mod_security rule for Joomla com_properties [aid] vulnerability

Here’s a mod_security2 rule to block the latest SQL injection vulnerability in a popular Joomla module ‘com_properties’ dated 4/10/2010:

SecRule ARGS:option "com_properties" "phase:1,chain,drop,t:htmlEntityDecode,t:urlDecode,t:lowercase,deny,log,auditlog,msg:'Denied Joomla Component com_properties[aid] SQL Injection Vulnerability'"
SecRule ARGS:aid "\D"

Don’t expect this to be a substitute for updating your vulnerable code, but it will at least buy you and your clients time.

It never ceases to amaze me how incredibly careless PHP programmers are:

http://www.exploit-db.com/exploits/12136

Windows Vista / Windows 7 / Server 2008 R2: 0xc0000225 after resizing partition or restoring backup

So I needed to shrink a C: partition of a Windows 7 (Server 2008 R2) machine.  After shrinking with Gparted (my open-source partitioning tool of choice), Windows no longer booted, with the boot manager complaining of 0xc0000225 (awesome error message as usual, Microsoft).

To get things working again, it was necessary to execute the following BCDedit.exe commands from a rescue disk (WinPE worked fine for me):

bcdedit /set {bootmgr} device boot
bcdedit /set {default} device boot
bcdedit /set {default} osdevice boot

After that, life is again normal.

Sometimes you might need to completely reinstall the MBR — for example, you restored only the c:\ partition from backup to a new already-partitioned disk, but did not restore the original partition table and MBR. This can be accomplished as following:

bootsect /nt60 SYS /mbr

In some cases, you may also need to make sure the boot partition is flagged ‘bootable’ or any of the above commands fail. To correct it:

DISKPART (to open the partition utility)
LIST DISK (disk number(s) will be shown)
SELECT DISK n (where n is the number of the disk - probably 0)
LIST PARTITION (partition number(s) will be shown)
SELECT PARTITION n (where n is the number of the Primary partition you wish to make Active)
ACTIVE (the selected partition on the selected disk will be made Active)

Installing RED5 Server on CentOS

First, download, extract and install:

mkdir /usr/local/red5; cd /usr/local/red5
wget http://www.red5.org/downloads/0_8/red5-0.8.0.tar.gz
tar -zxf red5-0.8.0.tar.gz

Install JAVA:

wget -O java.rpm.bin http://javadl.sun.com/webapps/download/AutoDL?BundleId=38657
chmod 755 java.rpm.bin; ./java.rpm.bin

Open new init script:

nano -w /etc/init.d/red5

Paste into init script:

#!/bin/sh
# For RedHat and cousins:
# chkconfig: 2345 85 85
# description: Red5 flash streaming server
# processname: red5

PROG=red5
RED5_HOME=/usr/local/red5
DAEMON=$RED5_HOME/$PROG.sh
PIDFILE=/var/run/$PROG.pid

# Source function library
. /etc/rc.d/init.d/functions

[ -r /etc/sysconfig/red5 ] && . /etc/sysconfig/red5

RETVAL=0

case "$1" in
start)
echo -n $"Starting $PROG: "
cd $RED5_HOME
$DAEMON >/dev/null 2>/dev/null &
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
echo $! > $PIDFILE
touch /var/lock/subsys/$PROG

fi
[ $RETVAL -eq 0 ] && success $"$PROG startup" || failure $"$PROG startup"
echo
;;
stop)
echo -n $"Shutting down $PROG: "
killproc -p $PIDFILE
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$PROG
;;
restart)
$0 stop
$0 start
;;
status)
status $PROG -p $PIDFILE
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart|status}"
RETVAL=1
esac

exit $RETVAL

Activate init script:

chmod 755 /etc/init.d/red5
chkconfig red5 --add
chkconfig red5 on

Update settings which are located at:

/usr/local/red5/conf/*

Run it:

/etc/init.d/red5 start

hostapd init script for Redhat/CentOS

Hostapd is a software daemon that turns a Linux box into a full blown wireless access point, but it doesn’t come with an init script to automatically start it when the machine boots up. It seems each Linux distribution that supports hostapd does their own thing, so I went ahead and created this little init script to cleanly start/stop hostapd on a CentOS/Redhat box.

#!/bin/sh
#
# start/stop the hostapd server
#
# chkconfig: 2345 99 10
# description: hostap daemon
# processname: hostapd
# config: /etc/hostapd.conf
# pidfile: /var/run/hostapd.pid
#
PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin
export PATH

# Source function library.
. /etc/rc.d/init.d/functions

stop()
{
 echo -n "Stopping hostapd daemon: "
        killproc hostapd
        echo
        rm -f /var/lock/subsys/hostapd

}

start()
{
        echo -n "Starting hostapd daemon: "
        daemon /usr/local/bin/hostapd /etc/hostapd.conf -P /var/run/hostapd.pid -B
        echo
        touch /var/lock/subsys/hostapd
}

# See how we were called.
case "$1" in
    start)
        start
        ;;
    stop)
        stop
        ;;
    status)
        status hostapd
        ;;
    restart)
        stop
        start
        ;;
    *)
        echo "Usage: hostapd {start|stop|status|restart}"
        exit 1
esac

exit 0

You can check out hostapd here:
http://hostap.epitest.fi/hostapd/

I really do think this is the same software many consumer-grade routers are running.

Migrating from Rackspace Cloud to Cpanel

Fed up with cloud hosting? You’re not alone. Just recently, I assisted a mass exodus of over 50 mysql/joomla based sites. After the migration to just a modest dedicated server with Cpanel, MySQL queries improved by 200% on average. Some longer queries and page loading times saw improvement of over 1000%. Additionally, the dedicated server won’t fall on its face when a single script such as a DB backup process consumes ‘too many’ resources and the Cloud decides to put your whole site in the timeout corner.

Here are some scripts to migrate all your files and db’s from a RackSpace Cloud Sites instance to a Cpanel account quickly and easily. Run this script as the Cpanel user you’re migrating to to avoid ownership issues. If you run this as root, you’ll need to run the ownership repair script in this post.

I was able to pull from 10-20 sites simultaneously and even .htaccess and other ‘hidden’ files came across intact.

The progress will be saved in /home/cpanel_user/xferlog.txt so you can monitor it in realtime. You can launch multiple scripts simultaneously to transfer many sites at once.

#!/bin/sh

RACKSPACE_CLOUD_FTP_USERNAME="rackspace_ftp_user"
RACKSPACE_CLOUD_FTP_PASSWORD="rackspace_ftp_password"
DOMAIN="www.myrackspacedomain.com"

LOCAL_CPANEL_USERNAME=cpanel_username

wget -rc --level=0  --no-parent --cut-dirs=3 -nH \
   --directory-prefix=/home/$LOCAL_CPANEL_USERNAME/public_html/ \
   --user="$RACKSPACE_CLOUD_FTP_USERNAME" \
   --ftp-password="$RACKSPACE_CLOUD_FTP_PASSWORD" \
   ftp://$RACKSPACE_CLOUD_FTP_IP/$DOMAIN/web/content/* \
   -o /home/$LOCAL_CPANEL_USERNAME/xferlog.txt -nv &

Now, let’s migrate a mysql database (this can actually be used for migrating from any host, not just Rackspace). Place the file in the Cpanel user’s home folder so it can be run again right before your DNS switch so your records are totally up to date. You can run it as many times as you wish.

#!/bin/sh
# Rackspace Cloud to Cpanel DB copy

REMOTE_HOST="rackspace_cloud_mysql_ip"
REMOTE_DB="rackspace_cloud_mysql_db"
REMOTE_USER="rackspace_cloud_mysql_user"
REMOTE_PASS="rackspace_cloud_mysql_pass"

LOCAL_HOST="127.0.0.1"
LOCAL_DB="local_cpanel_mysql_db"
LOCAL_USER="local_cpanel_mysql_user"
LOCAL_PASS="local_cpanel_mysql_pass"

MYSQL="$(which mysql)"
MYSQLDUMP="$(which mysqldump)"

CMD="$MYSQLDUMP --lock-tables --add-drop-table \
   -h'$REMOTE_HOST' -u'$REMOTE_USER' -p'$REMOTE_PASS' $REMOTE_DB \
   | $MYSQL -h'$LOCAL_HOST' -u'$LOCAL_USER' -p'$LOCAL_PASS' --database $LOCAL_DB"

echo "Running: $CMD"
echo
eval $CMD

If you’re looking for cheap and reliable Cpanel, Windows, or other types of Managed Hosting, please check out Fast Serv.

$DOMAIN

Xen – Using Netfront instead of rtl8139 on CentOS, RedHat, Fedora

On an HVM domain, the guest OS will always automatically detect your virtual network device as a buggy and slow Realtek RTL8139. You can maximize your network performance with Netfront driver which is now built into latest Redhat / CentOS kernel. For older releases, you needed the kmod-xenpv package to do this, but it’s built in as of RHEL/CentOS 5.3 I believe. The method is highly undocumented from my research so hopefully this saves someone.

1. In /etc/modprobe.conf, change 8139cp to xen-kniv using this following command:

sed -i 's/8139cp/xen-vnif/g' /etc/modprobe.conf

2. Then blacklist the rtl8139 drivers

echo 'blacklist 8139cp' >> /etc/modprobe.d/blacklist
echo 'blacklist 8139too' >> /etc/modprobe.d/blacklist

3. After a reboot, you can test that it worked by first making sure you’re online (duh!), then check lsmod and make sure you’re rid of Realtek junk at last:

lsmod | grep 8139

The output should return nothing (blank).

Now let’s activate the Xen SCSI driver to maximize disk performance by inserting the following in /etc/modprobe.conf:

alias scsi_hostadapter xen-vbd

Be sure to remove the existing scsi_hostadapter entry… if you use both, you’ll zap your disk.

Now reboot to activate.

Good luck!

Easy Javascript-based Bookmark Link

Here’s a simple Javascript-based bookmarking script for your site. It automatically populates the page name and URL so you don’t have to. Put this in the <HEAD>:

<script language="javascript" type="text/javascript">
function addToFav() {
  if(window.sidebar){
    window.sidebar.addPanel(document.title, this.location,"");
  }else{
    window.external.AddFavorite(this.location,document.title);
  }
}
</script>

Then, you can add a link in your <BODY>:

Bookmark Us!

Sysctl and ip_conntrack_max optimization

On a busy webserver, you have to be very careful that you don’t run out of connection tracking buckets.

Check how many you have set as your max:

/sbin/sysctl net.ipv4.ip_conntrack_max

Check how many you’re using:

wc -l /proc/net/ip_conntrack

A good maximum setting for most web servers with at least 2Gb RAM is 65536. Change the setting and lock it in (Redhat variants):

echo "net.ipv4.ip_conntrack_max = 65535" >> /etc/sysctl.conf
/sbin/sysctl -w