At security critical hosts running Apache + PHP based sites it is recommended functions like:
system();
exec();shell_exec();.....
to be disabled. The reason is to mainly harden against script kiddies who might exploit your site/s and upload some shitty SK tool like PHP WebShell, PHP Shell and the probably thousands of “hacker” variations that exist nowdays.
In latest Debian stable Squeeze, suhosin – advanced protection module for php5 is being installed and enabled in Apache (by default). Simply disabling a number of functions using suhosin, could prevent multiple of future headaches and hours of pondering on who 0wn3d your server ….
Disabling the basic PHP system(); and other similar functions which allows shell spawn is not always possible, since some websites or CMS platforms depends on them for proper runnig, anyways whether it is possible disabling ’em is a must. There are two ways to disable system(); functions; One is through using /etc/php5/apache2/conf.d/suhosin.ini and 2nd by adding a list of functions that has to be disabled directly in Website Virtualhost file or in apache2.conf (/etc/apache2/apache2.conf; For people hosting multiple virtualhost websites on the same server using the custom domain Virtualhost method is probably better, since on a global scale the functions could be enabled if some of the websites hosted on the server requires exec(); to work OK. In any case using /etc/php5/apache2/conf.d/suhosin.ini to disable system(); functions in PHP is less messy …
1. Disabling PHP system(); fuctions through /etc/apache2/apache2.conf and custom site Vhosts
Place somewhere (I prefer near the end of config);;;
Disabling it for custom virtualhost is done by simply adding above Apache directvies (before the closing tag in /etc/apache2/sites-enabled/custom-vhost.com
2. Disabling PHP system();, exec(); shell spawn with suhosin.ini
I use Debian Linux for my desktop for quite some time; Even though there are plenty of MP3 / CD players around in Debian, I’m used to the good old XMMS, hence I often prefer to use XMMS to play my music instead of newer players like RhythmBox or audacious. Actually audacious is not bad substitute for XMMS and is by default part of Debian but to me it seems more buggy and tends to crash during playing some music formats more than xmms ….
As most people might know, XMMS is no longer supported in almost all modern Linux distributions, so anyone using Debian, Ubuntu or other deb derivative Linux would have to normally compile it from source. Compiling from source is time consuming and I think often it doesn’t pay back the effort. Thanksfully, though not officially supported by Debian crew XMMS still can be installed using a deb xmms prebuilt package repository kindly provided by a hacker fellow knuta.
Using the pre-build deb packages, installing xmms on new Debian installs comes to:
2 of the wordpress installations, I take care for had been reported an annoying bug today by some colleagues. The bug consisted in double trailing slash at the end of the domain url e.g.;
http://our-company-domainname.com//
As a result in the urls everywhere there was the double trailing slash appearing i.e.::
Therefore, I initially looked for the cause of the problem, within the wordpress admin settings for qTranslate plugin. After not finding any clue pointing the bug to be related to qTranslate, I've then checked the settings for each individual wordpress Page and Post (There in posts usually one can manually set the exact url pointing to each post and page). The double slash appeared also in each Post and Page and it wasn't possible to edit the complete URL address to remove the double trailin slashes. My next assumption was the cause for the double slash appearing on each site link is because of something wrong with the sites .htaccess, therefore I checked in the wp main sites directory .htaccess Strangely .htacces seemed OKAY and there was any rule that somehow might lead to double slashes in URL. WP-sites .htaccess looked like so:
server:/home/wp-site1/www# cat .htaccess RewriteEngine On RewriteBase /
# Rewrite rules for new content and scripts folder RewriteRule ^jscripts/(.*)$ wp-includes/js/$1 RewriteRule ^gallery/(.*)$ wp-content/uploads/$1 RewriteRule ^modules/(.*)$ wp-content/plugins/$1 RewriteRule ^gui/(.*)/(.*)$ wp-content/themes/$1/$2 [L]
# Disable direct acceees to wp files if referer is not valid #RewriteCond %{THE_REQUEST} .wp-* #RewriteCond %{REQUEST_URI} .wp-* #RewriteCond %{REQUEST_URI} !.*media-upload.php.* #RewriteCond %{HTTP_REFERER} !.*cadia.* #RewriteRule . /error404 [L]
Onwards, I thought a possible way to fix bug by adding mod_rewrite rules in .htaccess which would do a redirect all requests to http://www.our-company-domainname.com//contact-us/ to http://www.our-company-domainname.com//contact-us/ etc. like so:
I've recently noticed one of the qmail SMTP servers I adminster had plenty of logged spammer emails originating from yahoo.com.tw destined to reache some random looking like emails (probably unexisting) again to *@yahoo.com.tw
The spam that is tried by the spammer is probably a bounce spam, since it seems there is no web-form or anything wrong with the qmail server that might be causing the spam troubles. As a result some of the emails from the well configured qmail (holding SPF checks), having a correct existing MX, PTR record and even having configured Domain Keys (DKIM) started being marked, whether emails are sent to *@yahoo.com legit emails.
To deal with the shits, since we don't have any Taiwanese (tw) clients, I dediced to completely prohibit any emails destined to be sent via the mail server to *@yahoo.com.tw. This is done via /var/qmail/control/badmailto qmail control variable;
Here is content of /var/qmail/control/badmailto after banning outgoing emails to yahoo.com.tw;;;
One of the QMAIL mail servers, setup-uped on a Debian host has been creating some auto configuration issues. Every-time a new mail user tries to use the embedded Thunderbird client auto configuration, the auto config fails leaving the client unable to use his Mailbox through POP3 or IMAP protocols.
Since about 2 years Thunderbird and many other modern pop3 and imap mail desktop and mobile clients are by default using the auto configuration and hence it was unthinkable to manually change settings for new clients with the QMAIl install; Besides that most of the Office users are always confused, whether they have to manually change SMTP or POP3 host for a server.
Below is a screenshot displaying the warning during email auto-configuration:
The orange color in the button for the newly auto-detected smtp.mail-domain.com indicates, something is not right with the SMTP host.
Obviously, something was wrong with smtp.mail-domain.com, hence I checked where smtp.mail.domain.com resolves with host command. What I found was actually smtp.mail-domain.comActive ( A ) DNS records was pointing to an IP address, our company previously used for the mail server. At present time the correct mail server host name is mx.mail-domain.com and the QMAIL installation on mx.soccerfame.com is configured to be the actual SMTP server.
By default Thunderbird and many other POP3, IMAP mail clients, however automatically assume the default SMTP host for a mail server is to be configured under a host name smtp.mail-domain.com. This is really strange, especially when the primary MX record for mail-domain.com domain is pointing to mx.mail-domain.com, e.g.:
qmail:~# host -t MX mail-domain.com
soccerfame.com mail is handled by 10 mx.mail-domain.com.
soccerfame.com mail is handled by 20 mail.mail-domain.com.
soccerfame.com mail is handled by 30 mail-domain.com.
The whole warning was caused due to the fact mx.mail-domain.com was resolving to an IP like xxx.xxx.xxx.xxx, whether smtp.mail-domain.com was resolving to yyy.yyy.yyy.yyy
Both xxx.xxx.xxx.xxx and yyy.yyy.yyy.yyy hosts were configured to have a different qmail SMTP host i.e.:
The server under IP xxx.xxx.xxx.xxx – (mx.mail-domain.com) was configured in /var/qmail/control/me to be mx.mail-domain.com and the other old one yyy.yyy.yyy.yyy – (mail.mail-domain.com) had (mail.mail-domain.com) in /var/qmail/control/me
As smtp.mail-domain.com was actually being still resolved to mail.mail-domain.com, the EMAILs were improperly trying to be sent with a configured DNS hostname of smtp.mail-domain.com, where the actual one on the server was mail.mail-domain
It took, me about an hour of pondering what is causing the oddities until I got the here explained issue. As the DNS recors for the domain the sample mail-domain.com were handled by Godaddy, to fix the mess, I logged in to Godaddy and;
a)deleted – DNS record for smtp.mail-domain.com. b) Created new CNAME record for smtp.mail-domain.com to be a domain alias for mx.soccerfame.com
A few minutes, afterwards I tried configuring once again the same email account in Thunderbird and this time both imap.mail-domain.com and smtp.mail-domain.comturned green; indicating everything is configured fine.
To be 100% sure all is working fine I first fetched, all email via the IMAP protocol without hassles and onwards sent a test email to my Gmail account; thanksfully the sent email was delivered to Gmail indicating both Get Mail and Send Mail functions worked now fine.
Being able to count the number of PHP source code lines for a website is a major statistical information for timely auditting of projects and evaluating real Project Managment costs. It is inevitable process for any software project evaluation to count the number of source lines programmers has written. In many small and middle sized software and website development companies, it is the system administrator task to provide information or script quickly something to give info on the exact total number of source lines for projects.
Even for personal use out of curiousity it is useful to know how many lines of PHP source code a wordpress or Joomla website (with the plugins) contains. Anyone willing to count the number of PHP source code lines under one directory level, could do it with:::
This will count and show statistics, for each and every PHP source file within wordpress-website (non-recursively), to get only information about the total number of PHP source code lines within the directory, one could grep it, e.g.:::
server:/var/www/wordpress-website:# wc -l *.php |grep -i '\stotal$' 4280 total
The command grep -i '\stotal$' has \s in beginning and $ at the end of total keyword in order to omit erroneously matching PHP source code file names which contain total in file name; for example total.php …. total_blabla.php …. blabla_total_bla.php etc. etc.
The \s grep regular expression meaning is "put empty space", "$" is placed at the end of tital to indicate to regexp grep only for words ending in string total.
So far, so good … Now it is most common that instead of counting the PHP source code lines for a first directory level to count complete number of PHP, C, Python whatever source code lines recursively – i. e. (a source code of website or projects kept in multiple sub-directories). To count recursively lines of programming code for any existing filesystem directory use find in conjunction with xargs:::
As you see the cmd counts and displays the number of source code lines encountered in each and every file, for big directory structures the screen gets floated and passing | less is nice, e.g.:
find . -name '*.php' | xargs wc -l | less
Displaying lines of code for each file within the directories is sometimes unnecessery, whether just a total number of programming source code line is required, hence for scripting purposes it is useful to only get the source lines total num:::
For more professional and bigger projects using pure Linux bash and command line scripting might not be the best approach. For counting huge number of programming source code and displaying various statistics concerning it, there are two other tools – SLOCCount as well as clock (count lines of code)
It is a public secret that Mobile Phones which does us very good and generally makes our daily lifes way easier are also a big enemy to our natural ihnibited freedom. Life has become such that it is almost inevitable to do any business or do a daily simple jobs without using Mobile Phone. There is almost none practically today that has wilfully rejected to use the mobile phone on any basis, almost anyone except some strangers like Richard Stallman and probably few others security freaks.
I've been shocked to find out the Father of Free Software (Richard Mathew Stallman), well known in the hacker dome as RMS does not own and didn't use any mobiles. The concerns he pointed are very much logical and rightful. Owning a mobile is a great security hole in personal privacy (mobile phones can be easily sniffed by Mobile Operators) as well as anyone wearing a mobile can be tracked up to 5 to 2 meters to the exact location where he is based on the mobile phone cells to which the mobile is connected.
Many people are not aware actually of the severeness of the issue of constant tracking of people everywhere through this call "goodies". Many mobile operators are already running a software which is building place behaviour patterns of every user of their mobile network. In other words, as we're used to bring and use the mobile everywhere in automated program is creating a map for each number assigned in some of the mobile operators. The gathered data about our location going habits can then be easily used as a indicator for predicting our future behaviour, bying habits (how many times we go to super-market), how many times we go to cinema, what kind of interests we hold etc. etc. This combined with Google, account monitoring could possibly create a system similar to the old movies Big Brother, where all people goods and even attitudes or desires is monitored, influenced and controlled ….
The severeness of the future implications of this constant "personal surveillance and tracking device" as Stallman use to call it is very dangerous for our freedoms.
I tried to live without a mobile phone, just like Stallman for about months, and to tell you the truth the world around seems completely different when you decide not to use 'em. The time I lived wihtout a mobile, clearly show me we have come to the point we cannot any more live without GSM. We fall the trap of dependanding the little "talk box" communication for absolutely everything, obviously sacrificing privacy and freedom for convenience. Mobiles are just one side of the coin, as the non-free software which is ruling the software market and the use of computers puts another treat and takes away many foundamential freedoms we used to have in the less technological world.
Apple as a vendor of software and hardware also denies and breaks our freedom very badly, as the company tracks everyone who owns anything created by apple connected to the internet. Besides that non-free software producers, could change the user software with a press of a button giving them the opportunity to decide what is good and bad for us, leaving us at a state of a helpless dependable users.
The topic of technological little-by-little enslavement, we're going through nowdays and the denying freedoms, we experience while being convinced by companies that we became more free by each next mambo-jambo gadget or by owning the latest smart-phone is very huge and complex but unfortunately underseen in society. I don't understand why, is it due to the low technical skills of mass users is it due to a "not-care what will happen in future" attitude, but obviously people openly discussing or protesting the technologization taking away our freedom is almost zero ….
Here is the video I found in youtube in which Stallman is asked few, questions on Ipads (IBADS) and Mobile Phone use. I believe his short explanation synthesizes the problem quite well ;;;;
I just wonder after you check the video, Would you still accept an Ipad as a birthday gift ? 🙂 Do you still think cell-phones are "good" freedom safe and reliable ?
I've been thinking for a lot of time analyzing my already years ongoing passion for Free Software, trying to answer the question "What really made me be a keen user and follower of the ideology of the free software movement"? I came to the conclusion it is the sharing part of free software that really made me a free software enthusiast. Let me explain ….
In our modern world sharing of personal goods (physical goods, love for fellows, money, resources etc.) has become critically low.The reason is probably the severely individualistic Western World modern culture model which seems to give good economic results. Though western society might be successful in economic sense in man plan it is a big failure. The high standard in social culture, the heavy social programming, high level of individualism and the collapsing spirituality in majority of people is probably the major key factors which influenced the modern society to turn into such a non-sharing culture that is almost ruling the whole world nations today.
If we go back a bit in time, one can easily see the idea and general philosophy of sharing is very ancient in nature. It was sharing that for years helped whole societies and culture grow and mature. Sharing is a fundamental part of Christian faith and many other religions as well and has been a people gathering point for centuries. However as modern man is more and more turning to the false fables of the materialistic origin of man (Darwininsm), sharing is started seeing as unnecessary . Perhaps the decreased desire in people to share is also the reason why in large number people started being self-interest oriented as most of us are nowadays.
As we share less and less of our physical and spiritual goods, our souls start being more and more empty day after day. Many people, especially in the western best developed societies; the masses attitude towards sharing is most evidently hostile. Another factor which probably decreased our natural human desire to share is technocracy and changing of communication from physical as it used to be until few dacades to digital today.
The huge shift of communication from physical to digital, changes the whole essence of basic life, hence I believe at least the distorted sharing should be encouraged on the Internet (file movies and programs sharing) should be considered normal and not illegal.. I believe Using Free Software instead of non-free (proprietary) one is another thing through which we can stimulate sharing. If we as society appreciate our freedom at all and care for our children future, it is my firm conviction, we should do best to keep sharing as much as we can in both physical and digital sense.
Now it is my 4th day being in Pomorie Monastery with Kimba. The monastic life is not so boring as I thought back in the days 🙂 Yesterday I was drived to the Kamenar pub, by one of the workers here in the monastery (with the monastic car an old Ford); We went to the restaurant in Kamenar village with the blessing of the abbot has blessed that we go and enjoy ourselves for few hours there with a group of tourists staying for (1 or 2) weeks in the monastery.
The pub was quite a news for me as it was a nice looking place with a lounge and swimming pool, this seemed quite unusual for especially since it was located in a village with 200 or 300 hundred of people living 🙂 The village pub had even a billiard table, the coin price there was on the shocking 25 stotinki (0.13) euro cents! 🙂 In the pub came an orthodox priest dressed like a casual person and started singing some traditional old Bulgarian songs (typical for singing in the different regions in BG). The guy was really talented and his memory seem to be very strong, since he was able to sing by heart about 10 songs in a row !
Besides that the priest voice was very beautiful. When I later had a talk with the guy it appeared, he learned professional singing before he became an Orthodox priest some years ago. What really shocked me when the priest started singing in Italian Luciano Pavaroti, he sang it so well so you can hardly find out if it is not really the real authentic Luciano voice 🙂
This priest and the overall people in the pub had a great fun, as the place and people in were quite spirited; Actually I felt in a while like being in Emil Kosturica's movie 🙂 🙂 🙂
Being over with yesterday I will say few words on my monastic experience today …. The Church bell rang early in the morning to summit the monks for the early morning prayer followed by a Holy Liturgy served. The Holy Liturgy today served was a co-memoration of the feast of Saint Sergii of Radonezh.
Cause it is weekly day here there were not too many people in the monastic Church. The monastery monks were there,few other people and some Russian pilgrim woman. By the way I'm more and more being convinced that many of the Russian people are very pious oriented and have strong faith in God than us bulgarians. Sadly it appears (from my observations so far) Russians generally are richer in faith. It is sad that Russian Orthodox Christianity is stronger than ours in Bulgarian, especially when we take the fact historically Russians have received the Orthodox Chrisitian faith and language from us Bulgarians …
One of the key figure (brothers) monks Father Sergii is having a name day here, so due to that and because it is not a fasting day today (Thursday), the traditional monastic dinner was bigger and more rich than usual. Some youghurt mixed with cucumbers (Tarator) as we call it in Bulgaria was served with a little salad a few pieces of Banica and even little meat balls (for people eating meat). The Abbot of the monastery was not served meat as I heard from the cook lady he is completely abstaying from meat since about 10 years already; some of the monk brother didn't eat meat as well. The dinner started about 12:20 in the usual dinner room. For another day the food in the monastery was tasting super-delicious. It is rather interesting that the food here is more delicious than the food we usually eat at home; Probably the food is so delicious because large portion of the food on the table is monastic-grown and besides that a food blessing prayer is said everytime before eat time. Earlier times I've heard many others who visited and eat food in monasteries that the monastic food is tastier and more delicious than we ordinary people have on our tables, however I was sceptical until I experienced it myself, these days. Cause the food is so tasteful, I consume here usually twice more food than I usually eat at home 🙂
I recommend anyone who didn't eat a meal in a monastery (yet) to try this at least once in a lifetime ;;;
I'm currently once again on a pilgrimage in Pomorie Monastery St. George (Bulgaria) – EU as you should read in my previous day post. The brotherhood here is very hospital, since our coming (with Kliment), we were treated like being a part of the monks community. We're given food and allowed to eat together with the monks on one table and even we can enter into some of the interesting discussions after food :). The life in a monastery is actually quite fascinating, though on the outside it seems boring.
As a general rule monks eat a meal twice a day. On Monday, Wednesday and Friday, the meals are cooked and served usually without oil (except if the Abbot didn't bless differently). The abbot in the Monastery is like a King. The order in the whole monastery resides very much a Kingdom, where the abbot is king some of the monks are his (left and right hand and counselors) etc.
Just like in kingdoms, there are workers who help the kingdom to flourish. With the case with the monastery workers are (mostly believing people) hired (with a wage) to help with the monastery works.
The kitchen "district" has a (chef) cook lady, person/s (usually believing Christians) who help with cooking cutting and vegetables and various meal preparations etc. and serving the brotherhood and workers dinner and lunch. Oh yes I almost forgot, monks didn't eat breakfast. Their usual first meal is like 12 or 12:30 as a straight dinner.
As in Other Orthodox monasteries, here in Pomorie Monastery the monastery is named after the heavenly protector of the place Saint Martyr George.
The brotherhood life here is not as tough as the monasteries located in desert destinations, though just like in other mountain situated Orthodox Christian monasteries the monks has an established everyday Morning and Evening Church Service.
The morning Church service usually starts around 06:00 or 06:30, while on a feast days like Sunday (The Day of Resurrection of Jesus Christ) the service starts a bit later in 07:00 or at very special occasions in 07:30 …
The Evening Services usually start around 04:30 or 05:00 o'clock and continue (depending on Church calendar feast day (saint)) from 30 to 40 minutes up to 2, 3 hours (in biggest feasts or fasting periods). All the monks should be present on Morning and Evening service, where a bell is rang whether the monks has to gather together for a Church service prayer.
As of time of writting officially Pomorie monastery has 4 monk brothers. One is the Abbot, the abbot's left hand, one other hiero-monk who sometimes is serving the Holy Liturgy church services and another monk who is in his 70s and is mostly doing Church book readings. Occasionally the brotherhood accepts a novice pupils who want to enter the monastic life, but as long as my observations goes (during the few years I came as a pilgrim here) many of the novices find the monastic life for them and quit after a few months or a year time.
Just a year earlier the brotherhood, here had 6 monks. Unfortunately the oldest monk Father Tikhon who lived inside the monastery more than half of his life (40 years in the monastery W0W!) passed away after a short sickness and hospitalization. Another one of the monks (Father Joanikius) was transferred by the Sliven's Metropolitan (named also father Joanikius) to serve his monkship (obedience) in our Bulgarian Monastery situation in Holy Mount Athos (Greece) , e.g. to Zographus monastery.
The Abbot of the monastery (Father Yierotej) is a young and energetic person (35 years old) with a good sense of humour and a great God given wisdom grace and joyful temper.
Besides the core monks brothrehood currently the monastery has 5 workers and about 5 to 10 persons (people who are in hardships and have no place to stay) and were accepted to get a healing and a life stabilization while living for a while in the monastery. Some of those people are almost full time living inside the monsatic walls helping with their knowledge and talents to the brotherhood The overall number of people who inhibit the monastery is about rawly 15 people. All this people are given free meals 2 times daily and eat together often either in the monastic kitchen or the dining-room (which is also serving as a guest room).
Before and after each meal intake the people gathered together in the dinner-room pray together asking Jesus Christ to bless their food and drink. Usually the Abbot whenever on the table is the one to ask God for a food blessing. After the meal is complete the Abbot or some of the monks says a thanksful prayer thanking Jesus for giving the daily bread and asking God to give us also the heavenly spiritual food.
The most common food eaten here is vegetables and fruits and in non-fasting days they eat some youghurt, cheese or fish. Eating meat however is un-common and most of the food consumed is fasting food (meat is considered inappropriate food for Orth Christian Monks). The monastery is surrounded by a around a meter monastic walls. In the middle of the monastery is located the Monastic Church Saint Martyr George whichs basic walls dates back to the distant XIX century.
Facing the church about 40 meters from the Chuch are located the monks dwelling rooms also in monastic language called (cells). The monk's cell is full of icon and holy water, crucific crosses and all kind of faith related books so in a sense the monks room looks like a tiny Church.
Right in the middle of Pomorie Monsatery there is a holy spring – disease healing water which by God's providence healed the first Abbot and beneficient of the monastery (ironically the Turkish Abbot Salim Bey who converted from Islam to Christianity and donated all his land to the Bulgarian Orthodox Church in the 18 century when still Bulgaria was enslaved by Turkish).
The monastic yard is filled with green beautiful Peach and Plumb Trees. In the monastery yard they have sew of; potatoes, tomatoes, corn and few other "basic" self-grown. vegetables.
Along with the plants in one of the corners near the monastic wall there is a henhouse where some chickens and few turkeys are grown for getting fresh (natural) eggs.
In the old days the brotherhood was growing all their food by themselves as it was a tradition in the Monasteries, however with the changing times and the huge decrease of monks, growing all the monastic food on their-own became an impossible task ….
The monastery is mainly living on pilgrim or local believing people donations and the monastic land, as well as to sales of Orthodox icons and tiny faith related objects (crosses, holy bibles, church related books and literature) etc.
As I hear from some of the monks the harsh economic situation and severe world crisis that is plaguing the world also has a negative influence on the financial balance of the holy cloister too. A monk shared with me the financial expenses of the monastery tend to be "dangerously" growing lately as the amount of people whose the brotherhood is feeding and taking care (healing) daily along with the money for restoration works are raising and the monastery experiences a shortage of money. Still they're not discouraged but as I was told praying and hoping on God's grace to send them kind heart donators to help the monastery.
Most of the people who are in the monsatery not for a theraupetic reason (with a severe disease) work all day long. Though the work seems to be never ending here, one feels calm, relaxed and gracious. Even staying for few hours here, makes you filled-up with God's grace and gives you new energy and hope to continue the harsh daily stress filled life.
Besides the Monastery the town of Pomorie is also very beuatiful and have all the facilities and entertainment a tourist might like to have from a modern beach resort. Yesterday I went and had my first beach time here in Pomorie. Something interesting I noticed on the beach is the sand color which here in Pomorie is a bit blackish. The sea coast here near the beach is not big but feels cozy and there are bars near the beach shore, so anyone wanting to enjoy some of the world goods too can have a fanastic time here 🙂
The orange color in the button for the newly auto-detected smtp.mail-domain.com indicates, something is not right with the SMTP host.
