested Lync Client along with the goodies and PROS of having the newer Skype for Business (S4B) as usual for old fashened users like me and the avarage employee the New S4B interface will turn into nightmare with all this circled names and more buttons and the annoying Skype Blue Theme.

For anyone who has even basic idea of design and aesthetics, I believe the default Theme of Skype For Business  will be evaluated as a serious "interface downgrade" compared to the simple looking Interface and White Skin of Lync Client.

With this said it will be logical for the end user like me to desire to customize a bit default S4B Skin to make it more elegant looking like Lync 2013 client but guess what there is a Surprise if you google around, Skype For Business just like the regular Skype client doesn't have integrated support for Skins / Themes.
To make the horror complete, many big corporations are choosing to migrate their Email infrastructure from the classical and well tested Windows Domain with Exchange Server to  Microsoft Office 365 (Cloud services),
which makes the dependency on M$ products even bigger and in the long run control and spying on people's email and information (people's data security even worsers) as you know how hackable Windows prooved to be over the years.


Well for those who remember the good old times of IRC (Internet Relay Chat) and ICQ (I seek you) 🙂 and even Jabber when chatting emerged and boomed into popularity all the chat clients nomatter whether it was a free software under GPL / BSD license or it was a Proprietary licensed software, there was always alternative on the Interface Outlook of the Chat clients and on practically all popular Chat / Audio / Video communication Standards / Protocols, there used to be some option for the users to use either a different client or to customize the outook of the program.

Well now the big surprise with Skype Protocol which was purchased by Microsoft some years ago back is this terrible already M$ program doesn't have any option for changing the Theme and even basic customization besides the ones provided by default by Microsoft. For my surprise such a trivial and everybody used program like Skype with perhaps already 1.5 or 2 Billion or even more users doesn't have even basic support for customization !!!
To make the Skype program use horror story even worser Microsoft does upgrade the Skype client agressively and for the last 3 or 4 years Skype is owned by Microsoft the interface gets changing slightly or even completely with every next release.

Now with latest Skype versions since a 1.5 year or so the agressiveness of the program even increased further as it wants you to automatically upgrade, every time you run Skype.
With this in mind and the fact, I have to spend about 8 to 10 years on the PC with Skype for Business switched on on my notebook with no option to use Lync for communication because of the Domain Exchange forcing the changes to all of the users within our EMEA.

So after some serious digging on the Internet, the only work around to change the Skype For Business Theme available by a couple of sources is to Revert Back the Skype User Interface to Lync 2013 Client by changing a value to the Windows registry and get back the good old elegant Lync interface instead of S4B.

The Windows registry value that needs to be changed is:

[HKEY_CURRENT_USER\Software\Microsoft\Office\Lync]


The default value there is:
 

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Office\Lync]
"CanSharePptInCollab"=dword:00000001
"CanAppShareInCollab"=dword:00000001
"CanShareOneNoteInCollab"=dword:00000001
"EnableSkypeUI"=hex:01,00,00,00

 

The value has to be changed to:

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Office\Lync]
"CanSharePptInCollab"=dword:00000001
"CanAppShareInCollab"=dword:00000001
"CanShareOneNoteInCollab"=dword:00000001
"EnableSkypeUI"=hex:00,00,00,00


restart_lync_screenshot-ms-windows

The value "EnableSkypeUI"=hex:01,00,00,00 – instructs so Skype for Business UI is used:
"EnableSkypeUI"=hex:00,00,00,00 – instructs S4B to revert back to Old Lync interface

For a little bit more on the value check out also articles – Alternate Between The Microsoft Lync and Skype for Business
and Managing the Skype Client UI in Skype for Business.

To modify about registry setting you will either have to manually run regedit from Start -> Run ->  cmd.exe or use Windows button + R and type inside run box:
 

regedit


Or even better just use and Run (Click over twice) on this skype.reg (download) sciprt which will modify registry

Because the Domain administrator has forced a policy to automatically offer Change of Lync Interface to Skype for Business on every notebook boot to disable EnableSkypeUI registry value and make Skype appear in the good old Lync UI, I've created also a tiny Batch script lync_ui.bat with following content:
 

cd \
cd \Users\georgi\scripts
 regedit /s skype.reg
exit


You can download lync_ui.bat from here

Note that both skype.reg and lync_ui.bat should be existing in my case in C:\Users\georgi\scipts , change this path to whatever your username is and create scripts folder in your User Home dir.
If unsure about the home directory name you can check it from command prompt with:
 

C:\Users\georgi> echo %HOMEPATH%
\Users\georgi


To make the lync_ui.bat (script invoking skype.reg)  be executed on every PC boot, you need to add it to:

Start -> All Programs -> StartUp

http://www.pc-freak.net/images/how-to-add-script-to-windows-startup-screenshto-microsoft-windows-7

Well this is it now you will have back the Lync UI, Enjoy! 🙂

 

Share this on

Change website .JS .PHP Python Perl CSS etc. file permissions recursively for Better Tightened Security on Linux Webhosting Servers

Friday, October 30th, 2015

change-permissions-recursively-on-linux-to-protect-website-against-security-breaches-hacks

It is a common security (breach) mistake that developers or a web design studio make with dedicated or shared hosted websites do to forget to set a nice restrictive file permissions.

This is so because most people (and especially nowdays) developers are not a security freaks and the important think for a programmer is to make the result running in shortest time without much caring on how secure that is.
Permissions issues are common among sites written in PHP / Perl / Python with some CSS and Javascript, but my observations are that JavaScript websites especially that are using some frameworks such as Zend / Smarty etc. and are using JQuery are the most susceptible to suffer from permission security holes such as the classic 777 file permissions, because of developers who’re overworking and pushed up for a deadlines to include new functionality on websites and thus often publish their experimental code on a Production systems without a serious testing by directly uploading the experimental code via FTP / WinSCP on Production system.

Such scenarios are very common for small and middle sized companies websites as well as many of the hobbyist developers websites running on ready CMS system platforms such as Joomla and WordPress.
I know pretty well from experience this is so. Often a lot of the servers where websites are hosted are just share-servers without a dedicated sysadmin and thus there are no routine security audits made on the server and the security permissions issue might lead to a serious website compromise by a cracker and make your website quickly be banned from Google / Yahoo / Ask Jeeves / Yandex and virtually most of Search Engines because of being marked as a spammer or hacked webiste inside some of the multiple website blacklists available nowdays.

Thus it is always a good idea to keep your server files (especially if you’re sysadmin) with restrictive permissions by making the files be owned by superuser (root) in order to prevent some XSS or vulnerable PHP / Python / Perl script to allow you to easily (inject) and overwrite code on your website.

1. Checking whether you have a all users read, write, executable permissions with find command

The first thing to do on your server to assure you don’t have a low security permissioend files is:

find /home/user/website -type f -perm 777 -print

You will get some file as an output like:

./www/tpl/images/js/ajax-dynamic-list/js/ajax-dynamic-list.js
./www/tpl/images/js/ajax-dynamic-list/js/ajax_admin.js
./www/tpl/images/js/ajax-dynamic-list/js/ajax_teams.js
./www/tpl/images/js/ajax-dynamic-list/js/ajax.js
./www/tpl/images/js/ajax-dynamic-list/js/ajax-dynamic-list_admin.js
./www/tpl/images/js/ajax-dynamic-list/lgpl.txt

2. Change permissions recursively to read, write and exec for root and read for everybody and set all files to be owned by (root) superuser

Then to fix the messy permissions files a common recommended permissions is 744 (e.g. Read / Write and Execute permissions for everyone and only read permissions for All Users and All groups).
Lets say you want to make files permissions to 744 just for all JavaScript (JQuery) files for a website, here is how:

find . -iname ‘*.js’ -type f -print -exec chown root:root ‘{}’ \;
find . -iname ‘*.js’ -type f -print -exec chmod 744 ‘{}’ \;

First find makes all Javascript files be owned by root user / group and second one sets all files permissions to 744.

To make 744 all files on server (including JPEG / PNG Pictures) etc.:

find . -iname /home/users/website -type f -print -exec chown root:root ‘{}’ \;
find . -iname /home/users/website -type f -print -exec chmod 744 ‘{}’ \;


Share this on

How to update macos from terminal / Check and update remotely Mac OS X software from console

Friday, October 23rd, 2015

../files/how-to-update-mac-osx-notebook-from-terminalsoftware-update-command-line-mac-screnshot-1

If you happen to have to deal with Mac OS X (Apple) notebook or Desktop PC (Hackintosh) etc. and you’re sysadmin or console freak being pissed off Mac’s GUI App Store update interface and you want to “keep it simple stupid” (KISS) in an Debian Linux like apt-get manner then you can also use Mac’s console application (cli) terminal to do the updates manually from command line with:

softwareupdate

command.

how-to-update-mac-osx-notebook-from-terminalsoftware-update-command-line-mac-screnshot

To get help about softwareupdate pass it on the -h flag:

softwareupdate -h

1. Get a list of available Mac OS updates

Though not a very likely scenario of course before installing it is always a wise thing to see what is being updated to make sure you will not upgrade something that you don’t want to.
This is done with:

softwareupdate -l

However in most cases you can simply skip this step as updating directly every package installed on the Mac with a new version from Apple will not affect your PC.
Anyways it is always a good idea to keep a backup image of your OS before proceeding with updates with let’s say Time Machine Mac OS backup app.

2. Install only recommended Updates from Apple store

softwareupdate -irv


Above will download all updates that are critical and thus a must to have in order to keep Mac OS security adequate.
Translated into Debian / Ubuntu Linux language, the command does pretty much the same as Linux’s:

apt-get –yes update

3. Install All Updates available from AppleStore

To install absolutely all updates provided by Apple’s package repositories run:

softwareupdate -iva

One note to make here is that always when you keep updating make sure your notebook is switched on to electricity grid otherwise if due to battery discharge it shutoffs during update your Mac will crash in a very crappy hard to recover state that might even cost you a complete re-install or a need to bring a PC to a Mac Store technical support guy so beware, you’re warned!

4. Installing all updates except Specific Softwares from Terminal

Often if you have a cracked software or a software whose GUI interface changed too much and you don’t want to upgrade it but an update is offered by Apple repos you can add the -i ingnore option:

softwareupdate -i [update_name(s)]

For example:

softwareupdate -i Safari-version-XXXX

5. View Mac OS Software Update History

The quickest way to see the update history is with System Information app, e.g.:

/Applications/Utilities/System Information.app


Share this on

How to Remove Firefox TABS all time Moving Backward / Forward (Waiting) Wheel cursor – Browser and OS Wheel Ring cursor might affect hypnotically

Monday, September 7th, 2015

remove-firefox-tabs-all-time-annoying-moving-back-forward-waiting-wheel-cursor-browser-and-ring-cursor-might-affect-you-hypnotically

I've been annoying for quite a long time by the the Clockwise moving backward and Forward Wheel (Ring) on Top of browser Tabs everytime I navigate to a new Internet domain or request a resource on the Net.

I'm aware that seeing the wheel all the time move back and forward is a very bad manipulation technique that is often used in advertisements in old movies and some advertisements in the start of the video . I'm talking about the infamous backward counting technique in a Circle (it was moer commonly used in the dawn of Television) aiming to induce watchers mind into hypnotic state …

back-counting-10-9-8-7-manipulation-technique-to-make-your-mind-susceptible

Those who have a degree in psychology or have been into marketing or human resources fields or any field involved where you have to influence the masses are already aware of the backward counting methology which has been practiced heavily by hypnosis practisioners such as Sigmund Freud, to induce any kind of hypnotic state the hypnotist always asks the object of hypnotism to watch closely into a moving back and forwards clock, often accompanied by counting backwards …

Well my Theory here is that the same techniques is well aware of those who planned Windows OS in which if you remember the Sand Clock has been substituted in Windows 7 / 8 and Windows 10 with the rotating back and foward Wheel for the reason that this aims to influence people mind to go into Alpha state from Beta state and thus make them feel more relaxed while doing stuff on the PC.

One thing to mention here is Back and Forward wheel is not only into OS level it has been heavily adopted by leading Software as a Service (SAS) UIs such as Google's and probably more importantly Youtube (have you noticed the Cycling Wheel when waiting for a Youtube movie to Load), the Wheel is also heavily incoruprated in most if not all biggest Websites on the Net. Even If you have noticed these days Google's Cycling (Waiting) Wheel is not only Cycling but has the colorful programming incorporated.

google-wheel-color-programming-example

Well probably many people who use computers daily did not really realize that the Computer OS and Programs GUI Interface they're using is influencing their mind and some famous psychological methods such as color programming and hypnotic tricks could be used more or less.

In that regard as a Firefox user I decided to change tne Back and Forward Wheel with another one which will not trigger my subconsciousness / mind all the time while browing on the Net into Alpha State. As I'm not a Firefox expert and my quick research on search Engines on how to achieve changing or removing the Browser Tabs all time turning wheel did not led me to nothing positive, I've consulted the experts in irc.freenode.net #firefox.

As always the guys were helpful and pointed me out to UserStyles.org website's Static-Throbbler CSS. I've mirrored the CSS script under a name remove-firefox-tab-wheel-script.css in case if UserSpace.org disappears in future, below is also a paste of the script:

@namespace url(http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul); @-moz-document url(chrome://browser/content/browser.xul) { .tab-throbber { list-style-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAB5lBMVEUAAADMzMzr6+v////t7e1paWmYmJiampqPj4+IiIiQkJCgoKCPj49qamqQkJB2dnacnJyAgIBfX19aWlpZWVlgYGB/f399fX2Hh4eFhYWZmZlycnJaWlpjY2Nubm56enp6enptbW1XV1dxcXGbm5uAgIBiYmKenp5ra2taWlpxcXGLi4uXl5eKioqPj4+NjY1wcHBZWVlra2uYmJhiYmKBgYFbW1t1dXWSkpKEhIR6enpsbGyBgYFubm6CgoKZmZlzc3NYWFiPj4+YmJhmZmaLi4uGhoagoKC4uLi0tLSnp6eIiIhmZmafn5+RkZFcXFx1dXWZmZl8fHzt7e3////r6+uUlJRycnJbW1uQkJCHh4d4eHiKioqxsbFubm6NjY15eXlYWFiHh4dXV1d4eHiGhoZycnKvr6+JiYl4eHiGhoaOjo6MjIxxcXHq6uqjo6N5eXmVlZVzc3OcnJxfX1+JiYl7e3tra2upqamIiIiNjY1kZGReXl6YmJiOjo59fX1YWFiSkpKAgIB2dnaYmJh0dHRoaGhqamqSkpKSkpKLi4uWlpaPj49wcHBpaWlhYWGCgoKamppwcHBjY2Nubm57e3tiYmKYmJiZmZl9fX1ZWVl+fn6bm5t1dXWOjo6GhoaNjY3///+wXn5TAAAAoXRSTlMAAAAAAAYLIzM6MiENBgEII0ZzeXtzRgcBByZhe29iWFlhe2ElBwYiY3pgRzMwNkZfemIkBUZ7XzktHyAdICs3X3sMI29KLgkJCApFbSAxe2E2IAQBAzVgeTE7WjUIHTFZejp8WzIiBy5YOzM1IwMKIDVgInRKMSALKUducyINSHw6LRo2XwZjMi0vNUhgYwYHJWFuYVhuJiNGeUUjCDI6MyoACaoAAAABYktHRAMRDEzyAAABFklEQVQY02NgYGBkZWPn4OTk4ubhZWIAAj5+AUEhYRERYVExdnEJZgZGSSlpGVk5eQVFWSVlFVUmBjV1DU0tbR1dXT19A0MjYxMGNlMzcwtLK2sbWzt7B0cxJwZnURdXNxt3D08vaztvH1FfBj//gMAg92DmkFAv27DwiEiGKLPoGJtYZgaGkNi4+ITEJIao5JTUNA+gAHO6dUamYRZDtpl0Tq5XXghzaH5BYZGmH0NxiUtpWXlFuqdXXGVVdU0tQ119g3Rjk5V1c0FlS6uIIBtDm3G7iFZVR2dXd0+vYZ96PwPLhImTlCZPUZg6ZZrIpOmSjAzMEuIzZorOcnScVTN7zlw+kHeZeJ18582fv6CWjZWRgQEA0vJCZaR0FWsAAAAldEVYdGRhdGU6Y3JlYXRlADIwMTMtMDYtMjhUMDc6NDE6NDItMDY6MDC7fUviAAAAJXRFWHRkYXRlOm1vZGlmeQAyMDEzLTA2LTI4VDA3OjQxOjUxLTA2OjAwN2LpXQAAABN0RVh0U29mdHdhcmUASmFwbmcgcjExOSfos2EAAAAASUVORK5CYII=') !important; animation-name: none !important; } .tab-throbber[progress] { list-style-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAABs1BMVEUAAAAAkwAAnwAAmAAAmQAAnQAAiQAAkgAAkAAEnAQHogcHpwcHpgcGogYEmwQAkAAAkQAAiAAAjAAAkQAEnQQMqwwhwiEhxyEiyCIgwiAMrAwEnQQAkQAEnAQauRohyCEdxh0SwRIRvxEPvw8ZxRkjyCMFnQUEnAQVuhUhyCESwRIFuAUBsAEArQABrwEBsAEMuQwRwREjyCMVuRUEnAQNrQ0TwRMBsAEAqwAAqAABsAERwREiyCIQrhAexh4CuAIDtwMbxhsgwiAEmwQGogYjxiMTwhMBrwETwRMhxiEGoQYMqAwhxyEOvg4ArQAArwAPvg8kyCQMpwwnyCcPvg8AqgAArAAOvg4hxyEMqAwGoQYkxyQVwhUBrgEBrwEjxiMGogYEmwQhwiEcxhwMuQwArQAAqwAGuAYexh4gwiAEnAQRrhEjyCMRwREBrwEBrwETwRMixyINrQ0EnAQVuRUjyCMSwRIDuAMBrgEArAAKuAohyCEEmwQFnAUauRoZxRkSwRIRvxERwREcxRwhyCEEnAQAkAAMqwwhxiEixyIgwiAMqwwHpQcHpgcHoQcEmwT////fHmrrAAAAkHRSTlMAAAAAAAAHIzBXbHZ1bFMxJAcNJ1iAo6amooBZJl2Zpp6Ui4mep11WmKWSZygXFylmk6aYWYCRMQkKL5Kngp1iZ52jVG6nkyeUpm53qo0WF4uodqqMExOMqXZwp5UmJKhvVaSfag0MaZ6kWISplC4wk6iCWpqolWklEmanV1+boJeNlqCoXyeDqKmlgnh5blghd7i+AAAAAWJLR0SQeAqODAAAAPRJREFUGNNjYGBgY+fg5OLm4eXjFxBkAAIhYRFRMXEJCXFJKWkZIaC8jKycvIKikrKiiqqcmrAgg4C6hqaWto6unr6BoZGxiQADh6mEmbkFIwMDk6WVtY0tPwOnmJ29BQMYWDo4OjkzuLi6uTNCBJj1PTy9GLx9fP0YoMA/IDCIwTs4JBQmEBYeEckQFR0TywLhs8Z5xCcwJCYlp6RCBNLSMzKzGPizc3LzUkHWpuUXFBbxMwgUl5SWlVeEVsZVKVaX1AgwCArX1uXUN4Q3NjW31LW2sQE9J1PcntnRWdjR1W0iLAQyS1CAP9Grp7evn58dKA8Ayh0xsydWuvQAAAAldEVYdGRhdGU6Y3JlYXRlADIwMTMtMDYtMjhUMDc6NDE6NTEtMDY6MDBGP1HhAAAAJXRFWHRkYXRlOm1vZGlmeQAyMDEzLTA2LTI4VDA3OjQxOjUyLTA2OjAwBorzwAAAABN0RVh0U29mdHdhcmUASmFwbmcgcjExOSfos2EAAAAASUVORK5CYII=') !important; } }

To use the script you will first need to install the Stylish FF plugin, then:

Stylish-FireFox-plugin-screenshot-Windows-7-OS
 

1. Enable Stylish plugin and Restart firefox when prompted
2. Click on Write New Style
3. Paste above CSS script and click on Save button

 

stylish-static-throbbler-css-script-change-back-forward-rotating-tab-wheel-on-Firefox-howto

Now instead of the moving wheel you will get just a circle appearing as a static image while the page is loading.

If you want to absolutely remove any circles or images and show nothing when loading, e.g. not have any mean to monitor whether page is loaded or not, but also make it easier for the eye I even finally decided to completely remove the all time moving Wheel from Firefox Tabs even the static picture out using below CSS script with Stylish:
 

@namespace url(http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul); @-moz-document url(chrome://browser/content/browser.xul) { .tab-throbber { list-style-image: none !important; animation-name: none !important; } .tab-throbber[progress] { list-style-image: none !important; } }

After all even after removing the FF Tabs wheel, there is the Status being printed down the webpage, showing text based the connection status. I find this kind of page loading status much less agressive and preferrable, than the current verions Firefox 4 onwards ..

One other thing I do to prevent the annoying Windows OS default Theme wheel is to change it to the old fashioned sand clock as well as bring back the theme of Windows 7 / 8 to Classic Theme of Win 2000, as I believe this reduced the level of zoombification the PC imposes on self 🙂

Enjoy!

Share this on

Install simscan on Qmail for better Mail server performance and get around unexisting suid perl in newer Linux Debian / Ubuntu servers

Tuesday, August 18th, 2015

qmail-fixing-clamdscan-errors-and-qq-errors-qmail-binary-migration-few-things-to-check-outclamav_logo-installing-clamav-antivirus-to-scan-periodically-debian-server-websites-for-viruses

I've been stuck with qmail-scanner-queue for a while on each and every new Qmail Mail server installation, I've done, this time it was not different but as time evolves and Qmail and Qmail Scanner Wrapper are not regularly updated it is getting, harder and harder to make a fully functional Qmail on newer Linux server distribution releases.

I know many would argue QMAIL is already obsolete but still I have plenty of old servers running QMAIL whose migration might cause more troubles than just continuing to use QMAIL. Moreover QMAIL once set-upped works like a charm.

I've been recently experiencing severe issues with clamdscan errors and I tried to work around this with compiling and using a suid wrapper, however still the clamdscan errors continued and as qmail-scanner is not actively developed and it is much slower than simscan, I've finally decided to give simscan as a mean to fix the clamdscan errors and thanksfully this worked as a solution.

Here is what I did "rawly" to make simscan work on this install:
 

Make sure simscan is properly installed on Debian Linux 7 or Ubuntu servers and probably (should work) on other Deb based Linuxes by following below steps:
 

a) Configure simscan with following compile time options as root (superuser)

./configure \
–enable-user=qscand \
–enable-clamav \
–enable-clamdscan=/usr/local/bin/clamdscan \
–enable-custom-smtp-reject=y \
–enable-per-domain=y \
–enable-attach=y \
–enable-dropmsg=n \
–enable-spam=y \
–enable-spam-hits=5 \
–enable-spam-passthru=y \
–enable-qmail-queue=/var/qmail/bin/qmail-queue \
–enable-ripmime=/usr/local/bin/ripmime \
–enable-sigtool-path=/usr/local/bin/sigtool \
–enable-received=y


b) Compile it

 

 make && make install-strip

c) Fix any wrong permissions of simscan queue directory

 

chmod g+s /var/qmail/simscan/

chown -R qscand:qscand /var/qmail/simscan/
chmod -R 777 simscan/chown -R qscand:qscand simscan/
chown -R qscand:qscand simscan/

d) Add some additional simscan options (how simscan is how to perform scans)

The restart qmail to make mailserver start using simscan instead of qmail-scanner, run below command (again as root):

echo ":clam=yes,spam=yes,spam_hits=8.5,attach=.vbs:.lnk:.scr:.wsh:.hta:.pif" > /var/qmail/control/simcontrol

 

e) Run /var/qmail/bin/simscanmk in order to convert /var/qmail/control/simcontrol into the /var/qmail/control/simcontrol.cdb database

/var/qmail/bin/simscanmk
/var/qmail/bin/simscanmk -g

f) Modify /service/qmail-smtpd/run to set simscan to be default Antivirus Wrapper Scanner

vim /service/qmail-smtpd/run

I'm using thibs's run script so I've uncommented the line there:

QMAILQUEUE="$VQ/bin/simscan"

Below two lines should stay commented as qmail-scanner is no longer used:

##QMAILQUEUE="$VQ/bin/qmail-scanner-queue"
##QMAILQUEUE="$VQ/bin/qmail-scanner-queue.pl"
export QMAILQUEUE

qmailctl restart
* Stopping qmail-smtpdssl.
* Stopping qmail-smtpd.
* Sending qmail-send SIGTERM and restarting.
* Restarting qmail-smtpd.
* Restarting qmail-smtpdssl.

g) Test whether simscan is properly sending / receiving emails:

echo "Testing Email" >> /tmp/mailtest.txt
env QMAILQUEUE=/var/qmail/bin/simscan SIMSCAN_DEBUG=3 /var/qmail/bin/qmail-inject hipo@my-mailserver.com < /tmp/mailtest.txt

Besides that as I'm using qscand:qscand as a user for my overall Qmail Thibs install I had to also do:

chown -R qscand:qscand /var/qmail/simscan/
chmod -R 777 simscan/
chown -R qscand:qscand simscan/

 

It might be a good idea to also place that lines in /etc/rc.local to auto change permissions on Linux boot, just in case something wents wrong with permissions.

Yeah, I know 777 is unsecure but without this permissions, I was still getting errors, plus the server doesn't have any accounts except the administrator, so I do not worry other system users might sniff on email 🙂

h) Test whether Qmail mail server send / receives fine with simscan

After that I've used another mail server with mail command to test whether mail is received:
 

mail -s "testing email1234" hipo@new-configured-qmail-server.com
asdfadsf
.
Cc:

Then it is necessery to also install latest clamav daemon from source in my case that's on Debian GNU / Linux 7, because somehow the Debian shipped binary version of clamav 0.98.5+dfsg-0+deb7u2 does fail to scan any incoming or outgoing email with error:
 

clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem – exit status -1/72057594037927935

So to fix it you will have to install clamav on Debian Linux from source.


Voilla, that's all finally it worked !

Share this on

Apache Webserver disable file extension – Forbid / Deny access in Apache config to certain file extensions for a Virtualhost

Monday, March 30th, 2015


If you're a Webhosting company sysadmin like me and you already have configured directory listing for certain websites / Vhosts and those files are mirrored from other  development webserver location but some of the uploaded developer files extensions which are allowed to be interptered such as php include files .inc / .htaccess mod_rewrite rules / .phps / .html / .txt need to be working on the dev / test server but needs to be disabled (excluded) from delivery or interpretting for some directory on the prod server.

Open Separate host VirtualHost file or Apache config (httpd.conf / apache2.conf)  if all Vhosts  for which you want to disable certain file extensions and add inside:

<Directory "/var/www/sploits">
        AllowOverride All

</Directory>

 

Extension Deny Rules such as:

For disabling .inc files from inclusion from other PHP sources:
 

<Files  ~ "\.inc$">
  Order allow,deny
  Deny from all
</Files>


To Disable access to .htaccess single file only

 

<Files ~ "^\.htaccess">
  Order allow,deny
  Deny from all
</Files>


To Disable .txt from being served by Apache and delivered to requestor browser:

 

<Files  ~ "\.txt$">
  Order allow,deny
  Deny from all
</Files>

 


To Disable any left intact .html from being delivered to client:

 

<Files  ~ "\.html$">
  Order allow,deny
  Deny from all
</Files>

 

Do it for as many extensions as you need.
Finally to make changes affect restart Apache as usual:

If on Deb based Linux issue:

/etc/init.d/apach2 restart


On CentOS / RHEL and other Redhats / RedHacks 🙂

/etc/init.d/httpd restart

Share this on

WordPress Security: Fix WordPress wp-config.php improper permissions to protect your sites from Database password steal / Website deface

Thursday, March 12th, 2015

wordpress-security-Fix-wordpress-wp-config-improper-permissions-to-protect-your-sites-from-Database-pass-steal
Keeping WordPress Site / Blog and related installed plugins up-to-date
is essential to prevent an attacker to hack into your Site / Database and deface your site, however if you're a company providing shell access from Cpanel / Plesk / Kloxo Panel to customers often customers are messing up permissions leaving important security credential files such as wp-config.php (which is storing user / pass credentials about connection to MySQL / PostgreSQL to have improper permissions and be world readable e.g. have permissions such as 666 or 777 while in reality the WordPress recommended permissions for wp-config.php is 600. I will skip here to explain in details difference between file permissions on Linux as this is already well described in any Linux book, however I just will recommend for any Share hosting Admin where Wordperss is hosted on Lighttpd / Apache Webserver + Some kind of backend database to be extra cautious.

Hence it is very useful to list all your WordPress sites on server wp-config.php permissions with find like this:

 

find /  -iname 'wp-config.php' -print1;

 

I find it a generally good practice to also automatically set all wp-config.php permissions to 600 (6= Read / Write  permissions only for File Owner  user 0 = No permissions for All groups, 0 = No Permissions for all non-owner users)

If find command output gives you some file permissions such as:
 

ls -al /var/www/wordpress-bak/wp-config.php
-rw-rw-rw- 1 www-data www-data 2654 jul 28  2009 wp-config.php

 

E.g. file permission has 666 permissions (Readable for all users), then it is wise to fix this with:
 

chmod 600 /var/www/wordpress-bak/wp-config.php


It is generally a very good practice to run also a chmod 600 to each and every found wp-config.php file on server:
 

find /  -iname 'wp-config.php' -print1 -exec chmod 600 '{}' \;


Above command will also print each file to whcih permission is set to Read / Write for Owner (this si done with -print1 option).

It is a good practice for shared hosting server to always configure a root cronjob to run above find chmod command at least once daily (whenever server hosts 50 – 100 wordpress+ more sites).
 

crontab -u root -l | { cat; echo “05 03 * * * find /  -iname 'wp-config.php' -print1 -exec chmod 600 '{}' \; } | crontab – 


If you don't have the 600 permissions set for all wp-config.php files this security "backdoor" can be used by any existing non-root user to be read and to break up (crack)  in your database and even when there are Deface bot-nets involved to deface all your hosted server wordpress sites.

One of my servers with wordpress has just recently suffered with this little but very important security hole due to a WordPress site directory backup  with improper permissions which allowed anyone to enter MySQL database, so I guess there are plenty of servers with this hidden vulnerability silently living.

Many thanks to my dear friend (Dimitar PaskalevNomen for sharing with me about this vulnerability! Very important note to make here is admins who are using some security enhancement modules such as SuPHP (which makes Apache webserver to run Separate Website instances with different user), should be careful with his set all wp-config.php modules to Owner, as it is possible the wp-config.php owner change to make customer WP based websites inaccessible.

Another good security measure to  protect your server WordPress based sites from malicious theme template injections (for both personal own hosted wordpress based blog / sites or a WordPress hosting company) is to install and activate WordPress Antivirus plugin.

Share this on