Automatically update all vulnerable timthumb files on Cpanel

timthumb.php is responsible for millions of wordpress hacking so it is important to make sure all timthumb files on Cpanel servers are up to date. It may have any file name (sometimes thumb.php or another) so we have to look in every php file for vulnerable versions and replace them. The script automates this. This can also run as a cron job.

It can take a very long time on busy servers, maybe hours. Be patient, when it finishes, it will list all fixed files.

This script is for Cpanel servers only

wget -O ~/
chmod +x ~/

PHP IPv4 and IPv6 Network and Subnet Calculator

Just threw together a quick and dirty PHP-based subnet calculator. What sets this one apart from others is that it works with both IPv4 and IPv6 inputs and has subnet splitting capability.

Use the first field to enter a network to get details about. The format is CIDR notation ‘’.

Use the second field to split the first network into smaller networks. The notation is ‘/24’. The network must be smaller than the 1st one obviously. Click any of the smaller subnets to show details.

Source code is on github:

MegaRAID Storage Manager on Ubuntu for LSI cards

Getting MegaRAID Storage Manager and CLI tools installed on Ubuntu is no fun. This is what worked for me:

echo "deb squeeze main" >> /etc/apt/sources.list
apt-get update
apt-get -y --force-yes install megacli megactl libc6-i386 lib32gcc1 lib32z1 lib32stdc++6 ia32-libs lib32icu42
dpkg -i libstdc++5_3.3.6-21ubuntu1_amd64.deb
dpkg-deb -x libstdc++5_3.3.6-21ubuntu1_i386.deb lib32stdc++5
cp ./lib32stdc++5/usr/lib/ /usr/lib32
ln -s /usr/lib32/ /usr/lib32/
dpkg-deb -x libxerces-c28_2.8.0+deb1-2build1_i386.deb lib32xerces-c28
mkdir -p /opt/lsi/Apache/
cp ./lib32xerces-c28/usr/lib/ /opt/lsi/Apache/
ln -s /opt/lsi/Apache/ /opt/lsi/Apache/
ln -s /opt/lsi/Apache/ /usr/lib/

dpkg -i megaraid-storage-manager_8.10-04_amd64.deb

dpkg -i getlibs-all.deb
getlibs -y -l

## Launch GUI (make sure X11 forwarding is enabled on SSH session):
## /usr/local/MegaRAID\ Storage\ Manager/

Now you can monitor and manage many different LSI SAS cards (including Dell Perc and some others).

Windows 7 / Vista DNS Suffix only one level deep

Major annoyance to any organization that has hostnames like — Windows 7 and Vista appends to bar, but not After some digging I finally found a registry hack that restores ‘proper’ functionality like any other OS or older version of windows.

Create a DWORD ‘AppendToMultiLabelName’ with a value of 1 in:

HKEY_LOCAL_MACHINE -> SOFTWARE -> Policies -> Microsoft -> Windows NT -> DNSClient

Here’s a .reg file you can run to automatically insert it. Reboot the machine to enable it.

Categories: Technical and Windows. Comments Off on Windows 7 / Vista DNS Suffix only one level deep

DJBot Rsync Copy

rsync --progress -av --delete -e ssh root@x.x.x.x:/ root --exclude=/dev --exclude=/proc --exclude=/sys --exclude=/tmp --exclude='*.mp3' --exclude='*.MP3' -- exclude='*.sql.gz' --exclude=djbot/logs

SQL-fu #1

Nested select with an insert to create multiple rows — used this to add admin privileges for a client in Maia for all their domains:

INSERT INTO maia_domain_admins (SELECT t2.domain_id,1013 from postfix_transport t2 WHERE t2.mta_host='');

Dropped VIF TX Packets on XenServer 5.6

On multiple XenServer 5.x setups I’ve been experiencing dropped packets evident as light to medium packet loss on a busy DomU. It only affects heavy network loads on DomU’s and not Dom0. It also doesn’t seem to care about what OS is running; I’m seeing it in Debian, CentOS, and Windows. Since I manage streaming services, I have some heavy network loads and the packet loss is causing issues for some clients. I also notice the following on the affected VIF as seen on Dom0 (this is just an example):

vif406.0  Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
          RX packets:3793176632 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3083746066 errors:0 dropped:280 overruns:0 carrier:0
          collisions:0 txqueuelen:32
          RX bytes:1680119904 (1.5 GiB)  TX bytes:2415406042 (2.2 GiB)

Notice the dropped TX packets. This is only seen on Dom0 on the VIF. No packets lost on the Dom0 PIF or the DomU itself as shown by ifconfig.

I tried disabling checksum offloading (as suggested for Windows 2003 issues) on both Dom0 and DomU but it had no affect at all. I was almost ready to give up until I started wondering about the really small txqueuelen. 32 is really small — much smaller than the Linux default. I come from a Cisco background and we could never run ports with buffers that small.

On a hunch I tried increasing it on Dom0 to a reasonable value for a busy network:

ifconfig vif406.0 txqueuelen 1500

To my surprise, it completely fixed the packet loss. Single thread speeds went from bouncing all over the place to a steady 30+MB/sec. It was really that simple, and I can’t believe more people haven’t been hit by this. Especially for network based storage-backed DomU.

So I wrote a script and put it into Cron so all VIF will be set at 1500 on a regular basis:

ifconfig | grep -P '^vif\d+\.\d+' |  awk '{system("ifconfig "$1" txqueuelen 1500")}'

If anybody knows how to set the txqueuelen permanently through XE or XenStore I want to hear it. But for now I’ve found nothing in the manual or on the net to suggest how to do this.

I checked some older XenServer 4.X boxes and they don’t have this problem even though the txqueuelen is still only 32. Only 5.X exhibits problems from what I can see. All machines use standard Intel gigabit interfaces (82574L), nothing out of the ordinary.

Hopefully this helps someone else!

Search + Replace, Append, Prepend MySQL

Search and replace

update [table_name] set [field_name] = replace([field_name],'[string_to_find]','[string_to_replace]');


update [table_name] set [field_name] = concat([field_name],'[string_to_append]');


update [table_name] set [field_name] = concat('[string_to_prepend]',[field_name]);
Categories: Uncategorized. Comments Off on Search + Replace, Append, Prepend MySQL